I'm really surprised to see you recommend Norton again after years of them being beyond irritating. I still have issues with them, but I'd be interested in checking them out again for certain folks who just can't avoid malware on their own.
I wonder if Microsoft is considering implementing SmartScreen and behavior-based scanning in the next major release of MSE... any thought on contacting them on the matter?
Social engineering has become the preferred tool of online criminals. It’s at the core of every phishing scam, and lately it’s the preferred way of delivering malware.
Every social engineering attack can be reduced to a simple move: “Here,” says a web site or an e-mail message as it offers up a deceptive or malicious link. “Click this.” And it works. Even people with above-average IQs can fall for a Trojan.
How do you break that chain of social engineering? By making the software smarter and turning the bad guys’ own actions against them.
I’ve prepared a screenshot gallery that shows how modern browsers and security software can go beyond the limited and ineffective approach of traditional antivirus scans.
See “How browsers and security software can keep you safer online“.
Over the past few months I’ve been looking at how the three most popular browsers for Windows respond to this sort of deliberate deception. I’ve also been looking at popular security suites to see which ones demonstrate creative thinking. And even I can’t quite believe which one is my new favorite.
Traditional antivirus software just isn’t cutting it anymore. if your security software relies primarily on antivirus signatures, you are always going to be vulnerable to new malware variants, sometimes for hours, sometimes for days.
So what’s the alternative? Two techniques are promising. One involves disrupting the patterns of behavior that malware distributors use. The second involves looking carefully at the reputation of downloaded files to distinguish between good downloads and bad ones.
Microsoft has already built application reputation checks into Internet Explorer, starting with version 8 and improving the feature significantly in IE9. (I wrote about this technology previously, in IE9 versus Chrome: which one blocks malware better?) When you download a file that could contain malicious or deceptive code, Microsoft’s web-based SmartScreen Filter looks at the details of the file (including its unique hash and digital signature) to decide whether it’s trustworthy.
Files that are not digitally signed get the toughest scrutiny of all, as one group of Microsoft developers discovered the hard way. Known malware is completely blocked. Ironically, Microsoft fought its own little civil war earlier this week: the ads that were displayed next to Bing search results led to sites that were blocked by the SmartScreen Filter in Internet Explorer.
(The accompanying screenshot gallery offers a much more detailed look at the different ways that IE, Firefox, and Chrome handle potentially dangerous downloads.)
This app-reputation stuff is a good idea, but why limit those checks just to recent versions of Internet Explorer? That’s why I also looked at two popular high-end commercial security suites: Trend Micro Titanium Maximum Security and Symantec’s Norton Internet Security 2011.
A few months ago, I spoke with John Harrison, a group product manager for Symantec, whose consumer security software has been sold under the Norton brand name for more than 20 years. Harrison told me that his company was trying something different: a “defense in depth” approach to blocking malware that goes well beyond simple scanning:
We have network intrusion protection and browser protection technology to protect against drive-by downloads. We can detect things that an antivirus scan might have missed, noting obfuscated attacks and bots that are calling home for updates.
We’re leveraging hundreds of millions of users who opt in to a system where they can give a thumbs up/down in Norton Community Watch. For downloads, we look at digital signatures. We evaluate the domain and the reputation of that domain. If a “name brand codec” is coming from a website with a poor reputation and has only been seen on two users’ desktops, then we can easily classify it as malware.
I was skeptical. I stopped using Norton products years ago, mostly in frustration over poor performance. But in the interest of fairness I gave them another shot. Three months later, I’m still using Norton Internet Security. And I’m recommending it to others. Here’s why.
After my recent negative experience with the latest version of McAfee’s security suite, I was expecting to grit my teeth and put up with a load of annoyances. To my great surprise, I found both programs acceptably light and unobtrusive, as well as effective. I was especially pleased with how well Norton Internet Security did at the tough job of sorting out good and bad websites and downloads.
For testing, I looked in real time at several widespread recent malware attacks. One targeted Windows users through poisoned search results, mostly on Google. Another wave delivered Trojans disguised as legit e-mail messages from hotel chains that claimed to owe the recipient a refund for a recent oversharge. I also looked at a recent flurry of deceptive ads that appeared alongside search results from Microsoft’s Bing.
In every case, traditional antivirus scans were essentially useless. So how did alternative approaches fare? Turn to page 2 for a summary.
fake rolex watches 
