Symantec has announced plans to release an online transaction security solution dubbed “Norton Confidential,” which aims to protect consumers from fraudulent Web sites and crimeware.
Over the past 12 months, attacks designed to steal confidential information have become rampant. The recent surge is reflected in Symantec’s latest Internet Security Threat Report; it indicates that during the second half of 2005, 80 percent of the top 50 malicious software threats had the potential to expose confidential data.
“As the Internet landscape has become more crowded with phishing sites and threats designed to steal information for financial gain, consumer confidence in conducting business online has eroded,” said Enrique Salem, group president of Symantec’s consumer products and solutions unit.
Restoring Consumer Confidence
Although consumers continue to embrace the convenience of the Internet for banking and shopping, research shows the growth in these fraudulent attacks has impacted their confidence.
According to a November 2005 Symantec research study conducted by Harris Interactive, 71 percent of respondents were uncomfortable about providing personal information online and more than half were concerned about online identity theft.
Symantec’s goal is to help restore confidence in doing business over the Internet by focusing on the point of greatest risk — during a transaction, login or other submission of confidential data to a Web site.
A Needed Tool?
“Today’s increasingly sophisticated Internet threats target passwords, account numbers and other confidential information,” said Jonathan Singer, an analyst with the Yankee Group. “Consumers are looking for protection from identity theft and fraud so they can transact safely online.”
Basex CEO and Chief Analyst Jonathan Spira, however, has a different view. He is not convinced that the Harris study speaks to the concerns of the broader Internet population.
“Granted, there is much hype in the media about fraudulent Web sites, malware and phishing, but the story is always about exactly that — there are very few reports of misuse of data. In fact, a recent New York Times report pointed out that almost all of the stolen and lost personal information goes unused,” Spira told TechNewsWorld. “Quite frankly, I’m not sure I know any consumers who have lost trust in online transactions.”
Still, Symantec is forging ahead. The company figures there is room in the market for its solution, since the majority of today’s existing anti-phishing products rely solely on block lists to identify known fraud sites. Norton Confidential, by contrast, combines traditional block lists with heuristic technology to protect consumers from previously undiscovered phishing attacks.
This zero-hour protection is critical, since phishing attacks are purposely short-lived to evade detection, the company said. In fact, according to the Anti-Phishing Working Group, the average phishing site is online for only five days before it is taken down and replaced by a new fraudulent Web site.
Norton Confidential also uses a combination of definition-based and advanced heuristic technologies to protect users from both known and unknown crimeware. This extra layer of security is meant to stop programs like keystroke loggers and screen capture Trojan horse applications that target consumers’ passwords and other confidential information.
When known crimeware is detected, it is removed immediately. When the heuristic analysis detects software that behaves suspiciously, it prevents the questionable application from capturing the consumer’s personal information.
Symantec plans to release Norton Confidential for the Windows and Mac OS X operating systems this fall.