Google goes out and ‘kills’ some rogue apps

V3 are reporting that Google has remotely removed two suspect Android apps from user’s handsets. I think to my knowledge this is the first public sighting of the Google ‘kill switch’. This functionality allows them or a Network operator to either kill and remove applications that they do want running on a smartphone.

It appears from reports, that the apps in question were written by security researchers.  They were not intended to be used maliciously. However, Google viewed them as intentionally ‘misrepresenting themselves’ and stepped in. I talking with press and partners in recent weeks, on all things Android and security, I have made the point that the Android marketplace owes its current incarnation to the premise of implicit trust. This incident shows how trust can and is being broken. It will be reassuring to some to see Google step in here, being seen to remove the apps from the marketplace and also from the handsets themselves. However, it does show up a latent risk.

June 25, 2010 | Filed Under Announcements, Security | Leave a Comment 

No security software – no surfing!

The Government in Australia is in active discussions to make it mandatory that you have to have internet security software in place to use the internet. In addition, they are also looking at additional resources that would allow them to crack down on cyber-criminals.

Now, I am sure that it will come as no surprise that I actively endorse the ambition here. Many of you would expect nothing less of me – putting to one side the self-interest angle here for sales Norton software. One of the biggest issues and challenges that we face at Symantec, and the industry as a whole, is to keep consumers and users engaged in the issue of internet safety. For many of them, they simply cannot be bothered and hope for the best. For others, they seem overwhelmed by the never ending stream of new attacks and scams.  

The Australian debate strikes at the heart of this; ensuring that people take adequate precautions to try and protect themselves and the community at large. This is an interesting and very important point. If I take all the time and attention to keep myself safe online, whilst my virtual neighbours do not, then, to borrow a phrase, ‘it is a plague on both of our houses’. If we want to proactively take the fight to the bad guys, then everyone needs to step up. In security, you are only as strong as the weakest link in the chain. Having people use the internet who are not protected and not taking even basic precautions is worrisome and effects all of us.

There are many questions that I have as a result of the discussion in Australia.  I will be interested to see how they are addressed. What actually will constitute ‘internet security software’? What will the role and the responsibility of the ISP be ensuring that a user is using security software and what will enforcement of this look and feel like. I am sure it is going to be interesting.

June 25, 2010 | Filed Under Announcements, Security | Leave a Comment 

Norton Everywhere!

We have annouced ‘Norton Everywhere’. The reality today, is that a consumer, is no longer restricted to surfing the internet simply from a PC or Mac. There are a myriad of devices that now allow consumers to connect and surf the internet. Our job is to protect people, whenever, wherever, they are online; to give them the confidence to use and benefit from the internet. Norton Everywhere repositions the core mission of the Norton brand, to expand beyond our current roots in the PC and Mac; to embrace all of those consumer devices that connect to and use the internet. That is a big mission: so we are starting work right away. We have announced three separate, yet connected, strategies under the umbrella of ‘Norton Everywhere’.

Norton Mobile sees us deepen and broaden our security for smartphone devices. We have just put into Beta, Norton Smartphone Security for Android. It has a really cool SMS enabled remote lock and wipe function. This provides physical security for your Android smartphone. Should you lose, or, have your phone stolen, in a matter of seconds you can wipe all the sensitive and personal information from the smartphone. It has a lot of other neat security functions built into it. You can download it from the Android marketplace, or, from our new Norton mobile web site, www.m.norton.com. This web site is optimised to work with mobile browsers. It is an important initiative in its own right. Providing information and videos on how to protect yourself online from a mobile, offering Beta, free and trialware versions of all our mobile products. From the site you can also download Norton Connect. This is a mobile app for the iPhone, iPad and Android, that allows Norton 360 and NOBU customers to access their online backups. We have also placed Norton Connect into the Apple appstore and the Android marketplace.

So, the mobile strategy moves Norton beyond the traditional PC: but we are not stopping there. There are many devices that will allow you to surf the internet. A great example of this are games consoles, and what about the latest and coolest gadget in town, the iPad. These devices can and will benefit from having some basic element of security in place, when they are out there ‘surfing the ‘net’. We have figured out a way of doing that for them. It is called Norton DNS. We have established our own Domain Name Service (DNS). This is analogous to the ‘switchboard’ of the internet, interpreting and connecting the URLs we type, into numeric IP addresses that power the internet. The service is up and operational. If you surf to www.nortondns.com you can find out more about it and how to start to use it. We are in the process of creating software that you can install onto your PC or Android device, that will automatically configure Norton DNS for you.

Finally, there are many other devices that will be connected to the internet. You will not surf the ‘net from them, rather, they will use the it to provide that service or utility to you as a consumer e.g. smart electricity meter, smart fridge, digital ‘photo frame, internet enabled TV etc. All of these devices are valuable, as such, they could ultimately come under attack or exploitation. That is where Norton Embedded Devices steps in. There are technologies, approaches and capabilities, that we have built to secure, support, update and backup PCs. We believe that these can and should be used by consumer manufacturers building and implementing the new generation of ‘smart’ internet enabled devices. We have partnered and invested in a company called Mocana. They are experts in building and deploying security solutions for embedded devices. We believe, that the combination of Symantec and Mocana, will provide the basis to, truly, allow us to enable ‘Norton Everywhere’.

Expect great things from ‘Norton Everywhere’.

June 10, 2010 | Filed Under Announcements, Security | Leave a Comment 

Cybercrime continues to ramp – ISTR

Today, sees the launch of Symantec’s Internet Security Threat (ISTR) report for 2009. As ever, if provides a fascination insight into what they key trends are in cybercrime and malicious activity. We report that we blocked some 3.2 billion attacks in 2009: that translates to 100 attacks every second. So, the bad guys have not gone away, they are actually stepping up their attacks. To counteract this, we created 2.9 million malicious code signatures in 2009, up some 71% from 2008. We actually identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008.  In the last quarter of 2009, we released our new reputation based security technology to help counter this surge in the volume of malware. Of the threat instances that Symantec’s reputation-based technology protected users from last year, approximately 57% corresponded to singletons (single instances on one computer). This reinforces the reality that the malware writers are have now changed their playbook – their tactic is to limit the instances of their code in an attempt to circumvent traditional security techniques.

The ISTR also identifies some interesting developments with respect to personal email accounts. These are being bought and sold, batered and traded among  the cybercriminals for as little as 65p, or $1. Gaining access to a personal email account allows them to then distribute malware from this account via people’s trusted network of contacts. Compromised email accounts also often provide access to additional sensitive personal information, such as bank passwords, mailing addresses and phone numbers and other passwords and online accounts. The data could be used to reset passwords, potentially giving fraudsters complete access to personal accounts and indeed whole identities. It really is a wake-up call to everyone to guard their personal email accounts jealously. Instead of using it as a default filing cabinet for other login credentials and passwords, this information should be moved out of your personal email folder and stored in a safer place. People really now need to use password management tools and software. You can take a look at and download the ISTR here.

April 20, 2010 | Filed Under Announcements, Security | Leave a Comment 

Norton 2011 BETA

For many people it feels that we have just started into 2010. Well, in the fast moving world of security, we are always having to adapt and innovate. So, to that end, yesterday we released into BETA NAV 2011 and NIS 2011. This provides an insight into what we are planning for your next release of these products. The 2011 Norton BETAs are being developed to improve or maintain key performance benchmarks in installation times, scan times, and memory usage. In addition, the products will include System Insight 2.0 which goes beyond security and alerts users when applications are significantly impacting their system resources.

At the heart of this Norton release is the industry leading reputation-based security technology. New to 2011, Download Insight 2.0  increases the breadth of the product’s reputation protection by applying it to virtually every download  regardless of the client (browser, email, IM).  This helps ensure that users are protected from harmful downloads no matter how the file is delivered to their machine. Additionally, Norton 2011 uses the reputation information to report on the “trustworthiness” of files on a system and help users understand if their download behavior is more or less risky versus the 53 million Norton Community Watch members today.  You can download it here.

Furthermore we are also providing into BETA some additional tools. Symantec is announcing several new tools in the fight against cybercrime. These tools will remain free and address some of today’s trickiest and most prevalent issues related to malware infection and removal. We are introducing Norton Safe Web for Facebook, that will scan feeds for malicious URLs. You can download it here.

Norton Power Eraser is a tool specifically designed to help find and remove those ‘scareware’ applications that are adept at deceiving you and prove difficult to remove. You can down load it here.

Finally, we have the Norton Bootable Recovery Tool, which  allows Norton users to boot a PC into a safe state when a system is so deeply infected that it will not properly start up. New this year, the Norton Bootable Recovery Tool wizard automatically creates a CD/DVD/USB bootable device in a quick and easy way. You can download it here.

April 20, 2010 | Filed Under Announcements, Security | Leave a Comment 

Watch out for an IE update coming your way

MS is are preparing to issue an out of band update for Internet Explorer (IE). MS normally issue one set of security updates per month and this happens on the second Tuesday of the month and is normally referred to as ‘Patch Tuesday’. This is now the second time this year, according to my reckoning, that MS have issued an out of band update. The update should be issued later today, Tuesday, March 30th.

The update will fix a number of critical vulnerabilities for all versions of IE. Watch out for the patch being pushed to your PC in the normal way. It would appear that you will have to reboot, but install it as soon as you receive it.

March 30, 2010 | Filed Under Announcements, Security | Leave a Comment 

Passwords – you got to love them!

When was the last time you changed a password? What is the most complicated password that you use? How many different passwords do you have? Why do I ask? Well, to make you think about passwords and maybe to make you feel guilty that you need to change some of the ones that you use regularly.

Password ‘hygiene’ is important – You should not go too long without changing them and you should not share them. They form a vital layer of online defence for you and your family. Our security response guys have posted an interesting blog on passwords. Furthermore, they have setup a quick one minute survey to establish just how your password hygiene compares to that of others. Go on and take the survey, the results from all of us I am sure will be interesting. Let’s hope that we are saved from the odour of an online community that does not take password hygiene seriously!

March 26, 2010 | Filed Under Announcements, Security | Leave a Comment 

‘Just the ticket!’

I was driving home yesterday and listening to the news on the radio. The news item that caught my attention and interest was that ballot for tickets for London 2012 was now open and you can apply for it a online. I said to myself: ‘here we go again’. High profile sporting events, like this, provide an opportunity to the cybercriminals. Now, the London games are still some two years away and the official website is at pains to point out that no tickets are actually for sale at this point in time. However, a piece in ‘The Times Online’ today outlines some of the online shenanigans that are ongoing with respect to another high profile and imminent sporting event: the World Cup.

With only 79 days to go, we can see a wave of spam email and fake offers filling the internet. Major events such as the World Cup see an increase in online attacks. We here at Symantec found that attacks increased by 40 per cent before the 2006 World Cup and 66 per cent during the 2008 Olympics. Sadly, it looks like this is set to be repeated if not surpassed in the run through to this year’s World Cup.

The advice has to be for you to be very suspicious of emails that you receive offering you amazing bargains or exclusive access to tickets, flights or accommodation. Do not click on any attachments to these emails or links. If you have signed up with an official and recognised ticketing organisation, then you should expect emails. If you have not, then delete emails that you get offering you this stuff. If you are interested in attending the World Cup, tickets so far have been sold exclusively through the Fifa website and the game’s world governing body has warned fans to be sure they are buying only from authorised companies selling official tour packages or tickets.

Being a Scotsman, I can only hope that I will be looking to buy a ticket to the next UEFA European football championships, in Poland/Ukraine, in 2012!

March 23, 2010 | Filed Under Announcements, Security | Leave a Comment 

Symantec guide to scary internet threats

Scary internet threatsThe countdown to the World Cup is well underway. It is clearly going to be the event of the Summer – even if Scotland did not qualify and are not going to be there. As such, the cybercriminals are turning their attention to it. Whilst none of them will be an official FIFA partner, that will not deter them from leveraging and piggy-backing off the pack of this truly global event. We thought it both timely and relevant to produce another one of our Symantec guides to scary internet stuff. The subject this time is ‘internet threats’. We hope you enjoy it and you act on the message. You can find the link to the video here. Read more

March 16, 2010 | Filed Under Announcements, Security, Uncategorized | Leave a Comment 

Public BETA: Norton SafeWeb Lite

Norton SafeWebSearch engine poisoning has become a very popular tactic to direct people to compromised web sites that, in turn, will attempt to scam you or install malware. This approach recognises that, for most of us, we now rely on the search engine on a daily basis. It is our first port of call to find out about something, someone or somewhere. The hackers and cybercriminals have latched onto this and are now inserting malicious URLS, or compromising legitimate ones, in an attempt to divert us into their hands.

This is something that the search engine operators, and we in the security community, are developing and deploying solutions for. Norton customers, for the past year or so, have been able to have their search engine results ‘marked-up’, to allow them to see what URLs we understand to be good, as opposed to those which we know, or suspect, to be compromised or bad. This uses a technology we developed called Norton SafeWeb. We involve those Norton Customers who are part of our Norton Community Watch initiative (35 million or so of them at the latest count), to help feed us suspicious URLs that we can then analyse. It is a layer of security that we know is very effective and from which many of our customers benefit from.

The good news is that we are now looking at deploying a version of the Norton SafeWeb technology to non-Norton customers. To that end we have just put into public BETA, a tool called Norton SafeWeb Lite. You can download it here from the Norton BETA site.

February 16, 2010 | Filed Under Announcements, Security | Leave a Comment 

Next Page »