Safe Web Net

Although there are debates about the seriousness and prevalence of malware, Internet Security Suites remain one of the top-selling computer products. The current crop, usually with a ‘2010’ moniker, while they provide a simple user experience, are nonetheless sprawling, complicated, difficult-to-evaluate beasts. They provide protection, prevention, recovery, filtering and sometimes backup and tune-up.

Fortunately, some identifiable trends in the recent releases from Norton, Panda, Kaspersky, PCTools and other well-known brands help make sense of the seeming explosion of features. Here is a summary of the most significant trends.

Heuristic, Behavioral Identification

Previous generations of Security Suites relied on an easily-identifiable string of characters, called a signature, to identify a piece of malware. Signatures remain but increasingly security software identifies malware by its behavior or by classes of behavior called heuristics. Heuristic identification allows security software to provide protection on “day zero” of a threat’s appearance — immediate protection rather than too little to late, days later, after the security suite developer finally updates user’s threat signature database.

Genetic Malware Families

Early signatures were literal and the techniques used to match the signature to the malware were simple. Now, a single ‘genetic’ signature along with smarter matching techniques can identify whole families of malware. That means smaller threat databases and, again, a chance of protection against threats on “day zero”.

Centralized Threat Data

Traditionally, Security Suites have relied on regular updates of the local threat database on the user’s hard drive. Panda and others now store malware signatures on central servers. You may be thinking, like I did, that central storage of threat data would be less efficient due to the need to access the data over the internet. However having grasped the sophisticated cacheing and intelligent decisions about precisely when to go to the server for fresh data and when not to, I now find the idea compelling if immature.

Reduced CPU Hogging

Along with centralized signatures, many Security Suite developers made much-requested improvements in processor-hogging. One concrete technique is to reduce the number of processes. The number of process had been steadily increasing, each taking precious computer resources. Now, many feel that two processes, one for System-file scanning and another for user files give the best performance. Some of the new crop of Suites have adopted that idea and have only two processes.

Massive Gathering of Real-time Customer Threat Data

Panda, for example, thinks of their 4 million-strong user base as 4 million telemetry stations, all gathering threat information “at the coal face” Suite developers have always relied on their customers for information but are increasingly building anonymous “report-back-to-base” capabilities into their projects along with the capability to analyze the massive amount of accumulated data.

Reduced Customer Configuration and Interaction

Zero-Configuration stands as an important target for the ‘2009’ Security Suites. From installation, through registration to subsequent action confirmations, Suite developers now aim to be unseen and unheard, silently protecting their customers. Many, though, retain the deep configuration options for those customers who like to or need to tweak.

Email-Client-Independant and Web-Browser-Independant Filtering

Previous spam and browsing filters consisted of plugins for a limited number of popular email clients and web browsers. Now, sensibly, the trend is to block email spam and viral attachments, web site phishing and other malware at the packet level — before it ever gets to the email client or web browser.

User Definable Personal Details for Identification Theft Prevention

One small but important trend allows users to say exactly what is and what is not personal data. Once defined, the Security Sutie will take special precaustions to prevent that specific personal data from leaving the customer’s computer.

Some Examples of the New Wave of Security Suites

Panda has implemented most of the above trends in their Internet Security 2009 suite. Panda’s 4-million user computers become “telemetry sensors" for their Collective Intelligence Network which uses correlation & statistical analysis of 13-million malware samples and 100-million analyzed programs to quickly identify the most serious malware in the wild. Their new Genetic Heuristics Engine detects new variants of the most dangerous malware families and TruPrevent 2.0 behavioral analysis protects against not only unknown malware but also identity theft: phishing, banking trojans etc.

Panda’s Internet Security 2009 scans internet traffic and emails before they even reach your web browser and email client, and so works with any browser or email client. And Panda’s Marketing team have even given a name to lessening the user’s involvement: the "install and forget" philosophy.

PC Tools call their behavioral-based identification of day-zero threats “Behavior Guard”. BitDefender uses few system resources and tips its hat to lessening user involvement by installing easily onto badly compromised systems and by repairing itself in the case of damage.

Ambitious or Laggard

Looking at Internet Security Suites in terms of recent trends can clarify the rapid changes and current shakeup in the industry. It cruelly separates the ambitious, energetic players from the laggards resting on their laurels. Check out our list of popular Security Suites to see which ones stay on top of the trends.

Please leave a comment, below, if you see inaccuracies in the above, lack of clarity or just room for improvement.