Behind the scenes: Symantec's malware battle

gallery

The security industry is huge, with good reason. IT needs constant policing. Malware and botnets are just two of the ever-changing and increasing threats that users around the world face every day, with the security industry as the main - and often only - defence.

Indeed, there never seems to be an end in sight - leading some to doubt the value of the security industry, believing it exists to scare people and companies into buying products and support they don't really need.

But it is highly unlikely that there will ever be a time where the end-user will not make mistakes or insecure software won't be supplied.

And, as long as humans want to make money, and cybercrime offers an easy way to do so, security companies will need to keep up their work.

Symantec's frontline

It's a battle all security firms face, including Symantec. While the constantly changing frontline has been good for business - the firm was founded in 1982 and now sells to over 40 countries - it's no easy task to keep ahead of malware.

Criminals just don't stand still and many are as intelligent as the white knights of the security industry, with stories of gangs putting their people through computer school.

This means that the bulk of the work of the security industry, including Symantec, is behind the scenes in research and development.

While the California-based firm is possibly best known for its Norton series of anti-virus products, it's their research facility in Dublin which is taking the battle to the next level.

IT PRO recently had an exclusive look at those Dublin, Ireland labs - the Symantec's frontline in the unending battle between criminals and security.

The retro-fitted labs set up operations in 1990. There, Symantec deals with customer threat, response, antiviruses and antispam, and has around 900 employees. Although Symantec does have offices around the world, the Dublin offices are its prime manufacturing and research facility.

Changing vulnerabilities

Symantec deals with about 60,000 attacks and between 25 to 30 new malware vulnerabilities per month. Kevin Hogan, director of Symantec's response centre, said that tactics have changed in the last few years, from finding and deleting a virus when it had already hit to instead battling it at source, such as in browser protection. Rather than the focus being on detecting the virus, it is now more about identifying it before it can hit.

"Attacks have become more complex and multi-part. It was obvious that the technology and skillset had to change," said Hogan. "It's not about solely getting to the virus signatures anymore. We have to make sure the user isn't downloading it from something like Internet Explorer."

He also said that the sizes of the threats had increased. "We get sizes of definitions about 50 MB, which consumers can cope with, but with enterprises it can be a problem," he said.

Looking through the research facility, the bulk of the work appeared to be PC based, with only a small proportion of work done with Macs. However, Hogan made it very clear that this was not due to inherent flaws in Windows.

"Windows is not necessarily less secure," said Hogan.

He added: "I subscribe to the fact that as 90 per cent of users use Windows then obviously this is going to make it more of a target for attack. [With threats] the operating system is irrelevant."

Email to a friend

Print this page