Symantec set to streamline security offerings

Symantec has released new beta versions of its Norton Internet Security 2009 and Norton AntiVirus 2009 products citing "breakthrough" changes in performance.

Jody Gibney, senior product manager at Symantec said: "Because of the changing way people are using their PCs, and because of their demanding expectations, it wasn't enough to be a great-performing security product. We had to be a great performing product, period."

Research the company conducted showed that lacklustreperformance and system impact were the biggest reasons why customers switched security software, she added.

Among the changes to the new versions was a reduction in memory consumption, a decision prompted by research that showed 40 percent of Symantec's base ran PCs equipped with just 512MB of RAM.

Norton Internet Security (NIS) 2009, for example, consumes about 6MB of memory when it's running, said Gibney, just over half the 11MB used by NIS 2008, the current in-production version of the product.

The performance rewrite - Gibney called it "not incremental, but breakthrough" - included changes to everything from the software's memory footprint and CPU utilisation to scanning time.

To trim scanning time, Symantec will debut a new technology dubbed "Norton Insight" that's designed to reduce the number of files that must be scanned by about 65 percent, on average. Insight takes advantage of the Symantec software's in-place heuristic scanning engine, then combines that with statistical analysis of the hard drive contents of the 14 million users of the Norton line to identify files that can be trusted, and thus removed from the scanning list.

"We're trying to hone in on the unknown types of files," said Gibney, "by deciding whether we're confident that a file is safe or not." Malware that tries to avoid detection by masquerading as a common system file will be sniffed out by the heuristics engine, she said.

Other reductions in scanning time were achieved by eliminating needless duplicate scans. "A scanner will scan files on access, but if you're moving or copying that file, it will be scanned again when the operating system creates a temporary location, and then scanning again when it reaches its [permanent] destination," said Gibney. "That's a perfect example of scanning you don't have to do."

The new software also features more frequent updates, a change Symantec calls "Norton Pulse Updates." Rather than wait for the an every-eight-hour cycle to distribute signature updates, as it does now, the 2009 software will receive a steady stream of updates as the signatures are crafted by company researchers. "It's almost like an RSS feed," said Gibney. "This was a major, major overhaul." Pulse updates will be pushed to users every 5 to 15 minutes.

"It wasn't surprising that customers were telling us performance was important," she concluded. "What was a surprise was that it was the most important thing, that it was more important than functionality, even more than the degree it was protecting their PCs."

The betas have been posted to the Symantec website, and can be downloaded free of charge.