Though the technology may still be in the lab, Symantec says its plans for the future include the delivery of online protection services that prevent phishing and identity theft while also warning about spyware-infested Web sites.
Tom Powledge, director of product management at Symantec, said the security firm hopes to have an anti-phishing service ready by fall that would work by monitoring the user’s PC to detect any attack to lure the user onto a fake Web site. The research, which Symantec is carrying out under the name “Project Codename Genesis,” depends on how successful Symantec is in developing client software, delivered as a service, that would stop and block the phishing attack, based on looking at tricks in the Web site’s URL and page contents.
“We would use a form of heuristics to determine a fraudulent Web site,” Powledge said.
The anti-phishing service would entail a real-time determination if a visited page is trying to imitate a real Web site. If the page is determined to be a fake, Symantec would immediately provide an on-screen warning blocking the site and giving the user the opportunity to get further information through online chat, e-mail or phone.
Symantec’s second related security initiative, dubbed “Security 2.0,” would entail Symantec issuing real-time warnings to users that visit Web sites with undesirable content such as spyware or adware.
“Our vision of the future is that you’ll see either 'Safe Site' or 'Unsafe Site,'” said Powledge. Symantec will make these broad determinations based on constantly scouring the Web with crawlers to look at site contents and activities, while also checking digital certificates for authenticity.
Symantec is also mulling establishing "community credibility ratings" for Web sites. The goal, said Powledge, is to guarantee a "trusted search experience" to subscribers of the Symantec services of the future.
Accomplishing these ambitious projects and turning them into commercial service offerings for consumers will require Symantec to work with e-commerce providers, online banks, and perhaps other partners. Symantec gained some of the software technology for the online security services through its acquisition last year of WholeSecurity. But there is much more development needed to bring the plan to fruition, Powledge acknowledged.
Nonetheless, Symantec has sufficient confidence in its future plans to begin sharing them publicly. Symantec CEO John Thompson is expected to provide an overview about both “Project Codename Genesis” and “Security 2.0” during the RSA Conference 2006.