William Jackson | Another day, another layer of defense
Cybereye | Commentary: Each new layer of security serves a useful function, but how many layers is too much?
- By William Jackson
- Aug 03, 2007
Symantec recently released its latest product, Norton AntiBot, described as the 'first targeted security solution to combat the growing botnet pandemic.' AntiBot runs constantly in the background of your PC, looking for behavior that could indicate the computer has been inducted into a botnet.
Botnets, of course, are networks of compromised computers remotely controlled by a central command that can load malicious software on the victims for use in activities such as spamming, phishing and data theft.
On the surface, AntiBot is a good thing. Nobody wants to be part of a botnet. But this is not just the surface. AntiBot is a stand-alone product that Symantec calls 'an additional layer of protection that complements existing security solutions.' Defense in depth is the key to securing your PC, Symantec says. But how many layers of protection will a consumer tolerate before deciding that it is becoming too burdensome and throw in the towel?
I'm already running anti- virus software and a personal firewall, scanning for spyware and other malware, and getting automatic updates for operating-system patches and antivirus signatures. My browser checks for phishing and other fraudulent Web sites, and spam filters block unwanted e-mail messages on a variety of accounts. But now I guess I'll have to spend another $29.99 for Norton AntiBot, which comes with a one-year subscription to upgrades.
It may well be worth the $30. Botnets are a problem. Symantec reported around 6 million of them in the last half of 2006, a 30 percent increase compared with the preceding six months. Even if you don't want to accept Symantec's numbers without question ' they are selling a solution to the problem, after all ' just about everyone agrees on the scope of the problem.
I haven't yet tried it out or seen it reviewed, but AntiBot sounds like a good product. It runs constantly in the background, so the user doesn't have to initiate periodic scans. It monitors activity, looking for behavior indicating a bot compromise, and removes the malware.
All well and good. But why not roll this function into an existing product suite such as Norton Internet Security or Norton 360 rather than make it a stand-alone complement? Because of the seriousness of the botnet problem, Kim said, Symantec wanted it to reach the broadest base of non-Norton users possible. Read: Expand market share.
I don't begrudge Symantec its market. But I think that market would be better served by the simplest possible suite of functions in a single security product. I'm all for security, but I admit I am not the best practitioner of what I preach. I have said it before, any system that depends on me for its security is doomed. And I don't think I'm alone. What I would like to see is a nice, reasonably hard shell for my PC, protecting the chewy data inside. The simpler that shell, the more likely it is to be useful to me. I want to leave the additional layers of defense to my upstream network and service providers. Is that too much to ask?