Symantec says security software needs speed
- 16 July, 2008 08:26
Symantec released beta versions of its flagship Windows software Tuesday, citing significant improvements in performance.
The previews of Norton Internet Security 2009 and Norton AntiVirus 2009, both of which run on Windows XP or Windows Vista, boast "breakthrough" changes in performance, said Jody Gibney, the senior product manager for the former product.
"We've been looking at performance the right way in the past," argued Gibney, "but because of the changing way people are using their PCs and because of their demanding expectations, it wasn't enough to be a great-performing security product. We had to be a great performing product, period."
Research the company conducted showed that lackluster performance and system impact were the biggest reasons why customers switched security software, she added.
Among the changes to the new versions was a reduction in memory consumption, a decision prompted by research that showed 40% of Symantec's base runs PCs equipped with just 512MB of RAM.
Norton Internet Security (NIS) 2009, for example, consumes about 6MB of memory when it's running, said Gibney, just over half the 11MB used by NIS 2008, the current in-production version of the product.
The performance rewrite -- Gibney called it "not incremental, but breakthrough" -- included changes to everything from the software's memory footprint and CPU utilization to scanning time.
To trim scanning time, Symantec will debut a new technology dubbed "Norton Insight" that's designed to reduce the number of files that must be scanned by about 65 per cent, on average. Insight takes advantage of the Symantec software's in-place heuristic scanning engine, then combines that with statistical analysis of the hard drive contents of the 14 million users of the Norton line to identify files that can be trusted, and thus removed from the scanning list.
"We're trying to hone in on the unknown types of files," said Gibney, "by deciding whether we're confident that a file is safe or not." Malware that tries to avoid detection by masquerading as a common system file will be sniffed out by the heuristics engine, she said.
Other reductions in scanning time were achieved by eliminating needless duplicate scans. "A scanner will scan files on access, but if you're moving or copying that file, it will be scanned again when the operating system creates a temporary location, and then scanning again when it reaches its [permanent] destination," said Gibney. "That's a perfect example of scanning you don't have to do."
The new software also features more frequent updates, a change Symantec calls "Norton Pulse Updates." Rather than wait for the an every-eight-hour cycle to distribute signature updates, as it does now, the 2009 software will receive a steady stream of updates as the signatures are crafted by company researchers. "It's almost like an RSS feed," said Gibney. "This was a major, major overhaul."
Pulse updates will be pushed to users every 5 to 15 minutes.
"It wasn't surprising that customers were telling us performance was important," she concluded. "What was a surprise was that it was the most important thing, that it was more important than functionality, even more than the degree it was protecting their PCs."
The betas have been posted to the Symantec Web site, and can be downloaded free of charge.