Norton's "Canary" technology creates "vulnerability signatures"

Symantec technology creates new protection for Internet Explorer users.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi
2 min read

As part of their upcoming Norton Internet Security 2008 product, Symantec will include a new technology they're currently calling "Canary." The idea behind Canary is vulnerable browsers are the first point of entry for many Web threats known as "drive by" downloads. Canary will identify signatures of known Internet Explorer browser vulnerabilities then block exploits as soon as they are released. "Canary creates vulnerability signatures," said Rowan Trollope, vice president of Consumer Products at Symantec. Signatures for other browsers, including Firefox, will be included in the future.

The timing of this new technology couldn't be better as Web attacks are on the upswing. This past week there was a rash of legitimate Web sites infected with hostile drive-by code, most of it originating from servers running Mpack, a multipurpose exploit package. The Mpack attack works, in part, if your browser is vulnerable to any of the exploits hosted on the server. IE has a number of outstanding public vulnerabilities, so until Microsoft patches them, Canary will block any newly created exploits. Even after Microsoft issues a patch for a vulnerability, Canary's signatures remain. "This isn't like virus signatures; IE has less than 100 vulnerability signatures," said Trollope.

Canary, which will be known by another name when it goes public, should be available in time for the 2008 product launch in August or September of this year. It will be included within Norton Antivirus 2008, Norton Internet Security 2008, and Norton 360 2.0. Current Norton 2007 subscribers will also get this technology as part of Symantec's automated program updates following the 2008 product release.