The software will go to beta testers in July and hit the shelves in October, according to group product manager Oliver Schmelzle, who joined Symantec when it acquired WholeSecurity last year.
WholeSecurity’s anti-phishing toolbar and behavioral threat recognition heuristics are the key technologies underpinning Confidential.
It’s a complement to Symantec’s antivirus software, and it’s also the first Symantec product to work with other antivirus products from other vendors, Schmelzle said.
The next version of Symantec’s flagship Norton Internet Security suite will also contain some of the Confidential features, Schmelzle said.
Confidential will also feature a small subset of NIS functionality. Namely, the ability to detect and remove malware that Symantec defines as crimeware, programs such as keystroke loggers that attempt to steal passwords and credit card numbers.
Schmelzle said that Confidential will be able to remove crimeware for which Symantec signatures exist. It will also be able to thwart crimeware for which signatures do not exist, using some of the WholeSecurity behaviorial technology, he said.
During a secure browser transaction, like a credit card purchase, Confidential will be able to block access to the keyboard and monitor display by any running application that is trying to access that data, Schmelzle said.
Confidential will also be able to detect phishing sites using a combination of a URL block-list and heuristics that look for common phishing characteristics in the address and HTML, he said.
In that regard, the software will compete with the functionality that the two main browser makers plan to include for free in forthcoming browsers.
In Firefox they’re planning verification based just on black-lists, Schmelzle said. IE7 will have have some heuristics functions, so we will compete there.
Confidential will also create an encrypted wallet on the user’s desktop, so that sensitive data like credit card numbers can be stored, encrypted, not just for auto-filling forms but also to stop that data leaving the PC, according to Symantec.
The final feature is a safe-list of the fingerprints of SSL certificates known to be used by a small number of high-traffic banks and e-commerce sites, Schmelzle said. This will allow Confidential to not only alert the user when a site is potentially unsafe, but also to tell them when it is definitely genuine.
The company has not decided on pricing yet, but we suspect it will be in the $30 range.
