Symantec would not comment on the specifics of the new software, but said the browser-neutral nature of the technology should hasten adoption. “A lot of these defenses are more than 98 percent effective, but the problem is, they are not rolled out to 98 percent of the population,” says Brian Witten, director of government research for Symantec. “If they were, the populace wouldn’t have the billion-dollar scale of the problem today.”
Symantec has a multi-pronged security system in place already, he says. The system includes an extensive effort at scanning e-mails for phishing characteristics. “We very quickly find out about bad sites that are phishing sites, and disseminate new protective capabilities, based on this intelligence, through the Phish Report Network we operate and our mail security products, such as Symantec Brightmail,” he says. That allows browsers or ISPs to block the Web addresses of the phony institutions.
Since late 2004, the Department of Homeland Security has committed approximately $13.8 million to Internet security research, including about $750,000 for the BBN project. Witten says the anti-phishing system represents one early payoff from this funding.
“Going against threats like that is a strong motivation for a public-private partnership,” Witten says. “The core motivation for engaging with BBN for long-term, multi-year research collaboration is that the threat is evolving so quickly. It is a billion-dollar, transnational criminal threat.” The collaboration with BBN will likely last for several years, he says.