Symantec closes in on delivery of major AV update

Vendor irons out final code for Hamlet, which incorporates technology from several Symantec acquisitions

Symantec is slipping on its target delivery time for the next major upgrade of its security product for enterprises, code-named Hamlet, while it irons out final code wrinkles during beta testing.

In May 2006, Symantec CEO John Thompson said Hamlet would be released between January and March of this year. But the product is one of Symantec's biggest releases, incorporating technology from several of Symantec's acquisitions into one piece of code, so more testing is being done.

The company, which holds the highest market share of any security software maker, is deploying Hamlet internally as well as among a limited set of beta customers for testing, said Mathew Lodge, director of product marketing for Europe, the Middle East, and Africa, on Wednesday.

"The trials are very important to us, and we feel it's important that we get through those and ensure it is very solid," Lodge said.

Next month, Symantec will announce a public beta schedule, pricing, delivery dates, and the product's name, Lodge said.

Symantec has woven in an ability to detect malicious programs based on what the software does on a computer. The technology came from WholeSecurity, which Symantec bought in 2005. Hamlet will still use the signature-based method, which relies on knowing the identity and characteristics of a bad program.

Most security software companies are developing behavior-based detection techniques as the number of malicious software programs has nearly outpaced the ability of vendors' antivirus labs to analyze them and create signatures.

Hamlet also will be able to control what devices can be connected to the network and set policies if those devices lack proper security updates, an area called network access control (NAC). Lodge said Hamlet's NAC will work regardless of what network hardware an enterprise is using.

NAC is considered important because employees are using a growing number of mobile devices that frequently leave and reconnect to the mother network. But the NAC area has moved somewhat slowly because of conflicts over protocols, types of network switches and incompatibility between vendor products, according to Current Analysis.

The NAC technology comes from Sygate Technologies. After the August 2005 acquisition, Symantec rebranded and sold Sygate's NAC product, Lodge said.

Symantec also incorporated rootkit detection capabilities into Hamlet. Rootkits are malicious applications that install themselves in evasive ways to avoid malicious software scanners, Lodge said. That code came from Veritas Software, he said.

Hamlet also includes traditional antivirus product features, such as a firewall, and a single management console for administrators.

Copyright © 2007 IDG Communications, Inc.