Symantec claims its 2009 Internet Security products will have “zero impact” on PC performance.

Norton Internet Security was once infamous for hogging system resources, but has placed significantly less demand on PCs in recent releases.

Now, Symantec claims this autumn’s product refresh will have no perceptible impact on PC performance. “People have told us ’security software is too big, it irritates me, I turn it off when I’m gaming’,” said Janice Chaffin, group president for Symantec’s consumer business in an exclusive briefing with PC Pro this morning.

“Fundamentally, consumers don’t want to be bothered at all. We’ve set as our goal zero-impact security,” she said.

The company has a number of ambitious performance targets for the 2009 products. Installation will take less than a minute, compared to the eight-minute average of today’s products. And the client software will have an install footprint of only 100MB, compared with 2008’s 400MB.

Are customers really bothered about a 400MB install in these days of terabyte hard disks? Symantec’s Con Mallon says it’s largely a symbolic gesture. “We’re trying to do it for perception,” said the company’s regional product marketing director. “If we’re at 400 meg and the guy next door is on 200 meg, they say ‘you’re bloated’.”

A report by e-mail and content security firm Marshal claims that just six botnets  are responsible for almost 90 percent of spam, but others in the spam filtering business disagree with the report’s findings.

For the month of February, Marshal found that the most dominant botnet spewing out junk e-mail was not the vaunted Storm worm but a network called Srizbi, which first emerged last summer. Symantec reports Srizbi as a “Trojan horse that sends spam and uses a rootkit to hide itself.”

Srizbi seems to be in the seeding stage, as it were, because all it’s doing now is perpetuating itself. It sends out spam to other people so they open a link that infects them with the Srizbi Trojan

Marshal has it accounting for 39 percent of spam it discovered in February. Just the month prior, the botnet Mega-D, so dubbed because it was selling male sexual enhancement products, was the major nuisance, with 35 percent of the spam.

Glen Myers, an engineer with Marshal, said Mega-D lost its place because it shut down for 10 days. Why he does not know, but he said that didn’t lessen the amount of spam on the Internet. “It just moved to other networks. That’s why other networks came in so high,” he told InternetNews.com. “I don’t know if that means there’s a relation between people running botnets or if advertisers are moving their content around.”

Storm, by contrast, only accounted for two percent of the spam in the Marshal report. That seems extremely low considering how resilient and ubiquitous the worm was. “Storm got a lot of publicity, and people started specifically targeting that worm. That is impacting their ability to use it,” said Myers.

Paul Piccard, director of threat research for Webroot Software, agrees on that point. “We have seen a decrease in the Storm network. There’s been less instances and samples of Storm that we’ve seen recently. There’s been a large push by security vendors to roll out signatures that detect and remove Storm,” he said.

However, he’s not so sure that just six botnets are responsible for the millions of spam messages floating around on the Internet. “If it was only six, we would have a much easier time protecting our customers, said Piccard. “It’s a little misleading to say there’s six botnets because there’s multiple variants of each. There are some times close to 100 variants to specific pieces of malware.”

Scott Montgomery, vice president of global technical strategy for Secure Computing, was even more blunt in his assessment. “Their premise is that the snapshot from their spam traps constitutes fact. Srizbi is a pretty neat little Trojan, I just think their scale is way off. To think this ten million machine behemoth Storm botnet is not relevant, I don’t think is reflective of what’s going on,” he said.

But Myers defends the findings, saying it’s a “true application of the 80/20 rule, that 80 percent of the spam comes from the top 20 percent of botnets. We’ve already seen an example of this in February when the Mega-D botnet went down and everything moved to Srizbi.”

As security gets better at blocking Storm, he argues, spammers “are less likely to send out waves of Storm as they get diminishing returns because everyone is looking for Storm. How many people are looking for Rustock?” he said, in reference to a botnet that said accounted for 20 percent of spam in February.

Don’t count Storm out, warned Piccard. “Remember, when you can create variants very quickly and create new pieces of malware, it’s not uncommon for malware to make a comeback later on,” he said. “Right now could be a quiet period for Storm but we could see an uptick in activity in a few weeks to a month from now.”

 AVG Technologies is the latest antivirus vendor to beef up its security suite to cover as wide a range of threats as possible by including link-scanning technology it acquired late last year.

AVG (which changed its name from Grisoft earlier this year) isn’t as well known in the U.S. as Symantec, McAfee or Trend Micro, but it has a huge international presence, particularly in Europe where it is based. It consistently scores very high in antivirus tests against known threats, but its tests against zero-day threats are a little more inconsistent.

That’s one area it’s working to overcome, and one step in the process was the December acquisition of Exploit Prevention Labs, developer of LinkScanner, a utility that scans the links of search results on Google, Yahoo and other search engines to check for hidden malware behind the link. While the company is also working on its heuristics to catch as-yet undiscovered viruses, it’s also trying to help users avoid infection in the first place.

In addition to the LinkScanner Web checking, AVG Internet Security 8.0 offers a considerable performance improvement thanks to being rewritten for multi-core processors and combining its two separate virus and spyware databases into a single database. It also sports a whole new UI and offers scanning of any file transfers over the HTTP protocol, since that’s how most infections come into a computer.

Between the link checker and HTTP scanning, AVG believes “we’ve done all the things we need to do for today’s threats,” said Bridwell.

AVG Internet Security 8.0 also adds protection to Internet Explorer and Firefox browsers against so-called drive-by downloads, protects file exchanges over MSN and ICQ instant messengers, comes with a new firewall and a new anti-rootkit shield.

AVG Internet Security 8.0 is available for download starting February 28, at a cost of $54.99 for a one-year license and $79.99 for a two-year license.