Symantec wants you to know that they're serious about security. The software giant recently invited Evergeek to tour their Security Operating Center in Alexandria, Virginia to learn more about how they protect their consumer and business clients from purveyors of malicious code.

The facility, one of four located around the globe, is protected by giant, brushed copper metal doors as well as both biometric and card scanning security devices. A futuristic looking foyer that acts as a mantrap (the door to the security floor remains locked tight while the door to the lobby is open, and vice versa) serves as extra insurance that no intruders can slip inside. Visitors can only view the main operating room from a glass-enclosed observation booth.

The primary work space looks like a war room. Three enormous screens are mounted on the front wall, one of which displays a map of the world that shows up-to-the-second information on the density of attacks currently affecting all populated continents (a system Symantec calls their DeepSight Threat Monitor). Behind these screens sit rows of analysts working in multiple-monitor pods.

When asked why Symantec required a room that seems as though it would be more at home in a Mission Impossible movie than a software company office building, Jonah Paransky, the Director of Product Management for Symantec's Managed Security Services, replied, "Our customers need to trust that we're protecting their confidential information."

It could be argued that all of the Hollywood-esque flourishes--the giant monitors, fancy metal doors, and electronic security measures--are there for optics; to make people feel as though the money they spend on Symantec security is buying them the most high tech protection around.

But what can't be debated is that Symantec does indeed take security seriously.

Symantec's most recent Internet Security Threat Report, issued in March and covering the six months of Internet activity between July and December 2005, is based on information gleaned from some two million decoy email accounts as well as data collected from 120 million client, server, and gateway systems around the world. Symantec collects more than a billion logs from these sources each day, which accounts for more than 70 terabytes of data (that's enough ones and zeroes to fill more than 2,300 30GB iPods, daily). From this information they identify and track in excess of 10,000 security attacks on their clients every 24 hours.

These attacks often don't come in the form many of us would expect. According to Vincent Weafer, Senior Director of Development, Symantec Security Response, there has been a distinct shift from the authoring and distribution of destructive viruses designed simply to break systems, cause havoc, and garner infamy for the code writer, to "criminalware;" malicious code designed to financially benefit the attacker. These attacks come in many forms, such as keystroke logging programs that can be used to pilfer passwords and usernames, and "phishing" emails that typically appear as though they come from a financial institution requesting the user respond by sending personal data.

"We blocked 1.5 billion phishing attacks in the second half of 2005," said Mr. Paransky. "That was an increase of 44 per cent over the first six months of the year."

While phishing attacks have the potential to cause financial harm, more often they're just a nuisance, arriving in our mailboxes day after day but going ignored by most users with a modicum of Internet savvy. Things can get uglier--and more personal--at the enterprise level. Denial of Service (DoS) attacks, which see web sites overwhelmed by false traffic that blocks out legitimate visitors, can potentially ruin businesses. Once such attacks have been initiated, the attacker typically contacts the company to blackmail them with an ultimatum: pay 'x' amount of money to stop the attack.

Mr. Weafer expects the frequency of these so-called "cybercrimes" to only grow over time as attackers become more calculating, efficient, and organized. In fact, he estimates that there are currently "20-30 families worldwide involved in organized cybercrime." He explained that this number will likely rise because more sophisticated attacks are becoming available to less sophisticated users, thanks largely to what essentially amounts to open source criminal code--freely available exploitative software that can be customized by people with little technical know-how.

Another potential security threat Mr. Weafer thinks may soon become a major concern is the criminal exploitation of devices other than PCs, such as cell phones and PDAs. Mr. Weafer is particularly worried about online gaming systems like the Microsoft Xbox 360 and the forthcoming PlayStation3 being commandeered for criminal use. "When the numbers [of new types of devices that connect to the Internet] start to get high enough, you start to see interest from attackers," said Mr. Weafer. He believes that game systems could become a primary target for attackers interested in setting up "bot" networks—groups of machines that can be controlled remotely and used to anonymously attack other systems. Mr. Weafer said that game systems are alluring to attackers because they represent a common platform without antiviral systems that will be connected to the Internet by the millions. Design a piece of malicious code that can successfully exploit a security flaw in one Xbox 360, and it can just as easily exploit the same flaw in millions of units.

Of course, the question everyone who doesn't use security software wants answered is how likely are they to suffer an attack? Symantec's analysts have tested thousands of "naked" systems--machines connected to the Internet with no firewalls, no installed anti-virus packages, no software patches... no security of any kind. According to their research, a naked PC running Windows XP Professional will, on average, be compromised by an attack of some kind within about an hour of being connected to the Internet. In one instance they actually saw an attack take place in 37 seconds.

The bottom line is this: if you don't have security for your PC, get it, and if you already have it, make sure to keep your software up to date. No security is foolproof, but we can take heart in the fact that companies like Symantec are spending billions in an effort to protect the integrity of our PCs--assuming we subscribe to their services.