Symantec aims for a secure web, will offer free(ish) certificates

If you’ve ever wondered if the world could be a little more secure than what it is right now, you’re not the only one. In fact, it seems like every day, we’re hearing about some form of hack, and if not every day, then every week.

Too often, our passwords are let loose and spilled, as some nefarious individual goes after what isn’t theirs, and makes a name for themselves and a story for journalists like this one, forcing everyone else to re-evaluate their passwords and work out if perhaps its worth it to change them once again.

Companies online are having to deal with this on a regular basis, and it’s just frustrating for the end user, but much of it has to do with a lack of security on websites, and that’s something Symantec feels passionately about.

“There are almost a billion websites today, yet only about 3% of those sites are encrypted, which means cybercriminals have been able to make a good living off of the web’s lack of security,” said Roxane Divol, Senior Vice President and General manager of Website Security at Symantec.


Maths can be fun, but let’s tidy this up so people understand how dire the state of security is around the web. When Symantec says only roughly three percent of websites are encrypted, that’s a serious issue, because presently there are over one billion websites.

You may encounter some websites that are secure, mind you, with the padlock in the browser or the green URL bar, and that’s good, but so many aren’t.

For instance, this website — the one you’re reading it on, GadgetGuy — is not secure.

Much of the web doesn’t have a reason to be secure, mind you, and it’s one reason why it’s never posed much of a concern for the staff at GadgetGuy, but Symantec is hoping for a future where every website is locked down just in case something were to happen.

“[The information] might not be valuable to you, but for someone who is performing reconnaissance [on] a user who is accessing that service, it might be invaluable,” said Nick Savvides, Symantec’s Manager for Cyber Security Strategy in the Asia Pacific region.

Savvides told GadgetGuy that he’d “prefer to see everything encrypted” overall, making the entirety of the internet safer for all.


“Many people believe that keeping to well-known, legitimate websites will keep them safe from online crime. This is not true,” he said.

“Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because businesses are failing to adequately secure their websites.”

You might be wondering why websites don’t automatically come secure, and there’s a great reason for this: it costs money.

It’s not necessarily a lot of money, but it can range between $30 and $3700, and that’s for a year. Websites don’t generally cost much to host, with most of the money going to development, but when security certificates are a yearly cost — and a fairly expensive one, at that — it’s not going to be a necessity for every web page.

To help get businesses and websites on track with this, however, Symantec is about to offer them a lifeline, with free security certificates under a program it calls “Encryption Everywhere”.

The concept is fairly easy, with Symantec working with hosting providers and control panel solutions to get a basic security certificate installed onto servers that use it. If you currently run a website for your business, it might be worth checking with your hosting provider whether you can get the Symantec certificate for free, or if you run your own server, it may come through cPanel and WHMCS.

But that’s pretty much it, because if you don’t use one of the few supported platforms in the beginning or host with Internet X or HostPoint — the first two hosting companies that work with Encryption Everywhere — you’re basically out of luck, as we found when we tried to acquire a free certificate ourselves.

“Basically, what we’re doing is a phased approach,” said Savvides. “In our first iteration, we are targeting hosting companies to offer this free to customers as part of their hosted offerings.”

In fact, Savvides has said that the timing for anyone to just grab one of the free certificates “has yet to be determined”, because right now, it “has to come from a hosting provider” but eventually the company wants to open it up.

That means the while the company will be offering free security certificates, your website isn’t likely to get them just yet.

Despite this, Symantec has set itself a target of 2018 to get the internet totally secure, though we’ll admit that its free security certificates (with a catch) have a long way to go themselves until they’re truly helping the web get to that point.