ABOUT SYMANTEC

Press Release

Symantec Delivers Groundbreaking Reputation-based Security Technology

New technology codenamed “Quorum” leverages the wisdom of crowds to deliver an entirely new approach to protecting against new and unknown threats

MOUNTAIN VIEW, Calif. – September 9, 2009 – Symantec Corp. (Nasdaq: SYMC) today announced that it has integrated its revolutionary reputation-based security technology, Quorum, into its new Norton 2010 solutions: Norton Internet Security 2010 and Norton AntiVirus 2010. Quorum leverages the anonymous software usage patterns of Symantec’s extensive volunteer user community to automatically identify entirely new spyware, viruses and worms.


“This new technology changes the rules of the malware game, shifting the odds significantly in favor of our users,” said Stephen Trilling, senior vice president, Security Technology and Response, Symantec. “By harnessing the wisdom of our tens of millions of users, we’re able to detect threats that are invisible to traditional security products.”


Why Reputation-Based Security Technology?

Significant changes in the threat landscape over the last few years have dramatically altered the typical distribution profile for new malware. Today, instead of a single malware strain infecting millions of machines, it is much more common to see many millions of malware strains, each targeting only a handful of machines. In 2008, Symantec discovered more than 120 million distinct malware variants. In this environment, it is necessary to move beyond traditional security approaches to stay ahead of new malware.


Traditional antivirus software relies on virus signatures to blacklist those pieces of malware that should be blocked from a user’s machine. Ten years ago, Symantec published an average of five new virus signatures each day. Today, in spite of the fact that each signature can detect many different malware strains, security vendors regularly publish thousands of signatures or more per day.


Quorum reputation-based security complements traditional security techniques by using anonymous software usage patterns to classify files as safe or unsafe. The Quorum technology was developed at Symantec from the ground up, and provides a fundamentally new layer of protection from today’s latest threats. Symantec Research Labs began development of the technology about three years ago, investigating how small amounts of data regarding file usage on a user’s system, collected from a very large distributed community, could be used to predict the likelihood of a given file being malicious or not. After a successful prototype was developed, the project was transferred to the Security Technology and Response group to develop a full commercial release and bring the new technology to market.


How does it work?

Symantec’s Quorum reputation-based security leverages data from multiple sources, including: anonymous data contributed by tens of millions of Norton Community Watch members, data provided by software publishers, and anonymous data contributed by enterprise customers in a data collection program tailored to large enterprises. The data is continually imported and fed into the reputation engine to produce a security reputation rating for each software file, all without ever having to scan the file itself. Quorum uses information such as the file’s prevalence, age and other attributes to compute highly accurate reputation scores. These reputation ratings are then made available to all Symantec users through a large cloud-based infrastructure of Symantec servers. For more detailed information on Quorum, visit the Norton Protection Blog.


What are the benefits of Quorum?

  • Provides information on all executable files. Traditionally, security companies primarily have protection for the malware actually sent to them by vigilant users or exchanged with other security researchers. In contrast, Quorum holds reputation ratings on every executable file used by every participating Symantec user across the globe.
  • Integrates with Symantec’s new Download Insight. The most visible way to see Quorum in action in Norton Internet Security 2010 and Norton AntiVirus 2010 is to download a new executable file from the Internet. The new Download Insight feature uses Quorum reputation information to help determine each downloaded file’s safety – the user is then informed of the file’s reputation, and bad-reputation files are automatically blocked. In addition, a user can right click on any executable file and find out where the file came from, how many other Symantec users are using the file, when Symantec first saw the file and what the security reputation is for the file.
  • Reduces dependence on traditional signatures. Quorum defeats an attacker’s ability to mutate their malware to evade traditional signature-based detection. In fact, with Quorum, the more an attacker modifies a threat the more obvious it will be that the file is suspicious.
  • Amplifies existing security technologies. In addition to providing an additional layer of protection, Quorum also allows existing Symantec security technologies, including heuristics and behavior-based detection, to be deployed in a more aggressive mode to increase the overall level of protection provided to users.

About Security Technology and Response

Symantec’s Security Technology and Response (STAR) organization, which includes Security Response, is a worldwide team of security engineers, threat analysts, and researchers that provides the underlying functionality, content, and support for all Symantec corporate and consumer security products. With global response centers located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the Internet, receives data from 40,000 network sensors in more than 200 countries, and tracks more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection.


About Symantec Research Labs

Symantec Research Labs (SRL) is Symantec’s global research organization and has played a leading role in developing and commercializing numerous cutting-edge technologies across Symantec’s business areas. Commercialized technologies from the group include industry leading rootkit protection, innovative browser protection technology to proactively block future exploits of known vulnerabilities, Symantec’s first antispam technology, generic exploit blocking technology that proactively blocks fast-spreading threats, online consumer security services, and technology to help protect our nation’s critical power-grid infrastructure. SRL also partners with outside organizations on joint projects, through its university and government research efforts.


About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.


Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.


Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.