Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

It's All About Reputation

Created: 02 Oct 2008 13:54:41 GMT • Updated: 23 Jan 2014 18:39:44 GMT
Carey Nachenberg's picture
0 0 Votes
Login to vote

In a nutshell, Symantec's new approach to detecting threats automatically derives reputation ratings (e.g. safe, unknown, unsafe) for every executable file available on the Internet. The reputation ratings are derived automatically using algorithms, not unlike Google's Page Rank algorithm, from literally billions of Norton Community Watch file reports from our tens of millions of participating users. Just like you use reputation ratings to choose whether or not to buy a book or a new MP3 player on sites like Amazon.com, the next generation of antivirus software can use the project's data to determine whether or not to allow an application to run on your computer. Think of it as the world's largest list of rated applications.
 
Unlike traditional antivirus, all of our reputation data is stored in the cloud - that is, in Symantec data centers - meaning that if and when we shift to this model, we can drastically reduce the memory and performance impact of traditional antivirus software. Given this fact, Symantec's approach should work just as well for a cell phone as a desktop PC.
 
It's different than some of the other "cloud-based AV" systems that are being announced, in that it can detect and protect against entirely new malicious code - even malicious code on just one person's PC that's never been seen by a security company. From what I've read, these other systems still rely on fingerprints to detect new malware. They're just hosting some of those fingerprints on servers instead of on your PC. (This is only my speculation, so take it with a grain of salt.)
 
We're not quite ready to completely replace our traditional antivirus technology, but soon we hope to release hybrid security products that leverage both old and new techniques. I'd be proud for Symantec to be the first company to finally kick the fingerprint habit.
 
In any case, I'm expecting a fair amount of spirited debate about the results. I'm not expecting too many people to defend traditional fingerprinting, however. Symantec's R&D leaders long ago agreed that this model is destined for the way of T-rex and Triceratops.

Message Edited by SR Blog Moderator on 10-06-2008 12:29 PM