In a nutshell, Symantec's new approach to detecting threats automatically derives reputation ratings (e.g. safe, unknown, unsafe) for every executable file available on the Internet. The reputation ratings are derived automatically using algorithms, not unlike Google's Page Rank algorithm, from literally billions of Norton Community Watch file reports from our tens of millions of participating users. Just like you use reputation ratings to choose whether or not to buy a book or a new MP3 player on sites like Amazon.com, the next generation of antivirus software can use the project's data to determine whether or not to allow an application to run on your computer. Think of it as the world's largest list of rated applications.
Unlike traditional antivirus, all of our reputation data is stored in the cloud - that is, in Symantec data centers - meaning that...
This year's Cutting Edge, Symantec's internal conference "for engineers, by engineers," promises to be an interesting one. Why? The last few years have brought serious challenges to the dominant antivirus fingerprinting approach. Right now, the security industry is built around the fingerprinting model – all of our processes, our automation, our data collection, our publishing systems – they’re all designed around the blacklisting model.
Unfortunately, while the industry had its head down honing the blacklisting approach (Symantec can automatically analyze and fingerprint up to 6M samples per week – how’s that for honing?), the rest of the world changed. Recent Symantec studies show that the volume of malware released now outpaces good software (potentially representing up to 65% of all unique software apps). Furthermore, industry reviews show that many new malware programs slip past all major antivirus products...
