Endpoint Protection

 View Only

It's All About Reputation 

Oct 02, 2008 09:54 AM

In a nutshell, Symantec's new approach to detecting threats automatically derives reputation ratings (e.g. safe, unknown, unsafe) for every executable file available on the Internet. The reputation ratings are derived automatically using algorithms, not unlike Google's Page Rank algorithm, from literally billions of Norton Community Watch file reports from our tens of millions of participating users. Just like you use reputation ratings to choose whether or not to buy a book or a new MP3 player on sites like Amazon.com, the next generation of antivirus software can use the project's data to determine whether or not to allow an application to run on your computer. Think of it as the world's largest list of rated applications.
Unlike traditional antivirus, all of our reputation data is stored in the cloud - that is, in Symantec data centers - meaning that if and when we shift to this model, we can drastically reduce the memory and performance impact of traditional antivirus software. Given this fact, Symantec's approach should work just as well for a cell phone as a desktop PC.
It's different than some of the other "cloud-based AV" systems that are being announced, in that it can detect and protect against entirely new malicious code - even malicious code on just one person's PC that's never been seen by a security company. From what I've read, these other systems still rely on fingerprints to detect new malware. They're just hosting some of those fingerprints on servers instead of on your PC. (This is only my speculation, so take it with a grain of salt.)
We're not quite ready to completely replace our traditional antivirus technology, but soon we hope to release hybrid security products that leverage both old and new techniques. I'd be proud for Symantec to be the first company to finally kick the fingerprint habit.
In any case, I'm expecting a fair amount of spirited debate about the results. I'm not expecting too many people to defend traditional fingerprinting, however. Symantec's R&D leaders long ago agreed that this model is destined for the way of T-rex and Triceratops.

Message Edited by SR Blog Moderator on 10-06-2008 12:29 PM

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.