EH-Net

Ethical Hacking Discussions and Related Certifications => Malware => Topic started by: don on July 01, 2009, 11:02:46 AM


Title: Symantec to Introduce Reputation-Based Security
Post by: don on July 01, 2009, 11:02:46 AM
Quote

Information gathered under Symantec's Community Watch program will be used in Norton Antivirus 2010 and will eventually make its way into enterprise products

Symantec is to use the 'wisdom of the crowds' and introduce reputation-based security in the next version of its Norton Antivirus 2010 product.

The software, due out at the end of August, the company will be using information gathered under its Community Watch program.

Gerry Egan, Symantec product management director said that the problem that the company faced was that the old way of checking for anti-viruses was inefficient. "There are two approaches: blacklisting works well with files that you know are bad, and whitelisting, which works well with files that are known to be good -- but these don't work so well in the middle -- it was clear that we needed a new model."

Egan said that since 2007, Symantec had been working on the idea that the wisdom of the crowds would fill the gap

"We already use this approach for things likes books, music and films, we're happy to be guided by other people's opinions. We're using a variant of that." He added that Symantec didn't ask the individual users themselves. "To a user it's not obvious what is safe: Some threats are silent, sometimes the user doesn't know they're there, some threats infect legitimate process while other threats pretend to be legitimate."

He said that this reputation-based approach worked by constantly surveying the data being gathered from users without any need for human interaction. "We've devised our own algorithm within Symantec that takes the data from the 30 million users who have signed up to Community Watch and calculates whether every individual program is safe or not," said Egan.

Obviously, there will be new files that we'd be unsure about but we have an arrangement with reputable publishers to pre-approve their software. "For example," said Egan, "Adobe could release a new program next week but they'd be on the approved list of publishers," he said.

Egan said that this reputation-based approach would be used in consumer products first but would eventually make it into enterprises. He thought the new release would move Symantec ahead of its competitors and, more importantly, ahead of the bad guys.

" I think it will be harder for the bad guys to beat this. We think this will keep us ahead for some time."


Original story:
http://www.infoworld.com/d/security-central/symantec-introduce-reputation-based-security-389

Don

Title: Re: Symantec to Introduce Reputation-Based Security
Post by: ChrisG on July 02, 2009, 04:32:25 PM
interesting approach for massively distributed malware but seems like some custom targeted malware with a small distribution will still be ok.

Title: Re: Symantec to Introduce Reputation-Based Security
Post by: former33t on July 05, 2009, 09:09:43 PM
I'll be interested to see how this works in practice.  I think it's more marketing hype than anything else.  There are too many false conclusions to be drawn from shareware that is installed on ~50 or so machines that also happen to be infected (apart from the shareware).  What then?  Can you imagine the outcry when Symantec AV deletes the boss's new shareware gadget that was NOT malware?  There's also a legal liability to getting this wrong.  I'm sure the lawyers have carefully drafted something to limit their liability, but I still believe they'll err so far on the side of caution with this that it will be practically useless.

Title: Re: Symantec to Introduce Reputation-Based Security
Post by: Bane on August 17, 2009, 09:58:46 AM
Once again, Symantec follows instead of leading. McAfee has had this technology for awhile with their Artemis technology, as have Secure Computing with Trusted Source, and Ironport.  It doesn't sound like they have come up with any innovations here, howeverit will be interesting to see.

Title: Re: Symantec to Introduce Reputation-Based Security
Post by: aweSEC on August 18, 2009, 01:00:54 AM
Sounds interesting, but I still think that av-software will in some terms change its methods in detecting malware drastically in future. Though I am not sure how it will be done, I don't think that signature based detection will protect one from some of the stronger malware. Same applies to heuristic methods in my opinion.

Looking forward to coming techniques in this sector.


Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com