Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Symantec culls user data to spot unsafe programs

Repuation AV to beat the bad guys.

By Maxwell Cooter | Techworld | Published: 10:10, 26 June 2009

Symantec is to use the 'wisdom of the crowds' and introduce reputation-based security in the next version of its Norton Antivirus 2010 product.

The software, due out at the end of August, the company will be using information gathered under its Community Watch programme.

Gerry Egan, Symantec product management director said that the problem that the company faced was that the old way of checking for anti-viruses was inefficient. "There are two approaches: blacklisting works well with files that you know are bad, and whitelisting, which works well with files that are known to be good - but these don't work so well in the middle - it was clear that we needed a new model."

Egan said that since 2007, Symantec had been working on the idea that the wisdom of the crowds would fill the gap

"We already use this approach for things likes books, music and films, we're happy to be guided by other people's opinions. We're using a variant of that." He added that Symantec didn't ask the individual users themselves. "To a user it's not obvious what is safe: Some threats are silent, sometimes the user doesn't know they're there, some threats infect legitimate process while other threats pretend to be legitimate."

He said that this reputation-based approach worked by constantly surveying the data being gathered from users without any need for human interaction. "We've devised our own algorithm within Symantec that takes the data from the 30 million users who have signed up to Community Watch and calculates whether every individual program is safe or not," said Egan.

Obviously, there will be new files that we'd be unsure about but we have an arrangement with reputable publishers to pre-approve their software. "For example," said Egan, "Adobe could release a new program next week but they'd be on the approved list of publishers," he said.

Egan said that this reputation-based approach would be used in consumer products first but would eventually make it into enterprises. He thought the new release would move Symantec ahead of its competitors and, more importantly, ahead of the bad guys;" I think it will be harder for the bad guys to beat this. We think this will keep us ahead for some time.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.