Symantec to introduce reputation-based security

Information gathered under Symantec's Community Watch program will be used in Norton Antivirus 2010 and will eventually make its way into enterprise products

Symantec is to use the 'wisdom of the crowds' and introduce reputation-based security in the next version of its Norton Antivirus 2010 product.

The software, due out at the end of August, the company will be using information gathered under its Community Watch program.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Gerry Egan, Symantec product management director said that the problem that the company faced was that the old way of checking for anti-viruses was inefficient. "There are two approaches: blacklisting works well with files that you know are bad, and whitelisting, which works well with files that are known to be good -- but these don't work so well in the middle -- it was clear that we needed a new model."

Egan said that since 2007, Symantec had been working on the idea that the wisdom of the crowds would fill the gap

"We already use this approach for things likes books, music and films, we're happy to be guided by other people's opinions. We're using a variant of that." He added that Symantec didn't ask the individual users themselves. "To a user it's not obvious what is safe: Some threats are silent, sometimes the user doesn't know they're there, some threats infect legitimate process while other threats pretend to be legitimate."

He said that this reputation-based approach worked by constantly surveying the data being gathered from users without any need for human interaction. "We've devised our own algorithm within Symantec that takes the data from the 30 million users who have signed up to Community Watch and calculates whether every individual program is safe or not," said Egan.

Obviously, there will be new files that we'd be unsure about but we have an arrangement with reputable publishers to pre-approve their software. "For example," said Egan, "Adobe could release a new program next week but they'd be on the approved list of publishers," he said.

Egan said that this reputation-based approach would be used in consumer products first but would eventually make it into enterprises. He thought the new release would move Symantec ahead of its competitors and, more importantly, ahead of the bad guys.

" I think it will be harder for the bad guys to beat this. We think this will keep us ahead for some time."

This story, "Symantec to introduce reputation-based security " was originally published by Techworld.com .

Join the discussion
Be the first to comment on this article. Our Commenting Policies