|
By Cara Garretson
Security giant Symantec is adding a new kind of technology to its well-known Norton antivirus and Internet security products that is designed to block malware using code reputation analysis.
To protect PCs from viruses and other malware that can be picked up while Web browsing or via e-mail, Symantec has long relied on signature matching, where its security software is updated with a description of the latest malware outbreak and then examines code coming across the Internet to determine matches, blocking accordingly.
Today the company calls that method obsolete, largely because of the proliferation of unique attacks and the speed with which they traverse the Internet. Symantec uses its "probe" network to search out malware roaming the Internet, and says that its researchers are logging more than 200 million attacks per month. However, the company created only 1.8 million new virus signatures in 2008, hardly keeping pace with attackers.
Called Quorum, the new security technology found in Norton Internet Security 2010 and Norton AntiVirus 2010 combines this older method of signature matching with code reputation analysis.
Quorum relies on Symantec's network called the Norton Community Watch program, a collection of users who anonymously contribute data about the applications running on their PCs. The majority of these are "good" programs from known vendors that share common attributes, such as how they call the underlying operating system, the company says. Malware, on the other hand, emerges from unknown publishers and has characteristics different from known programs, making it possible to identify the dangerous code.
Symantec's technology calculates a "reputation safety score" for each application encountered and makes a decision on whether that application is valid or malware, the company says.
"'Quorum' lets us stop the bad guys even if we've never seen their 'wanted' poster," said Rowan Trollope, senior vice president of Symantec's Consumer Business Unit, in a written statement.
Determining reputations is a process that has been used in other types of security products, such as messaging security software or services that evaluate the reputation of the sending IP address based on published black lists and other data, and block inbound messages accordingly. While considered affective, reputation analysis is not a guarantee; Symantec describes Quorum as able to "statistically infer with an extremely high degree of accuracy the likelihood of an unknown application being good or bad."
In addition to the new Quorum technology, Norton Internet Security 2010 and Norton AntiVirus 2010 also include SONAR 2, Symantec's behavioral antimalware system. This technology goes beyond code reputation analysis to examine all aspects of a PC's operations - including network communications and program activity - to detect threats. The upgraded software will also include new dashboard gauges that report the sequence of events during an attempted infection that give information such as the origin of the threat and what activities it performed.
Currently in beta testing, Norton Internet Security 2010 and Norton AntiVirus 2010 are due for commercial release this fall. Comments and complaints about the pre-release software are posted by beta testers at the Norton Public Beta forum.
Only registered users can write comments.
Please login or register. |
