Symantec releases Norton Internet Security 2010 and Norton AntiVirus 2010 and touts the products' anti-malware use of reputation technology. This exemplifies a trend among security vendors in recent years of moving beyond traditional signature-based approaches to fighting malware.
It is no secret that the anti-virus market has been
struggling to keep up with threats.
For that reason, many security vendors have been moving away from a strictly
signature-based approach in favor of other types of malware protection using techniques
like whitelisting and behavioral-based detection. The latest example of
this trend: Symantec's Norton Internet Security 2010 and Norton AntiVirus 2010.
In both products, Symantec has included its new reputation-based
technology-code-named Quorum-to bolster malware protection. With Quorum,
the "uniqueness of a file and its attributes" are used to judge
whether it should be classified as new malware, the company said in a news
release Sept. 9. "More than three years in the making, Quorum tracks files
and applications and dozens of their attributes such as their age, download
source, digital signature and prevalence. These attributes are then combined
using complex algorithms to determine a reputation. As a file is distributed
across the Internet and these attributes change, Quorum updates the reputation
of the file."
"The expanding number and sophistication of security threats can no
longer be contained through signature files and behavioral heuristics alone,"
Jon Oltsik, an Enterprise Strategy Group analyst, said in the same statement. "Symantec's
reputation-based security technology for 2010 represents a new and important
safeguard in a multilayer anti-virus defense. I believe it's likely that the Internet
security industry will be building on technologies like Quorum for the next 10
Symantec said it has also done work to improve the speed of the products,
and has included the Norton Insight family of technologies in the 2010 products
to offer "extensive online intelligence systems to help proactively
protect the PC." Among those are the Norton Insight Network, which "uses
a statistical analysis of file attributes based on billions of scans ... to
identify the trust level of a file," and Download Insight, which "analyzes
and reports on the safety of new files and applications before users install and run them."
Symantec also added System Insight and Threat Insight. The former "provides
a view of recent events on the computer" to analyze performance, while
Threat Insight aims to provide granular details on threats that have been
detected on a user's computer, such as the URL from which the threat came.
"One in five people will become a victim of cyber-crime," Rowan
Trollope, senior vice president of consumer products and marketing at Symantec,
said in the statement. "We know that hackers don't destroy computers, they
destroy lives. The powerful new reputation-based security in Norton 2010 gives
people the power to deny digital dangers wherever they are found online."