It is no secret that the anti-virus market has been struggling to keep up with threats.
For that reason, many security vendors have been moving away from a strictly signature-based approach in favor of other types of malware protection using techniques like whitelisting and behavioral-based detection. The latest example of this trend: Symantec’s Norton Internet Security 2010 and Norton AntiVirus 2010.
In both products, Symantec has included its new reputation-based technology-code-named Quorum-to bolster malware protection. With Quorum, the “uniqueness of a file and its attributes” are used to judge whether it should be classified as new malware, the company said in a news release Sept. 9. “More than three years in the making, Quorum tracks files and applications and dozens of their attributes such as their age, download source, digital signature and prevalence. These attributes are then combined using complex algorithms to determine a reputation. As a file is distributed across the Internet and these attributes change, Quorum updates the reputation of the file.”
“The expanding number and sophistication of security threats can no longer be contained through signature files and behavioral heuristics alone,” Jon Oltsik, an Enterprise Strategy Group analyst, said in the same statement. “Symantec’s reputation-based security technology for 2010 represents a new and important safeguard in a multilayer anti-virus defense. I believe it’s likely that the Internet security industry will be building on technologies like Quorum for the next 10 years.”
Symantec said it has also done work to improve the speed of the products, and has included the Norton Insight family of technologies in the 2010 products to offer “extensive online intelligence systems to help proactively protect the PC.” Among those are the Norton Insight Network, which “uses a statistical analysis of file attributes based on billions of scans … to identify the trust level of a file,” and Download Insight, which “analyzes and reports on the safety of new files and applications before users install and run them.”
Symantec also added System Insight and Threat Insight. The former “provides a view of recent events on the computer” to analyze performance, while Threat Insight aims to provide granular details on threats that have been detected on a user’s computer, such as the URL from which the threat came.
“One in five people will become a victim of cyber-crime,” Rowan Trollope, senior vice president of consumer products and marketing at Symantec, said in the statement. “We know that hackers don’t destroy computers, they destroy lives. The powerful new reputation-based security in Norton 2010 gives people the power to deny digital dangers wherever they are found online.”