Reputation and threat assessment from the cloud the way forward
Symantec Corp is readying for launch in the third-quarter antivirus software that will use reputation-based security and a new protection model, the company has codenamed Quorum.
The new approach recognises that the traditional method of updating security software with new and revised virus signatures is a process that can no longer keep pace with the speed at which new threats are appearing.
Symantec said it will offer a protection system based not only on the traditional malware signatures but also on the reputation of a message, with an intelligent control system using each when necessary.
The first appearance of the technology will be in the 2010 releases of Norton Internet Security and Norton AntiVirus, which have just been made available as betas.
Application reputation is created by leveraging the millions of users in the worldwide Norton Community Watch programme who choose to anonymously contribute data about the characteristics of the applications running on their systems. This data enables Symantec to calculate a reputation safety score for each application.
Panda Security is moving in the same direction with the announcement that its Cloud Antivirus service will operate with real-time ‘signature’ updates that take advantage of something it calls Collective Intelligence, or CI.
Because it uses CI and does not rely on signature files, Panda MalwareRadar is able to check in the cloud against Panda systems to determine the very latest state of the threat landscape.
If a new executable appears, it will provide some basic data such as behavioural traces, date and time of first appearance, and so on. This information alone may not be sufficient to reach a determination, but if Panda sees the same programme appearing in a different corner of the world, showing a different behaviour, it can then correlate those two behaviours and have sufficient evidence that the program was in fact malware before instructing its software agents to block or eliminate the malicious code.
In a similar way, Symantec plans to use a behavioural anti-malware system called SONAR 2 to assess threats by drawing on intelligence from all Norton protection features, whether it is driven by network communications, programme activity on the user system, leveraging reputation data in the cloud, or other defences.
In both cases, the vendors claim to have global visibility about the activities of malware, and by connecting sensors to their infrastructure can continuously monitor the threat landscape and better secure protected end points.