Reputation Engine Touted As Norton 2010 Weapon in Malware Battle

It is no secret that the anti-virus market has been struggling to keep up with threats. For that reason, many security vendors have been moving away from a strictly signature-based approach in favour of other types of malware protection, using techniques like whitelisting and behavioural-based detection. The latest example of this trend: Norton Internet Security 2010 and Norton AntiVirus 2010 from Symantec.

In both products, Symantec has included its new reputation-based technology — codenamed Quorum — to bolster malware protection. With Quorum, the “uniqueness of a file and its attributes” are used to judge whether it should be classified as new malware, the company stated at it launch.

“More than three years in the making, Quorum tracks files and applications and dozens of their attributes such as their age, download source, digital signature and prevalence. These attributes are then combined using complex algorithms to determine a reputation. As a file is distributed across the Internet and these attributes change, Quorum updates the reputation of the file,” it added.

“The expanding number and sophistication of security threats can no longer be contained through signature files and behavioural heuristics alone,” Jon Oltsik, an Enterprise Strategy Group analyst, said. “Symantec’s reputation-based security technology for 2010 represents a new and important safeguard in a multilayer anti-virus defence. I believe it’s likely that the internet security industry will be building on technologies like Quorum for the next 10 years.”

Symantec said it has also done work to improve the speed of the products, and has included the Norton Insight family of technologies in the 2010 products to offer “extensive online intelligence systems to help proactively protect the PC”. Among those are the Norton Insight Network, which “uses a statistical analysis of file attributes based on billions of scans … to identify the trust level of a file,” and Download Insight, which “analyses and reports on the safety of new files and applications before users install and run them.”

Symantec also added System Insight and Threat Insight. The former “provides a view of recent events on the computer” to analyse performance, while Threat Insight aims to provide granular details on threats that have been detected on a user’s computer, such as the URL from which the threat came.

“One in five people will become a victim of cybercrime,” Rowan Trollope, senior vice president of consumer products and marketing at Symantec, said in the statement. “We know that hackers don’t destroy computers, they destroy lives. The powerful new reputation-based security in Norton 2010 gives people the power to deny digital dangers wherever they are found online.”