Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, October 24, 2008

Symantec to identify safe software by ‘reputation’

Symantec will soon introduce a “reputation-based” software-rating technology that it has claimed can accurately differentiate malicious malware from legitimate programs.  “Reputation-based security is the latest and greatest technology in malware detection,” said Basant Rajan, chief technology officer of the IT security vendor’s India office.  Essentially, this approach involves looking at where a program can be found across the database of Symantec users, categorizing the reputation of those machines and coming to a judgment on whether the application poses any security risks.

That’s an example of a reputation-based choice in selecting a restaurant,” Basant said in an interview with ZDNet Asia, during his visit to Symantec’s Kuala Lumpur office.

According to Basant, Symantec’s reputation-based approach assumes three distinct populations in its user base, which numbers in the millions.  “We identify these by looking at the history of infections on their machines,” said Basant, who plays a key role in driving innovation for Symantec’s next-generation technologies, architecture and standards.  The safe group encompasses “prim and proper” users who only download applications from reputable software companies, he explained, while the adventurous group is users who are generally safe, but are willing to try out online games or new programs.

Users in the unsafe crowd are those who frequent a class of websites where they can get infected easily, he added.  For example, when a new program is detected, the reputation-based approach will entail looking at where the program is found among the machines of millions of Symantec users.  “If a large number of the ‘safe’ machines have it, making an educated guess is to say that this is a safe program,” Basant said.  “But, if you see this application only [installed] with the unsafe crowd and a few of the adventurous guys, it is almost certain that this is an unsafe program.

Asked when the new reputation-based technology will be introduced into Symantec’s Norton security products, Basant said: “[This] will happen when the product teams deem the market timing is right for it”.  Bad outpacing the good In its Internet Security Threat Report Vol XIII, covering a six-month period from June to December 2007, Symantec measured the release of both legitimate and malicious software and found that 65 percent of the 54,609 unique applications released to the public, were categorized as malicious.

To protect the targeted few, Basant said Symantec’s security products leverage behavioral-analysis technologies and, in the near future, will tap reputation-based security, which does not depend on a signature but behavior or prevalence to determine whether a program is legitimate.

Posted on 10/24