View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
July 3, 2009

New security services improve on standard AV signatures

Reputation and threat assessment from the cloud the way forward

By CBR Staff Writer

Symantec Corp is readying for launch in the third-quarter antivirus software that will use reputation-based security and a new protection model, the company has codenamed Quorum.

The new approach recognises that the traditional method of updating security software with new and revised virus signatures is a process that can no longer keep pace with the speed at which new threats are appearing.

Symantec said it will offer a protection system based not only on the traditional malware signatures but also on the reputation of a message, with an intelligent control system using each when necessary.

The first appearance of the technology will be in the 2010 releases of Norton Internet Security and Norton AntiVirus, which have just been made available as betas.

Application reputation is created by leveraging the millions of users in the worldwide Norton Community Watch programme who choose to anonymously contribute data about the characteristics of the applications running on their systems. This data enables Symantec to calculate a reputation safety score for each application. 

Panda Security is moving in the same direction with the announcement that its Cloud Antivirus service will operate with real-time ‘signature’ updates that take advantage of something it calls Collective Intelligence, or CI.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Because it uses CI and does not rely on signature files, Panda MalwareRadar is able to check in the cloud against Panda systems to determine the very latest state of the threat landscape.

If a new executable appears, it will provide some basic data such as behavioural traces, date and time of first appearance, and so on. This information alone may not be sufficient to reach a determination, but if Panda sees the same programme appearing in a different corner of the world, showing a different behaviour, it can then correlate those two behaviours and have sufficient evidence that the program was in fact malware before instructing its software agents to block or eliminate the malicious code. 

In a similar way, Symantec plans to use a behavioural anti-malware system called SONAR 2 to assess threats by drawing on intelligence from all Norton protection features, whether it is driven by network communications, programme activity on the user system, leveraging reputation data in the cloud, or other defences.

In both cases, the vendors claim to have global visibility about the activities of malware, and by connecting sensors to their infrastructure can continuously monitor the threat landscape and better secure protected end points.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.