Symantec’s Norton 2010 taps user pool for reputation-based security

Security vendor Symantec Corp. is capitalizing on the “crowd sourcing” trend by using its large user base to add a new reputation-based layer of security to its Norton 2010 line of products released today.

Crowd sourcing is taking a task and assigning – usually through the Internet – a large and diffuse group of people to offer solutions to it.

It’s been done by media outlets on Twitter, and governments on Web forums. Now Symantec will do it too – asking about 30 million users about the credibility of each file it scans.

The new technology is codenamed “Quorum” and adds a reputation-based layer of security to the Norton products, explains Lana Knop, principle product manager, Symantec Corp.

“Not only do we place our blacklist and whitelist in the cloud, but we have our reputation information available there as well,” she says. “We will use our pool of users from the Norton community watch group.”

See Symantec’s hi-tech research facilities: Inside Symantec’s Security Operations Center

Users installing the product on their PC will be able to opt-in to share their usage information with Symantec on an anonymous basis. That information goes into a database that will help other users fight off malware.

Quorum will pay particular attention to the more unique files — coming from an unknown URL. It will also take into account the file’s age, prevalence on the Web, digital signature, and more. A complex algorithm determines what action should be taken towards the file and makes a recommendation to the user.

Quorum, and other reputation-based approaches, are one more step forward in the battle against cybercrime, says David Senf, security analyst at Toronto-based IDC Canada. But don’t expect hackers to give up just yet.

“It’s not going to have a large impact,” Senf says. “The way security works is that a new technology comes out and shortly thereafter, the bad guys figure out a way around it.”

Until recently, security vendors had been fighting against malware with three main tools. Blacklists keep a record of all the malware that should be blocked from a computer, whitelists keep a record of all the good software that should be allowed on a computer, and heuristics behaviour-based technology identifies malware based on the actions it takes once its on a computer.

Reputation-based methods work hand-in-hand with those tried and true techniques, Symantec’s Knop says.

“That extra piece of information allows us to be smarter and make better decisions,” she says. “It’s a cat and mouse story – the malware engineers will go out and come up with new techniques to bypass our software, and then our researchers go out and catch them.”

Symantec has also responded to users expressing concerns about security software slowing down their computers, Knop adds. Quorum won’t cause things to take longer.

In a series of benchmarking tests performed by PassMark Software and commissioned by Symantec, Norton proved to have speed and a light footprint. It requires 10 MB of RAM while running, can conduct a quick scan in just over a minute, and can be installed in less than a minute.

“If you slow down a system that is already under strain, then users are going to become frustrated,” Knop says. “The first thing they’ll do is remove your security product and any protection along with it.”

Business users aren’t likely to put up with software that bogs down their workstations, Senf agrees. But workers – particularly at smaller firms – tend to have a poor grasp of computer security needs. In a recent IDC survey, small businesses ranked their general security knowledge at four out of seven.

That’s why a feature like Quorum might not catch a lot of attention amongst business users. Especially since competing security vendors are also claiming to have reputation-based security capabilities – and other vendors offer their products for free.

“There are good, free security solutions out there whether you are looking for antivirus, drive encryption or a firewall,” Senf says. “Look at Hotmail and Gmail, they are running anti-spam in the background.”

Norton 2010’s Quorum technology is mostly at work behind the scenes. But users will see it in action when they right-click on a file and ask for a “Norton Insight Scan.” Or when the “Download Insight” feature pops up to advise about a file that was just downloaded.

Symantec is also using its enterprise-level anti-spam technology in the new release. It will make the filter 20 per cent more effective at removing unwanted messages, scams, and infected e-mails, the company claims.

There’s no need to teach the software what e-mails you consider spam, as with previous versions.

“Now, you just start-up your mail program and it can be used out-of-the-box,” Knop says.

The move is an example how security vendors are combining multiple capabilities in a single product, Senf says. No longer must a computer user seek out anti-virus, anti-malware, anti-spam and a firewall software to put together some piecemeal security wall. They can get one package that does it all.

“Any additional security will make you more secure, I guess,” he says.

Norton Internet Security 2010 costs $79.99 and covers installation on three computers. Norton AntiVirus 2010 is $54.99 and both products are available today from the Symantec Online store.

There is also a “Netbook Edition” of the security suite available. 

Share on LinkedIn Share with Google+
More Articles