Norton 'Quorum' adds reputation to security software

Stephen Withers
Tuesday, 07 July 2009 06:32

Business IT - Security

Beta releases of Symantec's Norton Internet Security 2010 and Norton AntiVirus 2010 introduce a reputation-based approach to malware detection and other features.

Traditional malware detection works by matching files against signatures of known viruses and other unwanted software, but polymorphism works against that approach.

More recent security software uses techniques such as running code in a simulated computer and watching for suspicious activity, but this can mean a significant performance hit, especially on older PCs.

Symantec's next generation of security products, due for release in September, adds reputation scoring (dubbed 'Quorum') to the mix.

"Most users run mostly good applications, of known origins and with known publishers and other common attributes. Conversely, malware typically has never been seen before, has an unknown publisher, and other attributes that give it a poor reputation," explained Symantec officials.

"This data enables Symantec to calculate a reputation safety score for each application. Without ever having to ask the user, Symantec can statistically infer with an extremely high degree of accuracy the likelihood of an unknown application being good or bad."

Norton Internet Security 2010 and Norton AntiVirus 2010 combines signature and reputation protection as appropriate.

But wait! There's more! See page 2.