Norton 2010 to tackle polymorphism

Stephen Withers
Monday, 03 August 2009 07:54

Business IT - Technology

On the other hand, an item that's on a million PCs and that hasn't been explicitly identified as malware is most likely safe.

Prevalence isn't the only thing that goes into a reputation score. Symantec's David Hall (product manager for Asia-Pacific consumer products and solutions) described the process as a "secret sauce" involving a large number of attributes, likening it to the way Google calculates page ranks for web pages.

Rowan Trollope, senior vice president of consumer products pointed out that this approach means "we don't have to know what it is to tell that it is bad."

For reputation to work, users must allow their PCs to participate in the process of collecting data. According to Trollope, there are already some 29 million participants, and they have contributed information on 306 million unique executables.

Reputation is intended to augment, not replace, other security technologies including signature-based and behavioural detection.

"The larger the network, the better the protection," Trollope observed, pointing out that the new reputation feature has been able to detect 80 percent of malware that wasn't blocked by signature detection.

Beta versions of the Norton 2010 are available here.