One of the biggest security issues of our time is how adept cyber criminals have become at attaching malevolent bits of code inside our applications. This situation was bad enough when the malevolent code was hidden inside a file attachment inside our e-mail systems, but the situation has increasingly gotten out of control now that applications are routinely distributed across the Web.
One way security vendors have been trying to thwart this rising tide of malware is by tracking the reputations of various Web sites. They basically developed technology that allows them to keep track of where malware is distributed on the Web, and then prevent end users from visiting those sites.
Symantec is now gearing up to take that concept a step further with a new security model code named Project Quorum. The basic idea is that instead of just tracking the reputation of Web sites, Symantec in the 2010 edition of its Norton Security Suite will be able to identify suspicious behavior in a file, compare that file to similar files on the Web, and thereby do a better job of identifying whether that file may have been tampered with.
Naturally, not every file that has unique characteristics is loaded with malware. But files that do carry malware typically fly below the radar screen of security systems based on signatures because they usually have not been widely distributed enough to have a signature yet. The other option is leverage heuristics technology to identify potential threats, but then there is usually a significant increase in false positives as every piece of code gets flagged as a potential security threat. By adding a reputation security model to the mix, Symantec is saying it will be able to do a much better job identifying potential threats in a file without significantly increasing the rates of false positives.
It would be reasonable to expect that Symantec will extend this security model to other products in its security lineup. And naturally, other security vendors most likely will claim to have a similar type of security technology soon.
This type of technology represents a step forward in the never-ending war for security. What started out almost as a game is now a big business that drives the cost of enterprise computing ever higher. We've been losing this war because the battles have shifted to the application level. Now, at least, there is a new tool that makes it more difficult to infect an end user system with malware. This won't solve the problem entirely, but at least it shows that we're not entirely helpless either.