Symantec has release Ubiquity — a brand new technology against evolving malware.
Traditional threat detection approaches (semantic analysis and matching against virus signatures) proved to be ineffective against self-changing polymorphic or less spread viruses. Such viruses present a considerable security threat: in 2009, Symantec had detected over 240 millions unique instances of malware, many of which were represented with only a single copy.
New technology is an attempt to solve two issues with modern algorithms at once:
inability to fight against kind of threats mentioned above, and low performance speed. The core of new solution is Global Intelligence Network (GIN), which stores data about all applications launched by Ubiquity technology users. Based on this data, the system creates software ratings — a white list for trusted software and a black list for suspicious software. By now, the system already has ratings for 1.5 billion files and this number increases by 22 million per week. Symantec claims that the solution outperforms any other antivirus scanners since it excludes files trusted according to GIN.
Symantec researches cloud computing services for over 2 years and Ubiquity technology is most likely to become a way to incorporate long developed Quorum technology into Norton 2011 and Hosted Endpoint protection products. Furthermore, it’s planned to extend applications of this technology by using it in Symantec Web Gateway and other Symantec corporate solutions.
It’s worth noting that similar cloud computing logic is used in Kaspersky Software since 2009. It’s called “Kaspersky Security Network” and it has proved to be effective.