topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 7:35 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Suspicious.Insight - security based on “the wisdom of crowds”  (Read 3013 times)

mrainey

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 439
    • View Profile
    • Website
    • Donate to Member
As if there weren't already enough false positives to explain to software users, now developers are going to have to allow “the wisdom of crowds” to decide whether or not an AV program throws up a warning.  This will be especially wonderful for a guy like me who has a very small user base (no crowds).


"Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s reputation-based security technology.

The reputation-based system uses “the wisdom of crowds” (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

When detections of this type are triggered in Norton products the user may be warned that the application is unproven, thus allowing the user to make the final decision. Future versions of Symantec's Endpoint Protection products will include this functionality. When used in these products, administrators will be able to configure blocking policies based on their specific tolerance for risk.

Today, the vast majority of malware is generated in real-time on a per-victim basis, which means that each such malicious program will be rated as being entirely new and low-prevalence by a reputation-based system. In contrast, most legitimate software has vastly different characteristics – it often comes from known publishers, has high adoption rates, shares much in common with earlier versions of the software, and so on. The Suspicious.Insight detection, therefore, is meant to inform the user that a given application is unproven and not yet well known to Symantec’s tens of millions of users."

http://www.symantec....=2010-021223-0550-99
Software For Metalworking
http://closetolerancesoftware.com

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
It remains to be seen whether it will work, but it has to be an improvement on heuristic methods, AND once they figure out a way to differentially weight more trusted expert users, it seems to me this could work quite well.

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Are crowds wise?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
My very long post against standard wisdom-of-the-crowds approach to these kinds of things:
https://www.donation...dex.php?topic=5160.0