Symantec counters malware threat with Ubiquity

Posted by Aharon Etengoff

Symantec is stepping up its fight against malware with the introduction of a next-gen platform dubbed "Ubiquity."

Ubiquity - which analyzes the anonymous software usage patterns of more than 100 million Symantec-shielded PCs - allows the security company to more effectively protect against micro-distributed, mutating threats.

"Ubiquity adds a new layer of protection that bolsters [our] existing [defenses], such as intrusion prevention, [as well as] behavioral and heuristic detection capabilities," explained Symantec senior VP Stephen Trilling.

"[Now], traditional protection [methods] require [an initial] capture and analysis of specific strains of malware. [But] Ubiquity takes a fundamentally different approach to help [secure] infrastructure from the [latest] and most targeted threats."

According to Trilling, Ubiquity operates by formulating a security rating for each file based on specific (anonymous) user-generated data - including origin, age, adoption patterns and other proprietary calculations.

"While attackers can easily mutate a malware file's contents to make it invisible to traditional signatures, they have far less control over these crowd-based demographics.

"[However], Ubiquity doesn't just [maintain] data on malicious programs, but [keeps] ratings for virtually every legitimate application on the Internet as well."



Indeed, Ubiquity's reputation database currently contains safety ratings on more than 1.5 billion "good" and "bad" executable files, with an average weekly "recruitment" rate of 22 million. 

"[Interestingly], based on Ubiquity-generated data, [we have] determined that more than 75 percent of malware affects fewer than 50 Symantec users.

"This statistic highlights the trend toward high-impact, low-distribution targeted threats and shows the need for reputation technology, like Ubiquity, to protect against such malware," added Trilling.