An analysis of real-world effectiveness of reputation-based security presented at Virus Bulletin 2010

by Carey Nachenberg (Symantec),


Summary : In September 2009, Symantec released its first reputation-based security offering as a part of its consumer security
products. This paper presents an analysis of the real-world effectiveness of reputation-based security in detecting new
malware. The paper first provides an overview of the concept and how it is implemented in the overall context of the
security product. We then present techniques used to measure the TP/FP rates of this technology as well as the technical
challenges we faced in evaluating a brand new anti-malware detection technique that not only identifies bad files, but
also provides a score for every type of file.
The analysis of the results provided us with valuable insight into potential challenges and pitfalls in deploying the
technology in widespread use, types of threats detected and adaptation measures we needed to put in place to keep up
the effectiveness of the overall system. The paper concludes by summarizing the overall impact of reputation-based
security on the malware threat space and AV industry.