Symantec researchers are working on a pair of projects to give Norton users a better idea of whether the Web sites they visit or the files they download are trustworthy.
"We're actually looking into reputation-based security systems, both for Web sites and for files," said Stephen Trilling, vice president of Symantec Research Labs. The projects have been quietly under development since the latter part of last year, he said.
Although the area of reputation-based security is relatively new, there are already a number of companies that use the technology, because it is considered a promising technique for thwarting previously unknown threats. McAfee's SiteAdvisor, for example, scours the Web and runs tests on Web sites to see if they do things like serve up malicious code or spam visitors.
And Google recently opened up access to its blacklist of malicious Web sites, which the search giant generates by searching the Internet in a similar fashion.
Though Trilling declined to talk about specifics, he said that Symantec has some new ideas on how to better warn users of suspicious Web pages. "We certainly are looking initially at protecting people from malicious threats," he said. "That's our primary goal."
The file-based evaluations could be derived from data generated by Symantec users, he said. "The challenge here is you can't simply ask people what was their experience with this file," he said. "You need some sort of automated way to derive reputation information from people's patterns of downloading."
Symantec Labs has created another Web security technology, called Canary, that blocks sites from downloading malicious code. Canary is expected to ship with Norton's next refresh of its client security products, due later this year, but it is separate from the Web- and file-rating systems, Trilling said. "Canary is not based on leveraging any desktop-voting or reputation-based system at all," he said.
No decision has yet been made on whether to move the reputation-based projects into Symantec's products, but the Web reputation systems is further along in development Trilling said.
Symantec's estimated 50 million antivirus software users give it an advantage when it comes to generating reliable reputation data, said Adam O'Donnell, a senior research scientist with Cloudmark Inc., which sells a reputation-based e-mail filtering system. "The challenge for Symantec is going to be absorbing all the various inputs and issuing a response in a timely fashion."