An analysis of real-world effectiveness of reputation-based security

Carey Nachenberg Symantec
Vijay Seshadri Symantec

In September 2009, Symantec released its first reputation-based security offering as a part of its consumer security products. This paper presents an analysis of the real-world effectiveness of reputation-based security in detecting new malware. The paper first provides an overview of the concept and how it is implemented in the overall context of the security product. We then present techniques used to measure the TP/FP rates of this technology as well as the technical challenges we faced in evaluating a brand new anti-malware detection technique that not only identifies bad files, but also provides a score for every type of file.

The analysis of the results provided us with valuable insight into potential challenges and pitfalls in deploying the technology in widespread use, types of threats detected and adaptation measures we needed to put in place to keep up the effectiveness of the overall system. The paper concludes by summarizing the overall impact of reputation-based security on the malware threat space and AV industry.