An analysis of real-world effectiveness of reputation-based security

Carey Nachenberg Symantec
Vijay Seshadri Symantec

In September 2009, Symantec released its first reputation-based security offering as a part of its consumer security products. This paper presents an analysis of the real-world effectiveness of reputation-based security in detecting new malware. The paper first provides an overview of the concept and how it is implemented in the overall context of the security product. We then present techniques used to measure the TP/FP rates of this technology as well as the technical challenges we faced in evaluating a brand new anti-malware detection technique that not only identifies bad files, but also provides a score for every type of file.

The analysis of the results provided us with valuable insight into potential challenges and pitfalls in deploying the technology in widespread use, types of threats detected and adaptation measures we needed to put in place to keep up the effectiveness of the overall system. The paper concludes by summarizing the overall impact of reputation-based security on the malware threat space and AV industry.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.