One example of this approach is Microsoft's Windows Defender, which allows a "vote" on newly discovered threats. Users can determine whether the threats should be deleted, quarantined, or allowed by default. Automatic reports are sent across the network to a system that Microsoft calls "Microsoft SpyNet". Despite the ominous name, the functionality behind it is an excellent example of distributed computing that implements a form of herd intelligence. Such techniques allow Microsoft to determine what specimens it should write signatures for. Based on real-world customer needs, a company can optimize detection and the actions that its product should take.
Other herd intelligence systems include behavior-based detection mechanisms, which hunt for phishing imposter Web sites and other sites that contain browser-exploiting URLs. The findings are all reported back to the vendor in a distributed fashion, improving the collective intelligence of the antimalware system. I whole-heartedly expect to see more of this kind of technique in the future.
Related Q&A from Ed Skoudis, Contributor
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.