Ask the Expert

Can 'herd intelligence' effectively stop malware?

How effective has "herd intelligence" been in fighting malware?

    Requires Free Membership to View

It's actually been quite an effective tool in our arsenals. For the uninitiated, "herd intelligence" involves having thousands of machines -- often including production desktop and laptop computers -- running antimalware software to identify new forms of malicious code as they are released. Some antimalware vendors have products whose code can report back new infectious specimens to the vendors for analysis. In effect, all users of the antimalware tool become a distributed sensor net, finding new specimens that are potentially evil.

One example of this approach is Microsoft's Windows Defender, which allows a "vote" on newly discovered threats. Users can determine whether the threats should be deleted, quarantined, or allowed by default. Automatic reports are sent across the network to a system that Microsoft calls "Microsoft SpyNet". Despite the ominous name, the functionality behind it is an excellent example of distributed computing that implements a form of herd intelligence. Such techniques allow Microsoft to determine what specimens it should write signatures for. Based on real-world customer needs, a company can optimize detection and the actions that its product should take.

Other herd intelligence systems include behavior-based detection mechanisms, which hunt for phishing imposter Web sites and other sites that contain browser-exploiting URLs. The findings are all reported back to the vendor in a distributed fashion, improving the collective intelligence of the antimalware system. I whole-heartedly expect to see more of this kind of technique in the future.

More information:

  • Like other antivirus vendors, Panda Security is trying to update its products to fit the times. Company execs explain why a focus on Internet transaction security is the answer.
  • Endpoint security is changing at a breathtaking pace. Senior Technology Editor Neil Roiter reveals why signature-based AV may not be enough.
  • This was first published in February 2008

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: