EXPERT RESPONSE
It's actually been quite an effective tool in our arsenals. For the uninitiated, "herd intelligence" involves having thousands of machines -- often including production desktop and laptop computers -- running antimalware software to identify new forms of malicious code as they are released. Some antimalware vendors have products whose code can report back new infectious specimens to the vendors for analysis. In effect, all users of the antimalware tool become a distributed sensor net, finding new specimens that are potentially evil.
One example of this approach is Microsoft's Windows Defender, which allows a "vote" on newly discovered threats. Users can determine whether the threats should be deleted, quarantined, or allowed by default. Automatic reports are sent across the network to a system that Microsoft calls "Microsoft SpyNet". Despite the ominous name, the functionality behind it is an excellent example of distributed computing that implements a form of herd intelligence. Such techniques allow Microsoft to determine what specimens it should write signatures for. Based on real-world customer needs, a company can optimize detection and the actions that its product should take.
Other herd intelligence systems include behavior-based detection mechanisms, which hunt for phishing imposter Web sites and other sites that contain browser-exploiting URLs. The findings are all reported back to the vendor in a distributed fashion, improving the collective intelligence of the antimalware system. I whole-heartedly expect to see more of this kind of technique in the future.
More information:
Like other antivirus vendors, Panda Security is trying to update its products to fit the times. Company execs explain why a focus on Internet transaction security is the answer.
Endpoint security is changing at a breathtaking pace. Senior Technology Editor Neil Roiter reveals why signature-based AV may not be enough.
|
