Problem solve Get help with specific problems with your technologies, process and projects.

Can 'herd intelligence' effectively stop malware?

'Herd intelligence' provides a distributed sensor net, finding new specimens that are potentially evil. Information security threat expert Ed Skoudis explains how effective the antimalware technology really is.

How effective has "herd intelligence" been in fighting malware?
It's actually been quite an effective tool in our arsenals. For the uninitiated, "herd intelligence" involves having thousands of machines -- often including production desktop and laptop computers -- running antimalware software to identify new forms of malicious code as they are released. Some antimalware vendors have products whose code can report back new infectious specimens to the vendors for analysis. In effect, all users of the antimalware tool become a distributed sensor net, finding new specimens that are potentially evil.

One example of this approach is Microsoft's Windows Defender, which allows a "vote" on newly discovered threats. Users can determine whether the threats should be deleted, quarantined, or allowed by default. Automatic reports are sent across the network to a system that Microsoft calls "Microsoft SpyNet". Despite the ominous name, the functionality behind it is an excellent example of distributed computing that implements a form of herd intelligence. Such techniques allow Microsoft to determine what specimens it should write signatures for. Based on real-world customer needs, a company can optimize detection and the actions that its product should take.

Other herd intelligence systems include behavior-based detection mechanisms, which hunt for phishing imposter Web sites and other sites that contain browser-exploiting URLs. The findings are all reported back to the vendor in a distributed fashion, improving the collective intelligence of the antimalware system. I whole-heartedly expect to see more of this kind of technique in the future.

More information:

  • Like other antivirus vendors, Panda Security is trying to update its products to fit the times. Company execs explain why a focus on Internet transaction security is the answer.
  • Endpoint security is changing at a breathtaking pace. Senior Technology Editor Neil Roiter reveals why signature-based AV may not be enough.
  • This was last published in February 2008

    Dig Deeper on Malware, virus, Trojan and spyware protection and removal

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.