Symantec’s Quorum is the latest in pro-active defense

Symantec has lifted the lid officially on the new revamp to the Insight engine named Quorum. The technology behind Quorum is included with the 2010 versions of Symantec’s Norton products. So what exactly is Quorum?

Quorum ties heavily into the detection aspect of Symantec’s family and will likely drive product development for some time to come. One of the things we should mention early on in this article is that Quorum is not a new product. Quorum is the logical progressive step forward for Symantec’s existing technology. The reason for this is how it works.

Quorum uses everything Symantec offers to judge the reliability of a process or application. Starting with Norton Insight, which is mostly application whitelisting, Quorum will check a process or an application against the Insight records and determine if Norton has seen it before.

If the process has been seen, the next step is to determine how many Norton users are using it. If the number of users is high enough, or the age of the process or application is old enough, then Insight will have a trust rating already assigned. If the rating is listed as Good or Norton Trusted, Quorum will proceed no further, as the process or application is deemed safe.

If the application or process is unknown, based on an Insight check, Quorum will trigger SONAR for heuristic detection as well as check the process or application against known signatures. If there is a malicious match, the process is halted or the application blocked. If it appears clean, despite all the checks, Quorum will trigger an alert explaining that the user is the first to run the program and offer an option to avoid it temporarily.

Quorum runs constantly. Again, this is because it ties directly into all of the other technologies used by Symantec. For installed applications on a system, Quorum will check with Norton Insight first, downloads are checked against Norton’s Download Insight, and so on. Since most of the signatures and the collective of the Insight rankings are all stored in the cloud, the process is faster than before when you compare Symantec’s 2009 line to the 2010 line.

The Tech Herald started testing Quorum early on when the Internet Security 2010 beta was released. We are currently testing Norton Internet Security 2010 in our labs for review. In both versions, Quorum remained mostly unchanged.

Since Norton Insight is an opt-in feature across the Norton line of products, the vast amount of applications that had a user count and trust assignment was frustrating to the point of being comical. Try as we might, even the most obscure application had a trust ranking and user count. However, Quorum, despite the reliance on reputation-based protections, didn’t help much in the anti-Spam department.

Sure, Norton blocked a large amount of Spam, but some rather obvious attempts slipped past the reputation defenses, including the recent IRS scam, and more than one UPS email with a malicious attachment. Only after they were manually flagged were they blocked.

When it comes to scanning, Quorum helps, but the extent of how well it helps is being tested, but when coupled with Insight, the system scans during the beta were on par with what they were in the 2009 version. Since most signatures are online and not on the client, Symantec is able to speed up the scanning process. You can see a serious difference in scanning, thanks to the cloud, if you compare Norton Internet Security 2008 to the scanning used in 2009 or 2010 beta.

When I was quoted in the print edition of Tuesday’s USA Today as saying, "Reactive defenses just don't work anymore. Predictive systems will give an edge to the good guys." I meant every word.

The old way of signatures and the reliance on them alone, a reactive approach to security, is dead. Vendors like Symantec, McAfee, Panda, Kaspersky, and Trend Micro are moving forward with pro-active or predictive methods of detection, because they know signatures alone simply will not work.

The cat and mouse game of keeping up with the latest criminal trends needs to end, because the race has always been about what the criminals have done, and how to stop them.

What the race should be is what the criminals are doing now, and why it is working. Quorum, Artemis, Collective Intelligence, or Smart Protection Network, no matter what you call it, the aim is the same, catch the threat the second it starts, not after it worked.

Is Quorum the end all be all of Malware detection technology? No it is not, but it is a great step forward. Over time, this sort of technology will only get better. The same can be said for Symantec’s competition as well.

We’ll post the review of Norton Internet Security 2010 soon.

[This editorial is the opinion of Steve Ragan and not necessarily those of the staff on The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to [email protected]]

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.

Cheetah Pictures

Some Cool Cheetah Pictures Cheetahs are found mainly in Africa but also some parts of the Middle East. These sleek animals are the fastest land mammals in the world and can hit 60 mph in about 3 seconds, though they cannot maintain this speed for long. Cheetahs prey mostly on antelopes and smaller mammals but occasionally go for something bigger. We hope you enjoy these photos and don’t forget to check out the other speedy land mammals on our list of the fastest.

Sherlock Holmes Quiz

Sherlock Holmes
Sherlock Holmes was a man who absorbed information like a sponge and had a razor sharp mind. How much do you know about the famous fictional detective from the books?

22 years without Ferruccio Lamborghini

Lamborghini posted this photo today saying: “22 years without Ferruccio Lamborghini.” Ferruccio passed away on February 20th 1993 aged 76. Interestingly he started out making tractors!