The Tech Herald

Symantec’s Quorum is the latest in pro-active defense

by Steve Ragan - Sep 9 2009, 22:36

Symantec has lifted the lid officially on the new revamp to the Insight engine named Quorum. The technology behind Quorum is included with the 2010 versions of Symantec’s Norton products. So what exactly is Quorum?

Quorum ties heavily into the detection aspect of Symantec’s family and will likely drive product development for some time to come. One of the things we should mention early on in this article is that Quorum is not a new product. Quorum is the logical progressive step forward for Symantec’s existing technology. The reason for this is how it works.

Quorum uses everything Symantec offers to judge the reliability of a process or application. Starting with Norton Insight, which is mostly application whitelisting, Quorum will check a process or an application against the Insight records and determine if Norton has seen it before.

If the process has been seen, the next step is to determine how many Norton users are using it. If the number of users is high enough, or the age of the process or application is old enough, then Insight will have a trust rating already assigned. If the rating is listed as Good or Norton Trusted, Quorum will proceed no further, as the process or application is deemed safe.

If the application or process is unknown, based on an Insight check, Quorum will trigger SONAR for heuristic detection as well as check the process or application against known signatures. If there is a malicious match, the process is halted or the application blocked. If it appears clean, despite all the checks, Quorum will trigger an alert explaining that the user is the first to run the program and offer an option to avoid it temporarily.

Quorum runs constantly. Again, this is because it ties directly into all of the other technologies used by Symantec. For installed applications on a system, Quorum will check with Norton Insight first, downloads are checked against Norton’s Download Insight, and so on. Since most of the signatures and the collective of the Insight rankings are all stored in the cloud, the process is faster than before when you compare Symantec’s 2009 line to the 2010 line.

The Tech Herald started testing Quorum early on when the Internet Security 2010 beta was released. We are currently testing Norton Internet Security 2010 in our labs for review. In both versions, Quorum remained mostly unchanged.

Since Norton Insight is an opt-in feature across the Norton line of products, the vast amount of applications that had a user count and trust assignment was frustrating to the point of being comical. Try as we might, even the most obscure application had a trust ranking and user count. However, Quorum, despite the reliance on reputation-based protections, didn’t help much in the anti-Spam department.

Sure, Norton blocked a large amount of Spam, but some rather obvious attempts slipped past the reputation defenses, including the recent IRS scam, and more than one UPS email with a malicious attachment. Only after they were manually flagged were they blocked.




When it comes to scanning, Quorum helps, but the extent of how well it helps is being tested, but when coupled with Insight, the system scans during the beta were on par with what they were in the 2009 version. Since most signatures are online and not on the client, Symantec is able to speed up the scanning process. You can see a serious difference in scanning, thanks to the cloud, if you compare Norton Internet Security 2008 to the scanning used in 2009 or 2010 beta.

When I was quoted in the print edition of Tuesday’s USA Today as saying, "Reactive defenses just don't work anymore. Predictive systems will give an edge to the good guys." I meant every word.

The old way of signatures and the reliance on them alone, a reactive approach to security, is dead. Vendors like Symantec, McAfee, Panda, Kaspersky, and Trend Micro are moving forward with pro-active or predictive methods of detection, because they know signatures alone simply will not work.

The cat and mouse game of keeping up with the latest criminal trends needs to end, because the race has always been about what the criminals have done, and how to stop them.

What the race should be is what the criminals are doing now, and why it is working. Quorum, Artemis, Collective Intelligence, or Smart Protection Network, no matter what you call it, the aim is the same, catch the threat the second it starts, not after it worked.

Is Quorum the end all be all of Malware detection technology? No it is not, but it is a great step forward. Over time, this sort of technology will only get better. The same can be said for Symantec’s competition as well.

We’ll post the review of Norton Internet Security 2010 soon.

[This editorial is the opinion of Steve Ragan and not necessarily those of the staff on The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to security@thetechherald.com]

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Monaco Grand Prix Circuit Map

Infiniti Red-Bull have released a Monaco Grand Prix circuit map showing a string of G-Force and speedo readings recorded in their cars on a normal lap. The team also described the most complicated turns on the track: Turn 1, Sainte Devote, sees drivers hit the barrier if they come into corner just 1km/h too fast [...]

The post Monaco Grand Prix Circuit Map appeared first on Autosaur.

Daniel Day-Lewis and Yasmin Le Bon at Mille Miglia rally in Italy

Jaguar have released a cool little film about their experience at this year’s Mille Miglia car rally in Italy — featuring stars including triple Oscar-winner Daniel Day-Lewis and model Yasmin Le Bon. The video has short interviews with several of the famous participants about taking part in the 1,000-mile event, which celebrates the original Mille [...]

The post Daniel Day-Lewis and Yasmin Le Bon at Mille Miglia rally in Italy appeared first on Autosaur.

Man wins Batman version of Nissan Juke

A BATMAN fan has won a special version of the Nissan Juke inspired by the films — and which has a string of features more normally seen on the Batmobile. Adam Williams was presented with the matt black vehicle after a real Batmobile (well, as real as they get) was driven through the streets of the [...]

The post Man wins Batman version of Nissan Juke appeared first on Autosaur.