Symantec has implemented what they are calling “reputation-based security“
and it is causing smaller software vendors some trouble. The basis of this new twist in security is to trust programs that many people use and, by default, not trust any programs not widely used.
To quote Symantec:
This reputation-based technology leverages the anonymous software usage patterns of millions of Symantec users to automatically identify new threats.
When scanning a program that does not meet the Symantec criteria for “widely used” their software will flag the program as suspicious with the agent being “Suspicious.Insight.” Their own write-up calls this so-called threat “Risk Level 1: Very Low” but, of course, just the fact that there is an alert at all will work to scare many people away from the software. Few will attempt to figure out why an alert is given at all.
So, how does this hurt vendors? Simple. If you are one of the thousands of smaller programmers selling your program via the shareware (or other similar) marketing methods then you can find yourself at odds with users of Symantec’s security programs when they flash this alert. You know your software is perfectly good and malware-free but because of the alert the users will now be suspicious. Basically, Symantec seems to be using an “assumed guilty until proven innocent” approach which as we all know from law is an approach that will cause the innocent to suffer greatly (think Salem witch trials).
Plus, by assuming new programs from the likes of any large vendor are good, Symantec may perhaps be fooled into not alerting on real problems. There are many instances in history of reputable vendors distributing malware on their distribution media. Large vendors are not immune from this. Indeed, it’s more likely that a larger vendor will distribute malware than a reputable smaller vendor as they have more steps to go through to release their software and the more hoops something has to jump through the better the chance of an error creeping into the process. Smaller vendors have their reputation to protect and so will take great pains to make certain that their software is free of malware or any other thing that can be flagged as nasty.
In short, just because someone sells software that is not as popular as Microsoft Word or one of the other larger programs does not mean they should have to suffer sales because of some arbitrary rating system imposed by a security vendor.
There are better ways to do security (think whitelist and/or sandbox as examples).
Also, see one small author’s thoughts on the subject.
