Spoofing Reputation - how would someone do this?

Discussion in 'other security issues & news' started by Hungry Man, Dec 20, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    In a system that uses purely reputation (let's negate all heuristic functions of such systems for now) I assume that it takes a tally of how many people have downloaded/ run a particular file. The more people the higher reputation.

    How do systems like this protect themselves from someone simply moving that file through multiple machines or virtual machines?

    If a reputation system factors into or overrides heuristics and spoofing were possible it could be a big issue.

    I know SmartScreen uses reputation. I think Norton does as well and multiple other systems. I'm looking for insight as to how they manage to deal with this issue.
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Maybe checking the system's activity like browsing data, recent tasks, etc., but that's spyware behaviour. That's why reputation can't be solely dependent.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    But even when it's factored into heuristics it can have a large effect if an application has high reputation.

    I assume MS and other vendors have already thought of this and come up with some way to mitigate.
     
Loading...
Thread Status:
Not open for further replies.