Symantec UBIQUITY

Discussion in 'other anti-virus software' started by Pleonasm, Oct 5, 2010.

Thread Status:
Not open for further replies.
  1. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Symantec appears to be rebranding its reputation system and expanding it to the enterprise market under the name Ubiquity, “a technology that tracks billions of files from millions of systems to identify new threats as they are created.” The technology “puts files in context” by analyzing data from 75 million contributing users and leverages a global intelligence network of 240,000 sensors in 200 countries.

     
  2. dschrader

    dschrader AV Expert

    Joined:
    Mar 10, 2009
    Posts:
    54
    You can learn more about it here:

    go.symantec.com/ubiquity

    Dan
    Symantec
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    "Served 1.5 billion Ubiquity ratings each day." - Symantec

    Sounds like they're selling hamburgers.
     
  4. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    At present, the Norton Insight Network (in Norton Internet Security 2011) reports a file count of 142 million. Why is this number considerably less than the “1.5 billion files" in the Ubiquity database?
     
  5. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Hmm. The British one billion is a million millions. The American one billion is a thousand millions. Probably doesn't answer the question but interesting. :)

    SourMilk out
     
  6. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    Mrs Cloud Fraud strikes again.
     
  7. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Haha, I used to marvel at that when arguing with a brother-in-law from Belgium! Apparently, the Americans won the Brits over on that, per: http://www.oxforddictionaries.com/page/114 .

    Sorry! OT dismount.:ninja:
     
  8. m0unds

    m0unds Guest

    wow. that's a lot of data.

    also, pretty sweet numbers, eh? :fargo:
     
  9. dschrader

    dschrader AV Expert

    Joined:
    Mar 10, 2009
    Posts:
    54
    Pleonasm

    I asked Insight/Ubiquity dev team the same question about why Norton Insight reports 142 million files tracked when they told me the total number is 1.5 billion (US billion) files.

    They told me that they cut out the files that showed up only once to make the Norton UI work - so that they could show good, bad and undetermined reputation files on the same graph.

    OK, that is not a satisfying answer - I asked them to update the Norton UI to represent the real number - we'll see if they listen to me. . . .
     
  10. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Thanks, Dan, for looking into this question.

    To clarify, are you saying that the problem is (A) a display/formatting issue (i.e., the layout of the Norton Insight Network graph), or that the problem is (B) operational/functional (i.e., Norton Internet Security 2011 only leverages a subset of the entire Ubiquity database when evaluating the trustworthiness of a file)? I think (and hope) that the answer is “A.”
     
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I'm just wondering that if Symantec has tracked more than 1.5 billion files, but their UI only shows 140m+ files, shouldn't the likes of Panda be showing similar? PCAV apparently has tracked over 126m files, which is close to what Symantec are saying in their current UI.

    It's hard to get one's head around these figures, but I suppose it is feasible that 1.5 billion files have been tracked. However, Bit9 has already far exceeded that figure, something like over 6.9 billion files at the moment, which kinda begs the question how come they've seen more files than anybody else?
     
    Last edited: Oct 9, 2010
  12. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    786
    Location:
    255.255.255.255
    well there figure might not be exactly correct or atleasr shown correct to people :p
     
  13. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    It is my understanding that Symantec is tracking a specific subset of all files (e.g., .EXE, .MSI, .DLL, .SYS, .DRV). It may be the case that Bit9 and other vendors are tracking a larger scope of files (e.g., .PDFs that may have embedded malware).
     
  14. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    It is speculation on my part, but additionally I would not be surprised to learn that the 1.5 billion files tracked by Symantec are active threats -- i.e., malware that has been encountered within the recent past. Limited the Ubiquity database to active threats would presumably enhance performance with miniscule downside risk.

    In contrast, the file count reported by other vendors may be cumulative (i.e., representing both active and expired threats).

    Dan (from Symantec), can you please interject some insight into these issues? Thank you.
     
  15. dschrader

    dschrader AV Expert

    Joined:
    Mar 10, 2009
    Posts:
    54
    A few differences.

    First, Symantec works with Bit9 - though I am not sure if their white list is used in the Ubiquity system. Bit9 can be integrated into Symantec Endpoint Protection for application tracking and white listing (enterprise feature).

    Second, yes, Symantec is only tracking program files. As every .doc file and many pdf files are unique, tracking them for the purpose of identifying unique files isn't worth the effort. We do track both current and "expired" threats (hard to define an expired threat). But the point is that we do not track office files, for example, even though they may contain threats. If is faster to scan those file at the endpoint than to add all those file to the db and slow down the whole system. Interestingly, Trend seems to not track older threats.

    3rd. Norton is using the full 1.5 B file db - it is just in the UI that they are showing the smaller #.

    4rth Bit9 provides a big white list - but it lacks the detailed security ratings that we provide. No do they track associations between files, sources and patterns of infections. They simply give you a big list of things that appear to be safe for a go/no go decision. That is very different from getting a security rating and prevalence information.
     
  16. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Thank you, Dan, for the clarifications and insights. It is especially good to know that Norton Internet Security 2011 is leveraging the full power of all 1.5 billion files tracked in the Ubiquity database. Hopefully, the user interface in NIS11 will be modified to reflect that reality in the not too distant future.
     
  17. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    Now the figures go up, according to the press release regarding Norton 360 v5 beta:
    Is this right based on what we've been told already?
     
  18. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    The math seems 'reasonable,' since it would require about 22 months to serve 1 trillion reputation ratings, given that 1.5 billion reputation ratings are served daily.
     
  19. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Some additional impressive statistics...

    • 22 million applications are added to Ubiquity database weekly
    • The size of the community contributing to the Ubiquity database is 100 million users
    • More than 75 percent of malware discovered by Ubiquity affects less than 50 Symantec users
    • Symantec blocked 3.2 billion attacks in 2009
    Source: Symantec Ubiquity
     
Loading...
Thread Status:
Not open for further replies.