[AccessD] Latest Outrage from Symantec

Rocky Smolin rockysmolin at bchacc.com
Mon Apr 16 09:44:45 CDT 2012 

So I uploaded the installable exe of my MRP system to a folder on my website
for a new customer to download - my standard procedure which has been
working well for many years.
 
He called a couple minutes ago saying Symantec had detected a virus.  Not
possible, of course.  I asked him what Symantec said and he said
WS.Reputation.1. 
 
I looked it up.  You won't believe this:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854
-99
 
Apparently, my 'reputation' with Symantec isn't good enough to pass their
gatekeeper.  The gatekeeper " uses "the wisdom of crowds" (Symantec's tens
of millions of end users) connected to cloud-based intelligence to compute a
reputation score for an application, and in the process identify malicious
software in an entirely new way beyond traditional signatures and
behavior-based detection techniques."
 
"Symantec's reputation technology system tracks the attributes of software
files (applications, drivers and DLLs) from multiple sources, including: 



*	Anonymous data contributed by tens of millions of Norton
<http://www.symantec.com/about/profile/policies/ncwprivacy.jsp> Community
Watch members
*	Anonymous data contributed by enterprise customers in a data
collection program tailored to large enterprises
*	Data provided by software publishers"

"The reputation-based system uses "the wisdom of crowds" (Symantec's tens of
millions of end users) connected to cloud-based intelligence to compute a
reputation score for an application, and in the process identify malicious
software in an entirely new way beyond traditional signatures and
behavior-based detection techniques. 

The system considers many aspects of a file, including file age, file
download source, digital signature, and file prevalence. These attributes
are combined using a proprietary algorithm to determine a file's safety
reputation. The system maintains a rating for all files rather than just
malicious files. Each software file is given a GOOD, BAD or SUSPICIOUS
rating. 

Symantec's reputation-based security engine continuously monitors all files
and over time a file's reputation may change."
 
Of course, since each exe file I send has the user's company name as part of
the file name, it will never have enough users to gain a 'reputation'.  
 
Of course there are detailed (not) instructions on the site for software
developers on which hoops to jump through in order to appease the Symantec
gatekeepers.  I'm not about to spend 4 minutes of my precious time on this
earth trying to please these blockheads.
 
In a stunning breakthrough defying all the laws of physics, Symantec has
devised a system that both sucks and blows at the same time.
 
Rocky Smolin
Beach Access Software
858-259-4334
www.bchacc.com <http://www.bchacc.com/> 
www.e-z-mrp.com <http://www.e-z-mrp.com/> 
Skype: rocky.smolin

More information about the AccessD mailing list