Symantec envision whitelist scenario

Eleanor Dallaway

The colossal rise in malware could lead to a ‘whitelist’ approach for the internet in the future, say security response engineers at Symantec.

“While spam has seemingly reached a plateau, malware is rising severely”, says Thomas Parsons, Manager of Quality Assurance in the Symantec Response and Email Security centre, Dublin. “In fact, it’s rising so quickly that it may start to exceed the clean content. When this happens, would it make sense to adopt a whitelist approach, rather than a blacklist?”, which would assume all content to be ‘dirty’ or malicious until proven clean.

The Symantec response team, based in Dublin, California and Japan, work around the clock (in a system they call ‘following the sun’) to offer a high level of technical support and analysis to new viruses amongst other tasks.

While one third of the world’s emails go through Symantec, 80% of these are spam emails, and of the 200 000 suspicious samples reported daily, approximately 330 of then are genuine, un-reported threats.

It is then the responsibility of the response team to work on these threats. Every thirty minutes, new solutions are built and pushed out to users, and live updates are automatically made three times a day.

Symantec deploy what they call a ‘honey pot network’, whereby they run more than
8 000 computers and IP addresses as normal machines, in order to establish a good representation of what’s going on. Trends are then tracked manually by intelligence.