First published: 31st December 2007
A recent article in Computerworld cites a report from the Yankee Group that describes a "new" trend of security software vendors (specifically mentioning Symantec) changing their tactics to use customers' machines as their initial line of threat detection intelligence because of the threat of customized malware. This is described as "herd intelligence". Desperately mixing metaphors, Yankee Group Analyst Andrew Jaquith explains, "the herd network effectively turns into a giant honeypot". He also said that security vendors may also need to begin sharing more of that information with their rivals to create a larger network effect for thwarting malware on a global basis, but it could be difficult to get rival vendors to work together.
One wonders what Analyst Andrew Jaquith is an "expert" in. Those who have followed anti-virus technology for some time will know:
- Steve R. White first developed the concept of a "digital immune system" where endpoints collected unknown software and communicated them to analysis centres while at the IBM's Thomas J. Watson Research Center last millennia. Steve reported on his team's progress at several conferences.
- Symantec got the technology from IBM, and continued developing it.
- The research teams anti-virus developers work closely together, securely distributing samples, regardless of the rivalries of their marketing departments.
Developments along these lines are important, but to describe them as "new" or "changing tactics" is misleading, and capriciously inventing new terms for already-named techniques is simply unhelpful.