Reputation-based Security: Suspicious.Insight detections on Virus Total

We recently upgraded our scanner on Virus Total to include our new reputation-based security engine. That has caused a spike in our detection rates, in particular Suspicious.Insight detections, and so I thought I’d take a few minutes to explain some of the background and what is going on.
So what exactly is a Suspicious.Insight detection? These detections are derived from Symantec’s new reputation-based security technology. They highlight files that have not yet developed a strong reputation (either good or bad) amongst Symantec’s community of users. Our goal is to keep our users’ machines safe, and part of achieving that goal means helping our users make informed choices about the files they allow on to their systems. Suspicious.Insight detections help shine a spotlight on files that have not yet developed a full reputation.
Why are we doing this, and what’s wrong with the conventional approach to security using traditional antivirus signatures? Unfortunately, traditional antivirus techniques are no longer as strong a defense as they used to be. Over the last few years Symantec has observed a seismic shift in the threat landscape. Consider this: ten years ago, Symantec published little more than a few handfuls of new virus definitions each week. Today that number has grown dramatically and we currently publish, on average, well in excess of fifteen thousand new virus definitions each day. So, why (continue reading...)