People often rely on their circle of friends for support. Now one start-up company hopes to harness those social connections to create and deliver security software that will protect users from computer viruses and other digital threats.
On Wednesday, start-up Immunet announced its first product, Immunet Protect, a program that checks downloaded files against a directory of malicious software, such as viruses and Trojan horses. The company joins a handful of others in turning much of its detection capabilities into a service offered over the Internet, or the “cloud.” Yet, the real difference, say its founders, is the software’s ability to protect digital communities–those users connected together via social networks such as instant messaging, Facebook or Twitter.
Because malicious software travels quickly through messages sent to friends via e-mail, instant messaging and other social technologies, Immunet plans to use the same pathways to send the needed information to protect users, says Oliver Friedrichs, CEO and founder of the four-person firm.
“We are seeing an increase in the number of threats propagated through social networks, as well as attacks on social-networking sites in general,” Friedrichs says. “Your social network is becoming a larger attack vector than it has been in the past. Our approach is to protect that social network.”
Immunet users will be able to see who in their social network is a current user of the service. For example, Facebook users could see which of their friends has also installed Immunet Protect. The service will also allow users to see whether their friends have seen a greater proportion of threats than the population of Immunet Protect users as a whole.
The idea is to treat malicious programs less as an analysis problem–where a file is scrutinized to determine whether it poses a threat–and more of a data-mining problem, Friedrichs says. When a new file is downloaded to a user’s computer, information on more than 100 attributes is sent to Immunet’s servers. If a threat is recognized, the service will respond in a fifth of a second; otherwise, the file is allowed to run while the company attempts to analyze the file’s attributes.
“There are so many threats today that an analyst cannot analyze them all, so we are using data-mining techniques to find the needles in the haystack,” Friedrichs says. “We consider our user base to be a very large sensor network.”
It’s no secret that current antivirus software has trouble detecting the latest threats. Last week, antivirus firm Panda Security released a report showing that 52 percent of malicious software is not seen for more than 24 hours, because the cybercriminals who are responsible for spreading the software compress and rearrange the binary code in a different way every day, a technique known as packing. The ability to rearrange code has put traditional antivirus companies at a disadvantage. In a research paper published last year, computer scientists at the University of Michigan found that even the best antivirus programs could only detect three-quarters of newly packed malicious code. It took three months for the best antivirus engine to detect 90 percent of the dangerous software.