Dump Reputation Scanning In NIS Download Intelligence

It is quite frankly no longer effective.

 

If no one at Symantec has noticed, there is a pronounced increase of malware being embedded in third party installers.Just go to the Norton Malware forum for proof.

 

Symantec is not alone here, almost all the major AV players adware protection is inadequate against these new threats. I believe the main reason is the risk of being penalized on AV lab tests for false positives. Another reason could be the increased cost of scanning downloads in the cloud etc..

 

I have found in my research that NIS download protection is quite good at recording the URL of the actual download. In most of the downloads I have found that contain malicious content in their downloads, there have been multiple redirects. The last one I found connected to a server in mainland China along the way.

 

My suggestion is this. Modify NIS download intelligence to submit the URL from the download to one of the comprehensive URL scanners; ZULU is my preferred choice. ZULU will actually submit the download to Virustotal for analysis along performing its own analysis. It then will numerically rank the download as to maliciousness and also give a final determination as to the download safety. Norton download intelligence can then display those findings to the user and give them the option to terminate and quarantine the download.