The official release of DVD Catalyst 3 does not have this issue.
As a user, I stopped using Norton Antivirus (Corporate) back in 2001. Before that, I used my computer for years without any virus protection, and when I became more active on the web, I decided it was time for a virus scanner. Through my work as a network administrator, I was allowed to make use of a coprorate license through my employer, and used it for a year or so when I realized my computer was getting slower and slower. I ran a few scans with Norton, and everything was reported clean. Not sure what to do, I did an online virus scan, and came to find out that my computer was loaded with crap.
So, after a wipe of the computer, with loss of data because the infection was spread quite deep, I installed a different virus scanner, AVG, and have been using this ever since.
Due to some false-positives I have gotten throughout the last year in regards of DVD Catalyst and the trial-wrap app I used to make the trial expire after 7 days, I’ve been using www.virustotal.com to check my software before releasing them. Today, when scanning a beta for a user to test, it nicely showed that 40 virus scanners see my beta as clean, but Symantec shows a lovely Suspicious.Insight message.
Doing a search for this particular message led me to Symantecs discussion forum, and an article on its website
http://www.symantec.com/norton/security_response/writeup.jsp?docid=2010-021223-0550-99
Suspicious.Insight is meant to inform the user that a given application is unproven and indicates that the file has not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s Reputation-based security technology.
This detection indicates that the file has not yet developed a strong reputation among Symantec’s community of users. Detections of this type are based on Symantec’s Reputation-based security technology. This system uses “the wisdom of crowds” (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
When detections of this type are triggered in Norton products the user may be warned that the application is new, allowing the user to make the final decision. Future versions of Symantec’s Endpoint Protection products will include this functionality. When used in these products, administrators will be able to configure blocking policy based on their specific tolerance for risk.
Today, the vast majority of malware is being generated in real-time on a per-victim basis, meaning that each such malware program will appear entirely new and low-prevalence to a reputation system. In contrast, most legitimate software has vastly different characteristics – it often comes from known publishers, has high adoption rates, shares much in common with earlier versions of the software, etc.
The Suspicious.Insight detection, therefore, is meant to inform the user that a given application is unproven and not yet well known to Symantec’s tens of millions of users.
Looking at the top10 infections found on Virus Total in the last 24 hours
http://www.virustotal.com/estadisticas.html
it nicely shows 30.000 suspicious insights, and in second place, 3000 counts of some malware.
I can understand the reasoning for mentioning to a user that the program they are using is new, and that the virus scanner is not capable of ensuring the file is clean, but with a nice little name of “Suspicious Insight” and the popular topics of stolen identity and troyans harvesting your data, what are users going to think when they see this message?
