Radified Community Forums - Symantec SONAR: Enhancement to AntiVirus

Radified Community Forums › Rad Community Technical Discussion Boards (Computer Hardware + PC Software) › Norton Ghost 2003, Ghost v8.x + Ghost Solution Suite (GSS) Discussion Board › Symantec SONAR: Enhancement to AntiVirus

(Moderators: Rad, Christer, NightOwl, Pleonasm, MrMagoo, El_Pescador)

‹ Previous Topic | Next Topic ›

Pages: 1

Symantec SONAR: Enhancement to AntiVirus (Read 3977 times)

Pleonasm

Übermensch

Offline

Posts: 1619

Symantec SONAR: Enhancement to AntiVirus
Jan 18^th, 2007 at 10:27am

Symantec is augmenting the signature-based Norton AntiVirus tool with behavior-based detection capabilities.

Quote:

Starting next month, users of Symantec's Norton products will have a new tool to help them avoid unpatched software flaws.

Called the Symantec Online Network for Advanced Response (SONAR), the new security software will look at the behavior of programs running on the computer in order to decide whether they are malicious. This is a departure from Symantec's traditional signature-based antivirus protection techniques, which compare the program's code to a database of known malware.

SONAR will be a free add-on to Symantec's Norton AntiVirus 2007 and Norton Internet Security 2007 products….

The software is built on technology that Symantec acquired in its 2005 purchase of WholeSecurity.

Source: Symantec unveils SONAR to find zero-day attacks

ple • o • nasm n. “The use of more words than are required to express an idea”

IP Logged

Pleonasm

Übermensch

Offline

Posts: 1619

Re: Symantec SONAR: Enhancement to AntiVirus
Reply #1 - Jan 18^th, 2007 at 10:33am

More information . . .

Quote:

SONAR is behavioral detection technology that protects against malicious code before standard virus and spyware detection definitions have been created. Such emerging and unknown malicious code can strike in the form of Trojan Horses, worms, mass-mailing viruses, spyware or downloaders. While many products use only a limited set of heuristics, SONAR draws from an extensive range of heterogeneous application behavior data which not only greatly enhances detection but also significantly minimizes false positives. For consumers, the result is zero-hour protection from a vast threat spectrum without being bothered with confusing decision-based prompts. SONAR technology provides protection against emerging threats in a way that does not compromise the user experience or require additional system resources. When detections are made through SONAR, no user interaction is required.

“What sets SONAR technology apart from the pack is that our method of heuristics-based detection is so comprehensive and accurate that it boasts a 0.0004% false positive detection rate (4 in 1,000,000 users) of potential threats,” Trollope continued. “ This is truly unheard of in the industry

and just another example of Symantec and its Norton brand providing customers state-of-the-art protection against today’s most malicious security threats.”

Source: http://www.symantec.com/about/news/release/article.jsp?prid=20070117_01

ple • o • nasm n. “The use of more words than are required to express an idea”

IP Logged

Pleonasm

Übermensch

Offline

Posts: 1619

Re: Symantec SONAR: Enhancement to AntiVirus
Reply #2 - Jan 30^th, 2007 at 8:05am

A recent case study of SONAR in action….

Quote:

Over the weekend of January 13th and 14th, SONAR alerted Symantec to an increase of activity around a new packer. Based on the SONAR technology, we added detection in the field on Monda,y January 15th for the packer, which ended up being used on Wednesday, January 17th for Trojan.Peacomm (aka Storm Worm). Even though at this point the threat itself was not out, the early warning from SONAR drove some definition updates to deal with the new packer.

Since Storm Worm was detected via our virus definitions, it was not able to infect our customers’ machines. On a computer with up-to-date definitions it never started running and never got a chance to bring in its support files.

However, say a customer had turned off his/her protection and for that reason the system got infected. Even though the Trojan itself is not a running process (which is what SONAR analyzes) SONAR inspects all of the associated files that the Trojan downloads. SONAR detections are also reported back to Symantec. On Friday, January 19th we saw some changes in the Trojan’s support files, which SONAR submitted to Symantec, allowing us to update our definitions to account for the new packer.

As you can see, SONAR came into play as an early warning system the weekend before the threat was out, on Friday Jan 19th as the Trojan was being changed and as zero hour detection for the components of the Trojan.

Source: http://www.symantec.com/home_homeoffice/blog/detail.jsp?blogid=sonar&profileid=l...

ple • o • nasm n. “The use of more words than are required to express an idea”

IP Logged

Pleonasm

Übermensch

Offline

Posts: 1619

	Re: Symantec SONAR: Enhancement to AntiVirus Reply #3 - Feb 11^th, 2007 at 10:47am SONAR has arrived. For a free upgrade for Norton Internet Security or Norton AntiVirus, see: Updating your Norton 2007 product to the latest 2007.2 product
	ple • o • nasm n. “The use of more words than are required to express an idea” IP Logged

Pages: 1

‹ Previous Topic | Next Topic ›

« Home

‹ Board

Top of this page

	Welcome, Guest. Please Login