Symantec Releases Beta of Norton AntiBot

Symantec announced late today a free public beta for its new Norton AntiBot software that attempts to identify malware on your system by analyzing its behavior.

The stand-alone software is based on existing (and currently available) technology from Sana Security, with a few minor add-ins from Symantec's SONAR behavioral scanning technology that is now included in Norton products.

Symantec says AntiBot is meant as a supplement to antivirus software, not a replacement, and doesn't use signatures as traditional antivirus products do. Instead, it examines how a program behaves--where it runs from, what Registry changes it makes, what Internet sites it may attempt to contact, and so on. The company says it won't conflict with other antivirus programs, either its own or those of competitors.

While the SONAR feature runs only during virus scans, Symantec says AntiBot stays running in the background to observe all programs' behavior. Though the name emphasizes its focus on catching the versatile "bot" malware that can turn infected computers into remote-controlled "zombie" PCs, the program will look for behaviors associated with a wide range of malicious software, including keystroke logging and other suspicious activities.

The beta is available as a free download from Symantec. The company plans to release the final version around July, at which time the beta will expire. Symantec hasn't yet announced a price for the program, but says that it may eventually add the technology to its existing line of antivirus programs.

This latest move signals security companies' continued interest in developing technology that doesn't rely on exact signature matches in order to identify malware, since online crooks are continually devising new approaches to evade signatures. For more on these evasion techniques and the proactive technologies that combat them, see "When a Signature Isn't Enough," a section of the PC World article, "Virus Stoppers."

Subscribe to the Security Watch Newsletter

Comments