Symantec Unveils SONAR to Find Zero-Day Attacks

The Symantec Online Network for Advanced Response (SONAR) is a new security software that will analyze the behaviour of programs running on the computer and decide whether they are malicious. Although other software applications offer such features already, Symantec has stayed true to the virus definition method, until now. SONAR will be available free of charge. Well, not quite. It will be an add-on for Symantec's Norton AntiVirus 2007 and Norton Internet Security 2007 products.

"We're very excited about the release of SONAR. It's zero-day protection that doesn't rely on threat signatures," said Ed Kim, director of product management with Symantec's consumer business unit.

Zero-day attacks are threats that expose undisclosed or unpatched software vulnerabilities. SONAR uses an algorithm to evaluate hundreds of attributes relating to software that is running on the computer. The software is built on WholeSecurity technology, a company Symantec acquired 2005. Symantec also currently offers Critical System Protection, which is a similar program to SONAR but for the Enterprise market. According to Symantec, such software is finally ready for the consumer desktop market.

"Signature-based technologies for viruses and spyware certainly work, but their coverage is increasingly thin. So you need to bolster signature-based approaches with behavior-based approaches," said Andrew Jaquith, senior analyst with Yankee Group Research.

News source: InfoWorld

Report a problem with article
Previous Story

Krut Computer Recorder 0.9.2

Next Story

Vista Expected to Generate $7 Billion in New Revenue

13 Comments

Commenting is disabled on this article.

Every computer I come across that's running a Symantec scanner runs slow. Uninstall and you boost its performance by 50%. Corp Edition though seem's better.

Zone Alarm Security Suite is enough for me at the moment. I was a hardcore Norton Antivirus fan for 5 years until it started screwing things up with 2005 and later editions

I look at it in this light, would you rather have a big bad hard looking man that is as hard as a coffin nail protecting you, or a small podgy boy that enjoys a windy walk?

I prefer the former than the latter.

Now, let's see if Symantec can push a feature rich antivirus tool under the 50 MB barrier. :-p

A much greater challenge, it seems...

Kushan said,
free or not, installing Norton antivirus is too high a price to pay and I'm not talking about money.

LOL I like the way you say it. O totally agree, the price to have that POS is to high

Signature-based technologies for viruses and spyware certainly work, but their coverage is increasingly thin. So you need to bolster signature-based approaches with behavior-based approaches," said Andrew Jaquith, senior analyst with Yankee Group Research.

I thought herustic scanning was enabled for like almost all AV now days :S:S

Bitdefender creates a mini OS and scans all files in it to check for any virus like behaviour.

I'm under the impression that SONAR is a HIPS, and will prompt the user if a program is about to do something suspicious. Heuristics on the other hand are tuned to be able to detect malicious behavior while not having false positives. Since a lot of malicious programs act like normal programs, heuristics won't be able to reliably tag malware. Also, VM based heuristics have also begun to be "broken out" of by malware.

RootWind said,
I'm under the impression that SONAR is a HIPS, and will prompt the user if a program is about to do something suspicious. Heuristics on the other hand are tuned to be able to detect malicious behavior while not having false positives. Since a lot of malicious programs act like normal programs, heuristics won't be able to reliably tag malware. Also, VM based heuristics have also begun to be "broken out" of by malware.

Ah ic now. Thanks for clearing that up.