The Symantec Online Network for Advanced Response (SONAR) is a new security software that will analyze the behaviour of programs running on the computer and decide whether they are malicious. Although other software applications offer such features already, Symantec has stayed true to the virus definition method, until now. SONAR will be available free of charge. Well, not quite. It will be an add-on for Symantec's Norton AntiVirus 2007 and Norton Internet Security 2007 products.
"We're very excited about the release of SONAR. It's zero-day protection that doesn't rely on threat signatures," said Ed Kim, director of product management with Symantec's consumer business unit.
Zero-day attacks are threats that expose undisclosed or unpatched software vulnerabilities. SONAR uses an algorithm to evaluate hundreds of attributes relating to software that is running on the computer. The software is built on WholeSecurity technology, a company Symantec acquired 2005. Symantec also currently offers Critical System Protection, which is a similar program to SONAR but for the Enterprise market. According to Symantec, such software is finally ready for the consumer desktop market.
"Signature-based technologies for viruses and spyware certainly work, but their coverage is increasingly thin. So you need to bolster signature-based approaches with behavior-based approaches," said Andrew Jaquith, senior analyst with Yankee Group Research.
News source: InfoWorld