Symantec announced late today a free public beta for its new Norton AntiBot software that attempts to identify malware on your system by analyzing its behavior. The stand-alone software is based on existing (and currently available) technology from Sana Security, with a few minor add-ins from Symantec's SONAR behavioral scanning technology that is now included in Norton products. Symantec says AntiBot is meant as a supplement to antivirus software, not a replacement, and doesn't use signatures as traditional antivirus products do. Instead, it examines how a program behaves--where it runs from, what Registry changes it makes, what Internet sites it may attempt to contact, and so on. The company says it won't conflict with other antivirus programs, either its own or those of competitors.
While the SONAR feature runs only during virus scans, Symantec says AntiBot stays running in the background to observe all programs' behavior. Though the name emphasizes its focus on catching the versatile "bot" malware that can turn infected computers into remote-controlled "zombie" PCs, the program will look for behaviors associated with a wide range of malicious software, including keystroke logging and other suspicious activities.