Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Symantec Adds Zero-Day Defense To Consumer Security Line

Symantec will add a new defense to its consumer security flagship products Norton AntiVirus and Norton Internet Security early next month to protect PCs from zero-day exploits, the company said Wednesday.

Sonar, for Symantec Online Network for Advanced Response, is based on technology acquired in the 2005 purchase of WholeSecurity, a maker of anti-phishing and intrusion prevention software. "It's a new behavioral technology," says Ed Kim, director of product management in Symantec's consumer product group. "It's a zero-day defense that doesn't use signatures."

So-called zero-day exploits are those for which no patch is available from the vendor, but the term is sometimes used to describe exploits for which there are no antivirus fingerprints, or signatures, yet distributed by security companies.

"Sonar uses an expansive list of behaviors" to look for possible exploits, says Kim. "It scores the application or executable by examining both positive and negative attributes. For example, does it have a shortcut on the desktop, is it digitally signed? On the other hand, is it just a one-pixel window?"

"It sounds like Symantec's talking about a sandbox, but they're not calling it that because [a sandbox] isn't new," says Roger Thompson, chief technology officer of rival security vendor Exploit Prevention Labs. A sandbox environment, which restricts what computer code can do or what other components it can impact, often is used to run suspicious or untrusted software to get an idea of what it does and whether it might be malicious.

  • 1