Symantec integrates a zero-day anti-attack tool into the application

Starting next month, Symantec's Norton product users will have a new tool to remove the risks arising from unresolved software vulnerabilities.

Named " Symantec online Network for Advanced Response " (SONAR), the new security software will monitor program behavior that runs on the system to determine if they are dangerous. SONAR is a more advanced form of Symantec's signature-based antivirus technology (comparing program signatures to databases of previously recorded malware types).

SONAR will be a free add-on for Norton AntiVirus 2007 and Symantec's Norton Internet Security 2007. " We are happy to introduce SONAR. It will be a method of protection against zero-day attacks based on malicious code signatures ," said Ed Kim, single product manager. Symantec's customer business.

Zero-day attacks are often based on unpublished vulnerabilities, or not yet repaired by software vendors, and are often very effective for word-based virus-protection databases. sign.

SONAR uses algorithms to evaluate hundreds of attributes related to a software running on the system to detect a dangerous software, whether or not Symantec and other security researchers determine.

SONAR determines whether a software is "malicious" or not based on behavior, not based on the previously specified software repository. For example, a program with a shortcut to the desktop, or inserting itself into a list of Windows Add / Remove programs will be identified as malicious programs.