Norman Strengthens its Antivirus Capacity With Norman SandBox 2005

Norman ASA has improved its proactive antivirus technology and offers an upgraded and more sophisticated version of the Norman SandBox solution.
Norman SandBox 2005 has improved support for several functions and has increased its capacity for detection of new and unknown viruses. Norman SandBox is a unique proactive antivirus technology that is able to detect new and unknown viruses. This solution is not based on traditional signature based antivirus technology, but detects infected files by the actual action performed by the files. The SandBox simulates a fake computer and network environment, completely separated from the internal computer resources. All files that enter the SandBox are expected to execute certain task or to behave in a certain way. If a file suddenly starts performing tasks beyond a defined framework, this will be detected as non-standard behaviour and Norman SandBox will make the file inoperable and deny access to your real computer system.

The SandBox also informs the user of the kind of malware that has been detected and suggests further action. Norman has integrated the SandBox solution to all its antivirus products and has experienced great success with the solution.

However, the battle against virus authors and IT criminals is a continuous struggle as the viruses are getting more sophisticated and use more efficient techniques. Norman takes this challenge seriously and has improved its SandBox technology.

– The fight against viruses and other malware has to be taken seriously. The total cost for enterprises regarding IT-criminality is almost 3.65 billions euro in Great Britain and 610 millions euro in Norway. Our analysts are predicting a fast development of new and clever viruses and it is important that we maintain a good capacity for stopping IT criminality. This is why we have now improved our SandBox so that it supports more functions and has better capability for detecting viruses, says VP marketing and business development Audun Lødemel at Norman ASA.

With the new and improved Norman SandBox 2005 it will be harder for the malware to bypass the SandBox. Here are the reasons why:

Support for more than 3000 different APIs
Norman SandBox 2005 now emulates more than 3000 APIs. This means that the SandBox now emulates more than 3000 ways to connect to your operating system or other software in your computer.

Multithread support
A virus may have several threads that enable the virus to perform several independent actions in parallel. Each thread can help the virus to survive and to resist possible antivirus attacks. Sandbox 2005 now has multithread support, meaning that it can emulate several threads simultaneously.

Support for thread injection to remote processes
SandBox 2005 has the ability to detect thread injection to remote processes. When some viruses take control of a system, they will inject their own threads into other running processes. Thereby, they can perform their actions by camouflaging themselves by hiding in other processes. This possibility is now closed in SandBox 2005.

Detection of email harvesting
Many programs are harvesting email addresses either for own use or in order to sell them to other criminals. This form of email-harvesting attempts will now be detected in our SandBox 2005.

Improved network support
SandBox 2005 has improved support for Peer-to-Peer (P2P) networks – thus creating better protection for file-sharing services. Many worms are aware of P2P networks, and try to spread using these mechanisms. The simplest form is just dropping themselves as “interesting file names” into their upload/download directory. Because of the improved emulation inside SandBox 2005, this will now be detected.

SandBox 2005 has improved support for Internet network services, such as Newsgroups. Newsgroups are one of the most popular means for Internet communication and viruses often try to spread through these channels.

SandBox 2005 also has improved support for other Internet network services such as POP 3, DNS; IRC WEB and others.

SandBox has installed an enhanced LAN and is now able to support more complex local area networks.

Support for Instant messaging communication
The use of Instant Messaging (IM) communication, such as ICQ, is growing rapidly and the new Norman SandBox 2005 now supports IM protocols.

Extended classification of malware
The list of different viruses and malware has now been upgraded with more categories and gives you a written analysis that describes what the malware intends to do.