Symantec unveils free bot bouncer tool


Symantec Corp. has unveiled a free beta of Norton AntiBot, a behavioral-based real-time defender meant to catch the kind of threats traditional antivirus products miss.

The beta, which runs only on Windows XP and Vista, will be launched next month as a stand-alone title, said Symantec director of product management Ed Kim.

“Over time, we’ll roll this into our line, but we wanted to go to market as quickly as possible,” Kim said.

A price has not yet been set for the final. Integrating AntiBot with its existing consumer software, such as Norton Internet Security or Norton 360, would have taken more time.

AntiBot is based on technology from Sana Security, which sells its own version called Primary Response SafeConnect for US$29.95.

“This is very cutting edge stuff from a behavioral detection standpoint,” said Kim. “And it’s a perfect complement to any existing antivirus or Internet security product. It’s an additional level of protection.”

Unlike antivirus software, which relies either completely or at least extensively on fingerprint-like signatures to detect and delete malware, behavioral-based defenses monitor the PC for evidence of hinky conduct. Behavioral tools, sometimes dubbed “heuristic,” watch for events such as unexpected writes to the Windows registry, a just-spawned process, or a change to a system file.

Recently, they’ve come in vogue as the best defense against botnets, which flood mailboxes with an ever-increasing number and variety of Trojan horses and other malware, hoping that by producing tens of thousands of variations they can overwhelm slow-reacting software.

AntiBot isn’t Symantec’s first foray into heuristics.

In January, the company announced SONAR (Symantec Online Network for Advanced Response), a scanner-based behavioral tool that in the interim has been added to Norton 360. AntiBot, however, differs from SONAR in that it’s “always on, real-time,” said Kim. “The two have the same security philosophy, but SONAR is scan-based.”

By slapping “bot” into the product name, Symantec’s acknowledging the impact botnets have made on consumer perceptions of current threats, as well as the power of bots.

To back up the claim, Kim cited Symantec’s most recent data, which reported a 29 percent increase in the number of bot-jacked computers in the second half of 2006.

AntiBot can be downloaded from Symantec’s site; the product’s Status screen states that it’s a 15-day trial, but a Symantec spokeswoman said when that term expires users will be able to extend the test time. The beta will expire for good when the final launches in July.

The alarming growth of botnets has led leading anti-virus software vendors to focus resources on countering this scourge.

TrendMicro Inc. headquartered in Cupertino, Calif., a competitor of Symantec, is actively promoting the use of reputation technologies to battle the spread of botnets.

“We see reputation services as another way to counter these new types of Web threats,” TrendMicro CEO Eva Chen told IT World Canada in a recent interview.

Chen noted that the nature of Web threats is changing significantly. She said in previous years, once a virus in a spam message, it functioned independently of the virus writer.

But today, she said, bot masters or bot herders use viruses included in spam e-mails as their tools – their agents, to control computer networks. Chen said her company’s strategy is not just to remove “agents” detected on a computer, but to trace them back to the bot master, and cut off the IP address controlled by the bot master.

“By doing this, in one shot you also protect hundreds of botted computers out there, which may be being used vehicles to send out spam.”

To this end, Chen said her company offers TrendProtect, as a free “Web reputation” service.

“That’s a browser plug-in meant for end users. We’re also about to launch the same services in our corporate desktop product called Office Scan 8.0. And we have the same protection in our Web Gateway product for the enterprise.”


Related Download
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center Sponsor: Lenovo
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center
Find out how Hyperconverged systems can help you meet the challenges of the modern IT department. Click here to find out more.
Register Now