Internet Security 2.0

Posted 02/07/2008 at 1:43pm | by Paul Lilly

8

Comments

Print

Norton AntiBot

Is heuristic scanning the future of home PC security?

Norton takes a different approach to next-gen security than both BufferZone and ForceField. Rather than employ virtualization technology to quarantine damage imposed by malicious code, AntiBot looks to prevent contaminants from ever having a chance to cause a ruckus—virtual or otherwise—by catching them before they’re able to load. It does this through heuristic scanning: analyzing the behavior of every running process and program, looking for characteristics most commonly associated with malware. Like the developers, Norton doesn’t bill AntiBot as a stand-alone security application but instead recommends running it alongside your existing anti-malware suite. Nevertheless, we threw AntiBot into the infested online jungle to see if it—and our system—could emerge unscathed.

We dig programs that are easy to configure, but AntiBot gives you very little control over how it operates, making it impossible to fine-tune its behavior to complement your surfing habits.

AntiBot’s quick installation will appeal to folks who prefer a no-fuss setup, but power users are sure to lament the lack of customizable options. You can choose whether to automatically quarantine detected threats and whether you want the option of saving your work before doing so, but AntiBot affords little else to the end user.

For all its simplicity, AntiBot was no slouch on the seedier side of the web, going about its work while running quietly in the background and without hampering performance. We agreed to install ActiveX controls when prompted, downloaded files we knew contained payloads, pretended we knew nothing of the dangers lurking on P2P networks, and attempted to install every spyware-plagued game and screensaver we could find. Additionally, we turned off our firewall and failed to update our XP install, which left it armed only with SP2. But despite reckless computing habits that would make even our Dell-owning relatives shudder, AntiBot stopped the majority of threats from taking down our system. Before dirty code could muck our OS, AntiBot froze the operation and alerted us to impending doom. In the case of an unknown danger, a window appeared showing us what suspicious behavior prompted the alert, such as trying to register executables to run on reboot or attempting to write to the Windows directory.

After disinfecting a dirty file, click the Details link and AntiBot displays exactly which processes were terminated, what files it deleted, and which registry keys it removed.

Yet for all that it caught, AntiBot wasn’t invincible. It failed to prevent malware from hijacking Internet Explorer: Malicious agents managed to change our homepage, and several tabs went missing in the Internet Options menu. Even our hosts file took a hit, highlighting the weaknesses of heuristic scanning. But AntiBot’s biggest failing is that other security products already employ real-time protection, so why pay more for an add-on that really just does more of the same? And if you already own one of Symantec’s existing security packages, such as Norton AntiVirus 2008 or the all-in-one Norton 360 bundle, we can’t imagine you’d be thrilled at the prospect of spending more money on protection that should have been included in those packages.

Not Approved, $30
www.symantec.com/norton/