Symantec has released a free public beta of Norton AntiBot, which uses behaviour analysis to detect malware.
The software is based on existing technology from Sana Security, with a few minor additions from Symantec's SONAR behavioural scanning technology that is now included in Norton products.
Symantec says AntiBot is meant as a supplement to anti-virus software, not a replacement, and does not use traditional virus signatures. Instead, it examines how a program behaves - where it runs from, what registry changes it makes, what internet sites it may attempt to contact, and so on. The company says it will not conflict with other antivirus programs, either its own or those of competitors.
While the SONAR feature runs only during virus scans, Symantec says AntiBot stays running in the background to observe all programs' behaviour. Though the name emphasises its focus on catching the versatile "bot" malware that can turn infected computers into remote-controlled "zombie" PCs, the program will look for behaviours associated with a wide range of malicious software, including keystroke logging and other suspicious activities.
The beta is available as a free download from Symantec. The company plans to release the final version around July, at which time the beta will expire. Symantec has not yet announced a price for the program, but says that it may eventually add the technology to its existing line of anti-virus programs.
This latest move signals security companies' continued interest in developing technology that does not rely on exact signature matches in order to identify malware, since online crooks are continually devising new approaches to evade signatures.