Security

Symantec releases free beta of Norton AntiBot


Symantec has announced a free public beta for its new Norton AntiBot software. As its name implies, this stand-alone software attempts to identify malware that might be residing on your system by analyzing your system behavior.

According to Symantec:

AntiBot is meant as a supplement to antivirus software, not a replacement, and doesn’t use signatures as traditional antivirus products do. Instead, it examines how a program behaves – where it runs from, what Registry changes it makes, what Internet sites it may attempt to contact, and so on.

The main difference here compared with many other traditional virus and spyware software is that Norton AntiBot does not use signature updates. To find out what I think about signature-based updates, I wrote a piece a while ago about its ineffectiveness in the world of zero-day exploits. Check out The Death of the Anti-Virus Software.

The final version of Norton AntiBot is planned to be released around July, so check it out.

Do you think Norton AntiBot deserves a place in your corporate network as part of a layered-defense strategy? Or is it just another piece of bloat-ware to suck your IT budget? Join the discussion.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

14 comments
papastonehaulr
papastonehaulr

I downloaded it and ..it kept restarting my comp...So .it's no longer on my machine.. I know it's just in beta stage but ,,,come on Symantec needs to work a little harder .. to get consumers to jump on there band wagon again...go back to Norton days.

BALTHOR
BALTHOR

All computer virus are fax files.Will this one slow my computer down?

paulmah
paulmah

Do you think Norton AntiBot deserve a place in your corporate network as part of a layered-defense strategy? Or is it just another piece of bloat-ware to suck your IT budget.

liquidsasquatch
liquidsasquatch

I am currently conducting the Public Beta for Norton AntiBot, and am very interested in the issue you've found. It may be related to another issue we've recently fixed for Norton AntiBot, but we would like to be sure this issue has been completely resolved. Please contact me at Norton_AntiBot@Symantec.com and I can sent you the additional information.

paulmah
paulmah

Hi there, don't quite get what you mean about 'fax files' here. Pertaining to your second point about potential slowing down of your computer; I think it will definitely have some effect no matter how small. But whether it is noticeable or not on a user-level remains to be seen. Why not give the beta a spin and let us know how it goes for yourself? :)

wmlundine
wmlundine

Mine says 15 day trialware...not freeware. That sucks!

tom
tom

I've pretty much given up on Norton (and Symantec) products because of the overhead they add. I'll probably test it out and see how it is on resources, and of course, if it finds some bots on PCs on our network that have slipped by our other defenses, may give it a go. I wonder if Peter Norton regrets the day he sold to Symantec.

Locrian_Lyric
Locrian_Lyric

As the malware becomes more sophisticated, and take on abilities such as hiding from anti-malware programs and respawning after removal, a new proactive approach must be taken.

wolfmandragon
wolfmandragon

"Actually a good alternatively might be to simply surf the Net via VM that "reverts" back to its boot-up stage upon power down." Red Pill will detect VM. VM is a good layer of protection, but only a layer.

paulmah
paulmah

Actually a good alternatively might be to simply surf the Net via VM that "reverts" back to its boot-up stage upon power down. Behind even a basic NAT'ing firewall, the only vector in is almost exclusively web and mail. Well, and P2P if you do that as well.

Locrian_Lyric
Locrian_Lyric

I think I may get into that old practice of wiping and re-installing every few months. I had to do that with WIN 98 when it first came out because it was so buggy.... Now it's probably a good idea to do, thanks to all that malware out there. It's just easier than playing "hide and seek"

paulmah
paulmah

I have gotten pretty good at it over the years at removing malware by hand. Loading from registry, batch files, as shell extensions, masquerading as device drivers, autorun scripts, the list goes on. But you know, you're right. Once I see a rootkit, I just switch track completely and either boot into safe mode or from a boot CD that allows me to start backing the non-executable files up. Its just too hard to be able to 'guarantee' the proper removal of rootkits. In fact, to extrapolate from this line of thought, what makes you think you are not ALREADY infected with a rootkit you couldn't detect..! Ah, the joys of being in the IT industry :)

Locrian_Lyric
Locrian_Lyric

I've had to dig out a few entrenched buggers by hand, and it's NOT FUN. The respawners are the worst, and if you get hit by a rootkit, you're done. Look to a few hours (at best!) of formatting, re-installing, re-applying patches, et cetera.... BTW... as a side note, when I download patches, I copy them onto CDs, so I don't have to go back online for them, should anything happen.

Editor's Picks