What if a Norton user encounters a threat that’s so new, it isn’t in Symantec’s database? Antivirus wouldn’t work, because there would be no baseline to compare it to.
This is where the layered approach really starts to pay off. Norton technology is also based on the idea that if you can understand what a file does, you can determine whether or not it’s a threat — and act accordingly.
“When you normally run a piece of software on a computer, it has instructions for what the computer should do,” Blake explains. “If those are malicious instructions, the computer is going to do untrustworthy things. So Norton tries to figure out what the software does without actually running it on your computer.”
There are certain things that malware — say, a botnet, or spyware — does that legitimate applications won’t do. A piece of malware may open up Microsoft Outlook and start sending copies of itself to every single one of your contacts. It may copy itself in the AutoRun section of the Windows registry, ensuring that it will run whenever your computer boots. It may even open up a communication channel without your permission or knowledge, and then automatically start feeding information to an IP address in a foreign country.
And because legitimate programs don’t do these things, Norton software can figure out if a new file is a threat or not simply by letting it run in a sealed-off virtual machine environment — or “sandbox” — and watching what happens. The file in question doesn’t have any way to distinguish between the sandbox and a real, unprotected system, so it does whatever it’s designed to do — all without harming the user’s computer or data.
In short, Norton does have so-called "sandbox technology":
Norton software can figure out if a new file is a threat or not simply by letting it run in a sealed-off virtual machine environment — or “sandbox” — and watching what happens.
Based on the behaviors we see in the sandbox, we can make a determination as to whether that software is trustworthy or not
It doesn’t matter if there are a million variants of a particular threat,... As long as the core behaviours it exhibits are understood to be bad, then we can identify it as being malicious and take steps to block it.
Furthermore, you're one of mal fans, try installing the latest version of VMware/ VirtualBox.
Replies
Re: Question
Here's your answer ! Specifically in the article
What if a Norton user encounters a threat that’s so new, it isn’t in Symantec’s database? Antivirus wouldn’t work, because there would be no baseline to compare it to.
This is where the layered approach really starts to pay off. Norton technology is also based on the idea that if you can understand what a file does, you can determine whether or not it’s a threat — and act accordingly.
“When you normally run a piece of software on a computer, it has instructions for what the computer should do,” Blake explains. “If those are malicious instructions, the computer is going to do untrustworthy things. So Norton tries to figure out what the software does without actually running it on your computer.”
There are certain things that malware — say, a botnet, or spyware — does that legitimate applications won’t do. A piece of malware may open up Microsoft Outlook and start sending copies of itself to every single one of your contacts. It may copy itself in the AutoRun section of the Windows registry, ensuring that it will run whenever your computer boots. It may even open up a communication channel without your permission or knowledge, and then automatically start feeding information to an IP address in a foreign country.
And because legitimate programs don’t do these things, Norton software can figure out if a new file is a threat or not simply by letting it run in a sealed-off virtual machine environment — or “sandbox” — and watching what happens. The file in question doesn’t have any way to distinguish between the sandbox and a real, unprotected system, so it does whatever it’s designed to do — all without harming the user’s computer or data.
Here's the full article.
https://au.norton.com/how-we-protect-you/multi-layered-technology
Re: Question
@greenEarth
In short, Norton does have so-called "sandbox technology":
Furthermore, you're one of mal fans, try installing the latest version of VMware/ VirtualBox.
For more info, you may Chat with Norton Support. Thx...
This thread is closed from further comment. Please visit the forum to start a new thread.