Norton 2009 seriously needs to install a virtual sandbox, in which it can execute suspicious programs and monitor its actions, and determine if it is malicous or not.
SONAR is too weak. It failed to detect the Comodo HIPS Leak test as malware, not even suspicious.
Results -- NAV standalone, Threatfire disabled.
COMODO Leaktests v.1.1.0.1
Date 11:05:51 AM - 11/8/2008 OS Windows XP SP3 build 2600 1. Hijacking: ActiveDesktop Vulnerable 2. Hijacking: AppinitDlls Protected 3. Hijacking: ChangeDebuggerPath Protected 4. Hijacking: StartupPrograms Protected 5. Hijacking: SupersedeServiceDll Protected 6. Hijacking: UIHost Protected 7. Hijacking: Userinit Protected 8. Hijacking: WinlogonNotify Protected 9. Impersonation: BITS Protected 10. Impersonation: Coat Vulnerable 11. Impersonation: DDE Vulnerable 12. Impersonation: ExplorerAsParent Vulnerable 13. Impersonation: OLE automation Vulnerable 14. InfoSend: DNS Test Vulnerable 15. InfoSend: ICMP Test Vulnerable 16. Injection: AdvancedProcessTermination Protected 17. Injection: APC dll injection Protected 18. Injection: CreateRemoteThread Protected 19. Injection: DupHandles Protected 20. Injection: KnownDlls Protected 21. Injection: ProcessInject Protected 22. Injection: Services Protected 23. Injection: SetThreadContext Vulnerable 24. Injection: SetWindowsHookEx Vulnerable 25. Injection: SetWinEventHook Vulnerable 26. Invasion: DebugControl Protected 27. Invasion: FileDrop Protected 28. Invasion: PhysicalMemory Protected 29. Invasion: RawDisk Protected 30. Invasion: Runner Protected 31. RootkitInstallation: ChangeDrvPath Protected 32. RootkitInstallation: DriverSupersede Protected 33. RootkitInstallation: LoadAndCallImage Protected 34. RootkitInstallation: MissingDriverLoad Protected Score 240/340
(C) COMODO 2008