Security company Symantec is planning to launch Symantec Online Network for Advanced Response (SONAR), which will help them avoid unpatched software flaws.
SONAR is significantly different from Symantec’s traditional signature-based anti-virus protection software. Signature-based tools compare a program’s code to a database of known malware, while SONAR looks at the behaviour of programs running on the computer in order to decide whether they are malicious.
SONAR uses an algorithm to evaluate hundreds of attributes relating to software running on the computer. It is able to identify malicious software which has not previously been identified by Symantec researchers.
It basis its identification of malware on various factors, including whether a program adds a shortcut on the desktop or insert itself into the Windows Add/Remove programs list. Both of these factors would indicate that the program is not malware.
Symantec already supplies a behaviour-based security tool for enterprise users, called Critical System Protection, but SONAR is the first Symantec behaviour-based tool for the consumer desktop market.
SONAR will be a free add-on to Symantec’s Norton AntiVirus 2007 and Norton Internet Security 2007.