Norman launches Norman DNA Matching, a new proactive technology and method for identifying the viral profile of all kinds of malicious programs. Inherited or reused programming codes are recognized in new malware, providing unique proactive protection against threats.

We already know they have the sandbox technology. Not perfect though. Thoughts? Seems like a familiar technology ...

http://www.norman.com/News/Press_releases/55958/en

Sounds like something similar to Dr.Web's origins tracing.

prob a behaviour blocker

I would bet on an (more) advanced heuristic engine, but that is just a thought :)

but is there a way to test this new technology but without installing their AV ?

souds like code based

Rising Antivirus has DNA detection too.

I for one would like to see this new innovation of Norman;s as a separate product, and if they want to integrate it also as well, more power to them.

EASTER

Sounds like signatures. They mention "viral profiles" ... generic signatures? Psh ... ahh confirmation ..

"If new malware inherits or reuses some of the programming code - Norman DNA Matching will conclude that it is malware of the same kind."

Generic signatures.

So basically malware writers will stop copying off each other and/or reuse code. Sounds to me (in my completely clueless opinion), this would be easy to get around after some time in the world. My guess is that malware writers that read this little newsflash are already working on it. Unless I'm not reading properly, this DOES seem like signatures, and just a flashy new name for PR and selling's sake.

Not really. Writting malware for scratch is hard if you want it to be perfect.
So they mostly re-use tested parts and combine them.

-{ Quote: "I for one would like to see this new innovation of Norman;s as a separate product, and if they want to integrate it also as well, more power to them." }-
Apparently you can try the new technology here:

http://www.norman.com/Download/Beta_versions/55922/en-us

-{ Quote: "Not really. Writting malware for scratch is hard if you want it to be perfect.
So they mostly re-use tested parts and combine them." }-

True, most malware is a simple copy of another piece of malware.
That's why heuristics can be very effective.

-{ Quote: "Sounds like signatures. They mention "viral profiles" ... generic signatures? Psh ... ahh confirmation ..

"If new malware inherits or reuses some of the programming code - Norman DNA Matching will conclude that it is malware of the same kind."

Generic signatures." }-

My guess: generic behavioral signatures.

In other words: generic signatures based the API logs created by their sandbox (emulator), see example here (http://www.wilderssecurity.com/showpost.php?p=746844&postcount=32). This can make the signatures immune to packers, basic hexediting, junk code, etc.

The current version of their sandbox is just comparing the initial status of the virtual system with its final status (created files, processes, etc) and trying to deduce from the difference if the file that was run was a malware. This approach is very generic but assumes that the emulation can go far enough to identify the malicious behavior. Such an assumption is a strong limitation: the emulation has to be stopped after a limited amount of cycles, because it is time consuming, and it is relatively easy to detect if the code is executed within an emulated environment (either because emulation of the windows API is incomplete, because the simulated computer itself is too simplified - in terms of files, registry, processes, etc. - or because access to the internet is limited from within the sandbox).

So I think that for overcoming these limitations, the future version will look for specific sequences of interactions with the operating system, not necessarily malicious per se, but specific of a given malware code. By the way, the norman sandbox was already able to export API logs. This is exposed in their sanbox analyzer products (see here (http://www.norman.com/microsites/malwareanalyzer/Products/Examples_Analyzer/37912/) for an example).

I suspect that many "dynamic" heuristics now use a similar approach.

-{ Quote: "Apparently you can try the new technology here:

http://www.norman.com/Download/Beta_versions/55922/en-us" }-


whats the exact name of this NEW product technologt DNA ? i want to have a direct link?

thnx,

very expertive~~this technology is similar to quickheal? quickheal has this technoloy too~~lol.hope norman"s product can give us a high detection~~:D

-{ Quote: "whats the exact name of this NEW product technologt DNA ? i want to have a direct link?

thnx," }-
According to the info from the link that Jadda posted, it should be included on all of their current consumer products...

-{ Quote: "This new proactive detection technology is available in all of Norman’s antimalware security solutions and will also be integrated in the upcoming release of the new Norman Endpoint Protection." }-

Which can be downloaded at http://www.norman.com/Product/Home_Home_office/Antivirus/en

I am extemely impressed with it and how light it is.

-{ Quote: "I am extemely impressed with it and how light it is." }-
Hey Jeff,
Can you post some screenies in the screenshots thread?

Done my friend.;)

id love more info on how well the firewall works for you trjam? looks like i may give this a shot. how is the resource usage? and is there any slowdown for you in browsing etc?? only thing is normans always seems to lag some in the tests. id love to know how effective this suite really is.. hmmmm

-{ Quote: "Done my friend.;)" }-

kool, i need to check out those pics, im curious how it looks ;D

It is as fast as Aviras new suite, and that says a lot because I have seen none that even come close. The firewall is like most with pop-ups and the tic box to allow, block or create a permanent rule. Fairly easy to understand. I like the scanner window that breaks it down by the hour. You move the mouse over the hour and it shows how many files scanned and if something was detected. It is pretty straight forward so it can be used by all. Tried to contact their CEO Trygve Aasland but he is out of the office till the 16th.
But to me, It is a buy :thumb:

nice avatar;) is this a beta trial and for how long is it the trial(beta)?thanks

no, it is actually real.:dry: It is a 30 day download. They do have a nice deal on a 2 year license though. Hmmmmm;)

The Norman Screensaver is nice. The big green N floats around while it scans showing you the number of files and disks scanned. Neat screensaver.

-{ Quote: "id love more info on how well the firewall works for you trjam? looks like i may give this a shot. how is the resource usage? and is there any slowdown for you in browsing etc?? only thing is normans always seems to lag some in the tests. id love to know how effective this suite really is.. hmmmm" }-

Firewall rule creation is pretty straight forward. It's pretty much like Eset's security suite. When you launch a new app Norman will prompt you. You can choose two options, either a simple allow/block rule or use the advanced rule setting.

Normal pop up
207152

Advanced Rule creation
207153

that is freaking cool:thumb: thanks for the screenshots;)

where is that deal? most i saw was 99$ which is almost the same as buying it by the year you save a few bucks. is there a better deal? any detection tests youve done yet? that seems to be a decent firewall but does it actually do the job its supposed to? any actual leak tests? i didnt see any on this anywhere

how well do they update? how many are you seeing each day? does it update on weekends? etc

-{ Quote: "where is that deal? most i saw was 99$ which is almost the same as buying it by the year you save a few bucks. is there a better deal? any detection tests youve done yet? that seems to be a decent firewall but does it actually do the job its supposed to? any actual leak tests? i didnt see any on this anywhere

how well do they update? how many are you seeing each day? does it
update on weekends? etc" }-


Here (http://store.norman.com/store/norman/en_US/AddItemToRequisition/productID.106243600) As far as detection, in August IBK rated it Advance. It is like any product, depending who is testing it, goes the rank. I am really liking it though.My updates are set to every 3 hours.

couple of more firewall shots.

-{ Quote: "where is that deal? most i saw was 99$ which is almost the same as buying it by the year you save a few bucks. is there a better deal? any detection tests youve done yet? that seems to be a decent firewall but does it actually do the job its supposed to? any actual leak tests? i didnt see any on this anywhere

how well do they update? how many are you seeing each day? does it update on weekends? etc" }-

Go to http://store.norman.com/store/norman/en_US/DisplayHomePage . Click Buy now for the Security Suite and you can get the Norman Security Suite 2 Years Up to 3 Users for $74.21 USD

-{ Quote: "Go to http://store.norman.com/store/norman/en_US/DisplayHomePage . Click Buy now for the Security Suite and you can get the Norman Security Suite 2 Years Up to 3 Users for $74.21 USD" }-

ahh i see it thank you. only thing that concerns me is the detection rated seem low usually for normans and how well does it do in removal

On a side note, IIRC during the install you can choose not to install the firewall or the parental control and just install the AV.

well, I like it enough I bought the 2 year 3 user license. Just installed on 2 kids laptops and it is the fastest I have used yet. Zilch impact. I am really impressed and guess I will be using this avatar for awhile.

Does the firewall have a whitlelist for known apps or a training mode ??

Thanks for the screenshots, currently trying out a trial on both my desktop and laptop. Very light so far, and I might go for the deal that was linked above. :thumb:

It is a good deal.;) And the software is light. It may not be at the tops in detection but it is not bad either. They are working to improve this to.

-{ Quote: "Does the firewall have a whitlelist for known apps or a training mode ??" }-
to me it looks like some whitelisting and just a few popup rules to be checked. No recurring popups of the same application.

-{ Quote: "to me it looks like some whitelisting and just a few popup rules to be checked. No recurring popups of the same application." }-
Thanks for the info. ppl in my family are pop-up phobic :doubt:
Hence I prefer tools which remain silent and still protect.