Norman launch new technology - DNA Matching

Norman launches Norman DNA Matching, a new proactive technology and method for identifying the viral profile of all kinds of malicious programs. Inherited or reused programming codes are recognized in new malware, providing unique proactive protection against threats.

We already know they have the sandbox technology. Not perfect though. Thoughts? Seems like a familiar technology ...

http://www.norman.com/News/Press_releases/55958/en

 

Re: Norman lunch new technology - DNA Matching

Sounds like something similar to Dr.Web's origins tracing.

 

Re: Norman lunch new technology - DNA Matching

prob a behaviour blocker

 

Re: Norman lunch new technology - DNA Matching

I would bet on an (more) advanced heuristic engine, but that is just a thought

 

but is there a way to test this new technology but without installing their AV ?

 

souds like code based

 

Rising Antivirus has DNA detection too.

 

I for one would like to see this new innovation of Norman;s as a separate product, and if they want to integrate it also as well, more power to them.

EASTER

 

Sounds like signatures. They mention "viral profiles" ... generic signatures? Psh ... ahh confirmation ..

"If new malware inherits or reuses some of the programming code - Norman DNA Matching will conclude that it is malware of the same kind."

Generic signatures.

 

So basically malware writers will stop copying off each other and/or reuse code. Sounds to me (in my completely clueless opinion), this would be easy to get around after some time in the world. My guess is that malware writers that read this little newsflash are already working on it. Unless I'm not reading properly, this DOES seem like signatures, and just a flashy new name for PR and selling's sake.

 

Not really. Writting malware for scratch is hard if you want it to be perfect.
So they mostly re-use tested parts and combine them.

 

Apparently you can try the new technology here:

http://www.norman.com/Download/Beta_versions/55922/en-us

 

True, most malware is a simple copy of another piece of malware.
That's why heuristics can be very effective.

 

My guess: generic behavioral signatures.

In other words: generic signatures based the API logs created by their sandbox (emulator), see example here. This can make the signatures immune to packers, basic hexediting, junk code, etc.

The current version of their sandbox is just comparing the initial status of the virtual system with its final status (created files, processes, etc) and trying to deduce from the difference if the file that was run was a malware. This approach is very generic but assumes that the emulation can go far enough to identify the malicious behavior. Such an assumption is a strong limitation: the emulation has to be stopped after a limited amount of cycles, because it is time consuming, and it is relatively easy to detect if the code is executed within an emulated environment (either because emulation of the windows API is incomplete, because the simulated computer itself is too simplified - in terms of files, registry, processes, etc. - or because access to the internet is limited from within the sandbox).

So I think that for overcoming these limitations, the future version will look for specific sequences of interactions with the operating system, not necessarily malicious per se, but specific of a given malware code. By the way, the norman sandbox was already able to export API logs. This is exposed in their sanbox analyzer products (see here for an example).

I suspect that many "dynamic" heuristics now use a similar approach.

 

whats the exact name of this NEW product technologt DNA ? i want to have a direct link?

thnx,

 

very expertive~~this technology is similar to quickheal? quickheal has this technoloy too~~lol.hope norman"s product can give us a high detection~~

 

According to the info from the link that Jadda posted, it should be included on all of their current consumer products...

Which can be downloaded at http://www.norman.com/Product/Home_Home_office/Antivirus/en

 

I am extemely impressed with it and how light it is.

 

Hey Jeff,
Can you post some screenies in the screenshots thread?

 

Done my friend.

 

id love more info on how well the firewall works for you trjam? looks like i may give this a shot. how is the resource usage? and is there any slowdown for you in browsing etc?? only thing is normans always seems to lag some in the tests. id love to know how effective this suite really is.. hmmmm

 

kool, i need to check out those pics, im curious how it looks

 

It is as fast as Aviras new suite, and that says a lot because I have seen none that even come close. The firewall is like most with pop-ups and the tic box to allow, block or create a permanent rule. Fairly easy to understand. I like the scanner window that breaks it down by the hour. You move the mouse over the hour and it shows how many files scanned and if something was detected. It is pretty straight forward so it can be used by all. Tried to contact their CEO Trygve Aasland but he is out of the office till the 16th.
But to me, It is a buy

 

nice avatar is this a beta trial and for how long is it the trial(beta)?thanks

 

no, it is actually real. It is a 30 day download. They do have a nice deal on a 2 year license though. Hmmmmm