Norman Sandbox efficiency

Discussion in 'other anti-virus software' started by Mack Jones, Feb 5, 2006.

Thread Status:
Not open for further replies.
  1. Mack Jones

    Mack Jones Registered Member

    Hi Gents :)

    I'm searching for heuristic efficiency tests.
    I know BD Hive and NOD32 have the best engine but how about Norman's Sandbox ?
    If you have clues, don't hesitate to share your opinions ;)
    Thanks for your support !

    M.J.
     
    Mack Jones, Feb 5, 2006
    #1
  2. RejZoR

    RejZoR Lurker

    Norman Sandbox is ok, though it's way slower than HiVE or ThreatSense AH.
    It's somehow also a bit less effective than those two from competition.
     
    RejZoR, Feb 5, 2006
    #2
  3. Brian N

    Brian N Registered Member

    What I like about Normans Sandbox is the way it tells you what a nasty is trying to do. Other AV's just block the threat, while Norman actually tells you what it was supposed to do.

    > Open c:\WINDOWS\notepad.exe
    > Type "bla bla bla"
    > Close c:\WINDOWS\notepad.exe

    Something like that :) I like.

    But how good it is I don't know, never tried it. Can't find any tests either.
     
    Brian N, Feb 5, 2006
    #3
  4. fosius

    fosius Registered Member

    I hope NOD32 v3.0 will show this information, too ;) :)
     
    fosius, Feb 5, 2006
    #4
  5. Az7

    Az7 Registered Member

    Az7, Feb 9, 2006
    #5
  6. izi

    izi Registered Member

    Look how good is SandBox.
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      35.3 KB
      Views:
      420
    izi, Feb 12, 2006
    #6
  7. Wolfe

    Wolfe Registered Member

    izi,

    No offense - but are you sure concerning Norman?
     

    Attached Files:

    Wolfe, Feb 12, 2006
    #7
  8. Krazaf

    Krazaf Registered Member

    I think that is the generic detection but not Norman Sandbox detectiono_O
     
    Krazaf, Feb 13, 2006
    #8
  9. Technodrome

    Technodrome Security Expert

    No offense but lets not start another jotti contest here. It’s pointless...I just turned to jotti.org and look what I got...Hubba...hubba. ;)


    tD
     

    Attached Files:

    Technodrome, Feb 13, 2006
    #9
  10. RejZoR

    RejZoR Lurker

    Plus, Linux editions may show way lower rates here at Jotti (avast! and partially NOD32 are just two of such).
     
    RejZoR, Feb 13, 2006
    #10
  11. Happy Bytes

    Happy Bytes Guest

    ...and next fact is that a sandbox system is designed ON PURPOSE not to detect all kind of malwares.
     
    Happy Bytes, Feb 13, 2006
    #11
  12. Mack Jones

    Mack Jones Registered Member

    OK,
    It appears the SandBox Technology is not that strong I thought.
    Is the message "W32/Suspicious_M.gen " really a generic detection ?

    If so, I guess heuristic detection is a uncommun way for Norman to detect malwares..."suspicious" files detection is often seen in Jotti ;)
     
    Mack Jones, Feb 14, 2006
    #12
  13. Krazaf

    Krazaf Registered Member

    I did some observations....I found that most of the files which are packed by MEW,Norman Virus Control will detect them as W32/Suspicious_M.gen.
    so I think W32/Suspicious_M.gen is a generic signature to detect any suspicious files which are packed by MEW.o_O
     
    Krazaf, Feb 15, 2006
    #13
  14. RejZoR

    RejZoR Lurker

    Sandbox environments can be also used as emulators (thats why NOD32 is so effective in polymorphic and exotic/modified packers).
    So you can use Sandbox help to detect malware which uses some tricky methods or something.
     
    RejZoR, Feb 15, 2006
    #14
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice