Norman launch new technology - DNA Matching

Discussion in 'other anti-virus software' started by Jadda, Mar 12, 2009.

Thread Status:
Not open for further replies.
  1. Jadda

    Jadda Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    425
    Norman launches Norman DNA Matching, a new proactive technology and method for identifying the viral profile of all kinds of malicious programs. Inherited or reused programming codes are recognized in new malware, providing unique proactive protection against threats.

    We already know they have the sandbox technology. Not perfect though. Thoughts? Seems like a familiar technology ...

    http://www.norman.com/News/Press_releases/55958/en
     
  2. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Re: Norman lunch new technology - DNA Matching

    Sounds like something similar to Dr.Web's origins tracing.
     
  3. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Re: Norman lunch new technology - DNA Matching

    prob a behaviour blocker
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Re: Norman lunch new technology - DNA Matching

    I would bet on an (more) advanced heuristic engine, but that is just a thought :)
     
  5. aniku

    aniku Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    34
    but is there a way to test this new technology but without installing their AV ?
     
  6. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    souds like code based
     
  7. 1timeuserrr

    1timeuserrr Registered Member

    Joined:
    Mar 12, 2009
    Posts:
    43
    Rising Antivirus has DNA detection too.
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I for one would like to see this new innovation of Norman;s as a separate product, and if they want to integrate it also as well, more power to them.

    EASTER
     
  9. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Sounds like signatures. They mention "viral profiles" ... generic signatures? Psh ... ahh confirmation ..

    "If new malware inherits or reuses some of the programming code - Norman DNA Matching will conclude that it is malware of the same kind."

    Generic signatures.
     
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    So basically malware writers will stop copying off each other and/or reuse code. Sounds to me (in my completely clueless opinion), this would be easy to get around after some time in the world. My guess is that malware writers that read this little newsflash are already working on it. Unless I'm not reading properly, this DOES seem like signatures, and just a flashy new name for PR and selling's sake.
     
  11. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Not really. Writting malware for scratch is hard if you want it to be perfect.
    So they mostly re-use tested parts and combine them.
     
  12. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
  13. demonon

    demonon Guest

    True, most malware is a simple copy of another piece of malware.
    That's why heuristics can be very effective.
     
  14. Tweakie

    Tweakie Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    90
    Location:
    E.U.
    My guess: generic behavioral signatures.

    In other words: generic signatures based the API logs created by their sandbox (emulator), see example here. This can make the signatures immune to packers, basic hexediting, junk code, etc.

    The current version of their sandbox is just comparing the initial status of the virtual system with its final status (created files, processes, etc) and trying to deduce from the difference if the file that was run was a malware. This approach is very generic but assumes that the emulation can go far enough to identify the malicious behavior. Such an assumption is a strong limitation: the emulation has to be stopped after a limited amount of cycles, because it is time consuming, and it is relatively easy to detect if the code is executed within an emulated environment (either because emulation of the windows API is incomplete, because the simulated computer itself is too simplified - in terms of files, registry, processes, etc. - or because access to the internet is limited from within the sandbox).

    So I think that for overcoming these limitations, the future version will look for specific sequences of interactions with the operating system, not necessarily malicious per se, but specific of a given malware code. By the way, the norman sandbox was already able to export API logs. This is exposed in their sanbox analyzer products (see here for an example).

    I suspect that many "dynamic" heuristics now use a similar approach.
     
  15. aniku

    aniku Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    34
  16. NobleT

    NobleT Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    58
    very expertive~~this technology is similar to quickheal? quickheal has this technoloy too~~lol.hope norman"s product can give us a high detection~~:D
     
  17. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    According to the info from the link that Jadda posted, it should be included on all of their current consumer products...

    Which can be downloaded at http://www.norman.com/Product/Home_Home_office/Antivirus/en
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I am extemely impressed with it and how light it is.
     
  19. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hey Jeff,
    Can you post some screenies in the screenshots thread?
     
  20. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Done my friend.;)
     
  21. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    id love more info on how well the firewall works for you trjam? looks like i may give this a shot. how is the resource usage? and is there any slowdown for you in browsing etc?? only thing is normans always seems to lag some in the tests. id love to know how effective this suite really is.. hmmmm
     
  22. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    kool, i need to check out those pics, im curious how it looks :D
     
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    It is as fast as Aviras new suite, and that says a lot because I have seen none that even come close. The firewall is like most with pop-ups and the tic box to allow, block or create a permanent rule. Fairly easy to understand. I like the scanner window that breaks it down by the hour. You move the mouse over the hour and it shows how many files scanned and if something was detected. It is pretty straight forward so it can be used by all. Tried to contact their CEO Trygve Aasland but he is out of the office till the 16th.
    But to me, It is a buy :thumb:
     

    Attached Files:

  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    nice avatar;) is this a beta trial and for how long is it the trial(beta)?thanks
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    no, it is actually real.:cautious: It is a 30 day download. They do have a nice deal on a 2 year license though. Hmmmmm;)
     
Loading...
Thread Status:
Not open for further replies.