Norman Sandbox efficiency

Discussion in 'other anti-virus software' started by Mack Jones, Feb 5, 2006.

Thread Status:
Not open for further replies.
  1. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Hi Gents :)

    I'm searching for heuristic efficiency tests.
    I know BD Hive and NOD32 have the best engine but how about Norman's Sandbox ?
    If you have clues, don't hesitate to share your opinions ;)
    Thanks for your support !

    M.J.
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Norman Sandbox is ok, though it's way slower than HiVE or ThreatSense AH.
    It's somehow also a bit less effective than those two from competition.
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    What I like about Normans Sandbox is the way it tells you what a nasty is trying to do. Other AV's just block the threat, while Norman actually tells you what it was supposed to do.

    > Open c:\WINDOWS\notepad.exe
    > Type "bla bla bla"
    > Close c:\WINDOWS\notepad.exe

    Something like that :) I like.

    But how good it is I don't know, never tried it. Can't find any tests either.
     
  4. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    I hope NOD32 v3.0 will show this information, too ;) :)
     
  5. Az7

    Az7 Registered Member

    Joined:
    Sep 14, 2005
    Posts:
    139
  6. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Look how good is SandBox.
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      35.3 KB
      Views:
      419
  7. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    izi,

    No offense - but are you sure concerning Norman?
     

    Attached Files:

  8. Krazaf

    Krazaf Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    8
    I think that is the generic detection but not Norman Sandbox detectiono_O
     
  9. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    No offense but lets not start another jotti contest here. It’s pointless...I just turned to jotti.org and look what I got...Hubba...hubba. ;)


    tD
     

    Attached Files:

  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Plus, Linux editions may show way lower rates here at Jotti (avast! and partially NOD32 are just two of such).
     
  11. Happy Bytes

    Happy Bytes Guest

    ...and next fact is that a sandbox system is designed ON PURPOSE not to detect all kind of malwares.
     
  12. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    OK,
    It appears the SandBox Technology is not that strong I thought.
    Is the message "W32/Suspicious_M.gen " really a generic detection ?

    If so, I guess heuristic detection is a uncommun way for Norman to detect malwares..."suspicious" files detection is often seen in Jotti ;)
     
  13. Krazaf

    Krazaf Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    8
    I did some observations....I found that most of the files which are packed by MEW,Norman Virus Control will detect them as W32/Suspicious_M.gen.
    so I think W32/Suspicious_M.gen is a generic signature to detect any suspicious files which are packed by MEW.o_O
     
  14. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Sandbox environments can be also used as emulators (thats why NOD32 is so effective in polymorphic and exotic/modified packers).
    So you can use Sandbox help to detect malware which uses some tricky methods or something.
     
Thread Status:
Not open for further replies.