Symantec SONAR

Discussion in 'other anti-virus software' started by Arin, May 5, 2007.

Thread Status:
Not open for further replies.
  1. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    Sonar, for Symantec Online Network for Advanced Response, is based on technology acquired in the 2005 purchase of WholeSecurity, a maker of anti-phishing and intrusion prevention software. "It's a new behavioral technology," says Ed Kim, director of product management in Symantec's consumer product group. "It's a zero-day defense that doesn't use signatures."

    ...

    Signature-based defenses, however, operate in real-time to block exploits as they try to make their way onto a system. Symantec's Sonar, by comparison, is a scanner, similar to the one that sniffs for viruses and worms, that runs daily. "It's not part of the real-time defense," admits Kim. "Scans run on a daily basis, so this is an extra layer on daily [anti-virus] scans."


    http://www.informationweek.com/story/showArticle.jhtml?articleID=196901549
     
  2. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Sounds good. Sounds like the emulator in Kaspersky v7
     
  3. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    I already know about it, but how doas it works?
     
  4. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    its already old news. I simply wanted to point out that it contradicts a lot of people who take it as an HTTP scanner or a real-time API call monitoring agent.
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    actually.... symantec themselves label it as an 'http scanner' as screenshots shown by BIGC prove.
     
  6. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum

    I dunno if this really helps much.

    http://www.symantec.com/about/news/release/article.jsp?prid=20070117_01
     
  7. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    From PC World's NAV review:

    SONAR in action:

    http://www.symantec.com/home_homeoffice/blog/detail.jsp?blogid=sonar&profileid=laura_garcia-manrique

    (thanks to whoever has this link in their sig, can't remember who right now)
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i looked on that link and cant see it in action.
    i assome by see it in action you mean a video of some kind and not some text to read.
    lodore
     
  9. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Well,
    Who do we believe ??

    Self publicising by Symantec (not that there is a reason to disbelieve them)
    OR
    some database of uncertain genealogy and bonafides
    (which has never been shown to be wrong by anybody....)

    http://winnow.oitc.com/avreadme.html

    Disclaimer: I have NAV and Sonar: I hope it's working ;)
     

    Attached Files:

    Last edited: May 6, 2007
  10. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum


    seen it... Link
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    ha, if you really believe norton to be the worst out of those 20 for engines/detection or whatever, you really need your head seeing to, i dont focus this message on any single person, but to EVERYONE. :D

    i would put the current norton in my top 3 easily, but not telling where :D
     
  12. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    that test above is BS
    panda above kaspersky atm no way in helll.
    panda's detection is improving but no way its better than kaspersky.
    lodore
     
  13. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    I put this up before: from OITC:

     
  14. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Pfffffffffffffffffft :gack:
     
  15. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    @C.S.J

    Yeah I've seen the screenshot which I assume was from PC World website not Symantec manual or something. Of course I might be wrong but its simply the same thing which was written there in PC World.

    Even if it was from Symantec manual or something then also there is a conflict. If Ed Kim is right (or properly quoted) then how come SONAR is not a part of the real-time defense? Is that a technical possibility?
     
  16. Littlemutt

    Littlemutt Guest

    From the 'Help' section of NAV 2007:
    Turn on SONAR (Symantec Online Network for Advanced Response)
    Turn on proactive detection to stop security risks before they reach your computer.

    I would say this pretty much means 'Real-time' protection.
     
  17. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    It is behavior analyser, it can stop threat in real time, but usually it only report and stop evident activity by rule, so there is little chance to see warnning message from sonar, but also it record and sent feeback to symantec all the activities, so they change the rule and the definition to combat the malware.
    So, zero-day protection for sonar means some activities violate the rule and the packed file recognized by definition file contribute to sonar data statistic
     
  18. ink

    ink Registered Member

    Joined:
    May 20, 2006
    Posts:
    185
    By the way, the rule is not like kaspersky PDM, one rule will trigger stop or ask action. Usually a serials of action will trigger sonar. It is not sandbox, not hips, I think we can call it activity stactis reaction component
     
  19. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    So probably Ed Kim was misquoted or he was not properly informed ;)
     
Loading...
Thread Status:
Not open for further replies.