Elige su paísThe threats against computer security are changing rapidly. New and more sophisticated computer viruses are constantly emerging. Norman alone detects hundreds of new viruses every day through its SandBox technology. In order to provide efficient protection for future threats, Norman has increased its SandBox technology enabling it to detect more viruses.
Norman SandBox 2005 has improved support for several functions. The SandBox simulates a fake computer and network environment, completely separated from the internal computer resources. All files that enter the SandBox are expected to execute certain tasks or to behave in a certain way. If a file suddenly starts performing tasks beyond a defined framework, this will be detected as non-standard behaviour and Norman SandBox will make the file inoperable and deny access to your real computer system.
The SandBox also informs the user of the kind of malware that has been detected and suggests further action. Norman has integrated the SandBox solution into all its antivirus products and has experienced great success with the solution.
With the new and improved Norman SandBox 2005 it will be harder for the malware to bypass the SandBox.
Here are the reasons why:
Support for more than 3000 different APIs
Norman SandBox 2005 now emulates more than 3000 APIs. This means that the SandBox now emulates more than 3000 ways to connect to your operating system or other software in your computer.
Multithread support
A virus may have several threads that enable the virus to perform several independent actions in parallel. Each thread can help the virus to survive and to resist possible antivirus attacks. Sandbox 2005 now has multithread support, meaning that it can emulate several threads simultaneously.
Support for thread injection to remote processes
SandBox 2005 has the ability to detect thread injection to remote processes. When some viruses take control of a system, they will inject their own threads into other running processes. Thereby, they can perform their actions by camouflaging themselves by hiding in other processes. This possibility is now closed in SandBox 2005.
Detection of email harvesting
Many crimnals are creating malicious programs that are harvesting email addresses either for their own use or in order to sell them to other criminals. This form of email-harvesting attempts will now be detected in our SandBox 2005.
Improved network support
SandBox 2005 has improved support for Peer-to-Peer (P2P) networks - thus creating better protection for file-sharing services. Many worms are aware of P2P networks, and try to spread using these mechanisms. The simplest form is just dropping themselves as “interesting file names" into the upload/download directory. Because of the improved emulation inside SandBox 2005, this will now be detected.
SandBox 2005 has improved support for Internet network services, such as Newsgroups. Newsgroups are one of the most popular means for Internet communication and viruses often try to spread through these channels.
SandBox 2005 also has improved support for other Internet network services such as POP3, DNS, IRC, Web and others.
SandBox has installed an enhanced LAN and is now able to support more complex local area networks.
Support for Instant Messaging communication
The use of Instant Messaging (IM) communication, such as ICQ, is growing rapidly and the new Norman SandBox 2005 now supports IM protocols.
Extended classification of malware
The list of different viruses and malware has now been upgraded with more categories and gives you a written analysis that describes what the malware intends to do.
The list includes the following categories of malware:
- W32/Malware
- W32/EMailWorm
- W32/NetworkWorm
- W32/BackDoor
- W32/P2PWorm
- W32/FileInfector
- W32/Dialler
- W32/Downloader
- W 32/Spyware
Medium risk
Low risk