 |
Most organizations cannot afford being unprotected for hours because downtime becomes increasingly expensive. Corporate antivirus solutions generally provide sufficient protection of your valuable assets, since up-to-date signature files are available.
The challenge is to implement a solution that does not give the virus authors a head start, as they have done nothing to deserve the advantage.
Antivirus solutions using the Norman SandBox Technology provide continuous protection and will normally stop a new virus from the time it is released by the virus author. The main difference is that it does not rely on virus signature files to stop new viruses, rather it stops them based on their behavior pattern.
Norman SandBox - overview
SandBox is Norman’s technology for detecting new, unknown viruses and other malware. The SandBox uses a safe virtual environment inside your computer. This allows the malware is to reveal itself without damaging your system.
Norman SandBox detects most new types of viruses. Since the program that is tested for viral activity is executed on a simulated computer system in a simulated network, they can either spread locally on the system, or try to infect other machines. They can also use services of remote machines, like SMTP, News, IRC, DNS etc.
Norman SandBox does not detect all viruses. The intention of the SandBox is to detect current threats to your system. Legacy DOS COM viruses and other non-executable viruses (like macros and scripts) are not detected by the SandBox. The SandBox focuses on detecting binary email and network worms, as these are the most common and dangerous malware at the present.
Norman SandBox - a secure tool
Since everything is emulated inside the Norman SandBox, nothing is running on your real system. If a virus or a trojan wants to delete all your system files, they will delete the system files on the simulated hard-drive - not your real one. Emulation is used and therefore the malware has nothing to break free from, so it is perfectly safe.
Different types of malware detected by Norman SandBox
When the SandBox detects a malicious program, the name of the malware can be one of the following:
- W32/EMailWorm: A worm spreading over email
- W32/NetworkWorm: A worm spreading over network shares
- W32/FileInfector: A virus infecting regular executables
- W32/P2PWorm: A worm spreading over P2P networks
- W32/BackDoor: A malicious program that installs a backdoor on the computer
- W32/Dialler : A program that sets/changes the dialling system on your computer
- W32/Downloader: A malicious program that downloads other potentially malicious programs/components
- W32/Spyware: A program that attempts to spy on your computer behavior
- W32/Malware: A generic detection of what we consider malware
If the SandBox detects something unknown, please verify that your Norman Virus Control installation is up to date. If your installation is outdated, then the SandBox may have detected a virus that has recently been added to the virus definition files. If the virus is listed above and your installation is current, then Norman has not seen it or analyzed it.
In such cases we would appreciate it if you submit this sample for analysis. Use the form from the Submit menu choice