Norman SandBox® Technology
Norman SandBox® performs this powerful network security by detecting and protecting against many types of malware, including those that spread locally and those that run over the Internet. It focuses on detecting binary malware and network worms, which are the most common and most damaging forms of malware. It also protects against malware that uses the services of remote machines like SMTP, News, IRC and DNS.
One of the increasingly common ways for malware to infect computers is to exploit vulnerabilities in popular applications and file formats, such as PDF, MS Office and others. Norman SandBox® detects this malware going through the data file, looking for shell (executable) code. When found, the SandBox will locate the entry point of the code and allow the malware to run its course. When malware is allowed to execute its game in the simulated environment, such as initiating API calls to delete files from the system, the API calls are intercepted by the SandBox. Files are then deleted in the SandBox, but not in the actual system. In this way, SandBox technology allows the malware to believe that it inflicted damage when in fact it did nothing but reveal itself to the SandBox.