Norton AntiBot
Is heuristic scanning the future of home PC security
Norton takes a different approach to next-gen security than both BufferZone and FocrField. Rather than employ virtualization technology to quarantine damaged imposed by malicious code, AntiBot looks to prevent contaminants from ever having a chance to cause a ruckus-virtual or otherwise-by catching them before they’re able to load. It does this through heuristic scanning: analyzing the behavior of every running process and program, looking for characteristics most commonly associated with malware. Like the developers, Norton doesn’t bill AntiBot as a stand-alone security application but instead recommends running it alongside your existing anti-malware suite. Nevertheless, we threw AntiBot into the infested online jungle to see if it-and our system-could emerge unscathed.
AntiBot’s quick installation will appeal to folks who prefer a no-fuse setup, but power users are sure to lament the lack of customizable options. You can choose whether to automatically quarantine detected threats and whether you want the option of saving your work before doing so, but AntiBot affords little else to the end user.
For all its simplicity, AntiBot was no slouch on the seedier side of the web, going about its work while running quietly in the background and without hampering performance. We agreed to install ActiveX controls when prompted, downloaded files we knew contained playloads, pretended we knew nothing of the dangers lurking on P2P networks, and attempted to install every spyware-plagued game and screensaver we could find. Additionally, we turned off our firewall and failed to update our XP install, which left it armed only with SP2. But despite reckless computing habits that would make even our Dell-owning relatives shudder, AntiBot stopped the majority of threats from taking down our system. Before dirty code could muck our OS, AntiBot froze the operation and alerted us to impending doom. In the case of an unknown danger, a window appeared showing us what suspicious behavior prompted the alert, such as trying to register executables to run on reboot or attempting to write to the Windows directory.
Yet for all that it caught, AntiBot wasn’t invincible. It failed to prevent malware from hijacking Internet Explorer: Malicious agents managed to change our homepage, and several tabs went missing in the Internet Option menu. Even our hosts file took a hit, highlighting the weaknesses of heuristic scanning. But AntiBot’s biggest failing is that other security products already employ real-time protection, so why pay more for an add-on that really just does more of the same? And if you already own one of Symantec’s existing security packages, such as Norton AntiVirus 2008 or the all-in-one Norton 360 bundle, we can’t imagine you’d be thrilled at the prospect of spending more money on protection that should have been included in those packages.
