Norton AntiBot


Norton AntiBot, developed by Symantec, monitors applications for damaging behavior. The application was designed to prevent computers from being hijacked and controlled by hackers. According to Symantec, over 6 million computers have been hijacked, and the majority of users are unaware of their computers being hacked.
AntiBot was designed to be used in conjunction with other antivirus software. Unlike traditional antivirus products, AntiBot does not use signatures; there is a delay between when a vendor discovers a virus and distributes the signature. During the delay, computers can be affected. Instead, AntiBot attempts to identify a virus through its actions; viruses are malicious by nature. However, AntiBot was not intended to replace an antivirus product. The program uses technology licensed from Sana Security.
The product has been discontinued after AVG acquired Sana Security in January 2009, developing a standalone program similar to AntiBot called AVG Identity protection, which was also discontinued and integrated in AVG Internet Security 2011. Product updates and technical support were available from Symantec for one year after a customer's last purchase or renewal.

History

Ed Kim, director of product management at Symantec, highlighted the rise of botnets. A botnet is a collection of compromised computers, known as bots, which hackers usually control for malicious purposes. Two main uses of botnets include identity theft and e-mail spam. Kim cited a 29 percent increase of bots from the first half of 2006 to the second half. In all, there were six million active bots by the end of 2006.
On 7 June 2007, Symantec released a beta version of Norton AntiBot. AntiBot was designed to supplement a user's existing antivirus software. Unlike traditional antivirus software, AntiBot does not use signatures to identify malware. Instead, it monitors running applications for damaging or malicious behavior, licensing technology from Sana Security.
AntiBot can also supplement SONAR technology by Symantec, found in Norton AntiVirus 2007, Norton Internet Security 2007, and Norton 360. Similar to AntiBot, SONAR monitors for malicious behavior. However, SONAR does not run continuously in the background; only during a virus scan in those specific products.
AntiBot was made available to the general public on 17 July 2007. On 16 January 2009, AVG announced their plans to acquire Sana Security were finalized. J.R. Smith, CEO of AVG Technologies, highlighted the 40,000 unique malware samples their analysts see each day. He noted the time frame between when a sample is analyzed and a signature is created, emphasizing the need for "instant protection", since hackers are constantly modifying their malicious software to evade signature detection. Often, there are several strains, or variations, of one virus, each with a different classification and signature.
Symantec confirmed ceasing sales and distribution of Norton AntiBot in early 2009. Product help and updates would still be available for one year following a customer's last purchase or renewal.

Reception

PC Magazine noted AntiBot's above average ability to identify malicious programs based on behavior and the fact it did not mistakenly mark a legitimate program as malicious during testing. However, on some infected systems AntiBot failed to install or caused blue screens because it failed to completely remove a virus.
A technical limitation is that AntiBot cannot detect inactive malware since there is no behavior for the software to monitor.