orton takes a different
approach to next-gen secu-
rity than both BufferZone and
ForceField. Rather than employ
virtualization technology to
quarantine damage imposed
by malicious code, AntiBot
looks to prevent contaminants
from ever having a chance
to cause a ruckus—virtual or other-
wise—by catching them before they’re
able to load. It does this through heu-
ristic scanning: analyzing the behavior
of every running process and program,
looking for characteristics most com-
monly associated with malware. Like the
developers, Norton doesn’t bill AntiBot
as a stand-alone security application but
instead recommends running it along-
side your existing anti-malware suite.
Nevertheless, we threw AntiBot into the
infested online jungle to see if it—and
our system—could emerge unscathed.
AntiBot’s quick installation will appeal
to folks who prefer a no-fuss setup, but
power users are sure to lament the lack
of customizable options. You can choose
whether to automatically quarantine
detected threats and whether you want
the option of saving your work beforedoing so, but AntiBot affords little else to
the end user.
For all its simplicity, AntiBot was
no slouch on the seedier side of the
web, going about its work while running
quietly in the background and without
hampering performance. We agreed to
install ActiveX controls when prompted,
downloaded fi les we knew contained
payloads, pretended we knew nothing
of the dangers lurking on P2P networks,
and attempted to install every spyware-
plagued game and screensaver we
could fi nd. Additionally, we turned
off our fi rewall and failed to update our
XP install, which left it armed only with
SP2. But despite reckless comput-
ing habits that would make even our
Dell-owning relatives shudder, AntiBot
stopped the majority of threats from
taking down our system. Before dirty
code could muck our OS, AntiBot froze
the operation and alerted us to impend-
ing doom. In the case of an unknown
danger, a window appeared showing us
what suspicious behavior prompted the
alert, such as trying to register execut-ables to run on reboot or attempting to
write to the Windows directory.
Yet for all that it caught, AntiBot wasn’t
invincible. It failed to prevent malware
from hijacking Internet Explorer: Malicious
agents managed to change our homep-
age, and several tabs went missing in the
Internet Options menu. Even our hosts fi le
took a hit, highlighting the weaknesses
of heuristic scanning. But AntiBot’s big-
gest failing is that other security products
already employ real-time protection, so
why pay more for an add-on that really
just does more of the same? And if you
already own one of Symantec’s exist-
ing security packages, such as Norton
AntiVirus 2008 or the all-in-one Norton 360
bundle, we can’t imagine you’d be thrilled
at the prospect of spending more money
on protection that should have been
included in those packages.Norton AntiBot
Is heuristic scanning the future of home PC security?
After disinfecting a dirty file, click the
Details link and AntiBot displays exactly
which processes were terminated, what
files it deleted, and which registry keys
it removed.We dig programs that are easy to configure, but AntiBot gives you very little control
over how it operates, making it impossible to fine-tune its behavior to complement
your surfing habits.APPROVED $
http://tinyurl.com/2nc24 MAMAMAXIMXIMXIMXIMUUUUMMPPPCC | FEB 08 | http://www.maximumpc.com
orton takes a different
approach to next-gen secu-
rity than both BufferZone and
ForceField. Rather than employ
virtualization technology to
quarantine damage imposed
by malicious code, AntiBot
looks to prevent contaminants
from ever having a chance
to cause a ruckus—virtual or other-
wise—by catching them before they’reNorton AntiBot
Is heuristic scanning the future of home PC security?
20
Security
Internet
APPROVED
NOT