Symantec''s Striker32 for advanced virus detection
By L:ist of reports on Syma | 08 Oct 1999
Striker32, included in all Norton AntiVirus products, works by setting up a virtual Pentium-based Windows "clean room" in which a suspect Windows program is allowed to run. . Uninfected files are processed quickly, which minimises the impact of scanning on system performance.
Once identified by Striker32, an infected file is safely isolated using Norton AntiVirus' 'quarantine' feature. From there, the 'scan and deliver' feature of Norton AntiVirus enables users to send the file over the Internet to the Symantec AntiVirus Research Centre (SARC) for analysis and repair. This includes automated macro virus analysis and repair technology that enables virus cures to be created and delivered faster than the malicious code can spread.
"Striker32 makes it possible for our researchers to analyse complex viruses such as the W32.Bolzano virus and produce cures in minutes rather than the days required by traditional anti-virus technology," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit. "With Striker32 and Scan and Deliver technologies working together, Norton AntiVirus continues to be the most advanced, responsive and sophisticated anti-virus solution available."
With Striker32, users are protected against today's most sophisticated viruses, including all 17 variants of the W32.Bolzano virus. W32.Bolzano is considered the largest family of Windows viruses. The latest variants of W32.Bolzano have eluded detection by traditional anti-virus technology because the variants mutate and bury themselves deep within Windows executable files, hiding all signs of infection. In contrast, most traditional computer viruses attach their programming instructions to a few, well-known areas of executable files, making isolation and detection easy. Since Striker32 has the capability to detect viruses regardless of where the virus inserts itself or how it conceals its programming instructions, users are assured of having the most advanced defence against this growing threat.
Norton AntiVirus users can update their software to include Striker32 using the LiveUpdate feature. LiveUpdate automatically detects an Internet connection or modem, then connects to a Symantec server to download and install the latest virus definitions and software updates. In this case, LiveUpdate interacts with Symantec's core anti-virus program (NAVEX), to make the Striker32 modification quickly and easily.