Ask security personnel what the most pressing challenge is today, and a good number will respond that it is botnets, the huge armies of commandeered PCs that criminals use to launch spam and virus attacks. These attacks can be vicious. Botnets were a key element of a series of attacks that almost took down the Estonian government's computer network in protest to the removal of a Soviet-era monument.
Symantec has taken a welcome step with the release of the free public beta of Norton AntiBot, which is based on software from Sana Security. Symantec, according to the story, has tweaked the software with its SONAR behavioral scanning technology.
There are two significant elements here. One, of course, is the release of what figures to be a useful tool against botnets. It's also important that AntiBot works in a qualitatively different way than most anti-virus software, which match signatures, or code pattern, of software in the system being protected against known viruses.
Behavioral programs such as AntiBot look at how programs behave. This includes, according to the PC Advisor story, what sites it attempts to contact, registry changes it attempts to make and other actions. This probably is a difficult type of software to create. It also could be more effective than mechanically matching signatures. Criminals, it should be noted, are adept at subtly changing signatures.
The Symantec software couldn't come a moment too soon. The numbers associated with botnets are pretty frightening. This Network World piece quotes Gartner predictions that by the end of the year, 75 percent of enterprises will host bots. The story says that a beta from security firm Mi5 deployed at a 12,000-node organization detected 22 active, 123 inactive and 313 suspected bots. The bots, the firm says, were responsible for 136 million "bot-related incidents." That last number, by the way, is the one we found most frightening.
It's a continual game of cat and mouse, as this InfoWorld story suggests. The piece reinforces the idea that criminals who run botnets continually seek ways to evade the security software -- including emerging behavior monitoring tools.