This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
Norman SandBox Analyzer Pro
REVIEWED BY TOM LISTON
Price: Starts at $5,000 for 100 users
Relying solely on antivirus to protect you from malware is no longer an option. Antivirus software is reactive; vendors only release signatures for malware they've seen. With the growing prevalence of more targeted viruses, the bigger your company, the more likely you are to be hit by something that no one, not even an antivirus vendor, has seen before. In response, many companies are developing in-house malware analysis capabilities.
Norman SandBox Analyzer Pro is a unique malware analysis tool that allows potentially malicious code to execute within a simulated environment that effectively mimics a generic Windows installation. All actions taken by the code under analysis are monitored. Any permanent changes that the test code attempts to make are trapped by the sandbox (files don't get written to the file system, keys don't get changed in the registry) but everything appears normal from the point of view of the code under test.
Analyzer Pro provides analysts with an almost overwhelming amount of information about the inner workings of the code under test. From the files it attempts to create, to the registry entries it adds or changes, to the network connections it attempts to make, Analyzer Pro sees and logs all.
This was first published in September 2007