Norman resurrects the sandbox analysis approach to malware

Back in the 1980s, when PCs were MS-DOS-driven and Windows bloatware hadn't been invented, anti-virus software used an approach called sandbox analysis to look for malware.

The idea was that there are certain areas of the PC's memory that only require read-only access during the normal course of events.

Now Norman, the Norwegian IT security firm, has resurrected the idea with its latest set of analytical utilities, which it is offering major corporates whose IT managers want to detect unknown malware and threats in real time.

The utilities - SandBox Reporter, SandBox Analyzer and SandBox Analyzer Pro - are claimed to reduce the time and resources that organisations need to analyse suspicious files.

What's interesting about Norman's approach to the problem is that the utilities allow a "PC in the wild" environment to be created in a controlled space on the company network, and to analyse how a file or executable behaves.

Using this approach, says Norman, allows company IT managers to work out if their systems are being targeted by customised malware, which the Norwegian IT security firm adds, is now starting to become a problem...