Press Release

LinkedIn Facebook Twitter RSS

Symantec Announces Bloodhound Technology, An Advanced System for Detecting new and Unknown Viruses on the World Wide Web

Symantec Uses Automated Bloodhound System to Scour the Internet for Unknown Viruses and to Protect World Wide Web Users Against Emerging Viral Threats

CUPERTINO, Calif. --February 3, 1997-- Symantec Corporation (Nasdaq: SYMC), the world’s leading supplier of utilities and anti-virus software products today announced its revolutionary Bloodhound system, an artificially intelligent web-spider that crawls through the World Wide Web searching for new and unknown viruses. Bloodhound is based on two of Symantec’s advanced anti-virus technologies; the Symantec Seeker system and the new Symantec AntiVirus Research Center (SARC) Heuristic Scanner, both a complete departure from the traditional anti-virus technology.

“It is important that our customers are protected from the latest Internet virus threats,” said Enrique Salem, Chief Technology Officer of Symantec. “Using the latest in artificial intelligence and virus analysis technology, the Bloodhound system searches the Internet and helps us locate and eradicate completely new viruses before they can pose a threat to users.”

Most anti-virus scanners are only able to identify viruses that have been pre-analyzed by virus researchers. The Bloodhound system takes a new approach to the problem by using AI technology to analyze programs on the World Wide Web. Bloodhound scrutinizes each programs’ machine language instructions and makes an assessment as to the likelihood of a viral infection. When Bloodhound locates a potential new virus, the offending file can then be fed into an automated analysis system for further inspection.

Bloodhound and Seeker Technology Features
The Bloodhound system is largely based on Symantec’s Seeker technology. Seeker is a JAVA-based web-crawler. Originally Seeker was used to locate and retrieve samples from known virus transmission sites. Seeker can be trained on a suspected virus web site and will acquire all files from that site for automated analysis. While it acquires samples, Seeker concurrently explores other potential virus exchange sites that can be reached via links on links on the web.

Bloodhound is a complete departure from traditional virus scanning technology, which typically relies upon virus “signatures” or fingerprints to detect virus infections. When an anti-virus company receives a new virus, it analyzes it and extracts a virus fingerprint. The virus is then considered “known” and can be identified by subsequent updates of the anti-virus product; viruses that have not yet been analyzed are invisible to such anti-virus software.

Rather than using signatures, Bloodhound detects viruses by inspecting executable files for virus-like behavior. Since many viruses are finicky and only spread under ideal circumstances, the SARC heuristic system actually “coaxes” viruses into exhibiting their malicious behavior. If a program exhibits such virus-like behavior, it is passed on for further analysis by the Symantec AntiVirus Research Automation (SARA) system or a SARC virus researcher. This heuristic technology has been shown to detect up to 80% of new, unknown viruses.

SARA Technology Features
Once Bloodhound has obtained both known and potentially new viruses, these files can be transferred directly to the Symantec AntiVirus Research Automation system (SARA). SARA is designed to perform fully automated virus analysis, definition development and quality assurance: in most instances, SARA is able to fully replicate, analyze, and extract a virus fingerprint within 15 minutes. Once a virus has been analyzed, it is automatically added to Symantec’s Norton AntiVirus monthly updates. This provides Symantec customers with the most up-to-date and advanced anti-virus protection available.

About Symantec AntiVirus Research Center (SARC)
SARC is comprised of a dedicated team of virus experts whose sole mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats. These virus definitions updates are available to users of Norton AntiVirus, and are easily obtained by using LiveUpdate or Intelligent Updater. LiveUpdate provides one-button access to the latest virus definition updates, free of charge (other than normal phone and internet access charges) to registered users. Symantec is the only anti-virus company that provides its users virus definitions that are free of charge, easy to obtain and install, and updated monthly by SARC.

The press release contains forward-looking statements concerning product development efforts by Symantec. There are certain important factors that could cause Symantec’s future development efforts to differ materially from those anticipated by some of the statements made above. Additional information concerning these and other risk factors is obtained in the “Risk Factors” section of the Proxy statement dated July 29, 1996, the company’s annual report on Form 10-K for the fiscal year ended March 29, 1996 and the Company’s Form 10-Q for the fiscal quarter ending September 27, 1996.

About Symantec Corporation
Symantec Corporation develops, markets, and supports a complete line of application and system software products designed to enhance individual and workgroup productivity as well as managed network computing environments. Platforms supported include IBM personal computers and compatibles, Apple Macintosh computers as well as all major network operating systems. Founded in 1982, the company’s global operations span North America, Europe and several fast growing markets throughout Asia Pacific and Latin America. Information on the company and its products can be obtained by calling (800) 441-6054 toll free or at the Symantec web site at

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at on Symantec's website.

Brands and product referenced herein are the trademark or registered trademark of their respective holders.