ABOUT SYMANTEC

Press Release

Symantec's AntiVirus Research Center Responds To Mutating Macro Viruses With Bloodhound-Macro Technology

Norton Antivirus Protects Users From New Strains of Macro Viruses Proliferating at an Exponential Rate

CUPERTINO, Calif. --September 23, 1997-- Symantec Corporation (Nasdaq: SYMC), the world's leading supplier of anti-virus software products, today announced that the Symantec AntiVirus Research Center (SARC) has developed an exclusive new technology known as Bloodhound-Macro to address the growing number of new and unknown macro viruses. Macro viruses are now mutating and mating on their own, creating new strains that often cannot be detected by traditional anti-virus software. Currently shipping exclusively in Symantec's Norton AntiVirus 4.0 software, Bloodhound-Macro uses a patent-pending hybrid heuristic scheme to detect and repair up to 95 percent of all new and unknown macro viruses automatically.

"Macro viruses are the greatest threat we see today, attacking our critical information files. Users must be able to detect and securely repair these files so that no work is lost," said Alex Haddox, SARC product manager. "Symantec's Bloodhound-Macro technology is the most effective defense against new and unknown macro viruses. Now shipping with the new Norton AntiVirus product line, Bloodhound-Macro technology is another example of the industry-leading anti-virus expertise Symantec offers our customers around the world."

Macro Virus Proliferation
Macro viruses, a strain of computer viruses that attack documents and spreadsheets, are the most infectious and widespread to date. In September 1996, there were only 56 known macro viruses, while today that figure has climbed to more than 1,300. In the past, only virus writers created new computer viruses. Now, new macro viruses are created without human interaction everyday by countless machines around the world.

Each time a macro virus tries to spread, there is a chance it will inadvertently become corrupted or mutate; thus creating a new macro virus also capable of spreading. A large number of today's macro viruses exist because of this phenomenon. In many ways this occurrence is analogous to the random mutation that occurs in nature, whereby mutations cause some offspring to die immediately, while others survive and flourish. There are also many documented cases of two or more macro viruses mating with each other, combining in the same document to form wholly new macro virus strains, which share characteristics of both parent viruses. These new corrupted and mated macro virus strains do not have the same fingerprint as their predecessors, and often cannot be detected by traditional anti-virus software, which inoculates computers against known viruses and has a difficult time recognizing new or mutated virus strains.

"These issues have fundamentally changed the nature of the virus problem," said Haddox. "Symantec has created a macro heuristics solution that provides the only effective solution this new problem."

Bloodhound-Macro Technology Features
Users of traditional anti-virus software must contact their vendor for a "solution" each time they become infected by a new virus that the anti-virus software cannot yet detect and repair. Symantec's Bloodhound-Macro detects and repairs macro viruses generically, automatically eliminating most new macro virus strains and reducing the need for costly and repetitive interaction with the anti-virus vendor.

Bloodhound-Macro employs a patent-pending, hybrid heuristic scheme to detect and repair macro viruses. In the past, "heuristic" macro virus detection technology used simple string scanning to detect some new macro virus strains. Bloodhound-Macro uses emulation, however, to provide the ultimate protection from new and unknown macro viruses by actually observing the telltale virus behavior first hand.

Every time Norton AntiVirus scans a document file, Bloodhound-Macro loads the file into a virtual environment. Bloodhound-Macro then monitors the infected macros as they run in the virtual environment and watches for the macros to copy themselves from the host document to other virtual documents. Because Bloodhound-Macro actually watches the macro viruses exhibit their viral behavior, the software can detect and repair infections before new virus strains can proliferate or further mutate.

About Symantec AntiVirus Research Center (SARC)
SARC comprises a dedicated team of virus experts whose sole mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

These virus definitions updates are available to users of Norton AntiVirus, and are easily obtained by using LiveUpdate or Intelligent Updater. LiveUpdate provides one-button access to the latest virus definition updates, free of charge (other than normal phone and Internet access charges) to registered users. Symantec is the only anti-virus company that provides its users virus definitions that are free of charge, easy to obtain and install, and updated monthly by SARC. SARC's global offices provide customers with round-the-clock virus protection through fully staffed SARC research centers in Santa Monica, Calif.; Tokyo, Japan; Sydney, Australia and Leiden, The Netherlands. SARC's Web site is located at http://www.SARC.com.

About Symantec
Symantec Corporation helps make users productive and keep their computers safe and reliable anywhere and anytime. Symantec offers a broad range of solutions and is acclaimed as a leader in both customer satisfaction and product brand recognition. The company is focused on addressing customer needs in three main application areas: the Norton Product line of anti-virus and PC-assistance products; the pcANYWHERE, WinFax, and ACT! product lines that cater to remote user productivity; and the Café product lines in Internet development tools.

Founded in 1982, the company's global operations span North America, Europe, Japan, and several fast-growing markets throughout Asia Pacific and Latin America. Traded on Nasdaq under the symbol SYMC, Symantec Corporation is based in Cupertino, California, and employs more than 2,000 people. Information on the company and its products can be obtained by calling (800) 441-7234 toll free, (541) 334-6054, or accessed on the World Wide Web at http://www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's web site.

Brands and products referenced herein are the trademarks or registered trademarks of their respective holders.