Can Norton antivirus detect worm’s virus?
Fadi M.S Al-suhimat

Recent Internet worm outbreaks have infected hundreds of thousands of Internet servers and user machines within minutes, causing billions of dollars in losses for businesses, governments, and service providers. The high stakes involved have inspired numerous research projects, through which industry and academic institutions are working to strengthen local-area and wide-area networked systems’ abilities to fend off cyber-attacks. To that end, we propose to find new algorithm to detect internet worm viruses deploying fast, scalable security overlay networks to facilitate high-speed intrusion detection and alert-information exchange by depend on failure connection. Fortifying the Internet infrastructure with such a solution could benefit many security-sensitive applications, such as digital government, critical infrastructures, grid computing, e-commerce, and law enforcement. The broader impacts are far reaching in science, education, business, and homeland security. Currently, the internet is getting close to the persons’ life. They login internet to chat with others, download files or browse Web Pages. The internet is also playing an important role in the economy of country. Once the internet breaks down, it will cause an enormous economic loss. Worms is a serious security threat that may cause network congestion and internet break down. Anti-virus software scans files regularly for unusual changes in a file size, programs that match the software's database of known viruses, suspicious email attachments, and other warning signs. Anti-virus compares the signature stored in its database with file structure. If the file contain same signature, so it is infected with the worm, the anti-virus will detect it. The anti-virus database must then be updated continuously to detect new worms. The internet worm is dangerous because it spread very fast and anti-virus are too slow to detect. Anti-virus cannot detect unknown internet worm automatically because it not depend on behavioral internet worm but depend on signature to detect it. Worm containment must be automatic to have any chance of success because worms spread too fast for humans to respond. Ever since the Morris worm showed the Internet community for the first time in 1988 that a worm could bring the Internet down in hours, new worm outbreaks have occurred periodically even though their mechanism of spreading was long well understood. Norton Antivirus (NAV) is a popular product of Symantec Corporation and is one of the most widely used antivirus programs. Its function is to detect and remove viruses, spyware, adware, and other potential security risks. Norton Antivirus is sold as a standalone product and is also included as part of Norton Internet Security and Norton System Works. There is also a standalone corporate version called Symantec Antivirus Corporate Edition. It is aimed at centrally managed corporate environments and has features not present in the retail version of the software.
We propose to find a new algorithm and early warning system for detect Internet worms to provide an accurate triggering signal for mitigation mechanisms in the early stage of a future worm. Such proposal is needed in view of the propagation scale and speed of the past worms. Although we have been lucky that the previous worms have not been very malicious, the same cannot be said for the future worms. Based on the idea “detecting the trend, not the rate” of monitored illegitimated scan traffic, we try to present our algorithm to detect the presence of an internet worm virus in its early stage. The analysis and simulation studies indicate that such a system is feasible, and the “trend detection” methodology poses many interesting research issues. We hope this paper would generate interests of discussion and participation in this topic and eventually lead to an effective monitoring and early warning system.