By year's end, Sana Security plans to ship a new version of its Primary Response antivirus software that will be able to identify and remove malicious software without the use of the "signature" code used by the majority of antivirus vendors.
The software, which will probably be called Primary Response 4.0, will also be the first version of the Sana product that users can run in a stand-alone fashion, without the company's server-side management software, said Matthew Williamson, senior research scientist with Sana.
Most antivirus products identify malicious software by comparing the software being run to pieces of known worm and virus code, called signatures. Primary Response, however, determines whether or not software is malicious based on a mathematical analysis of what it's trying to do.
This means that, unlike other products, Primary Response can protect users even from unreported viruses, said Williamson. The new version will be able to detect and remove spyware and adware, as well as malicious software such as viruses, he said.
This removal capability is new. The current version of Primary Response simply quarantines malicious software once it has been identified. But version 4.0 will be able to uninstall programs using these same analysis techniques.
The net result is that it will be harder for hackers to write software that cannot be removed from an infected computer, Williamson said. "We're in a good position to fight back as the malware morphs and tries to remain on the machine, " he said. "Just the same way a signature script can be out of date, a removal script can be out of date, too."
A beta version of Primary Response 4.0 will be available in November, with a stand-alone version, priced at about US$40, expected by year's end. A managed version, which will work with the Sana server software, will ship in early 2006, Williamson said.