|
News in Antivirus Technologies
|
For the first time in the world, DialogueScience products implement the
following antivirus technologies:
| 06 Dec 1999 |
Doctor Web can now check memory of
NTDVMs.
|
| 24 Sep 1999 |
SpIDer Guard, a memory-resident
sentry, is armed with a significantly enhanced ability to
control viral activity, namely: a new technology prevents a wide
range of known and even unknown memory-resident Windows-viruses
from intruding computer memory.
|
| 30 Aug 1999 |
DrWeb, an antivirus scanner, is now
able to check all Windows 95/98 memory, including the system
(even shared) memory, as well as the memory of all virtual machines
and active applications.
|
| 06 Apr 1999 |
ADinf32 demonstrated unique
innovations, such as asynchronous background disk scanning, detection
of double disk changes, automatic detection of companion viruses and
recording a global history of disk changes. |
| 18 Feb 1999 |
SpIDer Guard implements an
intellectual technology for monitoring viral activity, called
SpIDer-Netting. This technology
can block up the activity of virtually all known (as well as
unknown!) viruses.
|
| 12 Jan 1993 |
Universal curing program ADinf Cure
Module. The program can automatically cure infected files,
using the information prepared by ADinf. |
| 25 Mar 1991 |
Integrity checker ADinf. The
program is able to bypass the operating system and directly read disk
sectors via BIOS. For the first time in the world, ADinf implemented
an auto-search of stealth viruses. |
Details
06 Dec 1999
Doctor Web v.4.15 for Windows 95/98/NT
has been equipped with a unique ability to check memory of all virtual
machines and running processes under Windows NT.
24 Sep 1999
In SpIDer Guard v.4.13, the
SpIDer-Netting antivirus technology was
further improved and focused on disabling unknown viruses. This new
improved technology detects and blocks up a wide variety of
memory-resident Windows-viruses as early as on launching stage,
thus preventing a virus from intruding computer memory when an infected
Windows application is launched. Due to this, many new
Windows-viruses will be detected and their pervasion will be
stopped even before antivirus developers have a change to study and
include them in their antivirus databases. This will also avert possible
damage that can be done by these viruses to computer systems. For
example, the SpIDer-Netting technology can stop any virus
originating from of the notorious (and widely spread) virus,
Win95.CIH. And lately, such viral clones have been growing in
number.
30 Aug 1999
Now, for the first time in the world, DrWeb for
Win32 v.4.12 can check all Windows 95/98 memory, including
the system (and even shared) memory, as well as the memory of all virtual
machines and active applications. It is this feature that enables
DrWeb to reliably detect in memory and remove sophisticated trojan
programs and viruses that employ unusual techniques to infect the
Windows memory, in particular, a large class of Internet trojans
that can provide an unauthorized access to the victimized computer (like
Back Orifice) or steal passwords for accessing the Internet.
Now, among the viruses that DrWeb can detect in memory are
extremely dangerous polymorphic Win32-viruses of the new
Win32.Kriz family. Like the notorious Win95.CIH
("Chernobyl") family, these viruses are mighty enough to damage PC
hardware. Each December 25, Win32.Kriz clones attempt to erase the
CMOS-memory, Flash BIOS memory, and delete all files on all
available drives. Some variants of this family try to retrieve the list
of remote resources and delete files on network drives, activating their
destructive function only at the 256th attempt to access network files,
probably, in order to give the user a chance to establish network
connection at Windows startup.
06 Apr 1999
ADinf32 for Windows 9x/NT employs
pathbreaking integrity-checking algorithms, such as disk scanning in
an asynchronous background mode. It means that while you are viewing
scan results on one drive, ADinf can scan other drives. This approach
may significantly reduce overall scan time.
ADinf32 also implements innovative intellectual algorithms that enhance
its ability to correctly detect double changes on disks (e.g. when a file
was renamed and then modified, or moved to another folder and then
modified.) Also, the program is smart enough to automatically detect many
companion viruses. At last, ADinf32 can record a global history of disk
changes, which helps the user not only to trace back modifications in the
file system, but in many cases to find the source of viral infection.
18 Feb 1999
SpIDer Guard v.4.10 introduces an
intellectual technology for monitoring viral activity, called
SpIDer-Netting. This technology was
created by ID Anti-Virus Lab, DialogueScience. The traditional approach
to this problem (implemented in all other memory-resident monitors and
guards) is to watch "suspicious" activity, such as writes to executable
files (COM, EXE, DLL, etc.) and system areas, interception of the
file-handling interrupts (int21), etc. However, these operations are
performed by uninfected programs much more often than by viruses. As a
result, the existing guards trigger a large number of false alarms, which
hampers normal use of a computer. SpIDer-Netting's unique features
dramatically decrease the false alarm rate and, at the same time, block
up malicious activity of virtually all known (as well as unknown!)
viruses.
What is the essence of this technology? SpIDer carefully analyses
all "suspicious" activity of the working programs. The
SpIDer-Netting technology implements a unique decision-making
system that allows SpIDer to detect and disable all types of viral
activity (e.g. infection of files, destructive functions, etc.) This
technology prevents contamination even if the infector was not detected
by Doctor Web's heuristic analyzer. In other words, even if
DrWeb failed to detect a well disguised unknown virus in a program
body, the virus will be caught by SpIDer when the virus attempts
to activate.
While other memory-resident guards often respond to each "virus-like"
action and make the user sick of their obtrusive suspiciousness,
SpIDer undertakes a heuristic analysis of a whole set of
"suspicion" operations, thus avoiding false alarms in most cases. At the
same time, intensive testing has shown that SpIDer successfully
detects more than 90% of viruses "in the wild".
12 Jan 1993
ADinf Cure Module is a program that is
able to cure an infected files without knowing anything about its
infector. ADinf Cure Module uses the
information prepared by ADinf to restore
the file exactly to its original form. Testing on a collection of 8000
file viruses has shown that ADinf Cure
Module can restore 97% of infected files, which is still a unique
result.
25 Mar 1991
ADinf is the first (and, so far, the only)
integrity checker that can directly read disk sectors via BIOS and parse
the file system structure without calling operating system functions.
These approach not only ensures excellent performance, but also solves
the problem of stealth contamination. ADinf compares file attributes reported by the
operating system and those obtained through direct analysis of the file
system. In this mode ("Stealth search") the program is able to
auto-detect active stealth infectors.
Copyright © 1999 DialogueScience, Inc., Moscow, Russia.
All rights reserved.
