Wednesday, February 21, 2007

Anti-malware in the upcoming Outpost Security Suite Pro

Technology preview

Many Outpost Firewall users are asking about the integrated anti-malware protection that we’ll be including in the new security suite, so we thought the best way to address this would be to post some information here about the design concepts behind the anti-malware module as well as its functionality.

First of all, why did we decide to add total malware protection to our core firewall product? Essentially, because we have concluded that ‘point-solutions’ for individual threat types like spyware or Trojans no longer provide the full scope of defense in today’s complex world of security threats.

While the firewall continues to be a reliable deterrent to malware propagation and unauthorized connections, as well as protecting against data leaks, we believe it’s no longer sufficient protection for our discerning customers. By adding comprehensive malware protection, we’re able to block, detect and remove – that is to control - all kinds of malicious program activity throughout the lifecycle of the threat.

Using award-winning VB100 technology licensed from a leading malware expert, we believe we’ve come up with a pretty good solution to the “anti-x-ware” problem that will deliver integrated protection in a lightweight, reliable, easy-to-use package.

Here’s how it works. Essentially, all malware scans are combined into a single process - a universal protection mechanism that scours for all types of malicious elements at once and removes them all together in a single pass. Unlike some other suites, Outpost will enable you to detect and remove any kind of infection in one efficient process. The on-access scanner will be more efficient, too, using significantly fewer system resources because it’s only checking files on execution or when needed.

The integrated malware engine will treat all target objects intelligently by checking only versions of the objects modified since the last scan; if a file’s fingerprint has not changed, it doesn’t need to be re-inspected. The benefits of this approach are unaffected boot-time performance, decreased on-demand scan times, and a more responsive system because the resources are kept at optimum level. Thanks to special algorithms and a distributed database, the accelerated scan can be achieved on any type of file system.

Other important aspects of this new scanning technology include:

  • The module verifies file type not by the given extension but according to unique characteristics of its contents. This allows correct enumeration of objects for future scans.
  • On execution, the module checks *all* files accessed, extending verification beyond commonly inspected types of files.
  • Incoming and outgoing email is checked in real time, regardless of the email client used.
  • The Windows Registry is constantly monitored for the presence of inappropriate data; if such data is found, it’s immediately removed to prevent re-infection at system reboot.
  • Scheduled scans are delayed if the computer is using a lot of processing power – for example when editing video footage or running an intensive game – to avoid impacting the performance of that application.

In short, everything we’re doing with this new suite is in line with our mission statement: to make every network - home, office, Internet - a safer place for computer users. To this end, we apply our best efforts and skills to the development of superior security software through state-of-the-art technology, innovation and leadership.

Alexey Belkin
Chief Software Architect
Agnitum Ltd.

5 comments:

Ricardo said...

Hola a todos! Sólo comentar la configuración de seguridad que llevo probando el último mes:

Firewall: Agnitum Outpost v.4 con todos los plugins desactivados menos caché DNS y detección de ataques.

Antivirus: NOD32 con todos los monitores activados.

Antispyware-malware: AVG AntiSpyware con la protección residente activada.

Protección del registro: Ad-Watch (LavaSoft Ad-Ware) activado en modo de información (no automático) y con todas las funciones menos el bloqueador de pop-ups.

Protección IP: PeerGuardian v.2 con listas P2P, ADS, GUBERNAMENTAL, SPYWARE y TROJAN cargadas y protección http (si tienes problemas para acceder a algún contenido web, se lo permites temporalmente marcando "allow http").

Os aseguro que funciona de una manera más que razonable en mi portátil Intel Centrino a 1300Mhz y 1,5Gb de RAM.
No aparecen problemas serios de incompatibilidad que sí que he padecido con otras configuraciones, y he probado casi todo lo "serio" que ofrece el mercado.

CONSEJO: Huid de programas de reciente factura, muy llamativos que prometen protegerte de todo Spyware (hay listas extensas que confirman que son spyware en sí mismos).

No andeis constantemente comprobando vuestro firewall con tests anti-leak y demás, podrían obtener datos de vuestras vulnerabilidades y aprovecharse de ellas posteriormente.

Un afectuoso saludo y MUY BUEN FIN DE SEMANA!!!!

Agnitum BLOG said...

Estimado Ricardo, que considera Usted como "programas de reciente factura"? No esta claro.

A short summary for English speakers, as far as we could understand: Ricardo's comment claims that Outpost 4.0 works in compatibility with all the products listed. We can neither prove or rebut this statement. Only practice can reveal what configuration is optimal.

And another thing... Could you, please, keep to the English language in this blog? We have users all over the world, but we can't know all the languages :)

Thank you.

darko said...

I have and had the Outpost PRO Firewall Lifetime Lic, NOW my question is:
Since you are coming out with a suite and there is a possibility that in the near future (year from now...when users will rather purchase the suite then a standalone fw) the stand alone PRO version gets discontinued. What will happen to my Lifetime LIC? Will this mean that my lifetime license means only 1.5 years???
Also, what is the resource impact of the Suite AV? I already have my own AV and I like it, ERGO I refuse to run another AV nor I want the other AV to take away my system resources and reduce the responsiveness of my system. We live in a society where a mere %5.0 increase in performance in terms of Hardware purchase will cost us hundreds of dollars. Therefore, I refuse to install a piece of software that will nullify or maybe even further reduce the performance gain.

Now I can step off my soapbox.

Agnitum BLOG said...

Dear Darko:

1) your life-time license WILL NOT get discontinued. Oupost Firewall Pro remains our key product and we'll continue developing and supporting it;

2) the antimalware engine (including AV) was designed to work as fast as possible - considering the overall functional complexity. We did our best to provide the lowest pressure on hardware resources possible in the current circumstances.

free ps3 said...

Thanks for the nice post!