Monday, February 26, 2007
Product Marketing Manager
Wednesday, February 21, 2007
Many Outpost Firewall users are asking about the integrated anti-malware protection that we’ll be including in the new security suite, so we thought the best way to address this would be to post some information here about the design concepts behind the anti-malware module as well as its functionality.
First of all, why did we decide to add total malware protection to our core firewall product? Essentially, because we have concluded that ‘point-solutions’ for individual threat types like spyware or Trojans no longer provide the full scope of defense in today’s complex world of security threats.
While the firewall continues to be a reliable deterrent to malware propagation and unauthorized connections, as well as protecting against data leaks, we believe it’s no longer sufficient protection for our discerning customers. By adding comprehensive malware protection, we’re able to block, detect and remove – that is to control - all kinds of malicious program activity throughout the lifecycle of the threat.
Using award-winning VB100 technology licensed from a leading malware expert, we believe we’ve come up with a pretty good solution to the “anti-x-ware” problem that will deliver integrated protection in a lightweight, reliable, easy-to-use package.
Here’s how it works. Essentially, all malware scans are combined into a single process - a universal protection mechanism that scours for all types of malicious elements at once and removes them all together in a single pass. Unlike some other suites, Outpost will enable you to detect and remove any kind of infection in one efficient process. The on-access scanner will be more efficient, too, using significantly fewer system resources because it’s only checking files on execution or when needed.
The integrated malware engine will treat all target objects intelligently by checking only versions of the objects modified since the last scan; if a file’s fingerprint has not changed, it doesn’t need to be re-inspected. The benefits of this approach are unaffected boot-time performance, decreased on-demand scan times, and a more responsive system because the resources are kept at optimum level. Thanks to special algorithms and a distributed database, the accelerated scan can be achieved on any type of file system.
Other important aspects of this new scanning technology include:
- The module verifies file type not by the given extension but according to unique characteristics of its contents. This allows correct enumeration of objects for future scans.
- On execution, the module checks *all* files accessed, extending verification beyond commonly inspected types of files.
- Incoming and outgoing email is checked in real time, regardless of the email client used.
- The Windows Registry is constantly monitored for the presence of inappropriate data; if such data is found, it’s immediately removed to prevent re-infection at system reboot.
- Scheduled scans are delayed if the computer is using a lot of processing power – for example when editing video footage or running an intensive game – to avoid impacting the performance of that application.
In short, everything we’re doing with this new suite is in line with our mission statement: to make every network - home, office, Internet - a safer place for computer users. To this end, we apply our best efforts and skills to the development of superior security software through state-of-the-art technology, innovation and leadership.
Chief Software Architect