This blog posting is a New Year gift for advanced Outpost users. We heard and read some complaints concerning lack of information about the firewall improvements. Indeed, we may have overlooked the firewall development announcements in the past as they usually refer to something "not visible" and intangible. Now we'd like to correct this mistake and tell you more about Outpost firewall technology 2010.
Warning! Watch out! Gobbledygook ;-)
1. Windows 7-related activity
Agnitum's R&D has implemented a new mechanism of network activity and content filtration using Windows Filtering Platform (WFP) technology. This has helped to resolve compatibility issues with Windows 7 and – potentially – with future Microsoft OS's, because WFP is positioned as the major platform for future Windows releases. As a result this new mechanism brings more stability to Outpost solutions (including the aspect of interaction with other network filters).
2. Windows Filtering Platform on Vista
Due to successful and stable operation of WFP-based filter on Windows 7 we decided to use the same technology for Vista (from SP 1) instead of TLI filter built on the principle of intercepting OS's undocumented interfaces. As WFP interfaces on Vista and Windows 7 significantly differ in a number of critical aspects, our team performed the integration of WFP-filter into Vista. This helped resolve critical errors which may have led to a BSOD when using TLI.
3. Using the new filtration mechanism on receipt of packets for Vista/Windows 7. Optimized performance in high-speed channels.
The packet filter underwent deep remodeling in the aspect of processing incoming packets on increased IRQLs. The workaround was to organize delayed processing of such packets with an aid of worker thread pool. This enabled lower burden on CPU during filtration and improved system "responsiveness" within intensive network operation.
4. Channel load between the driver and managing service was dramatically decreased. Increased system stability and lower CPU load as a result.
Special rules for packet sniffer were introduced in order to precisely configure the packet sniffer for receiving only essential information about filtered packets, for example, blocked packets and packets related to installation/connection termination. Minimizing packet notification between the driver and service led to decreased system load.
5. Content filtration improvements (loopback, no binary flow filtration)
The mechanism of rules creation and behavior control for content filtration that helped limit the volume of filtered data at the expense of the data transmitted via loopback channel as well as binary data irrelevant in terms of content control. At that the mechanism of detection and non-filtration of binary streams has been fully realized in the driver, which minimizes the number of messages between the driver and service, facilitates content filtering and ensures less impact on system performance.
Besides, critical errors in TDI/TLI filters applied in Windows 2000/XP/Vista RTM were fixed, which enabled advanced system stability.
6. SPI for UDP implemented (regards to old good Outpost 4.0)
We introduced a mechanism that can be used for blocking attempts of using non-TCP endpoints in server regime. In other words, incoming datagrams for endpoints are allowed only for those remote hosts from which at least one datagram was sent from the current endpoint. The mechanism allows to limit datagram endpoint usage only to the model of client behavior in the client-server scheme. This adds flexibility in terms of network security settings.
7. Filtration of invalid TCP flags
The packet filter checks TCP flags and classifies a packet as unwanted in case of incorrect combination of TCP flags. This mechanism decreases the firewall and network stack load in case of host-focused bombarding by such packets, as the packets are blocked on initial stages.
That's it for now. Hope you'll find enough food for reflection in this article :-) Looking forward to your feedback!
Last but not least we'd like to wish you a Happy New Year! Best luck, happiness and health in 2010!
Maxim Korobtsev, CTO, Agnitum
Wednesday, December 30, 2009
Friday, December 11, 2009
Outpost 7.0 – moving towards the public beta. Preview
Now that there are a few weeks left before the public beta of Agnitum's new product line we'd like to share a preview of new features and improvements to constitute the final Outpost Pro 7.0 expected in Q1 2010.
This blog posting is the first in a series where you'll find descriptions of the novelties we’re making as we develop the Outpost Pro 7.0 products, which are soon going into beta. We’re encouraging everyone to get to know the new versions gradually as soon as they'll become available, learning all aspects of what’s new and what’s better, so we can get your concurrent feedback. Many of the improvements in our products are suggested by our users, so you might find your idea in a future blog posts in this series.
Here's a very brief overview of how Outpost products evolved:
New! Outpost Protected Objects
Outpost Protected Objects (working name) module enables protection of locally-stored assets (Protected Objects) from corruption or access by malware. With just a few clicks, you can simply highlight a folder or file using Outpost’s Advanced menu and set a password. This simple action ensures private, secret or otherwise sensitive content is kept safe from children, colleagues or other users of the computer, as well as from external threats, such as spyware and other nefarious programs.
New! System and Application Guard
Outpost 7.0 users will benefit from System and Application Guard (working name), sibling of Outpost's Critical objects controller, which adds another layer of defense to Agnitum's paradigm. This new feature protects sensitive personal data (cached login details and passwords, electronic wallet IDs, etc.) stored by instant messengers, browsers and electronic payment processors from being accessed and hijacked by unauthorized non-related applications – a wide-spread technique employed by modern malware-makers. Outpost will be equipped with predefined access limitations so that only ICQ would be able to retrieve personal ICQ credentials, only Internet Explorer would be granted access to its cookies and so forth.
Improved! Anti-Malware engine
The Anti-malware engine has been enhanced with new detection and remediation capabilities and also underwent the following improvements:
• In compliance with antivirus protection standards, the option to automatically cure infected objects detected by the real-time monitor is now set as default action
• An updated heuristic analyzer, part of the Antimalware module, turns visible in the interface and more flexible due to adjustable sensitivity levels (normal/high)
• Actionable Quarantine facilitates decision-making regarding neutralized suspicious objects; quarantined files can be easily restored right from the new menu or exterminated in a couple of clicks
New! Monitor of file and registry activity
An invaluable assistant to advanced users, this tool provides a big picture of current file and registry activity. The user may opt to take a snapshot of the monitor's records for deeper analysis or, if necessary, terminate a suspicious process right from the list.
Improved! Updated anti-leak capabilities
Like the previous versions Outpost 7.0 has furthermore enhanced its anti-leak arsenal addressing the latest zero-day threats and data leakage techniques employed by sophisticated malware.
New! Revamped user interface
The solutions were redesigned to reflect the modern Windows 7 look and provide better visibility of product notifications.
Improved! Optimized performance
Outpost 2010 solutions deliver improved performance and use fewer system resources thanks to a number of measures:
• New! Tolerant filtration of P2P currents, such as video and audio streams
• Improved! More efficient anti-malware update process due to new local servers and decreased update volume - without prejudice to consistency and content
• Improved! Friendly interoperability with applications and web-sites using Middle and Far East language characters due to ImproveNet advancements
New! Extended compatibility
Outpost 2010 is fully compatible with Windows 7, Vista (up to SP2), Windows XP (up to SP3), Windows Server 2003 and 2008, and , as well as all previous 32-bit versions from Windows 2000 onwards and all 64-bit Windows. All Outpost solutions are fully compatible with the Microsoft Action Center in both Windows 7 and Windows Vista.
That's it for now. We'll elaborate the descriptions and give you more information on every feature and improvement in further blog postings. Keep your eyes open for the updates and expect the notification of publicly available versions!
Stay tuned!
Pavel Goryakin, Agnitum
This blog posting is the first in a series where you'll find descriptions of the novelties we’re making as we develop the Outpost Pro 7.0 products, which are soon going into beta. We’re encouraging everyone to get to know the new versions gradually as soon as they'll become available, learning all aspects of what’s new and what’s better, so we can get your concurrent feedback. Many of the improvements in our products are suggested by our users, so you might find your idea in a future blog posts in this series.
Here's a very brief overview of how Outpost products evolved:
New! Outpost Protected Objects
Outpost Protected Objects (working name) module enables protection of locally-stored assets (Protected Objects) from corruption or access by malware. With just a few clicks, you can simply highlight a folder or file using Outpost’s Advanced menu and set a password. This simple action ensures private, secret or otherwise sensitive content is kept safe from children, colleagues or other users of the computer, as well as from external threats, such as spyware and other nefarious programs.
New! System and Application Guard
Outpost 7.0 users will benefit from System and Application Guard (working name), sibling of Outpost's Critical objects controller, which adds another layer of defense to Agnitum's paradigm. This new feature protects sensitive personal data (cached login details and passwords, electronic wallet IDs, etc.) stored by instant messengers, browsers and electronic payment processors from being accessed and hijacked by unauthorized non-related applications – a wide-spread technique employed by modern malware-makers. Outpost will be equipped with predefined access limitations so that only ICQ would be able to retrieve personal ICQ credentials, only Internet Explorer would be granted access to its cookies and so forth.
Improved! Anti-Malware engine
The Anti-malware engine has been enhanced with new detection and remediation capabilities and also underwent the following improvements:
• In compliance with antivirus protection standards, the option to automatically cure infected objects detected by the real-time monitor is now set as default action
• An updated heuristic analyzer, part of the Antimalware module, turns visible in the interface and more flexible due to adjustable sensitivity levels (normal/high)
• Actionable Quarantine facilitates decision-making regarding neutralized suspicious objects; quarantined files can be easily restored right from the new menu or exterminated in a couple of clicks
New! Monitor of file and registry activity
An invaluable assistant to advanced users, this tool provides a big picture of current file and registry activity. The user may opt to take a snapshot of the monitor's records for deeper analysis or, if necessary, terminate a suspicious process right from the list.
Improved! Updated anti-leak capabilities
Like the previous versions Outpost 7.0 has furthermore enhanced its anti-leak arsenal addressing the latest zero-day threats and data leakage techniques employed by sophisticated malware.
New! Revamped user interface
The solutions were redesigned to reflect the modern Windows 7 look and provide better visibility of product notifications.
Improved! Optimized performance
Outpost 2010 solutions deliver improved performance and use fewer system resources thanks to a number of measures:
• New! Tolerant filtration of P2P currents, such as video and audio streams
• Improved! More efficient anti-malware update process due to new local servers and decreased update volume - without prejudice to consistency and content
• Improved! Friendly interoperability with applications and web-sites using Middle and Far East language characters due to ImproveNet advancements
New! Extended compatibility
Outpost 2010 is fully compatible with Windows 7, Vista (up to SP2), Windows XP (up to SP3), Windows Server 2003 and 2008, and , as well as all previous 32-bit versions from Windows 2000 onwards and all 64-bit Windows. All Outpost solutions are fully compatible with the Microsoft Action Center in both Windows 7 and Windows Vista.
That's it for now. We'll elaborate the descriptions and give you more information on every feature and improvement in further blog postings. Keep your eyes open for the updates and expect the notification of publicly available versions!
Stay tuned!
Pavel Goryakin, Agnitum
Subscribe to:
Posts (Atom)