Just to remind you of the improvements in Outpost Security Suite Pro and Outpost Antivirus Pro:
- Continual signature-flow: The new engine allows increased frequency of malware database updates: three times a day on weekdays – twice with antivirus signatures and once with antispyware. Tip! Just tweak Outpost’s settings to opt for updates on an hourly basis instead of the default daily updates.
- Smart updates: Version 5.0 of the anti-malware engine (anti-virus + anti-spyware) automatically updates itself as needed at the same time as the regular malware database updates (no separate product update is needed).
I’d also like to tell you about another important technology we’ll make visible in the Outpost 7.0 anti-malware module - HAX. HAX is designed to improve the accuracy of our detection, and has been in development for quite a long time. Outpost 7.0 will put this formerly hidden mechanism in the anti-malware's on-demand scan settings center stage, as you can see in this screenshot:
HAX’s full name is Heuristic Analyzer for eXploits, and it’s specifically designed to detect potentially harmful packed objects such as ZIP and RAR files as well as suspicious encrypted and protected files.
Packed objects can be monitored using both signature and heuristic, or non-signature, methods. The signature-based approach employs an updated base of packer definitions. The heuristic method builds on a static classifier which receives such input data as:
- Characteristics of PE (portable executable) structure
- Section chart check
- Results of import chart analysis
- Assessment of file section entropy
That's it for now. Feel free to subscribe to Outpost 7 series and learn what's up and what's new while we develop Outpost 7 solutions. Your comments are always welcome!
Pavel Goryakin, Agnitum
6 comments:
Hello Pavel,
Everything you write here is very good and shows your commitment to deliver a really nice solution. I thought it could help if I share the most annoying things that I find in the current version (6.7.3). The web control is slowing my web page experience a lot. I found that pages are loading faster with all scripts/banners/etc compared to when I am using the web control. I really hope you will have something in your sleeve for this also.
Hi Kolcho,
That's a bit off topic :-) Anyway, there may be plenty of other reasons for the slowdown, so I strongly advise you to contact our Customer Service at https://www.agnitum.com/support/contact.php.
They'll request system logs and help you identify and solve the problem.
I for one, think all of this sounds very exciting. :) Outpost has a reputation as being bulletproof and it looks like that will continue for some time. Well done!
Hello .... i am from Romania and i want to congratulate you all from team AGNITUM for such a wonderfull software that is firewall pro 673....this piece of software prevent a lot of hackers gaining access to my computer , indeed very strong firewall and antispyware , keep the good work in keeping customers PC"s safe , i will tell to everyone to use OUTPOST FIREWALL PRO.....:)
Hello I am from Seattle WA USA. I like your hueristic PE analysis aproach! But I wish you would explain more about
•Characteristics of PE (portable executable) structure
•Section chart check
•Results of import chart analysis
•Assessment of file section entropy
And I wish that Outpost Security Suite Pro would tell me more about what is going on in my computer if I want to know such things. If you could put in an option for verbose explanations I would like that very much! Also I am trying slowly to make an IA-32 Assembler using Dolphin Smalltalk at sourceforge.net search picoLARC and I would like to know about links or books about the PE format and
•Characteristics of PE (portable executable) structure
•Section chart check
•Results of import chart analysis
•Assessment of file section entropy
So could you please tell me where to look to find out about PE etc?
- Also I wish that you could tell me when a program is trying to change a component. I get Dialogs that say programs are using changed or unknown components but I don't know when or how these changes happened( often they happen right after program installs ). Isn't it too late after the change? I would like Outpost to tell me when a component change is happening so I can block it or not ( Windows XP Pro ). I don't know what to do when these Dialogs come up. I don't know when the change was made. Was it part of the install I just did of Java? Or did it happen previously. I wish that Outpost would be more verbose because I want it to be. I chose Outpost over Norton because it tells me things. But no enough. I want to know way more about what is happening and when.
I love Outpost. Keep it up the good work.
Post a Comment