Anti-Malware. Part 2: Auto-Update Engine 5.0 and Heuristic Analyzer

In my last blog post, I discussed the antivirus engine advancements in the current version 6.7.3. Outpost 7 will continue this auto-update and traffic-saving approach and add even more stability and better performance. All this is thanks to the new anti-malware engine, version 5.0, which will be smoothly integrated into Outpost's other services in version 7.0.

Just to remind you of the improvements in Outpost Security Suite Pro and Outpost Antivirus Pro:

• Continual signature-flow: The new engine allows increased frequency of malware database updates: three times a day on weekdays – twice with antivirus signatures and once with antispyware. Tip! Just tweak Outpost’s settings to opt for updates on an hourly basis instead of the default daily updates.
• Smart updates: Version 5.0 of the anti-malware engine (anti-virus + anti-spyware) automatically updates itself as needed at the same time as the regular malware database updates (no separate product update is needed).
  

All these new benefits were introduced in a seamless fashion so you won't experience any PC slowdowns or performance disruptions. On the contrary, automatic updates do a great job in reducing traffic and easing the product operation. We are working hard to bring forward the public beta date when all of you will be able to judge the improvements for yourselves. The release of version 7 will come hand in hand with the new anti-malware engine, which will provide a solid foundation for future detection and disinfection improvements.


I’d also like to tell you about another important technology we’ll make visible in the Outpost 7.0 anti-malware module - HAX. HAX is designed to improve the accuracy of our detection, and has been in development for quite a long time. Outpost 7.0 will put this formerly hidden mechanism in the anti-malware's on-demand scan settings center stage, as you can see in this screenshot:

HAX’s full name is Heuristic Analyzer for eXploits, and it’s specifically designed to detect potentially harmful packed objects such as ZIP and RAR files as well as suspicious encrypted and protected files.

Packed objects can be monitored using both signature and heuristic, or non-signature, methods. The signature-based approach employs an updated base of packer definitions. The heuristic method builds on a static classifier which receives such input data as:

• Characteristics of PE (portable executable) structure
• Section chart check
• Results of import chart analysis
• Assessment of file section entropy

A separate check is performed in case there is an attempt by the malware to disguise an executable as a Windows system component.

That's it for now. Feel free to subscribe to Outpost 7 series and learn what's up and what's new while we develop Outpost 7 solutions. Your comments are always welcome!

Pavel Goryakin, Agnitum

Agnitum delivers Outpost 6.7.3 with new auto-update functions

Good news, everyone! :-)

Today we shipped another iteration of Outpost 6.7 solutions - 6.7.3.

With this release Agnitum introduces daily updates of Outpost installation packages. What we mean is regular incorporation of new malware and rule databases into Outpost. During the workday, these bases come embedded into the installation package and downloadable from the web-site.

It is the result of new internal automation processes in Agnitum's R&D implemented since 6.7.2 edition.

This tweak brings great savings for customers who won't have to waste time and Internet traffic to constantly download updated bases. A good advantage over competitors who tend to bloat their installation packages up to 150% of the original volume just for that reason.

To sum up, the improvements ensure:

• increased frequency of malware database updates: updates are now delivered three times a day (minimum) on weekdays
• Anti-Malware engine now gets auto-updated through regular malware database updates, meaning that for receiving new features and fixes no separate product update is needed

You may find Outpost 6.7.3 solutions at http://www.agnitum.com/products/.

11 is not binary 3 :-) - Agnitum's 11th birthday!

Last year we must've been so busy developing security software as to forget to fish for anniversary congrats - this time we'd like to fix that bug :-) February 1 is Agnitum's official establishment date, so we gladly accept best wishes for our 11th birthday.

Also we'd like to thank our devoted customers and supporters! We wouldn't be what we are without your help, understanding and loyalty. So you guys are welcome to celebrate with us!

Eleven years is quite an age for an Internet-catering firm, we've changed a lot since 1999 so have our products. The only thing that went unaltered is our commitment to defend your PC from all sorts of web nasties and exactly as our slogan goes - take care of your security while you may indulge yourself to something more pleasant :-)

Before we get down to shot glasses as this pirate country's tradition implies we remind you to keep your eye on this blog - more product news and descriptions should follow soon.

P.S. Customer Support remains on duty.

Pavel Goryakin, Agnitum