We’ve launched the free 60-Second Virus Scanner desktop app, which will add a layer of elite cloud-based protection to PCs worldwide in an all-out assault on malware.
It`s called 60 Second Virus Scanner because it scours your system for malware in less than a minute.
The claim of speed and convenience may raise the eyebrows of many users who`ve already tried security products. Let`s face it – speed and low system impact haven`t been the strong points of the antivirus industry. An antivirus has been seen as something akin to medicine that tastes bad, but works.
Things have changed in recent years, and we`ve been investing a lot in our security products. No one likes a system slowdown. As developers, we hate it even more, since we have to work with advanced developer tools that take a lot of resources. Additional software that slows our systems can directly impact our performance, not to mention our sanity.
On the other hand, security is important. No one wants work stolen or lost. Even hardcore developers know they need a security product.
So, we set out to build a “One-Minute Wonder.”
First, we created a really tiny installer (about 155 KB). After installation, it unfolds into approximately 24 MB, but most of the space is occupied by the User Interface.
Second, we moved the entire detection system to the Bitdefender Cloud, which can collect and manage vast amounts of information. The application then creates a quick snapshot of the running processes and talks with our cloud about detection.
Anti-virus companies have used the cloud for many years, speciï¬Âcally for real-time virus reporting and detection of virus outbreaks. In this scenario, the anti-virus engine monitors the execution of unknown ï¬Âles and reports the event to the server. The server then decides whether the unknown ï¬Âle represents a virus outbreak by analyzing details such as ï¬Âle spreading, distribution and a set of geographic details.
Intrusion Prevention Systems have used the cloud to report the behavior of executables, extending detection capabilities of host-based intrusion prevention systems.
The simplest implementation of the client module, which proved to be remarkably effective, consisted of performing a live system analysis for compromise detection. Instead of reporting behavior events, our engine performs a snapshot of the live system and gathers information. This snapshot lasts no more than a few seconds for a normal system.
For the Bitdefender Cloud to perform its analysis, the snapshot of the running processes has to contain information extracted by the following three components:
The file information component extracts information such as Portable Executable structure abnormalities, entropy, whether or not the ï¬Âle is digitally signed with a valid digital signature, imported functions, etc. are all helpful in determining whether a ï¬Âle is suspicious.
The memory information component analyses the in-memory image of modules. Since the modules are already executing, it is safe to assume that, at this stage, most modules are decrypted/decompressed and we have access to their unencrypted memory image. Among information retrieved, we mention:
The System information component analyses the way the module interfaces with the system, and possibly other systems, by taking in consideration the following:
“¦ and so on.
By using all the above information, we are able to determine which running processes are malicious, and in less than 60 seconds we can tell the user that he is infected.
And once we find the system is infected, the 60-Second Virus Scanner will tell the user how to get his system cleaned.
Besides on-demand or scheduled scans, a real-time scan feature continuously watches the system for various hints of malicious activity (new processes in user mode with administrator privileges, tampering with the drivers functionality, different registry zones were modified, etc.), which triggers a system scan.
While beta-testing this technology, we discovered that 1 in 5 users had at least one piece of malware running on their computer. However, this statistic is biased because people used our scanning system because they already suspected they were infected.
Also, the 60-Second Virus Scanner can double check the user`s current security solution because it can work together with other antiviruses.
And now it is available, for free, here:
http://www.bitdefender.com/solutions/60-second-virus-scanner.html
References and Further reading:
“¢ http://labs.bitdefender.com/wp-content/uploads/2010/04/MChiriac-VB2009.pdf
“¢ http://www.virusbtn.com/pdf/conference_slides/2009/Chiriac-VB2009.pdf
“¢ http://www.bitdefender.com/solutions/60-second-virus-scanner.html
Don’t miss our infographic: What goes furthest in 60 seconds?
tags
December 19, 2024
November 14, 2024