 |
 |
|
Malware protection without signatures?
The a-squared Anti-Malware Background Guard scans all running programs with a signature scanner the same as all other antivirus guards. The scan can only detect the malware if it has the correct signature. Although the a-squared Team wish to create signatures for new malware and provide them as fast as possible via the online update, the process of creating a new signature can take a while. During this time you are not protected against new malware.
This is where our a-squared Intrusion Detection System (IDS) comes in. This is a special system which is able to detect and block malware without the need for signatures.
Behavior Analysis
The usual way of detecting malware is through heuristics. Heuristic scanning looks at the code in the file and analyses it, then decides whether the file is harmful or not.
The a-squared IDS works differently, it watches any program that is active and stops the program if it shows any suspicious activity. When this happens a-squared IDS pops up a message to let you know it found a program trying to change something. If this happens while you are knowingly installing a program on your computer, you can tell IDS that you are authorising this change. If a-squared IDS pops up a warning when you are not doing anything your computer, then you can be pretty sure the program is working without your authorisation.
And this is the way it works..
Each malware type, no matter if it is a virus, a trojan, a worm, a dialer or spyware, always want to achieve a particular result. Each type has it's own unique properties, properties that make each type identifiable. A virus always infects, a worm always spreads, a trojan always sends files and a dialer always dials, etc. The methods that each type of malware employs to do something may differ, but the result is always the same.
It is at this point that a-squared IDS interrupts the program. It analyses the behavior of all active programs and alerts if any program tries to do something harmful. The program is stopped and cannot continue until you decide whether or not to authorise the behaviour.
Now, if you think that sounds too good to be true, you're right. This technology has one disadvantage: a-squared IDS recognizes the behavior of malware. The behavior is always the same within the same malware type. So a-squared IDS is not able to alert you to malware by name. a-squared IDS can't tell you if it is the NetSky or Bagle worm, it can't say if it is the Optix or SubSeven trojan. But it can say it IS a worm or a trojan. You can then run the appropriate removal program.
Currently a-squared IDS can detect the following malware types:
In addition, a-squared IDS can monitor and stop any of the following actions:
The IDS is a system which was designed to detect suspect behavior. The behavior of programs and malware is sometimes nearly the same, so the system may alert in error from time to time. It is important to consider what you are doing with your computer at the time of the alert and whether you recognise the program the alert is about before clicking allow or terminate. If you are unsure you should close the program and send it to us for further analysis.
-> Read more about IDS alert messages and how to handle them
A general tip for using the IDS:
After installing a-squared, please ensure that the background guard is running. Then start your most used programs one by one so that you can tell IDS that these programs are allowed. This procedure only takes a few minutes to correctly configure IDS on your PC.
-> Read how to configure the Malware-IDS
If you are not sure if a specific program is really dangerous, please ask our specialists at the discussion forum. Your questions will be quickly answered.
| © 2003-2006 Emsi Software GmbH |