Conventional antivirus technologies are one step behind viruses: |
In order to detect and eliminate new viruses, antivirus solutions usually take a reactive approach: they wait for it to appear, infecting its first computers and then they are updated to combat it as soon as possible.
However, when a new malicious code appears it can often take several hours for antivirus solutions to be able to detect and eliminate it (some manufacturers need up to 72 hours or more).
|
|
Many commercially available antivirus
programs apply a detection system based on
the “pattern (signature) matching” or “scanner”
method. |
This system extracts certain
binary code segments from known viruses,
enters them into a database in the form of
hexadecimal strings (called “patterns” or “signatures”),
and matches files against this database
to determine whether they are viruses.
|
Generally, this system has the following disadvantages:
|
- The system cannot detect unknown
viruses whose patterns are not contained
in its database.
- It is difficult to create patterns that can
uniquely characterize viruses and prevent
safe files from being misidentified as
viruses.
- Existing patterns are rendered inapplicable
to matching simply with partial modificationof
the virus code (as seen in
numerous virus variants)—in an extreme
example, this can be accomplished merely
through recompilation of the code
with a different compiler.
|
|
In addition to matching of simple string
patterns, antivirus vendors are now developing more common patterns that can include regular
expressions instead of simple character strings,
as well as pattern matching using file or program
structures. However, these matching
methods essentially rely on syntactic information
and are thus fundamentally limited.
To detect unknown viruses, some antivirus
programs apply the “dynamic protection”
process, in which suspicious executable files
are run and observed on an isolated computer
to determine whether they are indeed viruses. |
However, this method relies on actual
observed program functions and may not be
able to reliably detect viruses that do damage
only under specific conditions (e.g., on a specific
date and at a designated time). The
“heuristic scan” method, on the other hand,
uses common patterns to detect specific program
structures, yet with this method it is considered
more likely that useful programs will
be misidentified as viruses. |
 However, new viruses have recently emerged with the capacity to infect thousands of computers in few hours, before antivirus protection can be updated to combat them. |
| To Ensure that you are not left vulnerable for even a second, you need to increase the protection of your computer, pre-empting the actions of Unknown viruses. Rudra effectively will detect and block Unknown viruses even before your antivirus has been updated to combat them. |
| |
So How does Rudra detect Unknown viruses?
|
|
Does it seem like a mystery ?? To protect your house … Do you have a wall with thumbnail photos of all known criminals in your area ??
Of course not Then why do we believe that only a signature based software can protect our computer ? |
| If you get a person at your doorstep, who is flaunting an AK 47 gun, would you allow him in when his photograph is not part of the thumbnail photos you got from the local police station ?? Of course not. Let’s be clear, he hasn’t started shooting …. You don’t need to analyze behavior to identify a malicious person, neither do you need behavior to identify a malicious code |
| |
 |
All human beings identify a malicious person based on intention, even before he has done any harm Rudra identifies a malicious code based on intention, before it can do any harm If a person is attempting to cut open the kitchen grill of your apartment in the middle of the night, would you wait to study his face before declaring him a thief ?
|
Rudra uses method of entry to identify a malicious code, just like we humans If you can think of all the rules how we keep our apartment / offices safe without the need for either thumbnail photographs of known criminals or analyzing behavior And apply those rules to a computer
|
| |
Security:
|
And if you could keep your apartment / office safe for all these years, Then you can be confident that those very same rules will keep your computer safe for all the years henceforth that you use the computer, i.e. for a life time
|
 |
|
 |
| |
