Security solutions must be able to perform two big functions: prevention and, if necessary, remediation. Kaspersky Lab’s latest patent is a technology that makes both more effective.
The most common approach to prevention is to track what’s going on in your computer and neutralize harmful objects. If the security program spots a Trojan, a phishing or spam e-mail, or a malicious website, it does its best to protect the user.
When prevention fails, the security solution has to deal with an infected computer. Cleaning an infected system is not simply a matter of deleting a bad file. To clean an infected PC, the antivirus has to remove the malicious code and restore the normal functions of the compromised PC. It isn’t enough to remove the illness; you have to restore health — and that is a complicated prospect.
That’s exactly why independent security benchmark tests show that although many antivirus vendors perform relatively well at prevention, the field of excellence narrows quite a bit when it comes to disinfecting an already compromised system.
Better detection…
Lists of virus signatures and other traditional methods of detection have an important place in security solutions. However, heuristic methods also play a vital role. Heuristics, or using experience to learn and grow, enables antivirus software to watch not only for harmful objects, but also for suspicious activity.
Suspicious activity detection is at the core of a technology developed and recently patented by Kaspersky Lab’s Mikhail Pavlyuschik, Alexey Monastyrsky, and Denis Nazarov. This technology can map interactions between a program and other OS components and software. In this case, interactions means one program working with memory used by other processes.
Kaspersky Lab solutions awarded highest @AVTestOrg awards – https://t.co/NE6YDclffS pic.twitter.com/onXUVGrdO2
— Kaspersky (@kaspersky) February 17, 2016
…and prevention
Consider a computer attacked by malware that collects keystrokes (a keylogger).
If the keylogger managed to infect the computer, that means it bypassed protection or infiltrated by exploiting flawed security configuration, which is a common scenario. It must be stopped before it sends the data (could be your e-mail password, bank login, a webcam capture, and much more) to the person behind the attack.
This is where behavioral analysis steps in. The technology is embedded in our System Watcher module and, with help of other security components, detects the known malicious interactions the untrusted software causes before the damage is irreversible. Moreover, it can roll back the modifications made by the malware because it tracks the malware’s behavior.
How does Kaspersky Internet Security protect you from #ransomware? – http://t.co/7drBP7PWxL pic.twitter.com/f5BDXJOC47
— Kaspersky (@kaspersky) May 23, 2015