Did someone ever heard anything about this new "holistic" approach

http://www.newkerala.com/news.php?action=fullnews&id=71312

Not much information available, i found this:


BANGALORE, India — Sanra Software Ltd., a Chennai-based firm, has unveiled what it claims is a breakthrough anti-virus technology based on the intention of malicious codes, protecting PCs from not only known viruses but also from unknown malicious codes including viruses, Trojan horses, worms, spyware, keyloggers and hackers.

"Our path-breaking technology takes a snapshot of PCs in complete detail in its malware-free state and continuously monitors system and file change," said N.S. Baskar, managing director of Sanra Software.

New files, configuration changes, alterations in system control files and changes in critical application program files are all evaluated for potential threats. Any change in the system state that represents a potential threat is immediately acted upon.

Sanra’s software contains algorithms that scan the hard disk every 3 minutes and can be programmed to scan as often as every minute. It not only removes the potential threat but also restores the system to its original malware-free state.

The company believes its anti-virus technology is more effective than existing anti-virus technologies, which use either signature-based or heuristic-based methods.

Signature-based anti-virus technology identifies the binary string unique to each virus and updates its database. It also requires constant updating.

Heuristic-based technology identifies viruses based on the suspicious behavior. It does not differentiate between legitimate and suspicious acts and raises false alarms, Baskar said.

Sanra is slated to release the program during the second week of January.


Source: SecurityPipeline

And this:

Indian software company Sanra has announced a new anti-malware solution called Rudra. Rudra is a no-update solution that sounds like it is a mix of HIPS and tripwire. It assumes a clean system at install and then monitors for changes.

It seems like the documentation does a good job of describing what it is not. It is not virus definition based or heuristic based. But when it describes what it is, it is less forthcoming. How does it determine that a new program is a threat or not? Sounds like its a whitelist only approach to the computer.


Source: Roger's Information Security Blog

IMHO Roger is approaching "Rudra" in the right way: it's all wishfull thinking, Rudra promises a lot but in practice it will not work.:-\

It sounds like Rudra is based on a file integrity checker, with a few added bells & whistles. However, it is my opinion that an integrity checker is best used in addition to an AV (NOT instead of) as an added layer of protection.

For excellent and FREE file integrity checkers, have a look at...
Watcher (http://www.snapfiles.com/get/olwatcher.html)
Sentinel (http://www.runtimeware.com/?page=p_sentinel2)

-{ Quote: "For excellent and FREE file integrity checkers, have a look at...
" }-
Exact my thoughts....;)

Thanks guys for your comments.:)

And Merry Christmas.:)