Dr.Web self-protection becomes more vigilant

[pjb024]

November 17, 2009

Doctor Web updated components of the Dr.Web SelfPROtect module used in its single-user anti-virus solutions. Self-protection of Dr.Web anti-viruses has been enhanced with the integrity control.

Now if the self-protection is enabled, all unsigned processes attempting to start from the anti-virus installation directory will get into the untrusted list. If the digital signature of the process starting from the Dr.Web installation directory has been corrupted, the new feature will not allow the process to start. If an integrity breach is detected, a user will receive a corresponding notification from the anti-virus.

The self-protection mechanism of Dr.Web single-user anti-virus solutions will be updated automatically You will need to reboot your system after updating.

http://news.drweb.com/

That's all nice and dandy, but when is Dr Web gonna look like it's not from the early 80's?

[Fajo]

Quote:

Originally Posted by pjb024

November 17, 2009

Doctor Web updated components of the Dr.Web SelfPROtect module used in its single-user anti-virus solutions. Self-protection of Dr.Web anti-viruses has been enhanced with the integrity control.

Now if the self-protection is enabled, all unsigned processes attempting to start from the anti-virus installation directory will get into the untrusted list. If the digital signature of the process starting from the Dr.Web installation directory has been corrupted, the new feature will not allow the process to start. If an integrity breach is detected, a user will receive a corresponding notification from the anti-virus.

The self-protection mechanism of Dr.Web single-user anti-virus solutions will be updated automatically You will need to reboot your system after updating.

http://news.drweb.com/

Sigh back to the self protection Again... I wish they would work on something a little more important, like detections. And no this is not a hit at Web, I would rather see the product have less use for protection because it did not let it in the door in the first place. But they just seem to be stuck on one thing for the time being.

[pjb024]

Quote:

Originally Posted by disinter1

That's all nice and dandy, but when is Dr Web gonna look like it's not from the early 80's?

A new GUI has been in development for some time. Dr.Web don't pre-announce changes so I can't give a specific time frame but I expect it to be introduced quite soon. The focus of attention is always on the anti-viral components and I believe that's how it should be. A glitzy new GUI may win customers but it adds nothing to the protection of the system although, admittedly, it may make it easier to use.

[Dr33]

Quote:

Sigh back to the self protection Again... I wish they would work on something a little more important, like detections. And no this is not a hit at Web, I would rather see the product have less use for protection because it did not let it in the door in the first place. But they just seem to be stuck on one thing for the time being.

DrWeb detection rate is very good and its getting even better

[risl]

Quote:

Originally Posted by Fajo

Sigh back to the self protection Again... I wish they would work on something a little more important, like detections. And no this is not a hit at Web, I would rather see the product have less use for protection because it did not let it in the door in the first place. But they just seem to be stuck on one thing for the time being.

They've started to add more signatures lately, I believe because of moving to automatic systems like other vendors. It used to be around 300-900 per day but now it's over 3000 per day. I mentioned this in some other recent thread.

Don't know if it has any effect because they don't participate in tests anymore, but considering their "total amount" is around 800.000 and in last 2 or 3 months they've done over 200.000 signatures which is 1/4 of the total.

[pjb024]

Quote:

Originally Posted by Fajo

Sigh back to the self protection Again... I wish they would work on something a little more important, like detections. And no this is not a hit at Web, I would rather see the product have less use for protection because it did not let it in the door in the first place. But they just seem to be stuck on one thing for the time being.

Dr.Web is developing on many fronts not just self protection. There is the new GUI in development that I mentioned in an earlier post. Also Dr.Web has continued to develop the capabilities of the on-demand and realtime scanners. Scanning time is much reduced and I can confirm that I have compared it with other AV's on my system and found it to be in the same ballpark for scanning speed.

Detection has improved with incremental changes to the scanner. In October Dr.Web announced better detection of rootkit and improved algorithm for boot sectors scan.

http://news.drweb.com/show/?i=633&c=5&p=0

Dr.Web has been Windows 7 compatible sionce September 3

http://news.drweb.com/show/?i=442&c=5&p=1

Support for 64-bit systems is available in beta so full 64-bit support will not be far off.

Dr.Web Pro is in beta and this incorporates a firewall.

So, as you can see, it's not just self protection that is being developed. There is much changing beneath the hood and I suspect that Dr.Web is much more capable than many give it credit for.

One thing that has not changed ... it is incredibly light on system resources.

[Fajo]

Quote:

Originally Posted by risl

They've started to add more signatures lately, I believe because of moving to automatic systems like other vendors. It used to be around 300-900 per day but now it's over 3000 per day. I mentioned this in some other recent thread.

Don't know if it has any effect because they don't participate in tests anymore, but considering their "total amount" is around 800.000 and in last 2 or 3 months they've done over 200.000 signatures which is 1/4 of the total.

Thats good to hear. I would not mind seeing them in tests again, But I don't put to much faith into that happening. It is good to hear that they are working on detection rates tho.

[dawgg]

Quote:

Originally Posted by pjb024

all unsigned processes attempting to start from the anti-virus installation directory will get into the untrusted list.

Seems like blabber... How often does malware start from DrWeb's installation directory? - doesn't it normally start from Temp, Desktop (or USB sticks)

DrWeb making technologies solely for marketing purposes?

[Fajo]

Quote:

Originally Posted by pjb024

Dr.Web is developing on many fronts not just self protection. There is the new GUI in development that I mentioned in an earlier post. Also Dr.Web has continued to develop the capabilities of the on-demand and realtime scanners. Scanning time is much reduced and I can confirm that I have compared it with other AV's on my system and found it to be in the same ballpark for scanning speed.

Detection has improved with incremental changes to the scanner. In October Dr.Web announced better detection of rootkit and improved algorithm for boot sectors scan.

http://news.drweb.com/show/?i=633&c=5&p=0

Dr.Web has been Windows 7 compatible sionce September 3

http://news.drweb.com/show/?i=442&c=5&p=1

Support for 64-bit systems is available in beta so full 64-bit support will not be far off.

Dr.Web Pro is in beta and this incorporates a firewall.

So, as you can see, it's not just self protection that is being developed. There is much changing beneath the hood and I suspect that Dr.Web is much more capable than many give it credit for.

One thing that has not changed ... it is incredibly light on system resources.

Unfortunately its just them saying there is changes. There is objectivity like 3rd party independent tests, they pulled out of those once they started failing consistently. I would just like to see good test or 2 would be nice (From a reputable source that is).

Edited.
Typo's

[funkydude]

Again, self-protection is really not important at all. If the AV misses a threat, it's as good as dead anyway.

Besides that, simply run a 64bit OS with a 64bit AV and there's your self defense. 32bit processes (of which nearly all malware is) can't touch 64bit processes.

[Arin]

Quote:

Originally Posted by pjb024

Now if the self-protection is enabled, all unsigned processes attempting to start from the anti-virus installation directory will get into the untrusted list. If the digital signature of the process starting from the Dr.Web installation directory has been corrupted, the new feature will not allow the process to start. If an integrity breach is detected, a user will receive a corresponding notification from the anti-virus.

So this stops someone from tampering with Dr.Web files. Looks like Dr.Web is interested on improving something which is already very good.

[lodore]

i thought they would of at least got a 64bit version out by now.

[Baz_kasp]

Isnt this a bit of a hollow feature update anyway?

I mean most av stop files being written to their directory already so it's nothing new, but it isn't very common for malware to launch from av directory anyway.

Secondly about the verifying signatures thing...that makes me laugh, because if a malware modifies one of the drweb files in order to break the digital signature...dr.web will not start itself up? lol

[NAMOR]

Quote:

Originally Posted by lodore

i thought they would of at least got a 64bit version out by now.

Same here. Sometimes they are a little too quiet about development.

@pjb024 I don't think the self protection module works on Windows 7 64 bit, at least it didn't install when I tried the Dr.Web Pro beta version. Also, is there just a regular version of Dr.Web for 64 bit in beta, I only see Dr.Web Pro for DL on the beta site.

[pjb024]

Quote:

Originally Posted by NAMOR

@pjb024 Also, is there just a regular version of Dr.Web for 64 bit in beta, I only see Dr.Web Pro for DL on the beta site.

There is:

Dr.web Antivirus For Windows (x86/x64) (includes ant-spam and SpIDer Mail)

Dr.web Security Space (x86/x64) (+ HTTP Monitor + Parental Control)

Dr.web Security Space Pro (x86/x64) (+ Firewall)

Dr.web Antivirus For Windows Servers (x86/x64)

These are all first Public Beta and there are also x32 versions.

Dr.Web is modular in structure so the download for Windows Workstations includes all the modules for Dr.web Security Space Pro as this is the top product which includes all the new features. If you just want to test anti-virus without firewall then during the installation simply select custom installation option and then deselect any features you don't require. You can deselect the firewall and you can also deselect SpIDer Gate if you don't require the HTTP monitor and so on. When the new programs are out of beta then there will be separate downloads for each product in the range. Bundling all features into a single download makes sense for beta testing.

[mant]

Dr.Web and Kaspersky should MERGE become Dr.KAV

[Macstorm]

Quote:

Originally Posted by mant

Dr.Web and Kaspersky should MERGE become Dr.KAV

[gery]

Quote:

Originally Posted by mant

Dr.Web and Kaspersky should MERGE become Dr.KAV

lol

[Nomad Soul]

Quote:

Originally Posted by Fajo

Unfortunately its just them saying there is changes. There is objectivity like 3rd party independent tests, they pulled out of those once they started failing consistently. I would just like to see good test or 2 would be nice (From a reputable source that is).

Edited.
Typo's

Specially for you)
http://www.shadowserver.org/wiki/pmw...rusYearlyStats

[Edwin024]

A test with G-Data as number last. This is hardly believable when you look at all other tests done with that program participating. And were is Norton in the zero day test? And MSE. Or A2?

[funkydude]

Quote:

Originally Posted by Edwin024

A test with G-Data as number last. This is hardly believable when you look at all other tests done with that program participating. And were is Norton in the zero day test? And MSE. Or A2?

Shadowserver has already been proven extremely out of date, for example, GData uses the Bitdefender engine which scored 85%. Completely ignore these outdated results.

[Fajo]

Quote:

Originally Posted by Nomad Soul

Specially for you)
http://www.shadowserver.org/wiki/pmw...rusYearlyStats

Why are you posting, Trying to get Dr. Web more attention ? You have went through and resurrected the Dr. Web threads of the last 2 months. For practically no reason.

[codylucas16]

I actually am liking Dr. Web. Did some tests on it and it blocked some viruses AVs such as MSE and Avira let through. The CureIt also picked up some trojans on my main PC i didn't even know were there.

[quanzi_1507]

Quote:

That's all nice and dandy, but when is Dr Web gonna look like it's not from the early 80's?

Actually, new Dr.Web products got some really nice GUIs.

Code:

http://www.wilderssecurity.com/showpost.php?p=1523922&postcount=2

Code:

http://news.drweb.com/show/?i=196&c=6&p=1