Saturday, February 6, 2010

Introducing Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.





The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.


Benefits of the Isolated Sandbox


* Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

* Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

* Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

* Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

Download Sandboxie

Source: www.sandboxie.com/

What Is Heuristic Scanning And Why Is It Important?


Generally speaking, there are two basic methods to detect viruses - specific and generic. Specific virus detection requires the anti-virus program to have some pre-defined information about a specific virus (like a scan string). The anti-virus program must be frequently updated in order to make it detect new viruses as they appear. Generic detection methods however are based on generic characteristics of the virus, so theoretically they are able to detect every virus, including the new and unknown ones.

Why is generic detection gaining importance? There are four reasons:

1) The number of viruses increases rapidly. Studies indicate that the total number of viruses doubles roughly every nine months. The amount of work for the virus researcher increases, and the chances that someone will be hit by one of these unrecognizable new viruses increases too.

2) The number of virus mutants increases. Virus source codes are widely spread and many people can't resist the temptation to experiment with them, creating many slightly modified viruses. These modified viruses may or may not be recognized by the anti-virus product. Sometimes they are, but unfortunately often they are not.

3) The development of polymorphic viruses. polymorphic viruses like MtE and TPE are more difficult to detect with virus scanners. It is often months after a polymorphic virus has been discovered before a reliable detection algorithm has been developed. In the meantime many users have an increased chance of being infected by that virus.

4) Viruses directed at a specific organization or company. It is possible for individuals to utilize viruses as weapons. By creating a virus that only works on machines owned by a specific organization or company it is very unlikely that the virus will spread outside of the organization. Thus it is very unlikely that any virus scanner will be able to detect the virus before the payload of the virus does its destructive work and reveals itself.

Each of these scenarios demonstrates the fact that virus scanners can not recognize a virus until the virus has been discovered and analyzed by an anti-virus vendor.

These same scenarios do not hold true for generic detectors, and therefore many people are becoming more interested in generic anti-virus products. Of the many generic detection methods, heuristic scanning is currently becoming the most important.

How Does Heuristic Scanning Perform ?

Heuristics is a relatively new technique and still under development. It is however gaining importance rapidly. This is not surprising as heuristic scanners are able to detect over 90% of the viruses without using any predefined information like signatures or checksum values. The amount of false positives depends on the scanner, but a figure as low as 0.1% can be reached easily.

What To Look For In Antivirus Software


With up to 100 new malware threats being discovered per day, antivirus software is, for many home computer users, the primary method for protecting their computer from threats.

Many computers come with some sort of antivirus software, often a trial version, installed. Unfortunately, many users fail to properly configure the antivirus software or keep it up to date, and many may let the antivirus software expire without even realizing their computer is no longer protected against current malware threats.

This article provides a listing of some of the key features or functions that are commonly found in antivirus software.

* Realtime Scanner: The antivirus software realtime scanner monitors network data as it is coming into the computer to intercept any malware as it enters your system.

* On-access Scanner: The on-access scanner does what its name implies- it scans files as they are opened or accessed to detect any malware.

* On-Demand Scanner:The on-demand scanner provides the ability to perform a custom scan of a file, folder or drive initiated by the user.

* Heuristic Scanner: Antivirus software typically has a heuristic scanner as well. Heuristic scanning uses what is known about existing malware and what it has learned from past experience to identify new threats even before the antivirus vendor creates an update to detect it.

* Compressed File Scanner: Some malware may come inside a compressed file such as a ZIP file, or may even be embedded in a compressed file within a compressed file and so on. Most antivirus programs can scan within a compressed file. The better programs may be able to scan many levels deep to detect malware even if it is buried within multiple compressed files.

* Scheduled Scans: Most antivirus software provides some method of creating a schedule to set when the software will automatically perform a scan. Some antivirus programs may restrict what sort of scans can be scheduled, while the more flexible programs allow you to run any type of pre-configured or custom scan at the scheduled time.

* Script Blocking: Script languages are frequently used to execute malicious code from web sites. Many antivirus programs have the ability to monitor Java, ActiveX, Visual Basic and other script files and detect and block malicious activity.

* POP3 Email Scanning: The ability of the antivirus software to monitor incoming and/or outgoing POP3 email traffic and the associated file attachments to detect and alert about virus or other malware threats.

* Webmail Protection: The better antivirus programs can monitor web-based email traffic such as Hotmail or Yahoo! Mail to detect and block malware in file attachments.

* Instant Messaging Protection: Many worms and other malware can now be spread through instant messaging programs such as AOL Instant Messenger (AIM) or Yahoo! Messenger. Some antivirus software will monitor instant messaging traffic to detect and block malicious threats.

* Automatic Virus Updates: One of the biggest problems users have with antivirus software is simply keeping it up to date. Most antivirus software can be configured to automatically connect with the vendor site and download new updates on a regular basis.

* Automatic Program Updates: The scan engine(s) and program itself may periodically be updated to add functionality to detect newer threats. Many antivirus software programs can be configured to automatically check for new updates and download and install them if they are available.

Source: www.about.com