News of Doctor Web

Components of Dr.Web products 6.0 for Windows workstations updated

Tue, 31 Aug 2010 00:00:00 GMT

August 31, 2010

Doctor Web updated the module for interception of mail and HTTP traffic and SpIDer Mail monitor included in Dr.Web products from the series 6 for protection of Windows workstations. The update provides fixes of a number of known errors.

An issue that might cause memory leaks during operation of the HTTP monitor SpIDer Gate has been resolved. Compatibility of the module with other components of Dr.Web and with third-party applications — in particular, with the Microsoft ForeFront TMG client — has been improved which contributed to more stable operation of the anti-virus and fixed connection interruptions problems.

An error that might cause SpIDer Mail malfunctioning upon sending messages has been fixed.

Dr.Web solutions 6.0 for Windows workstations will be updated automatically. However, a system restart will be required to apply the update.

Green Dr.Web spider for the green Android robot

Thu, 26 Aug 2010 00:00:00 GMT

August 26, 2010

Doctor Web releases its new anti-virus product for mobile devices Dr.Web for Android. While popularity of Android is growing steadily, the experience shows that a growing interest in a certain operating system comes along with the increasing number of malicious programs designed to infect it. The release of Dr.Web for Androlid is a logical step towards expanding the Dr.Web product line aiming to provide protection from cyber-threats for all popular operating systems including mobile platforms.

Dr.Web for Android was in beta-testing for a month since July 26 2010 and got in the TOP list of most popular free applications at www.android.com/market with 130 000 downloads. It shows a strong interest in the new product from Doctor Web and indicates considerable relevance of the security problem for the platform. Several types of malicious programs for Android were discovered in a short period in August 2010. They include modifications of spyware from the AndroidMobileSpy family and AndroidSmsSend species covertly sending paid short messages.

The new product scans the entire file system of a mobile device including the phone’s memory where applications files are stored. Malicious objects detected by Dr.Web for Android are moved to the quarantine.

If the file monitor is running, Dr.Web for Android scans each program installed into the device’s memory as well as each file written onto an SD card automatically.

How to install Dr.Web for Android:

Download the Dr.Web for Android installer.
Connect the mobile device to the computer using a USB data-cable.
Set the device to work as a storage device.
Copy the drweb-600-android.apk file onto the SD card.
Disconnect the mobile device from the computer.
Launch any file manager on the device (e.g. you can use ASTRO from the Android Market).
Navigate to the /sdcard directory and find the drweb-600-android.apk file.
Use the application manager to start installation.

Download Dr.Web for Android from the Android Market:

Use your mobile device to go to the Android Market page.
Find and select Dr.Web for Android.
Press Install.

Users of Dr.Web Anti-virus Pro and Dr.Web Security Space Pro can use Dr.Web for Android free of charge.

Download Dr.Web for Android

The GUI-based scanner in Dr.Web products for Windows series 6.0 updated

Wed, 25 Aug 2010 00:00:00 GMT

August 25, 2010

Doctor Web announced the release of the updated GUI Scanner incorporated in Dr.Web personal and server solutions of the 6.00 series. An error in the scanning notification routine implemented with the previous update has been fixed.

Scanning notifications might reappear even after scanning had been performed, so the issue with the last scan date marker has been resolved. The fix ensures that users receive only relevant notifications.

Dr.Web solutions 6.0 will get the new update automatically.

File monitor in Dr.Web products for Windows series 5 and Dr.Web AV-Desk updated

Tue, 24 Aug 2010 00:00:00 GMT

August 24, 2010

Doctor Web updated the file monitor included into Dr.Web personal and server anti-virus products for Windows series 5.0, Dr.Web Enterprise Suite 5.0 and the Internet-service Dr.Web AV-Desk 5.0. The update provides fixes of several known errors of SpIDer Guard.

In particular, it resolves issues that caused a system crash when the amount of available memory was low and corrects processing of files created by MS InfoPath.

The routines for sending and processing commands for SpIDer Guard from the anti-virus server have been improved in Dr.Web Enterprise Suite.

The update will be automatically downloaded by Dr.Web for Windows 5.0, the Dr.Web anti-virus service software and by Dr.Web Enterprise Suite but a system restart will be necessary to apply the update.

Self-protection of Dr.Web Enterprise Suite and Dr.Web AV-Desk has been enhanced

Wed, 18 Aug 2010 00:00:00 GMT

August 18, 2010

Doctor Web updated the Dr.Web SelfPROtect module included into Dr.Web Enterprise Suite 5.0 and the Internet-service Dr.Web AV-Desk. The updated module already available to users of personal and server products of the Dr.Web 6.0 series for Windows is now delivered to corporate customers and subscribers to the Dr.Web anti-virus service.

First of all, self-protection has been enhanced significantly. In order to protect Dr.Web from new techniques for neutralization of anti-viruses persistently devised by virus makers the developers implemented new routines for countering malware in Dr.Web SelfPROtect.

The update also provides fixes of errors that might result in malfunctioning of the anti-virus. In particular, the issue that might prevent modules of Dr.Web from launching on computers running Windows 7 has been resolved.

The improvements lower the risk of disrupting operation of Dr.Web components substantially and contribute to greater stability of the anti-viruses.

The update will be automatically downloaded by the Dr.Web anti-virus service software and by Dr.Web Enterprise Suite but a system restart will be necessary to apply the update.

The GUI-based scanner in Dr.Web products for Windows updated

Mon, 16 Aug 2010 00:00:00 GMT

August 16, 2010

Doctor Web updated the GUI scanner included into Dr.Web personal and server anti-virus products for Windows, Dr.Web Enterprise Suite and the Internet-service Dr.Web AV-Desk 5.0.

The scanner can now notify a user that he needs to scan the system in seven days after an express scan has been done. The scanner launch time becomes shorter if it has been launched earlier. These improvements contribute to more reliable anti-virus protection of computers.

The update also provides the anti-viruses with a completely reworked routine for curing active infections – now the anti-virus neutralizes infections without making changes to the system that might make it more vulnerable. It also improves security of a system protected by Dr.Web.

Some minor GUI issues have also been resolved and errors have been fixed. Operation of the scanner incorporated in Dr.Web Enterprise Suite and Dr.Web AV-Desk in the safe mode of Windows has been improved.

The update will be automatically downloaded by the anti-viruses.

Dr.Web anti-virus for Unix file servers 5.0 updated

Mon, 16 Aug 2010 00:00:00 GMT

August 16, 2010

Doctor Web announced the release of its updated Dr.Web for Unix file servers 5.0 (Linux, FreeBSD, Solaris). The updated product comes with fixes of errors of Samba SpIDer and defects of the anti-virus daemon, scanner and web-interface.

The cause of library errors under SUSE and CentOS has been excluded. An error that rendered the program non-operational as the path to a target file was duplicated and two path strings were sent to the scanner as one preventing the anti-virus from finding the file has been fixed.

An issue of the anti-virus daemon that might result in its incorrect operation on FreeBSD systems has also been resolved and minor improvements have been done to the web-interface.

To apply the update users of Dr.Web for Unix file servers need to download the updated distribution and install the program.

Updated Dr.Web Firewall more subtle and useful

Thu, 12 Aug 2010 00:00:00 GMT

August 12, 2010

Doctor Web released the completely reworked firewall incorporated in Dr.Web single-user products of the 6 series for Windows. The main innovation implemented in the firewall is the updatable database of trusted applications. With the pre-defined rules for popular programs and for all Windows system services and applications users no longer need to create them manually.

The list of trusted applications is updated regularly providing automation of the firewall’s actions related to programs known to be harmless. The new service for processing all driver messages about network activities will notify the user only about suspicious connection attempts. It also contributes to more stable operation of the firewall even under a heavy load. The new rule creation dialogue now shows only programs unknown to the firewall.

In addition several features that were available in the previous version have been enhanced. Now the firewall operates correctly in multi-user systems, in particular, it supports fast user switching and incorporates the optimized mechanism for interaction with the User Account Control. allowing to avoid multiple system requests after the first authorization.

Besides, compatibility with USB-modems and VPN-connections has been improvised and errors related to integration of the anti-virus with the Windows Security Centre under Windows XP/Vista (Action Center in Windows 7) have been fixed.

Changes have also been done to the user interface. The number of network interfaces displayed in the network connections manager is now unlimited. Users can also create and copy rules in all dialogues.

Errors found in operation of this component have been corrected.

Now Dr.Web firewall is less intrusive, offers simpler rules creation routines and provides stable and reliable protection from network attacks even under a heavy load.

The update will be automatically downloaded by Dr.Web Security Space Pro and Dr.Web Anti-virus Pro but applying the update will require a system restart.

Components of Dr.Web 6.0 products for Windows updated

Wed, 11 Aug 2010 00:00:00 GMT

August 11, 2010

Doctor Web updated several components included in Dr.Web products from the series 6 for protection of Windows workstations and servers (32- and 64-bit). The update increase the overall security of protected systems and improves usability of the anti-viruses.

Improvements have been done to the updating module, anti-virus agent, SpIDer Mail, SpIDer Gate, and Dr.Web SelfPROtect. Below you can find the list of the most important changes delivered with the update.

Issues that might result in updating failures of anti-viruses on servers under Winidows Server 2008 R2 (64-bit) have been fixed.

An issue that caused agent's pop-up windows to appear in areas of the screen where they weren't supposed to be displayed thus interfered with user experience has been fixed.

Important changes have been done to the anti-virus module responsible for the parental control. Now this feature allows users to protect entire local disks (except for the system disk). As a consequence, the self-protection module has also been upgraded to provide maximum protection of data from unauthorized access or deletion. An issue, that resulted in incorrect displaying of LiveJournal web-pages with complex formatting and arose if SpIDer Gate was enabled, has been resolved.

Dr.Web solutions 6.0 for Windows workstations and servers will get the update automatically.

Dr.Web products for protection of mail and Internet gateways under Unix updated

Thu, 05 Aug 2010 00:00:00 GMT

August 5, 2010

Doctor Web updated Dr.Web Mail Gateway, Dr.Web for Unix mail servers and Dr.Web for Internet gateways Unix. The update fixes a number of known errors and provides products with new features that decrease their consumption of system resources and improve performance.

Load balancing is the major change in mail protection products. While receiving and processing of e-mails were earlier performed on one mail servers, now the routines are distributed between several servers that operate simultaneously which improves performance of the products significantly.

A lookups search in Dr.Web for Unix mail server and Dr.Web Mail Gateway can now be performed not only by a full e-mail address but also by its constituents – domain name and user name.

Minior improvements have been done to components of all the products, web-interfaces and documentation.

To apply the update users of , Dr.Web for mail servers Unix, Dr.Web for Internet gateways Unix and Dr.Web Mail Gateway you need to download updated distributions of corresponding products and install them.

Updated distribution of Dr.Web Enterprise Suite 5.0 released

Wed, 04 Aug 2010 00:00:00 GMT

August 4, 2010

Doctor Web announced the release of the updated distribution of Dr.Web Enterprise Suite 5.0 aiming to fix a major error in updating of the anti-virus server repository.

If a slow or unstable connection (including a modem connection) was used for updating, resumed downloading and extraction of files might proceed with errors which in their turn caused an http-error 416 – Requested Range Not Satisfiable that terminated the updating process.

With the error fixed users are guaranteed stable operation and timely updating of the solution.

For changes to take effect download and install the updated distribution of Dr.Web Enterprise Suite 5.0. A detailed description of the updating process can be found in documentation.

Trojan.Stuxnet surpasses blockers in the searing heat of July 2010

Tue, 03 Aug 2010 00:00:00 GMT

August 3, 2010

July 2010 saw the discovery of a large population of Trojan.Stuxnet programs in the wild. These malicious programs take advantage of an alternative autorun mechanism to start from removable media and also make use of digital signatures stolen from popular software developers. It’s also become the norm for malware to use bootkit technologies. Meanwhile, in the face of effective countermeasures, Windows blockers are on the decline, and now criminals are searching for alternatives to paid short messages.

Trojan.Stuxnet gets in through the shortcut loophole

The new malicious program classified by Dr.Web as Trojan.Stuxnet was the summer “blockbuster” that forced anti-virus vendors to mobilize their resources once again. The new Trojan exploits a newly discovered Windows vulnerability and has at its disposal a few novel techniques that allow it to evade Windows defences. It has already proven to pose a real threat; industrial espionage was the first application of Trojan.Stuxnet.1.

The malware installs two drivers into the system. One of them—a file system driver-filter—hides Trojan components on removable media. The second driver injects an encrypted dynamic library into system processes and the programs needed to perform its main task.

Makers of the new Trojan prepared some unpleasant surprises for users. The first one is the aforementioned vulnerability where the malware takes advantage of the flaw in the shortcut handling mechanism of Windows. However, it should be noted that Microsoft responded to the new threat in a timely manner. According to the maker of Windows, 32- and 64-bit versions of Windows beginning with Windows XP and up to Windows 7 and Windows Server 2008 R2 are vulnerable. Criminals can exploit the vulnerability of these MS versions to launch malicious programs on a target machine remotely. In addition, malicious code can be integrated into documents with embedded shortcuts and can be spread by exploiting the vulnerability.

On August 2, 2010, Microsoft issued a critical security update for all affected versions of Windows. If automatic updating is enabled in the system, the update is installed automatically. However, a system must be restarted for changes to take effect.

But the above was not the only surprise; the malicious drivers have digital signatures stolen from developers of legal software. In July, the drivers were fitted with signatures belonging to such companies as Realtek Semiconductor Corporation and JMicron Technology Corporation. Digital signatures allow criminals to install the drivers into the target system in the silent mode.

It’s worth noting that the drivers are not the only things bearing digital signatures; the malicious file that launches from removable media with the exploitation of Windows Shell’s vulnerability also has a digital signature. However, it becomes invalid almost immediately after the Trojan’s initial launch as the embedded counter routine modifies the executable file.

Trojan.Stuxnet.1 quickly attracted copy-cats who exploited the same vulnerability. Such programs are detected by Dr.Web anti-viruses as Exploit.Cpllnk. Within just a few days, these programs ranked at the top of the Top 20 Viruses detected on user machines in July, while Trojan.Stuxnet.1 was the sixth most frequently detected malicious program.

Programs exploiting the vulnerability are found in large numbers in the wild. The trend will probably persist until the security patch is installed on most computers. Doctor Web also promptly added routines for curing the Trojan to its virus database.

Mass use of bootkits

Bootkits are malicious programs that modify the boot sector of a disk, and they are becoming default components of malware. Standard tools for detection of malicious code are unable to reveal if the boot sector has been modified and can only find malicious files on a disk. In such cases, a virus will get into the system again even if it has been cured. The only way to completely neutralize the threat is to restore the boot sector to its original state.

There are few comprehensive anti-virus solutions capable of uncovering boot sector modifications and completely curing the compromised system. In most cases anti-virus developers advise users to solve the problem by means of special utilities. However, a user often doesn’t start searching for another solution since he doesn’t realize that his anti-virus is simply unable to detect that the boot sector of the system disk has been modified.

Trojan.Hashish was among the bootkits that disturbed users in July. In the previous month it had mainly targeted Europeans. The Trojan opened multiple Internet Explorer windows that displayed advertisements even if a different default browser was set in the system. Another perceivable effect of the presence of Trojan.Hashish in the system is the repeated playing of the application launch sound if such a sound is present in the system.

Blockers back off

In July, the blocker epidemics continued on a smaller scale with Doctor Web’s statistics server registering over 280,000 instances of detection of Windows blockers—down from June’s figure of 420,000. The decline is largely the result of the successful implementation of joint countermeasures by users and anti-virus developers, including Doctor Web. As law enforcement agencies and telecom operators cracked down on SMS fraudsters, makers of blockers had to devise other schemes for converting their profit into actual money. They make use of various online payment systems and often provide users with several payment options.

Support requests related to the blocking of social-networking, mail, and search-engine sites increased. By the end of July, the number of these requests exceeded the number of calls related to the blocking of the Windows desktop.

In upcoming months, the number of blockers is expected to shrink even further as payment schemes that don’t involve short messages are now far less effective and law enforcement agencies are paying more attention to the problem. The number of users, who are informed about alternative, free ways to unblock their systems, is also growing steadily.

Other notable species of malware

Various modifications of Trojan.Oficla are being spread over e-mail on a large scale. Messages with attached HTML-files (JS.Redirector) are also being found in mail traffic. Such messages redirect users to advertising and malicious web sites. Increased activity of polymorphic file viruses of the Win32.Sector family has also been registered. Dr.Web has long been known for its ability to cure systems of complex polymorphic viruses. Nonetheless, in June, Doctor Web’s developers optimized routines for better detection of malicious programs of this type. European users are still being plagued by banking Trojans that prompt them to reveal their single-use TAN codes (see the June review for more details) as well as by new variations of fake anti-viruses that inherit the look and feel of their predecessors.

In conclusion, it can be said that anti-virus developers and users didn’t face any insurmountable challenges in July. The prompt release of the security patch by Microsoft will most likely result in a rapid decline in the numbers of shortcut vulnerability exploiters detected by Dr.Web as Exploit.Cpllnk. Since bootkits are now a common feature of malicious programs, anti-virus developers will have to incorporate capabilities for detecting boot-sector modifications into their comprehensive solutions rather than rely on single-purpose utilities. As for blockers and their makers, the figures show that comprehensive countermeasures do yield results

Malicious files detected in mail traffic in July

01.07.2010 00:00 — 01.08.2010 00:00
1	Trojan.Oficla.38	558788 (29,38%)
2	Trojan.MulDrop1.27707	239578 (12,60%)
3	Trojan.Oficla.zip	168193 (8,84%)
4	Trojan.Oficla.33	76344 (4,01%)
5	Trojan.Siggen1.33477	65827 (3,46%)
6	Win32.HLLW.Shadow.based	57468 (3,02%)
7	Trojan.DownLoad1.58681	54228 (2,85%)
8	Trojan.Botnetlog.zip	52785 (2,78%)
9	Trojan.Oficla.45	39496 (2,08%)
10	Trojan.Winlock.1651	33622 (1,77%)
11	Trojan.Inject.8960	26565 (1,40%)
12	JS.Redirector.64	2720 (1,19%)
13	Trojan.Inject.8798	22703 (1,19%)
14	Trojan.Packed.20425	19863 (1,04%)
15	Trojan.MulDrop1.39520	16794 (0,88%)
16	Trojan.Packed.20543	16105 (0,85%)
17	BackDoor.Qbot.20	13834 (0,73%)
18	JS.Redirector.68	13829 (0,73%)
19	Win32.HLLW.Kati	13021 (0,68%)
20	JS.Redirector.based.3	9533 (0,50%)

Total scanned:	11 135 769 221
Infected:	1 901 822 (0,02%)

Malicious files detected on user machines in July

01.07.2010 00:00 — 01.08.2010 00:00
1	Exploit.Cpllnk	485069 (5,94%)
2	Trojan.Siggen.29465	453671 (5,69%)
3	Trojan.AuxSpy.229	421063 (5,29%)
4	Win32.HLLP.PissOff.36864	256127 (3,21%)
5	Win32.HLLW.Gavir.ini	246137 (3,09%)
6	Trojan.Stuxnet.1	233726 (2,93%)
7	Win32.HLLW.Shadow.based	224531 (2,82%)
8	Trojan.DownLoad.32973	180925 (2,27%)
9	Win32.HLLW.Autoruner.5555	177170 (2,22%)
10	Trojan.PWS.Siggen.2674	170996 (2,15%)
11	ACAD.Pasdoc	152498 (1,91%)
12	Trojan.Winlock.472	142707 (1,79%)
13	VBS.Sifil	133643 (1,68%)
14	Trojan.Siggen1.40023	123169 (1,55%)
15	Win32.Sector.16	99146 (1,24%)
16	Trojan.MulDrop.55658	91117 (1,14%)
17	Trojan.Packed.20343	84027 (1,05%)
18	Win32.HLLW.Autoruner.based	77867 (0,98%)
19	BackDoor.IRC.Sdbot.4590	76312 (0,96%)
20	Trojan.DownLoad2.8448	73995 (0,93%)

Total scanned:	61 372 607 281
Infected:	7 966 770 (0,01%)

Mail monitor in Dr.Web products for Windows workstations updated

Mon, 02 Aug 2010 00:00:00 GMT

August 2, 2010

Doctor Web updated the SpIDer Mail monitor included in Dr.Web single-user products for Windows from the series 6. The update resolves issues that might arise upon sending or receiving e-mails due to errors in operation of the monitor.

Main changes include optimized processing of e-mails delivered over IMAP that prevents abnormal termination of the monitor upon receiving a message. An issue that caused blocking of outgoing messages containing Cyrillic symbols has also been fixed. Now the anti-virus recognizes character encodings for various languages.

The update is available for anti-viruses supporting 32 and 64 bit versions of Windows.

Dr.Web solutions 6.0 will download and install the update automatically.

New version of Dr.Web for IBM Lotus Domino for Windows

Thu, 29 Jul 2010 00:00:00 GMT

July 29, 2010

Doctor Web released the 6th version of Dr.Web for IBM Lotus domino for Windows fully compatible with Dr.Web products of the 6.0 series. The new version enjoys improved performance and speed and has a number of known errors fixed.

The new version also provides better integration with the anti-virus agent of the upcoming Dr.Web Enterprise Suite 6.0.

Errors that sometimes might result in abnormal termination of Domino server services or their freezing have been fixed.

In order to install Dr.Web for Lotus Domino 6.0 you need to remove the previous version of the plugin. Make a backup of databases found the Dr.Web directory if necessary.

Detailed information regarding changes and features of the product can be found in Dr.Web for IBM Lotus Domino release notes and documentation.

Dr.Web for Android available for testing

Mon, 26 Jul 2010 00:00:00 GMT

July 26, 2010

The Russian anti-virus vendor Doctor Web launched public beta-testing of the new Dr.Web product for protection of mobile devices running Android.

The new product scans the entire file system of a mobile device including the phone’s memory where applications files are stored. Malicious objects detected by Dr.Web for Android are moved to the quarantine.

If the file monitor is running, Dr.Web for Android automatically scans each program installed into the device’s memory as well as each file written onto an SD card.

How to install Dr.Web for Android:

Connect the mobile device to a computer using a USB data-cable.
Set the device to work as a storage device.
Copy the drweb-600-android-beta.apk on the SD card.
Disconnect the mobile device from the computer.
Launch any file manager on the device (e.g. you can use ASTRO from the Android Market).
Navigate to the /sdcard directory and find the drweb-600-android-beta.apk file.
Use the application manager to start installation.

Doctor Web welcomes all users willing to participate in the beta-testing of Dr.Web for Android.

Software modules of Dr.Web products 6.0 for Windows workstations and file servers updated

Thu, 22 Jul 2010 00:00:00 GMT

July 22, 2010

Doctor Web updated a number of components included in Dr.Web products from series 6 for Windows workstations and file servers (32- and 64-bit). The update improves stability and compatibility of the products with third-party software. It also provides anti-viruses with optimized algorithms for operation of the GUI and wider integration with the Windows Security Centre.

The SpIDer Guard file monitor is now compatible with third-party software, in particular, with the Device Lock solution and enjoys more stable operation. For the SpIDer Mail monitor processing of IMAP traffic has been optimized. An error in the SpIDer Agent module that might make the My Dr.Web item disappear from the menu has been corrected. Now in anti-virus settings a user can specify how often the Windows Security Centre will display notifications if Dr.Web virus databases used by the anti-virus have become outdated.

Dr.Web solutions 6.0 for Windows will be updated automatically. The update will require a system restart.

Support of Dr.Web products 4.44 ends in six months

Tue, 13 Jul 2010 00:00:00 GMT

July 13, 2010

Doctor Web notifies users that support of Dr.Web products version 4.44 will end on January 31 2011. No updates of virus databases and program modules for the products will be released following that date. In order to continue using Dr.Web it is recommended to switch to newer versions of Dr.Web anti-viruses in advance.

Even though the product line 4.44 appeared in 2007 — which by anti-virus standards is quite a along time ago — some customers still use the older versions of Dr.Web anti-viruses for a number of reasons. Doctor Web reminds its customers that upgrading products with valid licenses is free and won't shorten the usage period.

At the same time upgrading guarantees technical support and up-to-date protection at all times and also provides a variety of components and technologies absent in 4.44 products. The HTTP monitor SpIDer Gate, Parental control, enhanced self-protection, the unique non-signature detection technology Origins Tracing come with the products of the series 5 while the new file monitor, built-in firewall and support of 64-bit systems are available in products of the 6th series.

Please, note that Doctor Web strongly recommends upgrading to newer versions of Dr.Web software before January 31, 2011.

Components of Dr.Web 6.0 products for Windows updated

Thu, 08 Jul 2010 00:00:00 GMT

July 8, 2010

Doctor Web updated a number of components included in Dr.Web products from the series 6 for single user and server products for Windows (32- and 64-bit). The update also provides several fixes and improvements. Most significant changes have been done to three components of the anti-virus control module (agent), HTTP-monitor and self-protection module.

An error that sometimes might make the agent freeze while it was operational has been fixed. An issue related to incorrect displaying of menu items has been resolved and interaction between the component and quarantine manager has been improved. An option to display scanning notifications, when a system hasn’t been checked for viruses for a long time, has been added. It allows a user to start scanning immediately or postpone the procedure. Besides, the feature enabling installing desired interface language packs for the installed anti-virus has been added. In the self-protection disable dialogue window a user can now choose to output a captcha code in audio if for dome reason he is unable to see a captcha image.

The updated HTTP monitor SpIDer Gate allows changing its settings without breaking an Internet connection. Compatibility with non-standard http-clients has been improved significantly. Logging control already available for other modules of the anti-virus has been implemented for SpIDer Gate too. Now the HTTP monitor can operate in the proxy mode with corresponding settings accessible over the graphical interface and supports native script domain names. Compatibility of SpIDer Gate with the firewall has been improved and the option to scan archives is now disabled by default.

Errors in operation of Dr.Web SelfPROtect that might prevent Dr.Web modules from launching under Windows 7, cause critical system errors while communicating over the network or memory leaks in network services have been corrected. An issue that prevented playing sound notifications by the anti-virus with the self-protection enabled under Windows Vista and later has been resolved. Yet the self-protection mechanism has been enhanced with new routines to counteract malware.

The graphical interface and help system have been improved for all the three components and the automatic updating module.

Dr.Web solutions 6.0 for Windows will be updated automatically. The update will require a system restart.

Dr.Web virus databases re-released to prevent false detections

Thu, 08 Jul 2010 00:00:00 GMT

July 8, 2010

Doctor Web announced that it re-released virus databases due to changes done to amalware detection algorithms. These changes allow preventing false detections when scanning objects in RAM. The total size of updated databases is 9 MB.

The re-released databases are available on all Doctor Web updating servers and Dr.Web anti-viruses will download them automatically during updating

Dr.Web for Qbik WinGate keeps your network clean

Wed, 07 Jul 2010 00:00:00 GMT

July 7, 2010

Russian anti-virus vendor Doctor Web announced the release of the Dr.Web for Qbik WinGate plugin. This product is integrated with one of the most popular corporate proxy-servers, and, unlike other solutions on the market today, it can scan Qbik WinGate traffic for spam as well as for viruses.

As employees lose work time to cleaning mailboxes full of spam, and system administrators struggle to divide their time between daily routines and tackling viral and spam incidents, the thorough scanning of mail and Internet traffic has become a significant challenge for organizations.

Dr.Web for Qbik WinGate detects and neutralizes any type of Internet threat that could disrupt network operations and breach security systems. The plugin scans HTTP, FTP, SMTP and POP3 traffic.

The product features unique Dr.Web technologies, such as Origins Tracing, that complement the heuristic analyzer for more reliable detection of unknown viruses.

Dr.Web for Qbik WinGate is the only product on the market today for Qbik WinGate that features an anti-spam module. This module requires no training and supports customized actions for different categories of spam and the creation of black and white e-mail address lists. Guaranteed technical support directly from the developer is another significant advantage of this new Dr.Web product.

Ask for demo | Buy from partners | Buy online