December 12, 2011

Doctor Web—the Russian anti-virus vendor—is pleased to present the cross-platform Dr.Web Virus-Funding Engine that provides dramatically increased scanning speed, intelligent resources consumption and improved protection from HTML, JavaScript and PDF threats powered by the ScriptHeuristic technology. Dr.Web Desktop Security Suite, Dr.Web Anti-virus, Dr.Web Security Space and Dr.Web Server Security Suite (no Control Center) and Dr.Web CureIt! and Dr.Web CureNet! utilities become the first products that incorporate the new engine.

Scanning speed

A significant boost in scanning speed is one of the key new engine advantages that will be appreciated by users. Dr.Web Virus-Finding Engine showed a several-fold increase in speed compared with the previous engine when tested on a 3 tera-byte test file collection in Doctor Web's anti-virus lab. A four-time speed boost was demonstrated on test systems similar to present-day desktop computers. The new virus database format and improved object scanning algorithm allowed the engine to achieve such an impressive result.

Performance

The new engine supports dynamic memory use, so the amount of memory allocated to the anti-virus changes depending on the system performance and concurrent user and system tasks. Memory allocation is performed in real time, so the system performance doesn't decrease while the anti-virus extracts large files. Anti-virus operation in multi-core systems has been optimized similarly.

"The new system resource manager estimates current system load before utilizing resources for scanning. The Scanning Engine service controls engine memory operations and decides whether the engine should be given all the memory available or make sure users can perform their tasks undisturbed The new engine can also determine a reasonable scanning depth for a particular object, so valuable system resources won't be wasted", Konstantin Yudin, Doctor Web Windows anti-virus project manager said.

ScriptHeuristic and other detection technologies

The ScriptHeuristic technology has been implemented in the Dr.Web Virus-Finding Engine heuristic analyser for the first time. Now malicious code in HTML and PDF-documents—the most common threat nowadays—can be found faster. The anti-virus can also extract and analyse invisible iframes. With the new engine, signature-based scan takes into account JavaScript syntax.

The structure entropy technology implemented in the new anti-virus engine is truly unique and serves as an alternative to the signature-based search. It significantly improves malware detection.

"As far as Dr.Web Virus-Finding Engine innovations are concerned, first of all I would say a few words about the structural entropy analysis. The new analysis algorithm is used to detect viruses by similar file data structure. Application of this algorithm results in a far greater system protection against regularly repacked Trojan horses. The optimized heuristic analyser is another technical upgrade allowing Dr.Web to detect obfuscated JavaScript exploits in HTML and PDF files", Igor Zdobnov Doctor Web's leading virus analyst said.

The unique universal unpacking technology FLY-CODE has been used in Dr.Web products before but with an upgrade providing a 30% scanning time decrease and new heuristic analysis algorithms it achieves almost one hundred percent probability for detection of well protected Trojan horses. An enhancement in Origins Tracing™ allows to use this technology for scanning DEX-files (Android).

The update is available for Dr.Web anti-virus, Dr.Web Security Space, Dr.Web Desktop Security Suite and Dr.Web Server Security Suite series 6 and 7. The update will be downloaded and installed automatically. To use the updated Dr.Web CureIt, you can download it from Doctor Web's site. Dr.Web CureNet! users only need to start the updating module.