Docstoc

White Paper

Document Sample
White Paper Powered By Docstoc
					White Paper

Kaspersky Anti-Virus® Personal Pro 4.5




10 pages


   Date: 30.09.2003

   Version: 1.0

   Status:   Approved
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                                                                       WHITE PAPER




Contents
1.        Introduction .............................................................................................................................................2

2.        General information ................................................................................................................................2

3.        Basic features and functional capabilities..............................................................................................3

4.        Detailed description of the functional capabilities..................................................................................4

    4.1       Real-time protection of file system objects .......................................................................................... 4

    4.2       Checking and disinfecting file system objects..................................................................................... 5

    4.3       Real-time protection of Microsoft Office applications.......................................................................... 5

    4.4       Integrity checking of PC’s hard drives.................................................................................................. 6

    4.5       Checking and disinfecting e-mail ......................................................................................................... 6

    4.6 Real-time protection against malicious dynamic scripts created with VB Script and
    JavaScript........................................................................................................................................................ 7

    4.7       Isolation of suspicious objects.............................................................................................................. 7

    4.8       Update of antiviral bases and of the application.................................................................................. 8

    4.9       User interface ........................................................................................................................................ 8

    4.10       Performance and resource consumption .......................................................................................... 8

5.        System requirements..............................................................................................................................9

6.        Summary.................................................................................................................................................9




1
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                     WHITE PAPER




1. Introduction
              The importance of information security is generally understood nowadays but it does
              not take profound scrutiny to realize that the issue is a complex one. This results from
              both the complexity and diversity of information systems, and from the necessity of a
              comprehensive approach to ensuring security. Kaspersky Lab offers solutions for
              comprehensive protection of personal computers controlled by Microsoft operating
              systems.

              The purpose of the present document is to acquaint the wide range of home users
              and those working in small offices (SOHO) with the functional capabilities of
              Kaspersky Anti-Virus® Personal Pro 4.5.

              Kaspersky Anti-Virus® Personal Pro 4.5 is designed to protect personal computers
              from harmful programs that penetrate via removable and non-removable file media,
              local network resources, e-mail, and Internet protocols.

              The document describes the capabilities of Kaspersky Anti-Virus® Personal Pro 4.5 in
              providing the required level of protection for the information stored on personal
              computers.



2. General information
         Kaspersky Anti-Virus® Personal Pro 4.5 protects personal computers from the activity
         of harmful programs that interfere with normal operation of software and damage
         information stored within the computer file systems.

         Technologies developed by Kaspersky Lab and used in Kaspersky Anti-Virus® Personal
         Pro 4.5 allow implementation of the following features:

                       ─    Real-time antiviral protection of the file system against harmful
                            programs;

                       ─    Search and neutralization of harmful programs on demand;

                       ─    Comprehensive protection of e-mail;

                       ─    Blocking of dangerous scripts downloaded from the Internet;

                       ─    Protection of Microsoft Office applications against malicious macro-
                            instructions (macros)

                       ─    Isolation of suspicious objects in quarantine after saving copies of the
                            initial documents in the backup storage area;

                       ─    Maintenance of up-to-date status of antiviral bases and antiviral engine
                            of the application.

         The computer is protected against harmful activity by means of:

                       ─    Checking the object contents for the presence of signatures of known
                            harmful programs;


2
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                                  WHITE PAPER




                        ─    Use of heuristic algorithms to search for unknown harmful programs;

                        ─    Supervision and blocking of potentially harmful object behavior;

                        ─    Provision of an option to recover, isolate, or delete objects that
                             demonstrate potentially dangerous behavior or contain potentially
                             harmful fragments of code;

                        ─    User notification regarding potentially dangerous behavior or presence of
                             potentially harmful code in objects.



3. Basic features and functional capabilities
              Basic features of Kaspersky Anti-Virus® Personal Pro 4.5 include:

              •    Antiviral functionality

                        ─    real-time monitoring of file system objects;

                        ─    on-demand check-up of file system objects;

                        ─    disinfection of file system objects, memory, and sectors;

                        ─    check-up of mail traffic controlled by Microsoft Outlook, regardless of the
                             protocol used;

                        ─    check-up and blocking of suspicious macros created with Visual Basic
                             for Applications;

                                     !
                                 W
                        ─      NE  check-up and disinfection of Microsoft Outlook and Microsoft
                             Outlook Express mail bases;

                                     !
                                 W
                        ─      NE        cleaning files in the ZIP archives

                        ─    check-up of dynamic VBScript and JavaScript scripts downloaded from
                             the Internet;

                        ─    capability to detect viruses in more than 601 archive formats

                        ─    capability to detect viruses in almost 6002 packing formats.

                        ─    File recovery on hard disks, removable media, and in network resources;
                             recovery of NTFS data stream and boot sectors of disks; recovery of the



              1
               The number of archive and packing formats provided was current at the time this document was composed
              and is subject to increase as new formats appear and as antiviral bases are updated.

              2
               The number of archive and packing formats provided was current at the time this document was composed
              and is subject to increase as new formats appear and as antiviral bases are updated.




3
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                      WHITE PAPER




                            system memory used by processes and objects loaded during boot of
                            the operating system; recovery of embedded OLE objects;

              •   Auxiliary functionality

                       ─    a special Rescue Disk to restore damaged unbootable system;

                       ─    availability of a few scanning tasks with the possibility of both scheduling
                            start-up and setting advanced parameters;

                       ─    advanced mechanism of task scheduling;

                       ─    a special storage area for isolation of suspicious objects – Quarantine;

                       ─    updating from the centralized update relay server;

                       ─    update of antiviral engine and the entire application;

              •   User interface

                       ─    advanced, powerful graphic interface (based on TreeChart technology).

              •   Performance and resource consumption

                                    !
                                W
                       ─      NE   Performance of Kaspersky Anti-Virus® Personal Pro 4.5 has
                            increased almost 3 times in comparison with version 4.0 owing to the
                            proprietary technologies iChecker™ being implemented in the antiviral
                            engine;



4. Detailed description of the functional
capabilities
4.1 Real-time protection of file system objects

              Real-time protection of the PC’s file system is provided by Monitor or On-Access
              Scanner, which analyzes all the requests made to the file system and prevents
              execution of malicious code. In addition, Monitor cleans infected files using the
              antiviral engine.

              To provide real-time protection, the Monitor component carries out the following
              tasks:

                       ─    interception of accesses to file system objects;

                       ─    detection of suspicious and infected objects using the antiviral engine;

                       ─    execution of preset actions in the event that infected or suspicious
                            objects are detected:

                             i.         blocking of infected and suspicious objects;



4
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                       WHITE PAPER




                             ii.   invocation of the antiviral engine for cleaning of infected objects or
                                   for their deletion;

                            iii.   placement of suspicious objects in the Quarantine storage or
                                   deletion of them;

                       ─    user notification regarding the events taking place during the
                            application’s run;

                       ─    gathering of checked objects’ statistics.



4.2 Checking and disinfecting file system objects

              Search and removal of malicious programs on user's demand is carried out by the
              On-Demand Scanner component.

              On-Demand Scanner executes the following tasks:

                       ─    search for infected and suspicious objects in user-defined scan areas;

                       ─    detection of suspicious and infected objects using the antiviral engine;

                       ─    execution of preset actions in the event infected or suspicious objects are
                            detected:

                           i. invocation of the antiviral engine for cleaning of infected objects or for
                                 their deletion;

                           ii. placement of suspicious objects in the Quarantine storage or deletion of
                                  them;

                       ─    user notification regarding the events taking place during the scan;

                       ─    gathering of checked objects’ statistics.



4.3 Real-time protection of Microsoft Office applications

              Real-time protection of Microsoft Office applications is provided by the OfficeGuard
              component, which analyzes macro instructions created with VB for Applications prior
              to their execution and prevents execution of malicious code.

              To provide real-time protection, the OfficeGuard component carries out the following
              tasks:

                       ─    real-time scanning of attempts to execute VB for Applications macros;

                       ─    checking the program code during macros execution for presence of
                            macro instructions included in the list of suspicious commands;

                       ─    user notification in the event that an attempt to execute macros detected
                            macro instructions included in the list of suspicious commands;



5
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                     WHITE PAPER




                       ─    execution blockage of individual macro instructions and macros that
                            contain macro instructions included in the list of suspicious commands;

                       ─    gathering of checked macros’ and macro instructions’ statistics.



4.4 Integrity checking of PC’s hard drives

              Integrity checking of hard drives is provided by the Inspector component, which
              tracks changes in the contents of files and directories. It can be used as additional
              anti-virus tool or as means of controlling disk contents.

              During subsequent runs Inspector performs the following tests:

                       ─    the DOS memory size and INT 13h handler address are checked for
                            changes.

                       ─    the master boot record and boot sectors are checked. The master boot
                            record is checked when testing all logical drives. If the saved copy and
                            the actual contents of these sectors do not match, the program
                            recommends that you restore the sector that has been changed. You
                            can compare the current and previous saved data using a built-in viewer.

                       ─    the bad clusters list is verified. Some viruses are known to mark a good
                            cluster as bad and then use this cluster to save their own code and data.
                            If new bad clusters have recently appeared Inspector issues a warning.

                       ─    the disk directory tree is verified. New and changed directories are
                            scanned.

                       ─    files are checked. New, deleted, renamed, moved and modified files are
                            scanned for changes in size, date and time of creation and last
                            modification, and file CRC.

              All the changes that are detected within files and disk sectors are analyzed and
              categorized as harmless or suspicious. Inspector provides information about all
              changes it detects. You can view this information in a dialog box or save it to disk for
              later viewing. In case of suspicious changes which may indicate the presence of a
              virus Inspector issues a virus attack warning.



4.5 Checking and disinfecting e-mail

              Real-time protection of workstation users' e-mail is provided by the MailChecker
              component, which analyzes requests for sending and receiving of electronic
              messages. It also prevents both penetration of malicious code into the user’s mailbox
              as well as sending of suspicious or infected objects.

              The MailChecker component cleans infected messages using the antiviral engine.

              To provide real-time protection, the MailChecker component carries out the following
              tasks:

                       ─    interception of messages sent and received by Microsoft Outlook using
                            any mail protocol;

6
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                    WHITE PAPER




                       ─    detection of suspicious and infected objects, either in attachments or in
                            the message’s body, using the antiviral engine;

                       ─    execution of preset actions in the event that infected or suspicious
                            objects are detected:

                           i. invocation of the antiviral engine for cleaning of infected parts of
                                 messages or for their deletion;

                       ─    informing both the user and sender of the message that infected or
                            suspicious message parts were detected;

                       ─    user notification regarding the events taking place during the
                            application’s run;

                       ─    gathering of checked messages’ statistics.

              Checking and cleaning mail bases can also be carried out in the usual mode of file
              system objects’ scanning and checking.



4.6 Real-time protection against malicious dynamic scripts created with VB Script and
JavaScript

              Real-time protection against malicious dynamic VB Script and JavaScript scripts is
              provided by the ScriptChecker component, which analyzes the scripts prior to their
              execution and prevents execution of malicious code.

              To provide real-time protection, the ScriptChecker component carries out the
              following tasks:

                       ─    real-time scanning of attempts to execute dynamic VB Script and
                            JavaScript scripts;

                       ─    checking script program codes prior to execution by the script handling
                            module of the operating system and Microsoft Internet Explorer;

                       ─    blockage of dangerous and suspicious scripts;

                       ─    gathering of checked objects’ statistics.



4.7 Isolation of suspicious objects

              Any suspicious objects are isolated by the Quarantine components, which make
              possible secure isolation of malicious code for the purpose of its further analysis in
              Kaspersky Lab. These components also enable the development of methods for a
              malicious code’s secure detection and disinfection.

              The Quarantine components carry out the following tasks:

                       ─    saves detected suspicious objects;

                       ─    saves suspicious objects on demand;


7
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                         WHITE PAPER




                       ─    restores objects from the Quarantine on demand.

              The duration of quarantine can be limited so as to cut down on the resources required
              to store the objects.



4.8 Update of antiviral bases and of the application
              Maintaining up-to-date antiviral bases is a central element of antiviral protection.
              Antiviral bases are updated by the Updater component, which downloads the latest
              updates from Kaspersky Lab’s servers. In addition, this component is in charge of
              updating the application as a whole.

              The Updater component carries out the following tasks:

                       ─    downloads updates from Kaspersky Lab’s servers;

                       ─    updates antiviral bases;

                       ─    updates the application’s components;

                       ─    relays the updates to other applications included in the comprehensive
                            antiviral system;



4.9 User interface
              Kaspersky Anti-Virus® Personal Pro 4.5’s easy-to-use user interface enables the PC
              user to run the following tasks:

                       ─    Review information regarding the status of antiviral protection;

                       ─    Launch tasks of file system objects’ scanning;

                       ─    Update the application’s antiviral bases.

                       ─    Create and launch tasks of file system objects’ scanning;

                       ─    Schedule the tasks of file system objects’ scanning and updates;

                       ─    Update both antiviral bases and the application’s components;

                       ─    Review the results of the tasks and the events log;

                       ─    Review the contents of the Quarantine storage areas;



4.10     Performance and resource consumption
              Thanks to its new iChecker™ technology and owing to the antiviral engine’s latest
              version, the application’s performance has considerably increased while, at the same
              time, its resource consumption has decreased.




8
KASPERSKY ANTI-VIRUS® PERSONAL PRO 4.5                                                      WHITE PAPER




5. System requirements
              Hardware:

                       ─    Intel Pentium processor or higher.

              Supported operating systems:

                       ─    Windows XP Home Edition, Service Pack 1 or higher;

                       ─    Windows XP Professional, Service Pack 1 or higher;

                       ─    Windows 2000 Professional, Service Pack 2 or higher;

                       ─    Windows NT 4.0 Workstation, Service Pack 6a;

                       ─    Windows ME;

                       ─    Windows 98.



6. Summary
              The latest version of Kaspersky Anti-Virus® Personal Pro 4.5 offers a full range of
              functional capabilities required of present-day personal computers’ anti-virus
              applications, including real-time scanning of the file system, on-demand file system
              checking, real-time scanning of e-mail, real-time protection of office applications, real-
              time protection against malicious scripts, real-time periodic antiviral bases updating,
              work as part of a comprehensive antiviral protection system, and storage of both
              suspicious objects as well as copies of changed objects.

              Thanks to the new proprietary technologies, the application’s overall performance is
              increased while its system requirements are lowered.




9

				
DOCUMENT INFO