A new anti-virus (AV) product, Sharknet, seeks out actual virus code, says Julian Munro, owner of Edge PC.
Munro, whose company is the local distributor of Sharknet, says most AV software seeks out viruses in the wrong way as it is designed to locate virus names or signatures.
"Each virus generally has its own signature, and existing AV software is designed to seek out that name or signature. It`s a lot like putting up the photo of a criminal on the wall, so people know who to look out for. But this doesn`t really work in the AV environment."
Sharknet works by opening up all files and analysing their behaviour in a safe environment. "It`s the logical way to do it. Rather than looking at what the file says, Sharknet looks at the file`s intentions."
Munro adds that Sharknet will not need frequent updating, an area that he feels is problematic. "When a virus comes out, it hits 20 million or 30 million PCs, and then the update comes along a day later. But by then the damage is already done. I think that`s why Sharknet is advantageous: it`s not always playing catch-up."
At present, there are two methods of preventing virus attacks. The first, heuristics, is where a scanner analyses the actual programme code to look for behaviour typical of attacks, rather than simply searching for a virus signature. The second approach is reactive, using a system that looks for behaviour - such as modifications of system files, that would be representative of attacks - and stops it in real-time.
While heuristics has emerged as another method of seeking out viruses, it is not as effective as it should be, says Munro. "Heuristics is basically null and void as far as I`m concerned. It can work, but virus creators are just too clever. They know what type of code heuristics will search for and change it accordingly so that it won`t be detected as a virus. If heuristics really worked, there wouldn`t be a problem with viruses anymore. At the moment, companies have had to tone down their heuristics level because they were just being bombarded with false positives.
"Sharknet is two or three generations ahead of heuristics. It actually opens up all files in a safe environment and sees what it does. If it is a virus, it is then deleted."
Although he is optimistic about the product`s success, Munro concedes that the AV market is a difficult one to enter. "There is a lot of scepticism around AV companies. Some people actually think [the companies] design viruses themselves to boost their customer base. But we`re still optimistic. We`ve worked on this product for three years, and our false positives are almost non-existent."
Sharknet is aimed at medium to large companies, and a version for individual use is on the way. The product will retail at slightly over $1 000 (R6 000), with an annual subscription fee of $500 (R3 000) after the first year.
Share
