Anti-Virus & Content Security

eScan v14 Whitepaper

Created: November, 2012

Document Version No.: ESN(14.0.0.1)

Anti-Virus & Content Security

www.escanav.com

The objective of this whitepaper is to give readers an inside view of the growing threats that users across the world are facing and what eScan is doing to keep its users protected round the clock. With the ever evolving threat landscape users are busy scraping for products that can help protect them from current as well as future threats. The expanding reach of the Internet and the very nature of IT security have changed dramatically over the last couple of years. This has also brought in a breath of new technologies, services and capabilities usable for users around the Web. Both small and large businesses have found the web increasingly useful as it has allowed them to widen their reach both locally and internationally. This dramatic shift has in-fact left a gaping hole as far as endpoints are concerned.

What Is Endpoint Security?

Endpoint security can be defined as a way and mean to make computing devices within small and large businesses comply to predefined standards before access is granted. Endpoints can include anything from PCs to Laptops to Smartphone's to even Tablets. It can also include devices such as barcode readers, pen drives, printers or Point of Sale terminals. Endpoint: An endpoint can basically comprise of an individual's PC or a device that either acts as a client or workstation or even a personal computing device. Security: The term 'Security' is probably one of the most important factors surrounding businesses. While there is no single point of definition to explain the term 'Security', it is however the most important factor to address. As far as businesses are concerned, the main point of focus would be as follows: Controlling access points to networks and systems Knowing the purpose of access Knowing the type of access Knowing the type of tasks permitted by the access Security includes protection from threats to property, safety, and privacy; as well as the management and mitigation of risks due to exposure to these threats. With that said, the ultimate goal of any organization is to maintain a safe productive level which finally results in minimizing loss due to security incidents.

1.

Anti-Virus & Content Security

www.escanav.com

The Growing Threat to Users

It's a known fact that the threats to endpoints are a major concern to businesses as well as users. With cyber criminals using endpoints as a vector to spread malware, the need to secure endpoints is of utmost concern. Threats such as viruses, Trojans, Worms, keep evolving and take advantage of a growing number of unpatched vulnerabilities. These could be anything from buffer-overflows to keystroke loggers to instant messaging worms to even vulnerabilities in the security software. Enterprises and users end up with extreme vulnerability to a bewildering array of threats that increase each day. Endpoints are where the typical enterprise conducts most of its business, and disruption to endpoints is a huge impact to enterprises in terms of cost and lost productivity. Since endpoints are now a primary target of these threats, enterprises and users are forced by necessity to confront Endpoint security as a core issue.

Proactive Behavior Monitoring

So how do we put a lock on such threats? To shutdown this vulnerable window of opportunity for hackers, eScan comes with Heuristics or proactive detection method which doesn't totally rely on traditional signatures to detect malware. So rather than being a simple fingerprint or signature based scanner, the implementation of Heuristics allows the eScan engine to study the behavioral pattern of all running or executed application. This works because malicious programs inevitably attempt to perform actions that legitimate applications do not. Examples of suspicious behavior would include attempting to drop files, disguise processes, replication or execution of code in another process's memory space. Because heuristic scanners look for behavioral characteristics rather than relying on simple patternmatching, they are able to detect and block new and emerging threats for which a signature or fingerprint has yet to be released. Here is a brief example of how the eScan Engine works in the background:
? Each time a file is accessed, copied or downloaded via the

Web, e-mail or Instant Messenger, the file is intercepted by eScan's real-time monitor and sent for scanning. ? The file is then checked against pre-defined signatures that

2.

Anti-Virus & Content Security

www.escanav.com

are continuously updated by the minute. If the file contents match one of the signatures, the product automatically tries to disinfect the virus. If this action fails, the file is moved to the quarantine folder. If no signature is matched, the file is passed to Heuristics to be checked. ? The file is then checked by executing it in a virtual environment within the eScan Engine. If the file exhibits suspicious, malware-like activity, Heuristics reports the file as malicious. If not, the file is declared clean and the relevant process is allowed to run. ? The eScan Heuristics Engine (when enabled) monitors the actions of the processes (specific processes) as they are executed on the computer. It analyses the behavioral pattern and gives a certain score for each action that gets performed. When the overall score for a process reaches a given threshold, the process is reported as harmful.

eScan Security Network (Cloud Protection)

For the last 25 years, Anti-Virus protection has solely been based on signature based analysis and heuristics analysis. This whole process of analyzing malware by analysts was rather flawless until the number of malware released in the wild went up to a staggering 65,000 (approximate value) a day. To curb this growing malware threat, eScan has developed a cloud based technology called eScan Security Network (ESN). This technology can automatically analyze, classify, detect and quarantine 99.99% of new malware we receive every day at our labs, keeping our clients protected in real time. When it comes to detecting new malware, ESN ensures a prompt response and an advanced level of detection that provides superior protection. eScan Security Network is not only capable of detecting and blocking unknown threats but can also locate and prevent zero-day threats and phishing attempts. With eScan Security Network, users get: ? Additional level of protection ? Application reputation ? Web reputation eScan Security Network is a state-of-the-art technology implemented in the latest versions of eScan products. When it comes to detecting new malware, ESN ensures a prompt response

3.

Anti-Virus & Content Security

www.escanav.com

and an advanced level of detection that provides superior protection. eScan Security Network is not only capable of detecting and blocking unknown threats but can also locate and prevent zero-day threats and phishing attempts. Current threats such as viruses, worms, Trojans & phishing have posed as major threats to the normal functioning of computers and to the information stored in them. These kinds of threats are constantly evolving, thus challenging the current security standards laid by security products.

Rescue Mode
The use of bootable CDs has been long used for a number of years. While it has worked flawlessly, there are a number of reasons to dump this method. Figuratively speaking, 98% of the users overlook the need to create a bootable CD, making it difficult to clean and remove stubborn malware. To get around this, eScan comes with a Rescue Mode feature that creates a secure bootable partition during installation. This method allows the user to boot into a secure environment during system startup eliminating the need for creating a bootable disc. The user can now scan, clean and fix registry changes made by viruses and rootkits.

Safe Mode Password Protection

Safe mode protection is one of the most overlooked factors in terms of security. Although useful for troubleshooting Windows related issues, it can be used to bypass security software which otherwise helps secure your PC from malware. To prevent unauthorized access, eScan comes with a Safe Mode Password Protection feature. When enabled, the user will not be allowed to boot into Safe Mode without entering a valid password.

USB Vaccination
To prevent malware from writing to USB based devices, eScan's USB Vaccination disables Windows Autorun.INF file. The vaccination is designed to permanently block the execution of Autorun.INF file, thus preventing it from being created, modified, deleted or even read. This basically prevents Windows from automatically executing malicious files that might be stored in USB drives. The whole functionality of the drive remains the same and can be used to copy to/from it.

4.

Anti-Virus & Content Security

www.escanav.com

Web Anti-Phishing
Phishing has grown in complexity in the last couple of years. From sending spoofed mails to spamming IM accounts, the world of phishing has grown 10 times from what it was. Hosting of malware on legitimate sites by rewriting bits of code is all that it takes to infect unsuspecting users. To help curb this growing threat eScan comes with both static and dynamic phishing filter. Both filters work in tandem that protect users from accessing sites that host malware, irrespective of whether the site is legitimate (in the event of a hack) or not. The static filter works by referring to a predefined set of policies that come with every update. The dynamic filter on the other hand checks all known and unknown links by making use of our eScan Security Network. Each link is compared and analyzed against millions of connected eScan users worldwide, thus nullifying the possibility of tagging a legitimate website as malicious or vice-versa. Looking at the ongoing trends of the malwares, and other attacks, it is more than important that you have a special team which constantly monitors the internet and the infection vectors, to mitigate the attacks carried by malware writers; you need to be one step ahead of them. That being said, you need to have an infrastructure to carry on R & D on these attacks. We have experienced skilled people who do R & D on ongoing malware trends and help developing methods to mitigate those attacks. As a result of which we have innovated eScan Security Network, which adds another layer in anti-virus protection. This additional layer of protection ensures a prompt response and an unprecedented detection level that enhances the overall protection. eScan Security Network falls in as one of the most prominent feature within our SOHO products, continuously monitoring and providing analysis of real-life threats on a global scale, thus protecting all connected eScan users against new and emerging malware.

5.

Anti-Virus & Content Security

www.escanav.com

Our Offices
USA: MicroWorld Technologies Inc. 31700 W 13 Mile Rd, Ste 98 Farmington Hills, MI 48334, USA. India: MicroWorld Software Services Pvt. Ltd. Plot No.80, Road No.15, MIDC, Marol, Andheri (E), Mumbai- 400 093, India. Tel: +91 22 2826 5701 Fax: +91 22 2830 4750

Tel: +1 248 855 2020/2021 Fax: +1 248 855 2024. TOLL FREE: 1-877-EZ-VIRUS (USA Only)
E-mail: sales@escanav.com Web site: www.escanav.com

E-mail: sales@escanav.com Web site: www.escanav.com

Germany: MicroWorld Technologies GmbH Drosselweg 1, 76327 Pfinztal, Germany. Tel: Fax: +49 72 40 94 49 0920 +49 72 40 94 49 0992

Malaysia: MicroWorld Technologies Sdn Bhd. (722338-A) E-8-6, Megan Avenue 1, 189, Jalan Tun Razak, 50400 Kuala Lumpur, Malaysia. Tel: Fax: +603 2333 8909 / 8910 +603 2333 8911

E-mail: sales@escanav.de Web site: www.escanav.de

E-mail: sales@escanav.com Web site: www.escanav.com

South Africa: MicroWorld Technologies South Africa (Pty) Ltd. 376 Oak Avenue, Block C (Entrance at 372 Oak Avenue), Ferndale, Randburg, Gauteng, South Africa.

Brasil:
eScan Brasil Ltda

Rua Augusta, 1836 - 7o Andar CEP 01412-000 - So Paulo - SP Brasil.

Tel: Local 08610 eScan (37226) International: +27 11 781 4235 Fax: +086 502 0482 E-mail: sales@escan.co.za Web site: www.escan.co.za

Tel: Fax:

+55 11 4063 6500 +086 502 0482

E-mail: vendas@escanbr.com.br Web site: www.escanbr.com.br

6.