|
| |
From the creator:
DiamondCS WormGuard is the future of scanning. It is an advanced heuristic
file analyzer that will protect your computer from accidental execution of a
hostile script or malicious application - and specifically, worms. Being
transparent, you won't even know WormGuard is there until the day comes when you
run something that perhaps you shouldn't.
WormGuard acts as an anti-worm front-line system on your machine. It will
generically and heuristically detect worms before they are allowed to execute,
and is a vital component of any Microsoft Windows system.
When WormGuard is installed and you try to execute a file, the operating system
will ask WormGuard if the file is ok to run. For the file to run, WormGuard must
answer with "yes". There is no time limit for WormGuard to do this - the
operating system will simply wait until WormGuard has responded with yes or no.
This type of low-level hooking means that when a file is executed, WormGuard has
the power to block the execution if the file is deemed hostile.
When a file is executed, WormGuard will be asked by the operating system to test
the file. At this point, WormGuard must determine what sort of file is being
asked to execute, in order to perform the appropriate tests. When the file type
has been established, WormGuard will activate an internal subsystem which begins
a serious of tests that are related to that file type.
WormGuard uses three core systems for the initial testing sequence, which are
file type-specific tests.
- Advanced Script Analysis Engine (ASAE), used against .VBS, .JS, .HTA, .HTM/L,
.WSH files. This engine will actually analyse the script source code to
determine what it is capable of doing, and compile a human-readable report of
it's findings.
- Macro Detection/Interpretation (MD/I)
Used to test all Macro-capable file types, such as .DOC, .MDB, .XLS and many
others.
- Command File Interpretation (CFI), used to test .COM, .BAT, .PIF and .CMD
files before the are passed to the DOS-subsystem for processing.
After the core testing is complete, global subsystems are activated to test the
file at a deeper level.
- Global Macro Interpretator (GMI) - activated when a macro of any type is
detected, to check for hostile code that is common across all macro formats.
- Advanced Deep Search & Interpretation (ADSI) Engine is capable of identifying
IRC worms as being "probable" or "near-definite". It is capable of detecting
some key-loggers, programs that automatically start on Windows load,
password-stealers, and more.
- Filename test, to make sure the filename doesn't contain any excessive spaces
or multiple extensions (common vulnerabilities that worms exploit to make files
appear of a different nature).
The testing is usually complete in the blink of an eye.
Download Now
(1,518 KB)
|
