Signature-less real time protection against malware

NovaShield announced NovaShield AntiMalware version 2.0, a behavior-based security software for Windows XP and Vista designed specifically to detect, block, and remove sophisticated and rapidly morphing malware such as drive-by-downloads, Trojans, keyloggers and rootkits, as well as traditional threats such as viruses and worms.

For years, anti-virus solutions have focused on identifying malware by using signatures as a tag to mark and quarantine known threats. Within the last 18 months, however, research shows the average size of signature databases having doubled and, in some cases, tripled. Soaring into the hundreds of thousands of signatures, bloated databases result in longer scan times, added memory consumption, and higher false positive rates.

Based on research at the University of Wisconsin’s leading computer science and security lab and with backing from the National Science Foundation, NovaShield AntiMalware approaches malware detection through a unique form of behavior-based threat detection called specification-based monitoring. Whereas traditional signature-based anti-virus solutions rely on hundreds of thousands of policies to detect potential threats and require an average 19-day window of exposure before a new infection can be detected, removed and blocked, NovaShield AntiMalware’s underlying Secure Activity Filtering Engine (SAFE) technology employs fewer than a dozen generalized policies that identify malicious activities in real-time.

NovaShield AntiMalware version 2.0 incorporates:

  • Enhanced Kernel modules to monitor file, registry, network and process activity for all programs running on the host
  • Policy engine that analyzes activities captured by the kernel modules and detects – in real time – malicious activities associated with malware
  • A remediation process that quarantines and/or removes every detected malware and all associated malicious activities (e.g., files and registries changes)
  • An improved whitelisting feature to allow users to customize the system.



Share this