We've developed a new way to fight malware (adware, spyware) and clean up infected Windows PCs. Our product is installed at the driver level, between the OS and the hard drive (HD). It builds a "causal" XML database of all HD activity on the machine: object A created B which created C, and so on. You can use this to trace any file back to where it came from. Even, for example, back to the Web site from which it was downloaded -- perhaps without your knowledge via a browser exploit! Our testing indicates that if our product is installed before an infection, we can clean the machine completely with one click. This goes for rootkits as well as ordinary adware.
There is some interesting recursive stuff here -- because we sit between the OS and the HD, we can prevent the bad guys from modifying our code or data.
You can download the free beta version here: www.robotgenius.net
Robot Genius has created a set of tools for securing and managing your PC. Spyberus allows you to monitor all files installed on your machine, and to eliminate any misbehaving or unwanted software. Popup ads and windows can be easily traced to offending malware, and the entire group of infected files deleted in one click! Spyberus is installed in a layer between your Windows operating system and the hard drive itself. Nothing can get onto your drive without going through us.
4 comments:
Steve,
congratulations to your product.
Looks like a nice idea.
I have one question: How do you know when to stop?
Assume I install Firefox, then download an application which then installs spyware.
How do you know to remove the spyware only and not also the application (e.g. Kazaa) and not also Firefox.
I guess if you have a tree whcih shows taht Firefox was used for other stuff as well, but how do you prevent unwanted removals in general?
Wolfgang,
The removal process is not automated yet. That makes the product harder to use than other products which just have a "scan" button. You need to identify which branch of the tree is bad and how far back to go with removal. This isn't as hard as it sounds, since we give you tools to identify popups, windows or icons with paths in the database. Most infections will look like paths that terminate in suspicious looking URLs (e.g., installed by FireFox, but from a site you don't recognize).
As is, the product is probably more likely to be used by an IT professional (e.g., at a company) than by a home user. On the positive side, you are guaranteed to get rid of all the bad stuff along any branch.
In the future we plan to partially automate with some classification data (by URL, fingerprint hash, etc.). However, scanning by pattern is tough with malware since it changes quite frequently. Unlike viruses, which have live on their own in the wild, malware can be modified frequently by whoever controls the server that delivers the infections.
Any further comments or questions would be very welcome!
It seems that there's conflict with Internet Explore, I might be wrong.
Why use an XML database?
Post a Comment