Tuesday, February 10, 2009

Robot Genius, PC Armor



The consumer version of the Robot Genius security client is now available, distributed by our partner DDT as the product PC Armor (PCA). It should be in a number of big box retailers (e.g., Staples) within the next 30 days. See PC Magazine review.

PCA is the only product on the market which compiles what we call a "causal history" of all events on a Windows machine. That is, the client can connect together events such as (t1 to t4 might be dates/times separated by seconds or months):

t1 game download / hidden malware install --->
t2 modified registry settings --->
t3 more components installed via hidden download --->
t4 etc. etc.

and *fully reverse* the consequences of just this chain of events. Our client monitors the Windows kernel, all processes on the system and all writes to the file system.

If PCA is installed on a new (or uninfected) machine, and the user never overrides one of our warnings, then we absolutely guarantee we can clean the machine and remove any malware (or other program) on the system, even months or years after the infection. Warnings are triggered only if a program attempts an action which might compromise our uninstall capability, like installing a driver (typical of a rootkit). However, the user will rarely see such warnings -- PCA is much quieter than existing security products.

5 comments:

  1. that or you could use a mac.

    ReplyDelete
  2. Anonymous10:35 AM

    [FLAME]
    Except that Apple has an oppressive set of EULAs and it takes a very dim view of what I might think I 'own'.
    [/FLAME]

    I've been mulling doing some iphone development, but the barriers to entry are high and the backend risk [Apple decides to steal any good idea that you have] is scary.

    ReplyDelete
  3. t's only a matter of time before OS X (in particular, the iphone) is subject to malware attack.

    The kind of system monitoring and protection we built doesn't exist on any unix platform at the moment. It's kind of surprising, since what we are talking about is simply a secure history of events on an OS, linked by causation. Of course, in order to have such a thing you need reliable process sandboxing and some other nifty capabilities...

    ReplyDelete
  4. Anonymous2:37 PM

    I'm tired of being asked to shell out $30 or $40 per year here and there to make up for poor OS design.

    I'm sure you must have shopped yourself out to MS for an acquisition, why didn't they bite?

    ReplyDelete
  5. Re MS, one word: dysfunction.

    ReplyDelete