Protection technologiesDownload a free trial
Kaspersky 30 days trial
Single PC
up to 250 users
+250 users New Features
in Maintenance Pack 1 for Kaspersky® Anti-Virus 6.0 and
Kaspersky Internet Security 6.0 . All these new features and more are now integrated in
the version 7.0 Excerpt from Kaspersky Overview Maintenance Pack 1 for Kaspersky Anti-Virus (KAV) 6.0 and Kaspersky
Internet Security (KIS) 6.0 includes not only fixes for the main errors identified during
the first six months since the product's official release, but also a number of new
features and improvements, which will be described in this overview. The second Maintenance Pack was developed within a short time of the
release of Maintenance Pack 1 in order to offer integrated protection against all types
of cyber threats available to users of Windows Vista, Protection against keyloggers Another important feature introduced in the program is detection of
keyloggers and other keyboard spy programs by the Proactive Defence module.
Keyloggers are programs that record information about keys pressed by the user, usually
without the user's knowledge. The principle purpose of such programs is to obtain
confidential information entered by the user, including passwords for various programs
and services, PIN codes etc. This information is usually written to the hard drive and then secretly
transferred to the malicious program's author via email or some other method. Lately the
number of new keyloggers and other malicious programs that include keyboard interceptor
functions has been steadily growing. The number of methods used to capture keystrokes is
also increasing, from simply polling the keyboard to writing keyboard filter drivers. The
anti-keylogger subsystem implemented in MP1 for KIS/KAV 6.0 is able to pro actively
detect almost all known keylogger types. Specifically, it detects all keyloggers
mentioned in the well-known article. Protecting sensitive data MP1 also introduces an extended set of verdicts that can be returned by the
proactive defence module based on analysing the behaviour of running programs.
Specifically, new verdicts include "Hidden data sending" and
"Private data and passwords access" The former verdict is returned when a malicious program attempts to use a
special mechanism of interaction with Internet Explorer to send data on behalf of the
browser. This enables it to "dodge" the personal firewall installed in the system because
firewall rules usually allow Internet Explorer to send data. The latter verdict alerts the user to a malicious program's attempt to
collect such personal data as ICQ passwords etc. Such malicious programs are categorised
by Kaspersky Lab as Trojan-PSWs. A notorious example of this class of program is the
LdPinch Trojan; new versions of this Trojan keep appearing on the Internet. "secure" connections Finally, MP1 implements scanning of data transferred via secure
(SSL) connections. This capability is available in all network-oriented
components of the product: Mail Anti-Virus, Web Anti-Virus, Anti-Spam and Anti-Spy. More
and more programs use SSL connections, from bank clearing systems to email systems (such
as gmail). The advantages of secure connections are obvious. What is not as obvious,
however, is that data transferred via such connections can also include malicious code,
detection of which by existing mail and web traffic scanning subsystems may be impossible
even if the relevant virus signatures have already been added to their antivirus
databases. There are two ways of addressing this issue. One is to use mail client and
browser plugins to scan the traffic. This enables the antivirus program to scan encrypted
traffic because plugins usually process data after it has been decrypted. However, not
every email client and web browser has an application programming interface (API) for
developing such plugins. Specifically, Outlook Express, a widespread email client, does
not have an API. The other method scanning encrypted traffic on the fly using a special
algorithm is implemented in MP1 for KIS/KAV 6.0. Several other new technologies that help protect the computer against
various threats have also been included in MP1. Extended firewall batch rules The list of batch rules used by the Anti-Hacker component for known
malicious programs has been extended. However, these rules are disabled by default,
because they use a number of ports, blocking which may result in network access problems
for some network applications. Due to this, it is recommended that these rules be
configured only by advanced users, after analysing the list of network applications and
the network configuration on a particular computer. Anti-banner Anti-Banner, a module in the Anti-Spy component that blocks advertising
content on web pages, previously detected such content only based on lists updated from
Kaspersky Lab websites or manually defined by the user. A heuristic analyser has been
added in the Anti-Banner module in MP1. Now the module can detect banners that are not
listed, so more advertising banners are blocked. Windows Task manager The last protection technology discussed in this overview is a technology
that protects the Windows Task Manager against injection of code from malicious
dynamic-link libraries (dll). More and more malicious programs are using rootkit
technologies conceal their files, registry entries and active processes from the user and
antivirus programs. As the Task Manager is the standard tool for viewing the list of
active processes in all of the latest Windows versions injecting a malicious library into
the Task Manager process and using it to distort the data displayed by the Task Manager
in order to hide active malicious processes is a method that has gained considerable
popularity. The Proactive Defence module in MP1 is now able to protect the Task Manager,
thereby preventing malicious programs from distorting the list of processes. This
technology effectively combats Hacker Defender, one of the most widespread rootkits in
the world, by preventing it from hiding its process hxdef100.exe in Task Manager. See as well Improved
Usability and Kaspersky 64-bit support 
| 
Back
to