Dr.Web Security Space
- Anti-virus – best active infection curing
- New! HTTP-monitor – real-time scan of web-pages and guaranteed downloading of virus free web-content
- Anti-rootkit – reliable protection against malicious programs featuring rootkit technologies
- Anti-spyware – security of your personal information – best of breed detection of Trojans and key loggers
- Anti-spam – efficient detection of spam with false detection reaching zero
- New! Parental control – protection against cyber fraud targeting children
Key functions
- Improved! Detection and neutralization of malware on hard drives, removable data storage devices and in RAM
- Real-time interception of all calls to files on CD/DVD/ Blue –ray/Flash-drives and smart cards
- Improved! Detection of viruses using rootkit technologies
- Improved! Protection against unknown threats powered by non-signature detection technology Origins Tracing™ and the intelligent heuristic analyzer
- Improved! Detection of viruses placed in an archive at any nesting level
- New! The FLY-CODE technology allows checking files compressed by unknown packers
- Virus scan of SMTP/POP3/NNTP/IMAP traffic
- Protection against mass mailings performed by a mail worm from an infected machine
- Filtering on-the-fly of spam, scams, bounces, phishing and pharming messages.
- New! Real-time scan of web-pages ensuring that a user receives only clean web-content
- New! Block of access to phishing sites and other fraudulent web-resources
- New! Protection against unwanted content
- New! Block of access to web-sites based on 10 categories
- New! Block of access to movable media, network devices , files and folders on hard drives which protects from destroying or stealing of vital data
- New! Protection against cyber crime targeting children
- Protection against annoying Internet ads
- Protection of account information related to online games, social networks, electronic money systems, credit card numbers and PIN codes
- Detection of spam-bots
- On demand/scheduled scan
- Automatic updating
Protection components
- High-performance Dr.Web scanner scans boot sectors, RAM, hard and removable drives, detects and disarms viruses, Trojans and malware of any other type. Enhanced by Dr.Web Shield™ it also detects all known rootkits and stealth-viruses.
- SpIDer Guard® provides real-time protection and instant interception of all calls to files on hard and removable drives, floppy and compact disks, flash drives and smart cards. It is a very efficient tool for constant monitoring of system health that runs virtually unnoticed and resists any attempts to disrupt its operation.
- Dr.Web SelfPROtect restricts access to a network, files, folders and certain branches of the Windows registry for malware on the system driver level and protects the anti-virus against any attempts to disrupt its operation.
- SpIDer Mail® monitor scans every message on-the-fly providing you only with clean e-mails. The built-in anti-spam filter sorts out all unwanted messages ensuring that you won't fall a victim of a phishing attack or other cyber-fraud.
- SpIDer Gate™ scans HTTP-traffic for viruses real-time and blocks access to phishing sites and other fraudulent web-resources
- Dr.Web parental control protects your children against unwanted web-content and contacts with fraudsters, molesters and other dangerous persons.
System requirements
Supported OS:
- Windows 2000(SP4)/XP/Vista (32-bit only).
Licensing
The product is licensed per number of protected computers not connected to a local network with the number of workplaces within 50. If the number of computers exceeds 50, it is recommended to use Dr.Web Enterprise Suite (with a control centre).
Licensed components
- Dr.Web scanner for Windows.
- Dr.Web console scanner. It can be launched from a removable data storage device (flash drive or CD/DVD) without installation.
- SpIDer Guard® for Windows – anti-virus monitor.
- Dr.Web SelfPROtect – self-protection module
- SpIDer Mail® – mail anti-virus monitor with the built-in spam-filter
- SpIIDer Gate™ – HTTP-monitor
- Dr.Web parental control
- Automatic updating utility for Windows.
Cures viruses
High detection rate and speed of scanning are not the only criteria that determine the quality of an anti-virus. It should also be capable of curing files – restoring them to their original state instead of deletion making sure that a user doesn’t lose important information.
The capability to operate in an infected system and exceptional resistance to viruses make Dr.Web a stand-out among anti-virus applications.
- Improved! Dr.Web has the industry-highest successful rate of curing active infections.
- Improved! Unique technologies for scan of processes in the memory and excellent curing capabilities allow installing Dr.Web onto the infected system without its preliminary curing.
- High probability of a successful launch of the scanning process in an infected system without an installation using a removable media.
Self-protection
Dr.Web SelfPROtect makes the anti-virus immune to any attempts of malicious programs to disrupt its operation.
- Dr.Web SelfPROtect is implemented as a driver that runs on the lowest system level. It can’t be stopped or disabled unless the system is restarted.
- In order to keep the anti-virus operational Dr.Web SelfPROtect can restrict access to files, folders, removable data storage devices and certain branches of the Windows Registry.
- Some anti-viruses modify the Windows kernel (intercept interrupts, change vector tables or use other undocumented features). It may have a negative impact on the stability of a system and path new ways for malicious programs to get into a system. At the same time Dr.Web SelfPROtect maintains security of the anti-virus and doesn’t interfere with routines of the Windows kernel.
Anti-virus engine
- Improved! Dr.Web checks archives of any nesting level. If a malicious object was archived many times and different types of archives were used, Dr.Web will detect and neutralize the threat.
- Improved! Dr.Web can scan archives of any nesting level and detects malicious objects disguised using several archivers.
- Improved! Best-of-breed technologies and algorithms allow Dr.Web to detect packed objects, analyze their components and expose hidden threats. Even if an unknown packer has been used to disguise malware, it will be detected by Dr.Web anyway.
- Improved! Unsurpassable detection rate for complex malware such as MaosBoot, Rustock.C, Sector.
- Blocking a virus in the RAM before it replicates itself to a hard drive lowers the probability for malware to exploit a vulnerability of a third-party application or the operating system itself.
- Dr.Web detects and neutralizes viruses that can be found only in the RAM but don’t exist as files on a hard drive. July 2001 saw the epidemics of CodeRed virus and Dr.Web turned out to be the only anti-virus capable of detecting it. Even now few anti-viruses can detect malware like CodeRed or Slammer.
Anti-rootkit
- Improved! Dr.Web Shield™ ensures detection of viruses featuring rootkit-technologies that allow them to hide their presence in the system.
- Dr.Web Shield™ provides the scanner with privileged access to files, registry and other key system components so it would be able to expose rootkits and block self-protection features of rootkits and stealth-viruses.
Detection of unknown threats
Advanced Dr.Web technologies detect unknown threats and keep your personal information safe.
Anti-spam protection
The smart filtering technology of Dr.Web Security Space based on several thousands of rules recognizes spam messages in any language with the industry highest probability.
Key features
- Real-time check of incoming and outgoing e-mail.
- The client independent anti-spam doesn’t cause a notable receipt delay.
- The anti-spam springs into action without training as soon as the first message arrives.
- Specific language-independent detection technologies for spam, scams, phishing, pharming messages and bounces provide a strong detection probability.
- Anti-spam check of outgoing e-mail may also give you a clue if your system has been compromised and joined a botnet while the prompt blocking of outbound spam shall mean that you won’t have your computer disconnected from the Internet as a spam bot.
- Spam messages are sorted to a specified folder where you can review them any time to make sure that no false detections have occurred.
- The stand-alone spam analyzer doesn’t communicate with any server or a database which also contributes to the lower use of traffic.
Advanced settings
Experienced users can take advantage of the advanced settings of the anti-spam.
- Use white and black lists to keep your personal record of trusted and blocked addresses.
- Check encoding settings to make sure messages in your language are not labeled as spam.
- Make sure that messages with certain encodings are always sorted out as spam.
- Sift out bounces – message delivery failure notifications sent by a server because of its configuration errors or due to activity of a mass mailing worm.
Training
Unlike anti-spam solutions based on the Bayesian spam filtering and other similar techniques, the Dr.Web anti-spam doesn’t need to be trained in advance and springs into action as the first message arrives!
If a legitimate message has been detected as spam, don’t hesitate to report the false detection at a specified e-mail address to improve the spam-filter.
- False-detections are reported at vrnonspam@drweb.com
- Failed detections are reported at vrspam@drweb.com.
Forward your reports as attachments but not inline!!!
Filtering technologies
Dr.Web anti-spam technologies consist of several thousand rules that can be divided into several groups.
- Heuristic analysis – a highly intelligent technology that empirically analyzes all parts of a message: header, message body, and attachments, if any.
- Detection of evasion techniques – this advanced anti-spam technology allows detecting evasion techniques adopted by spammers to bypass anti-spam filters.
- HTML-signature analysis – messages containing HTML code are compared with a list of known patterns from the anti-spam library. Such comparison, in combination with the data on sizes of images typically used by spammers, helps protect users against spam messages with HTML-code linked to online content.
- Semantic analysis – the words and phrases of a message – both visible to the human eye and hidden – are compared with words and phrases typical of spam using a special dictionary.
- Anti-scamming – scam (as well as pharming messages) is the most dangerous type of spam including so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.
- Technical spam – bounces are delivery-failure messages sent by a mail server.Such messages are also sent by a mail worm. Therefore bounces are as unwanted as spam.
Glossary
Pharming is an Internet fraud based on redirection of victims to bogus web-sites looking legitimate to users. Such sites typically copy design of web-sites of banks and are used by scammers to collect personal information of customers.
Phishing is an Internet fraud aiming to steal personal data including passwords, credit card and social security numbers. A spam mailing or a mail worm can be used to deliver a fake message from an financial institution instructing a victim to visit a bogus web-site and submit personal information that is later used by criminals for identity theft.
Phisher tricks
- Replacement of a sender address with an address related to a respected company showing that a vulnerability of the SMTP has been exploited.
- Using botnet computers all over the world to make sure that messages look legitimate.
- Using data obtained by malware from address books of e-mail clients.
- Making a link provided in a message look similar to a link to the supposed legitimate site.
- Copying look and feel of original web-sites.
- Adding excessive fields in a submitted form to distract user’s attention.
- Prompting users to follow instructions provided by phishing e-mails by urgent warnings about supposed closure of a bank or a user account.
Scamming is another type of an Internet crime based on a confidence trick aiming to obtain money of a victim. Well-known Nigerian scams and dating fraud are typical examples of scamming.
Vishing (voice phishing) is an Internet fraudulent process aiming to obtain personal and financial information. using war dialer software supporting VoIP. A victim receives a phone call informing a user about supposed unauthorized use of a credit card or a bank account and instructing to call a specified number. The very number related to a trusted financial institution is typically displayed in the spoofed caller ID and a user is prompted to enter his credit card number or other personal information with a key pad of the phone. Later this information is used by criminals to withdraw money from the victim account or for an identity theft.
NEW!!! HTTP-monitor SpIDer Gate™
The HTTP protocol used by browsers to load web-pages is another point of penetration used by malware. SpIDer Gate™ scans HTTP traffic real-time and
- performs transparent scan of incoming and outgoing traffic;
- intercepts all HTTP-connections;
- performs data-filtering;
- blocks infected pages automatically in any browser;
- provides fraud protection.
As a result, you receive web-content cleaned of malicious code and Internet surfing gets much safer.
Benefits
- SpIDer Gate™ is compatible with all browsers.
- Filtering doesn’t affect performance of the system, your connection speed and amount of transferred data.
- The module supports HTTP/1.1, permanent connections and data compression.
- Default settings allow SpIDer Gate™ to start scanning right after the installation.
- It scans data of all types received from the Internet – files, applets and scripts – providing a user only with clean content.
- Blocking of phishing and other fraudulent and dangerous web-sites using a constantly updated link database.
- SpIDer Gate™ can also be used as a personal proxy server – in this case it will scan traffic of programs that are configured to use the proxy.
Advanced settings
SpIDer Gate™ also offers advanced configuration tool to specify actions applied to infected, suspicious or unchecked files (skip, remove, move to the quarantine).
Glossary
ActiveX is a set of technologies developed by Microsoft for communication between different applications. Malefactors often exploit its numerous vulnerabilities.
?ookies are files sent by a web-server to a browser. A browser sends back such files to a server every time it needs to reload a page. Files are plaintext and contain user site preferences including passwords and other sensitive information. Cookies can be used by spammers for creation of spam-lists.
Java applet is a piece of Java bytecode downloaded from a web-server and executed by the Java virtual machine. An applet is run in a browser window as an element of a web-page or in a separate browser window. Applets are usually used when the interaction with a user is necessary.
Phishing is an Internet fraud aiming to steal personal data including passwords, credit card and social security numbers. A spam mailing or a mail worm can be used to deliver a fake message from an financial institution instructing a victim to visit a bogus web-site and submit personal information that is later used by criminals for identity theft.
Phisher tricks
- Replacement of a sender address with an address related to a respected company showing that a vulnerability of the SMTP has been exploited.
- Using botnet computers all over the world to make sure that messages look legitimate.
- Using data obtained by malware from address books of e-mail clients.
- Making a link provided in a message look similar to a link to the supposed legitimate site.
- Copying look and feel of original web-sites.
- Adding excessive fields in a submitted form to distract user’s attention.
- Prompting users to follow instructions provided by phishing e-mails by urgent warnings about supposed closure of a bank or a user account.
Pop-up is a type of adware working as small windows popping up on the screen.
Script is a program or its code, written using an interpreted language, that contains instructions for a browser. The script source code is easy to read for an experienced user that’s why encryption is often applied to malicious scripts making them harder to analyze. An encrypted script will still work because it complies with rules of the language it is written in.
Vishing (voice phishing) is an Internet fraudulent process aiming to obtain personal and financial information. using war dialer software supporting VoIP. A victim receives a phone call informing a user about supposed unauthorized use of a credit card or a bank account and instructing to call a specified number. The very number related to a trusted financial institution is typically displayed in the spoofed caller ID and a user is prompted to enter his credit card number or other personal information with a key pad of the phone. Later this information is used by criminals to withdraw money from the victim account or for an identity theft.
Vulnerability is a piece of a program code that can be used to compromise a system. Nowadays it takes a few days for a malefactor to design an exploit after a vulnerability has been announced. Vulnerabilities found in Microsoft software are the most widely exploited ones.
Web bug is a technique used to track down activities of users in the Internet. Typically implemented as a transparent 1x1 png or gif image it allows a third party to collect information about site visitors including date and time, the browser type, screen resolution, JavaScript settings and IP addresses. Such techniques are also employed by spammers that include bugs in messages to find out if a message has been read.
Protection of e-mail
E-mail remains one the most efficient ways to deliver malware to a computer. SpIDer Mail® will protect your system against cyber-evil and will scan mail traffic “on the fly” to make sure you get only clean messages free of malicious code or infected attachments.
- SpIDer Mail doesn’t depend on an e-mail client and won’t delay receipt of e-mail.
- It supports SMTP/POP3/NNTP/IMAP4 mail protocols.
- Individual rules can be created for different types of malicious programs – viruses, riskware, adware, hack tools, paid dialers and jokers.
- The Virus activity control feature protects a system against mass mailings performed by mail worms. SpIDer Mail examines components of a message and considers sending time in order to determine if an outgoing message is a part of malicious activities in a system.
Glossary
Worm a malicious self-replicating program that can spread without any user intervention. It sends its copies to other computers in a network. Often gets to a user machine as an e-mail attachment.
Mail bomb is one of the most common types of net abuse where an attacker sends a huge number of e-mails to render a mail serve or a user machine non-operational.
Control over web-surfing
The virtual wonderland brings joy of socializing and finding new friends. But the first experience of the cyber world can be overshadowed by abusive ads or even harassment. There is an entire industry in the Internet aiming at those who can’t protect themselves – at our children.
Use the Dr.Web parental control to shield your son or daughter from unwanted web-resources and contacts with fraudsters, molesters and other dangerous persons.
Unwanted sites are divided into ten groups:
- Pornography
- Drugs
- Violence
- Abusive language
- Weapons
- Gambling
- Chats
- E-mail
- Social networks
- Terrorism
Access block
Dr.Web Parental control can block access to removable disks, network resources and certain files and directories. It is another means helping you to protect your information against removal or unauthorized access.
Protection against disabling
The Dr.Web Parental control will help protecting your child even against his will.
Disabling of the Dr.Web Parental control is protected by a password.
High scan
Increased performance of the anti-virus engine gives Dr.Web Scanner a thirty per cent boost of speed for checking RAM, boot sectors, hard drives and removable media compared with the previous version.
Flexible settings
Flexible configuration allows changing software settings on-the-fly depending on the actual load of the system.
Background scan
Some computer games use a hard drive extensively (unpack resource files). You can pause SpIDer Guard® to improve the performance of a game. However, stopping the resident monitor lowers the overall level of security. It is recommended to resume the work of SpIDer Guard® and launch the Dr.Web scanner after exiting the game.
Control panel
Right-click on an icon in the system tray to use the single control panel for configuration of all components of Dr.Web Security Space.
Schedule
- Use Windows system scheduler to set a desired frequency of regular system scans.
- Customize the virus database update frequency.
Advanced settings
Dr.Web is one of the few anti-viruses that allow setting different responses to threats of different types.
- Set rules for each module of Dr.Web Security Space specifying actions performed to different types of malicious programs – viruses, spyware, riskware, adware, hack tools, paid dialers, jokers.
- Use the default settings or choose to specify how the anti-virus will respond upon a detection of a malicious program.
- Define sequences of actions and instruct an anti-virus what to do if the first specified action can’t be applied to an infected object (e.g an incurable file can be moved to the quarantine or deleted).
Notifications
Enable automatic notifications of the SpIDer Guard® to learn about detection of infected, incurable or suspicious objects.
You can also make the software display an updating reminder and choose how often you want to be shown the pop-up.
Statistics
Easy-to-read reports allow to pinpoint a problem very quickly.
View detailed reports on operation of every anti-virus module in the Statistics tab.
”My Dr.Web”
"My Dr.Web" is your guide on www.drweb.com that helps you obtain information about user services.
- View your license data including the product name, the serial number, the date of the last update and the key file expiration date.
- Use the web-form of the online support system to ask for support or view the history of your request.
- Check a suspicious file or a link with the Dr.Web online scanner or send a file to the anti-virus laboratory for analysis.
- Renew a license, buy a new one or read the latest news from Doctor Web.
Compact and user-friendly
Virus making, spamming and other Internet crimes are well-organized businesses. Updating of virus databases, anti-spam signatures and lists of fraudulent web-sites is essential for protection against such threats. Constant monitoring and lots of customers worldwide ensure prompt collection of information on dangerous web-resources and retrieval of latest samples of viruses that help keep protection of users up-to-date.
- Software can be set to update automatically, on-demand or according to a schedule.
- Update files are downloaded very quickly even if a connection speed is low.
- There are always available update servers.
- No need to restart a computer after updating. Dr.Web starts using the latest virus definitions right away.
Don’t disable the automatic updating or set a desired updating frequency and your anti-virus software will always remain ready to counter latest threats.
Low traffic
- Updates are very small – 50-200 Kb.
- You can choose to update only the virus database to lower your traffic. However, it is not recommended to use the option. Dr.Web anti-virus for Windows is constantly improved to counter newest cyber-threats. New features are added with updates of modules that are automatically updated from the server of the company during a regular updating session.
- Updates can be downloaded in archives to reduce traffic. Doctor Web uses a special data compression algorithm to reduce the size of downloaded updates. If a minor fix or an add-on is released for the virus database, it is downloaded as a patch so the amount of transferred data is decreased by dozens of times.
Virus monitoring service
- The Doctor Web virus monitoring service collects malware samples all over the world.
- A hot update is released immediately after a new threat has been analyzed.
- As an update is released, it becomes available on several servers located in different parts of the globe to all Dr.Web customers.
- A new update is tested over a huge number of clean files to ensure that no false detection will occur.
- An intelligent system automatically adding similar viruses to a database ensures even prompter response to emerging threats.
You have a sample of a virus unknown to Dr.Web? Submit it for analysis to our laboratory!
Dr.Web virus database
- Record small number of entries.
- Small size of updates.
- One entry allows detecting hundreds or even thousands of similar viruses.
Though smaller than virus databases of other vendors, it ensures detection of the same (or even greater) number of malicious programs.
What are the benefits of a smaller database?
- Lower disk usage
- Lower memory usage
- Lower updating traffic
- Higher scan speed
- Detection of viruses that are yet to come as modifications of known malware
Download Trial/Demo Downloads: 1020 |