Anti-Spyware Development Team at Max Secure ... Working towards the goal  of Zero-Day Threats Detection

Hmm...I am back again with a vengeance for Spyware and Spyware writers! It is time for Spyware writers to take a break and may be sleep as long as we at Max Secure are working hard...

Recently we added few generic scanners for the detection of smart but not so smart Spyware programs which enjoyed writing / generating /downloading random dlls .We keep our technology simple like always, using less PC resources but very effective. And, now we sit back and relax as all of our customers are enjoying freedom from spyware using random dlls for infections. You can see more examples of them in weekly spyware analysis reports on this forum as well.

We upgraded our rootkit scanner so that now a hidden malicious file as well as registry entries are caught and deleted and scan is much faster. It is always our effort to make scans faster and application lean so that you don’t even know if any additional protection is working for you, Spyware Detector works seamlessly like always. 

Our System programmers added quite a complex code for very hard to remove driver files used by malicious programs. Spyware programs thought they could get away by using Windows System drivers, most of the other anti-spyware vendors are unable to remove them and some even expect you to reboot to Safe mode to manually remove them. We designed our scan and quarantine engine decide itself without any intervention from users. As you have better things to do than research to decide what to do with the scanned entries. Spyware Detector is built with the aim of "install and forget" and it updates, upgrades and protects you automatically.

Further to our last discussion, we are now detecting malformed executables based on our static analysis. This research now proves that after signature-based detection we can detect new spyware files and this does not require any database updates. We have tested this result also on all of our current customers scans.  It is a true Zero-Day-Protection algorithm very intelligently woven into Spyware Detector and very diligently tested by our Test Lab. We tested on a sample of 25,000 white (legitimate files) and 100,000 Black (Spyware Files) entries and determined that we can detect and quarantine 21% of spyware files and false positive were reported to be .014%. Some well-known files, though they had incorrect PE header information were added to the ignore list to even lower that .014% detection. This Heuristic scanner will go live in the next 2 weeks and your copy of Spyware Detector will be updated through Live Update.

We appreciate any feedback on our products from our valuable customers. You would also notice daily news updates on our Spyware patch releases. Our Spyware Research lab is producing now more detailed analysis reports and we will try to publish them weekly here as well. These reports will be more informative and will carry snapshots and detailed information on threat infection methods, symptoms with snapshots, fake warning notices and alerts shown by them. You will also find more detailed information on the Spyware Encyclopedia pages.

Please continue to support this effort by reading this blog for latest information on new spyware releases. We will not rest until Spyware writers give up and let the users of PCs enjoy their computing as it was intended to be without any slowdown, without fear of losing Privacy and with no advertisements or other unwanted nuisances. 

Rachna Pradhan 

CTO

Max Secure Software