Orbitech

the software should run in kernel mode consume less resources without being disabled by malware
Protection in real time should filter the content of web sites while browsing, check all the files. ini file lsp, winlogon notify the file, the file domain / dns hijacking, the file% windir% task, the file startup file extension, and executable file associations
could be supplemented clam win antivirus making only activate when scanning, so should not be in conflict with another antivirus installed
software should track the scanned files, so then can scan only files created or modified, saving time
software should operate independently of the operating system, so as not to be compromised if the operating system malfunctions
would be useful to perform a scheduled scan before the operating system
would be useful to be able to remove the malware, restart
would be useful to the possibility of scasionare the master boot record
to release the virus signatures would be useful on a scan online virus total, when you know the type of malware can do some research on sites like http://www.offensivecomputing.net/ where there are descriptions of types of malware major virus houses
this would be useless unless you test new algorithms to search for malware

Hi,
Sorry for the late reply.


Hazard Shield already has a driver that runs in kernel mode and performs various tasks. On 32-bit systems, Hazard Shield has basic self protection that protects it from several different malware attacks.


For web protection we plan on some sort of URL/IP blocking, but we probably won't scan the content of web pages. We do plan to have real-time protection monitor Winlogon Notify dlls, and I will add executable file associations to the todo list.


We thought about that, but decided against it. ClamAV wasn't designed for use on desktop computers, and it isn't capable of handling modern file infectors (Virut/Vitro and Sality).


This could be a useful feature, I will add it to the todo list. Keep in mind though, Hazard Shield is pretty light. The real-time protection only monitors process execution and a select few registry keys/values. Hazard Shield doesn't monitor any file activity.


Perhaps in the future we will make small steps towards this, but right now I don't have the skills to make this possible...


A boot time scan may be added in the future, but right now I don't have the time or skills to make this happen.


I occasionally pick up samples from Offensive Computing. As for the scanning engine, there is a brand new one in Hazard Shield 2.2, and in the next release or so we will be expanding it to support logical signatures without any negative impact to its speed.