{"id":13015,"date":"2016-09-19T08:18:13","date_gmt":"2016-09-19T12:18:13","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=13015"},"modified":"2019-11-15T22:49:05","modified_gmt":"2019-11-15T11:49:05","slug":"system-watcher-patent","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/system-watcher-patent\/13015\/","title":{"rendered":"System Watcher gets smarter"},"content":{"rendered":"<p>Security solutions must be able to perform two big functions: prevention and, if necessary, remediation. Kaspersky Lab\u2019s latest patent is a technology that makes both more effective.<\/p>\n<p>The most common approach to prevention is to track what\u2019s going on in your computer and neutralize harmful objects. If the security program spots a Trojan, a phishing or spam e-mail, or a malicious website, it does its best to protect the user.<\/p>\n<p>When prevention fails, the security solution has to deal with an infected computer. Cleaning an infected system is not simply a matter of deleting a bad file. To clean an infected PC, the antivirus has to remove the malicious code <em>and<\/em> restore the normal functions of the compromised PC. It isn\u2019t enough to remove the illness; you have to restore health \u2014 and that is a complicated prospect.<\/p>\n<p>That\u2019s exactly why independent security benchmark tests show that although many antivirus vendors perform relatively well at prevention, the field of excellence narrows quite a bit when it comes to disinfecting an already compromised system.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n<h3>Better detection\u2026<\/h3>\n<p>Lists of virus signatures and other traditional methods of detection have an important place in security solutions. However, heuristic methods also play a vital role. Heuristics, or using experience to learn and grow, enables antivirus software to watch not only for harmful objects, but also for suspicious activity.<\/p>\n<p>Suspicious activity detection is at the core of a technology developed and recently patented by Kaspersky Lab\u2019s Mikhail Pavlyuschik, Alexey Monastyrsky, and Denis Nazarov. This technology can map interactions between a program and other OS components and software. In this case, <em>interactions<\/em> means one program working with memory used by other processes.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Kaspersky Lab solutions awarded highest <a href=\"https:\/\/twitter.com\/avtestorg?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@AVTestOrg<\/a> awards \u2013 <a href=\"https:\/\/t.co\/NE6YDclffS\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/NE6YDclffS<\/a> <a href=\"https:\/\/t.co\/onXUVGrdO2\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/onXUVGrdO2<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/700047499956985856?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 17, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It\u2019s not necessary to track all activities \u2014 which is a good thing because monitoring everything would gobble up computing resources. Technology that tracks interactions is a higher-precision behavior monitor and it blocks many previously unknown malicious programs.<\/p>\n<h3>\u2026and prevention<\/h3>\n<p>Consider a computer attacked by malware that collects keystrokes (a keylogger).<\/p>\n<p>If the keylogger managed to infect the computer, that means it bypassed protection or infiltrated by exploiting flawed security configuration, which is a common scenario. It must be stopped before it sends the data (could be your e-mail password, bank login, a webcam capture, and much more) to the person behind the attack.<\/p>\n<p>This is where behavioral analysis steps in. The technology is embedded in our System Watcher module and, with help of other security components, detects the known malicious interactions the untrusted software causes before the damage is irreversible. Moreover, it can roll back the modifications made by the malware because it tracks the malware\u2019s behavior.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How does Kaspersky Internet Security protect you from <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a>? \u2013 <a href=\"http:\/\/t.co\/7drBP7PWxL\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/7drBP7PWxL<\/a> <a href=\"http:\/\/t.co\/f5BDXJOC47\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/f5BDXJOC47<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/602008649846882305?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A strong security solution such as <a href=\"https:\/\/store.kaspersky.com\/store\/kaspersk\/en_ie\/buy\/productid.320853100\/quantity.1\/currency.usd?cid=gl_socmed_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;affiliate=gl_socmed_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Internet Security<\/a> rarely allows malware so deep inside the system that it requires rollback. We add new threats to our virus databases very quickly, as well; <a href=\"https:\/\/www.kaspersky.com.au\/blog\/kaspersky-security-network-explained\/\" target=\"_blank\" rel=\"noopener\">Kaspersky Security Network<\/a> helps us learn about new malware samples from the cloud. But when it comes to antivirus development, you cannot have too much protection. Continual work on developing new technologies for detection and remediation is a fundamental difference between a great security solution and a mediocre one: comprehensive protection measures depend on it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How heuristic analysis and System Watcher work in Kaspersky Internet Security.<\/p>\n","protected":false},"author":40,"featured_media":13017,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,7,2647],"tags":[180,2444,522,420,2512,321,2513],"class_list":{"0":"post-13015","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-products","9":"category-special-projects","10":"tag-kaspersky-internet-security","11":"tag-patent","12":"tag-products-2","13":"tag-ransomware","14":"tag-system-watcher","15":"tag-technology","16":"tag-under-the-hood"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/system-watcher-patent\/13015\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/system-watcher-patent\/7665\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/system-watcher-patent\/7666\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/system-watcher-patent\/7681\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/system-watcher-patent\/9105\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/system-watcher-patent\/8969\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/system-watcher-patent\/12968\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/system-watcher-patent\/2697\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/system-watcher-patent\/13015\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/system-watcher-patent\/6079\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/system-watcher-patent\/6560\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/system-watcher-patent\/5403\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/system-watcher-patent\/8729\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/system-watcher-patent\/12650\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/system-watcher-patent\/12968\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/system-watcher-patent\/13015\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/products-2\/","name":"products"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/13015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=13015"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/13015\/revisions"}],"predecessor-version":[{"id":24431,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/13015\/revisions\/24431"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/13017"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=13015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=13015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=13015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}