Detect and Prevent Malware Intrusion

Intrusions occur as a result of security vulnerabilities in a given application. Security vulnerabilities in Windows service applications are generally more difficult to handle because intrusions through such vulnerabilities can occur without any user activity and these intrusions spread very quickly via the Internet.

A security patch may be available from the vendor to prevent this type of intrusion but patch management in a corporate environment is not an easy task either. Orthrus uses a patent-pending behavior analysis technique to prevent intrusions without a security patch. Since it uses a behavior analysis technique, Orthrus also stops malware intrusions through known and unknown security vulnerabilities.

In addition to Windows service applications, malware intrusions also occur in user applications. These applications include e-mail, instant messenger, Internet browser, word processing, etc. When a user clicks a link, visits a website or opens an attachment that turns out to be malicious in nature, the system becomes compromised.

In both types of intrusions listed above, Orthrus uses an approach that identifies the INSTALLER application. It analyzes the activities of the INSTALLER and the outcome after running the INSTALLER. Malicious codes often exhibit certain behaviors such as attempting to hide themselves and/or modifying unusual registry locations; these malicious behaviors form the basis of Orthrus' operation. For malwares behaving like normal applications, Orthrus verifies them through the Internet by searching for references, or lack thereof, to the target executables.