-
Anti-virus, spyware and malware detection:
The anti-virus engine is provided by Kaspersky and primarily targets virus-borne malware but also provides protection against certain categories of spyware and other malicious code.
-
Call home detection:
This provides protection against web requests used by click fraud and adware components when "phoning home". This activity is detected and reported in the spyware report as an indication that a machine may have been infected with spyware or adware.
-
Phishing and Malicious web site categorisation:
Adware/Spyware: Sites of domains associated with vendors and distributors of spyware, adware, greyware, and other potentially unwanted advertising software. Some of these domains may run exploits to facilitate the installation of this unwanted software.
Malware: Malware is defined as hostile or annoying software designed with the intention of infiltrating and harming a computer system without the owner's informed consent. Types of malware include viruses, spyware, Trojan horses, and adware and they are often disguised as legitimate software.
Phishing: Sites known to be scams or false sites that often closely resemble legitimate websites. They are usually designed to fraudulently acquire sensitive information such as usernames, passwords and/or credit card details from unsuspecting victims.
-
Active code detection:
Commonly used file formats such as Microsoft Office, Adobe PDF and OpenOffice documents feature rich capabilities that are increasingly being exploited by malware. Active Content Detection inspects for macros, scripts and other such elements that could be used to launch an attack; messages can be quarantined or rejected.
-
Suspicious script detection:
Many sites contain Java and VB script but the use of some script commands can be considered suspicious. For example, if the script uses commands that attempt to access the registry or file system then these can be detected and stopped.
-
True file type detection:
The MIMEsweeper policy engine recognises hundreds of different file types based on their binary signature. This can help when setting acceptable usage policies for the type of content that can be sent and received. For example, not all executable files downloaded are malicious but they may not be well designed and could open up other vulnerabilities that can be exploited. A sensible policy is therefore to prevent all executable code downloads.
-
File and Message anomaly detection:
Suspicious encoding, obfuscation, deeply nested files or inconsistent file structures can all be methods used by malware writers in an attempt to bypass normal detection. If the file cannot be recognised or it is encrypted then it can be blocked.