Detecting Unknown Malicious Software

Viruses, worms, spyware and other forms of malicious software (malware) are constantly evolving as malware writers try to evade detection by security software. In this sense, every new virus and variant of a malicious program is a "zero day attack" - malicious code that hasn't yet been analyzed in a lab.

Malicious code that has been analyzed and classified as such contains a signature. Traditional signature-based anti-malware products are purely reactive - focusing on detecting such already-known malware.

Instead of trying to play catch-up with the onslaught of brand new threats and threat variants, ThreatSense® keeps ESET scanning software ahead of malware authors. The ThreatSense engine combines sophisticated heuristic detection of unknown malware with effective signature detection of known malware, providing the best possible detection without compromising scanning speed.

Need more details?

ThreatSense detects known malware quickly and efficiently, but can also utilize generic signatures for the speedy detection of known malware families and new variants. Traditional signatures detect malware that has already been analyzed. But the more adaptive approach of creating a generic signature enables ThreatSense to detect variants that have not yet been reported and analyzed.

ThreatSense also uses an advanced heuristics engine to dramatically extend detection capabilities - far beyond those of conventional signatures. It actually decodes and analyses executable code in a protected virtual environment. Doing so allows it to identify the intended behavior of today's continually evolving threats - not just viruses and worms, but bots, rootkits, and other trojans. This finely tuned engine catches an outstandingly high proportion of new malware missed by vendors relying on signature updates and less advanced proactive detection. You can learn more about heuristics and other detection techniques from this ESET white paper.

Run-time packing is a technique malware writers employ to evade signature-based detection by disguising known malicious code with a layer of compression and obfuscation (a "wrapper"), so existing signatures cannot recognize it. ThreatSense includes technology to unpack such malware in the same protected environment, thereby "unwrapping" and exposing it.

This blended approach to detection combines the benefits of conventional signatures, generic signatures, and advanced heuristic analysis, making ESET security products the fastest, most accurate, and lowest impact solutions in the industry.

An Early Warning System

ThreatSense.Net® extends the analytical power of ThreatSense to act as an early warning system on a global scale. It enables customers to close the window of vulnerability to new threats by automatically (or manually) submitting samples of new suspected malware to threat lab researchers for analysis.

This feedback loop allows ESET clients to receive notification of new malware outbreaks and tips to further protect themselves. Globally collected threat information is made available online at www.virusradar.com.