Jump to content

DriveSentry

From Wikipedia, the free encyclopedia
DriveSentry
Developer(s)DriveSentry Inc
Stable release
3.3 / 20 February 2009
Operating systemMicrosoft Windows 2000 and later
TypeCombined Anti Virus, Anti Spyware and HIPs
LicenseFreeware(with some paid features)
Website"Official DriveSentry Website". Archived from the original on July 10, 2011.

DriveSentry was an antivirus program, developed by DriveSentry Inc, to protect Microsoft Windows users from malware. It is available free for personal (non commercial) use, though with restricted functionality.

Detection methods

[edit]

DriveSentry provides a realtime and on demand virus scanner, and uses the following methods to determine if an application contains a virus before allowing it to run:

  1. Whitelisting: Programs are first checked against a list of known trusted and validated applications and files. These "whitelisted" files are allowed to run without restriction.
  2. Blacklisting: Only if programs are not present on the whitelist are they then checked against an updated database list of virus signatures; those files whose MD5 signature is on the list are automatically moved to quarantine area if they attempt to gain access to system or data. This is technique as used by practically all antivirus products as the first line of defense.
  3. Heuristics If the programme is not on either list its behavior is compared to that of previous encountered malware.
  4. Community Statistics: DriveSentry also collects and stores user statistics based on access decisions made by the user, which is shared amongst all other users.

DriveSentry partners with Offensive Computing and Frame4 Security Services to collect and analyze malware samples for the database list, partnering in this way ensures that the database is fed by multiple sources and therefore offers redundancy.

Although DriveSentry's basic features are available for free, its more advanced features such as automatically updating its white and blacklists have to be paid for via a one-off payment.

White/Blacklisting

[edit]

Articles in computing publications[citation needed] discussing new malware protection technologies – such as whitelisting – claim that traditional antivirus technologies are having an increasingly hard time keeping up with the latest virus, trojans and other malicious threats.[1] The popularity of the Internet and the ease at which data can now spread, allows threats to propagate faster, requiring traditional antivirus products to play "catch-up" with new zero day threats. The techniques of using white/blacklisting and community feedback, may offer greater security[2]

However, this functionality does come at a cost – specifically, whitelisting only allows pre-vetted software to be executed, and prevents all other software from running, even if it is harmless. DriveSentry avoids this issue by allowing the user to be prompted if programs don't appear in the black or whitelist. This then forces responsibility on the end user to determine what is good or bad. DriveSentry attempts to help the user by monitoring the action of the program and calculating and displaying a threat rating. Furthermore, malicious software which has been included on the whitelist can still be executed.[2]

References

[edit]
  1. ^ Network Defense: Security Policy and Threats. Centage Learning. 14 April 2010. p. 16. ISBN 978-1-4354-8356-9 – via Google Books.
  2. ^ a b DriveSentry living Symantec's dream Archived September 7, 2008, at the Wayback Machine
[edit]