New features in Dr.Web 9.0 for Windows
Honest protection against real threats
Expand all | Collapse All
Detection of new, unknown threats
Winlock, Encoder, Inject, and Exploit Trojans account for almost 90% of real threats. Among them, there are few new malicious programs that can be considered unique (i.e., those that in no way resemble other malware). All of these programs can be divided into groups (families) based on the characteristics they have in common with regards to their malignant manifestation in a system—data encryption (the Encoder family of malware), blocking access to Windows (the Winlock family), etc. Programs of the same family perform similar tasks, i.e., they follow a single behaviour pattern. Dr.Web Process Heuristic, a behaviour analyser, recognizes and understands these behaviour patterns and, therefore, has routines that allow it to detect programs from such malicious families.
Dr.Web Process Heuristic compares the behaviour of running processes to known patterns to determine whether a program is malignant and takes steps to neutralise it, if necessary.
New level of effectiveness in the neutralisation of unknown threats and the protection of data
It is not enough to identify an unknown virus—the system must be cured of it. For Trojans, this usually means that the malicious code is removed from the system. But what if the malware has encrypted files or system settings, so that a hacker can penetrate the system again and again? In the case of modern Trojans, curing encompasses a set of measures which include placing the unknown malicious object detected by Dr.Web Process Heuristic into the quarantine and repairing all the damage inflicted by the alleged malicious program—restoring the system to its prior, uninfected state.
Dr.Web Process Heuristic performs behaviour analysis almost instantaneously, but even during that moment a malicious object can ravage an infected system—for example, by encrypting multiple files. To prevent the loss of important information, Dr.Web 9.0 for Windows protects user data from damage by creating regular protected backups of files from directories selected by the user.
All the specified files that require protection are copied into a single directory which is updated whenever a corresponding file is changed.
The customizable options allow users to select the directories they want to protect against data loss (files that are to be backed up), and the disk they want to use to store copies of the protected files (the backup location). Users can also set up a schedule (how often "snapshots" of the selected directories are to be taken) and perform an on-demand inspection of data at any time (backup protected files upon request). More about configuration of data protection
Comprehensive analyser of packed threats—unique Dr.Web technology!
As previously mentioned, unique viruses are a rarity. The same virus can be repacked several times per hour and unleashed into the wild as a new malicious species. It turns out that many of the supposedly "new" viruses are in fact programs that are already known to the Dr.Web virus database; they’ve been concealed with packers that earlier versions of Dr.Web were unable to recognize.
The comprehensive analyser of packed threats uses behaviour pattern analyser Dr.Web Process Heuristic and provides detection of malignant processes with available signatures at the beginning of a malicious activity.
Dr.Web 9.0 for Windows boasts much improved scanning speed.
- Revamped Dr.Web SpIDer Guard routines yield improved performance on machines involved in processing large amounts of data (torrent downloads, code compiling and rendering).
- Faster scanning with Dr.Web Cloud—the service's architecture has been redesigned to provide a significant boost of speed.
Full scan of all traffic
- Safe traffic— scanning on all ports is carried out on traffic transmitted via Dr.Web-supported protocols, including secure connections (if the user has enabled the option to scan SSL traffic).
- Safe Internet Surfing — with secure search, Google, Yandex, Yahoo!, Bing and Rambler will only return links to content considered safe by the search engines and Dr.Web. Dangerous sites will be excluded from search results altogether!
- Secure Communication— Filtering traffic of instant messengers such as Mail.Ru Agent, ICQ, Jabber, QIP and Pidgin. Links that lead to malware and phishing sites are removed from messages. The anti-virus scans transmitted attachments. The transfer of files that Dr.Web considers to be dangerous is blocked.
With Dr.Web Parental Control, removable devices and computers can be protected against unauthorised use.
- Import /export white lists of trusted devices—transfer the list to another computer manually or transmit it to a remote machine via the anti-virus network.
- Block any adjustments to the system time and time zone to prevent children from using the computer without their parents’ permission.
- Disable printing jobs from being started to prevent confidential documents from being printed and to save printing paper.
Protection of copyrighted content
The SpIDer Gate component in Dr.Web 9.0 for Windows makes use of a separate database containing a list of sites that provide access to unlicensed content. Each database entry also contains a link to the site of the respective copyright owner. Dr.Web users are shown a warning stating that "pirated" resources are off-limits and are asked whether they want to go to the website of the copyright owner.
You can disable this option in SpIDer Guard settings. But before you make a decision, read this warining.
New Dr.Web firewall databases herald a new, ultimate user-friendly approach to protection
The new Dr.Web Firewall database makes it much easier to create user rules.
- Earlier the Dr.Web Firewall functioned by using a pre-installed application database and user-defined rules. To create a rule database, one had to respond to dialogues to create a rule for every application—something which proved to be rather annoying.
- Now the Dr.Web Firewall uses its own database of trusted applications. These are programs that incorporate a digital certificate. Applications that Dr.Web believes to be legitimate can connect to any address via any port. Exception: if a program is not digitally signed, its signature is invalid, or there is no signature at all, (e.g., those created by enthusiasts or open source programs), the user is prompted to create a rule.