Exploits usually attack via malicious or compromised websites. They take advantage of flaws in the code of a computer's installed applications to access the computer and infect it with malware that can spy on the user, steal passwords or other sensitive data, or even take control of the machine. 70 to 80% of F-Secure Labs' top 10 detected malware are exploits – a growth in popularity that is largely due to exploit kits, which have made it simple for even the technically unskilled to break into computers.
"Malware can mutate in characteristics, but the constant is that it always does malicious things," said Timo Hirvonen, Senior Analyst at F-Secure. "With exploits, their appearance can change and the vulnerability they use can change, but they always do what exploits do. Typical protection is related to the vulnerability being exploited, but we now detect exploits based on their behavior, offering better coverage because vulnerabilities aren't always known."
DeepGuard 5's exploitation protection monitors the processes of programs that are commonly exploited, such as browsers, plugins, Microsoft Office, Java, and so on. It also watches programs used to open commonly exploited document types like Microsoft Word or PDF. DeepGuard blocks any suspicious or malicious behavior indicative of an exploit attempt.
Behavioral analysis: A critical layer of multilayered protection
Exploit interception is just the latest addition to DeepGuard, which addresses the weak point of traditional signature scanning: the need to have a malware sample in order to analyze it and then be able to protect from it. In the time it takes for a security lab to receive a sample and update protection, the malware could have already infected users. Compounding the issue is the exponential growth in new malware variants made possible by automated malware creation kits, which make it easy to spit out thousands of new variants.
"Top-line antivirus technology stopped being about blocking bad guys on a wanted list years ago," said Sean Sullivan, Security Advisor at F-Secure. "Blocking malware requires understanding its behavior. That's why we developed our first version of DeepGuard in 2006. And this newest version is our most powerful learner of bad behaviors yet."
DeepGuard steps into action when a program is executed, and, to catch malware that would delay malicious behavior, it continuously monitors while the program is running. DeepGuard's behavioral analysis and exploit interception constitute just two of F-Secure's security layers, which also include browsing protection, signature scanning, file reputation analysis, and prevalence rate checking.
DeepGuard was instrumental in F-Secure's win of the Best Protection 2012 award from the AV-TEST Institute. F-Secure's home user product beat out 19 other vendors' products, providing the best protection against current threats such as malware infections caused by zero-day attacks and malicious websites and emails. With DeepGuard's new exploit protection, customers can be sure they still have the top protection. DeepGuard 5 has already been rolled out, so F-Secure customers with the latest product versions are already benefiting from the new protection.
Read more about DeepGuard in F-Secure's brand new whitepaper, "F-Secure DeepGuard: Proactive On-Host Protection Against New and Emerging Threats" available at http://safeandsavvy.f-secure.com/2013/06/18/deepguard.
F-Secure – Protecting the irreplaceable
While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.