Mamutu 1.6 Relies on Behavior Blocking to Detect Damaging Programs

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<p>Mamutu 1.6 slams the door in the face of new damaging programs: No chance for viruses, keyloggers, Trojans and spyware tools. The program does not rely on the usual signature comparisons but focuses instead on suspicious behavior exhibited by started applications. This allows damaging programs to be revealed and immobilized in real time. This type of pest control is called "behavior blocking" and preserves computer resources.<br /><br />All classical computer security programs basically use virtual fingerprints of the pests to be detected. For this purpose, they maintain a signature database with the most important information on known damaging programs. A direct comparison of the file code allows pests to be easily detected and eliminated.<br /><br />However, what happens when a new malware surfaces that the security program does not yet recognize? In this case, signature comparison will no longer work. This means that a new pest can freely infiltrate the computer system until a new signature update is available.<br /><br /><strong>Alarm on Suspicious Behavior</strong><br />Mamutu from Emsi Software takes a completely new approach. The modern security program uses a new method called "behavior blocking." To do this, it monitors the system in real time and watches the behavior of the programs that are called up. As soon as a piece of software exhibits suspicious behavior, Mamutu intervenes and blocks the freshly discovered damaging program, allowing it to then be deleted or placed in quarantine.<br /><br />Christian Mairoll, general manager of Emsi Software GmbH, said: "The behavior analysis of Mamutu can not only discover viruses, but also backdoors, spyware, hijackers, worms, dialers, keyloggers and Trojans. Mamutu immediately raises an alarm as soon as Malware injects code into other programs, manipulates existing software via a patch, invisibly installs programs in the background, starts invisible Rootkit processes or sets up new services and drivers. The worldwide unique Malware Intrusion Detection System (Malware-IDS) of Mamutu is also triggered by the creation of Autostart entries and simulated mouse and keyboard activity."<br /><br />The big advantage of Mamutu: The program does not depend on constant Internet updates in order to remain effective. Even without updates, the security software recognizes all new and previously unknown Trojans, worms and viruses. Whereas classical virus scanners and anti-spyware tools often use a great deal of resources and measurably slow down the computer, Mamutu does not heavily load the system. The reason: The time consuming comparison of foreign files to stored signatures is no longer necessary. Mamutu must only pay attention to what is currently happening in the computer. Using 100 percent behavior-based malware protection thus has many advantages.<br /><br /><strong>Community-Based Alert Reduction</strong><br />Mairoll said, "It makes sense to first place all programs signaled by Mamutu into quarantine and not immediately delete them. It may come to pass that benign software also exhibits suspicious behavior patters. Mamutu also helps with the decision on what to do with the signaled program."<br /><br />The new version of Mamutu supports community-based alert reduction, which Emsi Software has developed for its own product range. The program makes use of the "intelligence of the masses" and analyzes the decisions of the individual users in particular actions. When a new alert is raised, Mamutu displays a clear graphic showing what percentage of the other users in the same situation have deleted the signaled program, placed it in quarantine or simply allowed it to run. If the majority of users have decided to allow a supposedly damaging program to run, then Mamutu was perhaps a bit too enthusiastic in generating an alert.<br /><br />Mamutu 1.6 runs as a purely behavior-based malware blocker without signature recognition under Windows 2000, XP, 2003 Server and Vista. A free 30-day test version (3 MB) allows you to try the program on your own computer. The full version costs $29.95. </p>

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|