|
|
FAQ
TABLE OF CONTENTS
General Information
What is Malware?
Malware intrusion vs. Zero-Day Attacks
Signature based detection
Zero-Day Attacks
Non-signature pbased detection
Current AV solutions on the market
AutoRun Settings
Autorun Setting Repository (ASR)
FireTower Technology
What is FireTower technology?
Do I need to download updates every day?
I am already using anti-virus software, why do I need FireTower?
If I am using FireTower, can I remove my current anti-virus software?
FireTower (product)
What does FireTower do?
What is the purpose of Snapshot Viewer?
What are the benefits of installing
FireTower on my PC?
FireTower has detected a questionable AutoRun entry, what should I do?
How much does FireTower cost?
FireTower Guard (product)
What is FireTower Guard?
What are the system requirements?
What are the difference between FireTower and FireTower Guard?
FIreTower Cyber Console (product)
What is FireTower Cyber Console (CyCon)?
What is the current limitation of CyCon service?
Q: What is Malware?
A: Malicious software designed to infiltrate a computer system without the user’s knowledge in order to access privileged information or cause harm. Malware includes computer viruses, worms, Trojan horses, spyware, dishonest adware, scareware, most rootkits, and other malicious and unwanted software or program.
Q: Malware vs. Zero-Day Attacks
A: Zero-Day Attacks are done through “Malware”, but Malware intrusion is not necessary a zero-day attack since they could be detected and identified with a signature file already.
Q: Signature based detection
A: Traditionally, antivirus software heavily relied upon signatures to identify malware. This can be very effective against known or caught malware, but cannot defend against malware unless their samples have already been obtained and signatures created. Because of this, signature-based approaches are not effective against new, unknown malware (zero-day attacks) and are susceptible to evasion.
Zero-Day Attacks
A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.
A malicious computer attack that exploits an unknown system or application vulnerability
Non-signature based detection
Heuristic and behavioral detection are effective ways to locate unknown threats for the most up-to-date real time protection, especially for Zero-Day Attack detection. The main concern with heuristic detection is that it often increases false positives. False positives are when the antivirus software determines a file is malicious (and quarantines or deletes it) when in reality it is perfectly fine and/or desired.
Current AV solutions on the market
Some of the current Anti-Virus (AV) solutions on the market supplement the traditional signature-based antivirus product with many additional layers of protection, including:
- Heuristic file protection. This technique enables a security product to spot new virus variants, even without a traditional virus finger-print signature, based on characteristics of the file itself.
- Intrusion Prevention System (IPS). Instead of just focusing on the virus files as they sit on disk, Intrusion Prevention Systems monitor network traffic looking for suspicious behavior with the goal of stopping an attack before it takes up residency on your system.
- Cloud-based Malware Signature database
- Reputation-based protection (dynamic usage pattern evaluation)
- Whitelisting-based protection (static usage pattern and lock down)
AutoRun Settings
- A component of the Microsoft Windows operating system that enables applications to be executed automatically.
- An AutoRun entry installed by an application allows it to be executed automatically during every Windows startup. Both legitimate and malicious software make use of Autorun Entries, also known as a Loadpoints.
- Autorun entries allow applications to automatically run every time Windows starts up even without the User’s consent. Although many legitimate applications use Autorun, malicious software will often use this feature to maintain a presence on your computer. Receiving an alert that an unknown piece of software is attempting to insert an Autorun entry could be the first sign that malicious software has found its way onto your computer.
- Incoming Software that is in the process of gaining entry to your computer system or in the process of establishing persistence on your computer system by installing an Autorun entry. Incoming software could be a legitimate or malicious software.
Autorun Setting Repository (ASR)
ASR is a whitelist based repository for legitimate Autorun Setting database developed, authenticated and maintained by Sampan Security Inc. It allows FireTower and FireTower Guard endpoint systems to validate a legitimate Autorun entry in real-time.
BACK TO TOP
FireTower Technology
What is FireTower Technology?
FireTower uses a trigger-based discovery technology to automate the system health and cyber security protection process. It offers precise, real-time capturing and analysis of incoming software installation and execution profiles and footprints. The FireTower profiling and discovery technique analyzes their footprints to provide answers on the WHO, WHAT, WHEN, and WHERE of incidents related to Windows startup settings. These incident reports can be presented to users or IT Professionals in real-time to allow them to react and quarantine accordingly. FireTower is not a signature-based solution and does not require constant signature database updates. Unlike traditional signature-based solutions, FireTower is capable of discovering unknown exploits and zero-day attacks.
Do I need to download updates every day?
While FireTower may receive software updates in the future to enhance functionality or correct issues, FireTower does not rely on signature-based detection, like many other popular anti-virus products, which require daily signature database updates.
I am already using anti-virus software, why do I need FireTower?
Current anti-virus software solutions rely on signature-based detection. That means they detect malicious software by comparing questionable code against a database of known malware. That also means that these traditional anti-virus products will fail to detect unknown, never before seen malware or exploits such as Zero-Day Attacks
If I am using FireTower, can I remove my current anti-virus software?
Traditional anti-virus software is pretty good at what it does, which is detecting KNOWN malware. FireTower’s job is to take care of the most threatening new and unknown malware, and we can continue to let traditional AV software do their job to provide you with a more robust defense in depth against cyber attacks.
BACK TO TOP
FireTower (product)
What is FireTower?
FireTower is an automated tool that detects and alerts you when incoming software, both good and bad, attempts to install Autorun entries on your computer.
- FireTower will authenticate the legitimate entries of all existing Autorun settings on your computer upon installation.
- FireTower will detect and notify you in real-time of all incoming software attempting to insert Autorun settings on your computer in real-time.
- Use FireTower to discover, correlate, and analyze Autorun settings. All critical information is available either on-screen or one-click away from Faultwire.com®
- FireTower is compatible with Windows XP, Windows Vista (32-bit/64-bit) and Windows 7 (32-bit/64-bit). An internet connection is required for the Autorun settings Web Validation check.
What is the purpose of Snapshot Viewer?
Snapshot Viewer is FireTower server-side application that allows you to upload and share a snapshot of your current system configuration and Autorun settings with a friend or support professional. Once this has completed you will be given a URL which you can copy and share with whoever is providing you with support assistance. Now the person assisting you with technical support can take the URL link and open it in a web browser. This will provide the support assistant with a web interface that behaves just like the FireTower Guard desktop client and access to a snapshot of your current system configuration and Autorun settings.
What are the benefits of installing FireTower product on my PC?
- For PC users without PC technical knowledge, you could with one-click wrapping of your currently Autorun settings with always ready FireTower Snapshot Viewer to upload to support site or support professionals for diagnostic service.
- For PC users with technical knowledge or would like to diagnose issues with PC
You can use FireTower discovery information displayed on the main screen or the detail pane for each Autorun entry to investigate each Autorun settings through Faultwire.com website.
FireTower has detected a questionable Autorun entry, what should I do?
The first thing you should do is click the “View” link and check the “Digital Signature” tab. If the entry has a digital signature, we believe it is most likely a legitimate piece of software. If it does not have a digital signature, click the “Lookup File” button to find the entry on Faultwire.com’s database. From there, they will tell you if the entry is a recognized Windows file or not. If it is not, Faultwire.com will direct you to google search results for that file for further details and possibly removal instructions.
How much does FireTower cost?
FireTower is free! (for personal, non-commercial use). For commercial use, please contact us at mysales(at)sampansecurity.com for availability and pricing.
BACK TO TOP
FireTower Guard (product)
What is FireTower Guard?
FireTower Guard include FireTower software with Guard features for automatic intrusion quarantine and quarantine management capabilities
What are the system requirements?
FireTower Guard is compatible with Windows XP, Windows Vista (32-bit/64-bit) and Windows 7 (32-bit/64-bit). An internet connection is required for Autorun settings Web Validation check.
What are the differences between FireTower and FireTower Guard?
For the incoming software setting up an Autorun entry, only visual alert is displayed for FireTower. There is no FireTower Guard functions in the FireTower product, that is no automatic and real-time quarantine of malicious entry and there are no quarantine management software.
BACK TO TOP
FireTower Cyber Console (product)
What is FireTower Cyber Console (CyCon Product)?
CyCon is an optional cloud service available through Sampan Security Inc. which allows an CyCon-Consumer user account owner to monitor up to three endpoint PCs of his/her chosen. All connected PCs will update CyCon in real-time critical autorun setting events, each connected PC requires a separate FireTower Guard license.
What is the current limitation of CyCon Service?
CyCon Service currently is designed for Consumer market and is limited to connect to three (3) FireTower Guard Endpoint PCs. Separate FireTower Guard licenses are required for each of the CyCon-connected PCs.
CyCon for SMB and Corporation will be available later in Q4 2012. Please contact the Sampan Security Sales Department (mysales (at) sampansecurity.com for availability and pricing.
BACK TO TOP
|
|
