Automatic Exploit PreventionIshanov started by listing the steps required for an exploit to succeed: 1) the user opens a malicious
file or visits a malicious site; 2) the exploit passes control to malicious shell-code; 3) the shell-code downloads a malware payload; 4) the payload launches; 5) malware is now running on the victim's system.
Kaspersky already handles this problem at several levels. It can block access to malicious sites or quarantine malicious files at step 1. These components can also prevent download and execution of the malicious code in steps 3 and 4. The Host Intrusion Prevention System and real-time antivirus can deal with malware in step 5.
The 2013 product line adds what Ishanov called "forced ASLR" (Address Space Layout Randomization). ASLR is already a feature of MacOS and iOS, and Windows includes a degree of ASLR. Kaspersky's forced ASLR relocates modules in memory, making it tough for the exploit to launch shell-code in step 2. It works even in Windows XP.
Another facet of automatic exploit prevention is a new emphasis on process execution control, preventing the launch of the malware payload at step 4. This feature relies on improved file reputation and domain reputation information. According to Kaspersky's internal testing, this feature blocks 100 percent of exploits based on the BlackHole exploit kit.
Safe MoneySafe Money is Kaspersky's name for a collection of features aimed at making online banking safer. To start, the 2013 products will feature an improved antiphishing engine with a new ability to detect phishing sites by analyzing their content in real time. They'll also guard against fraud by checking the reputation of site certificates.
The feature formerly called Safe Run for Websites is now part of Safe Money. When users browse to a known financial site, Kaspersky will put the browser in high-security mode; users can also choose this mode manually.
Kaspersky has long featured a virtual keyboard, for entering passwords without the chance of interception by a keylogger. The next versions add a secure connection between the keyboard and the browser. A keylogger won't detect what you're typing when this connection is active. To top off this collection of protective features, the product's self-protection has been enhanced. Bad guys won't be able to get their way by disabling protection.
The 2013 editions of Kaspersky Internet Security and Kaspersky Anti-Virus are currently in beta testing, with final release expected in August.
