The IKARUS scan.engine detects and analyses viruses and files with harmful behaviour. The technology is based on sophisticated virus analysis: Partly automated and partly manually, all data is analysed, executed, simulated and monitored in a multi-stages process.
The IKARUS scan.engine is one of the world’s best carrier-grade content scanning engines. It detects, extracts, analyses and eliminates malware, vulnerabilities, and exploits in virtually all file systems and archives. The IKARUS scan.engine uses advanced high-performance scan-technologies to analyse different types of files and code – regardless of their appearance, size or file identifier.
It is only in the simplest cases, that a virus definition (or virus description) consists only of a static signature: Already known and uncomplicated viruses can be identified by matching unique code sequences.
Usually, it is not that easy. More challenging or unknown malware pass through various stages of analysis, being disassembled into their individual components and carefully examined in different analytical processes.
The first scanning operation is about cryptographic hash calculation, analysis of suspicious or conspicuous data elements and detection of signatures and exploits. Known viruses that can be identified via our virus databases, are immediately isolated and defanged. Most of the data will be further analysed in a closed virtual environment.
THIS IS HOW THE IKARUS
Packed files are unpacked and all data extracted, executables are identified and decrypted. The engine performs all simulations in an integrated closed virtual environment and analyses files for exploits, scripts, iframes, java scripts, actions scripts, macros, and embedded font- or PE-files. Scripts like HTML, XML, Java Script, VBS, MIRC Script, Web Script, X Script, BAT, TXT or binary files are checked for jump and calls, executed and monitored.
Within the virtual environment, API calls are replaced with own features. The behavioural analysis contain API calls, reloaded files or DLLs, and opcodes. Edited storage areas and unpacked codes and files are monitored and measured.
Additionally, the behaviour of files after starting the simulation has to be monitored and measured, too: Some viruses use techniques to test their environment and recognize testing environments. Calls for APIs to compare register values, tests of error codes after using wrong parameters or the search for certain files within the process environment block might point to camouflage functions of a virus.
The IKARUS team of analysts completes and supports the high performance of the IKARUS scan.engine with manual analyses and reverse-engineering. Besides, global threat data from the IKARUS SigQA (Signature Quality Assurance Program) and sample sharing within the industry ensure quality and sustainability.
All findings from different analytical stages performed by the IKARUS scan.engine and all data collected by the IKARUS Lab is regularly entered in the virus databases.
The renowned VB100 reviews offer an independent performance analysis of the IKARUS scan.engine: Regular testing of anti-malware software measuring reactive and proactive detection rates, system slowdown and stability show the IKARUS scan.engine among the global top performers.
THE IKARUS TEAM
IKARUS Security Software was founded about 30 years ago and has since committed itself to combating viruses and malware. Today, around 50 employees at the company headquarters in Vienna work every day to find new approaches and solutions to make security accessible to everyone on the Internet and in our increasingly networked society.
Thanks to the self-developed core technology around IKARUS scan.engine, IKARUS Security Software has developed into a global player that can and wants to compete internationally with the leading providers of IT security solutions.
IKARUS Security Software invests around 65 per cent of the total turnover in software research and development and is linked with security experts in various countries. The experts of IKARUS Security Software constantly share virus information with other research centers. The focus of current research projects are in technical, legal and social areas: starting from formal virus description and new approaches by the Special Criminal Law up to closed and open data security systems.
IKARUS Security Software GmbH
Phone: +43 1 58995-0
Fax: +43 1 58995-100
CEO: Josef Pichlmayr
Commercial Register Number: FN64708
VAT ID: ATU15191405
DVR Number: 0729833