Jump to content

Recommended Posts

So, I found out about some neat technologies in OPSWAT, but while they all seem interesting, the thing that actually draws my attention the most right now is the Data Sanitation tech, aka Content Disarm and Reconstruction (CDR).


What are the chances that something similar could find its way into the Malwarebytes lineup, such as a standalone program that runs in the background?
Link to post
Share on other sites

I've looked at this kind of technology in the past and discussed it with one of the Devs and it seemed to be more of a dead end than anything as deconstructing and reconstructing what are essentially complex executable files isn't a viable approach, especially if the files are to remain functional and besides that, the excellent Exploit Protection in Malwarebytes already shields against the types of attacks and threats this technology is aimed at, so it would be redundant (not only that, but the anti-exploit tech in Malwarebytes also has many additional functions such as application hardening that render many such attack vectors impossible, regardless of whether the vulnerability/exploit is known or unknown).

Link to post
Share on other sites

Well, if only certain file types are supported for sanitation, for example a PNG image, a Word document, or a Windows MetaFile, then you wouldn't have to worry about breaking files that are in unknown formats. Exploit Prevention can easily protect you, but can't protect other computers in your network if compromised files are going through your system. File Sanitation can actively render outgoing files harmless if you don't know where they might be going, or whether the person on the receiving end is as well protected as yourself.

Furthermore, machine learning and sophisticated heuristics can be a further aid to ensuring that reconstructed files are still usable, as anything that's corrupted can still be repaired with sufficiently advanced guesswork and context clues. Using this same logic, it might even be possible to reconstruct files that were damaged through other means, like file system corruption or a bug in the encoding program. Of course, a file repaired through guesswork will never be a perfect replica of the original, but depending on how severe the damage actually is, it can be a lot better than having no file at all.

Link to post
Share on other sites

Yes, but hypothetically all computers on a network which are sharing files with one another should, for the sake of best practices and security, be running the same security solutions, especially if we're talking about a business environment (though even home users now will usually use the same tools across all systems/devices on their networks/in their homes, hence the popularity of multi-device licenses and bundles which Malwarebytes and other security vendors provide).

As for reconstructing damaged files, I can certainly see the value in that, but that would be well outside the purview of Malwarebytes as a security vendor and would be better suited to an outfit that deals with data recovery as an area of focus rather than threat prevention.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.