What's interesting that this change brought us not only increased reliability (the reason why we decided to implement it in the first place), but also significant performance gain. The works on this were finished about a month ago, and after some additional reliability testing, we finally released it to the public as part of the April 19th definition update (last Monday). What seemed like an easy task in the beginning actually turned out to be a fairly large project with tens of thousands of lines of code, and many months of work. For this reason, we have been working on our own implementation of the signature verifier. We knew this wasn't ideal though - especially because we realized that in case the underlying system was somehow compromised, any such system API could already be redirected/hijacked by malware and so trusting it was not 100% bulletproof. Previously, we were using the crypto services provided by the operating system (called "wintrust") to do the actual verification of the digital signatures.
In particular, this applies to files which are on our internal whitelists, as well as files which are digitally signed by trusted publishers (we maintain a relatively short list of software publishers that we trust, and we consider any files produced and digitally signed by these publishers as safe). One of the great new features of avast 5 is the persistent cache, a mechanism which allows us to skip rescanning of certain files. How to make the Full System Scan 6x faster in 10 daysĭuring the last few weeks, we have been tweaking the avast! 5 engine and while doing this, we found out that there were some hidden reserves with respect to its performance (namely, the duration of the on-demand scans).
0 kommentar(er)
