HOME

TheInfoList



Click Here for Items Related To - Quarantine Technology
OR:
Quarantine Technology on:   [Wikipedia]   [Google]   [Amazon]

Quarantine was an
antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...
from the early 90s that automatically isolated infected files on a computer's hard disk. Files put in quarantine were then no longer capable of infecting their hosting system.


Development and release

In December, 1988, shortly after the Morris Worm, work started on ''Quarantine'', an anti-malware and file reliability product. Released in April, 1989, ''Quarantine'' was the first such product to use
file signature {{short description, Data used to identify or verify the content of a file In computing, a file signature is data used to identify or verify the contents of a file. In particular, it may refer to: * File magic number: bytes within a file used to ...
instead of viral signature methods. The original ''Quarantine'' used Hunt's
B-tree In computer science, a B-tree is a self-balancing tree data structure that maintains sorted data and allows searches, sequential access, insertions, and deletions in logarithmic time. The B-tree generalizes the binary search tree, allowing for n ...
database of files with both their
CRC16 A cyclic redundancy check (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to digital data. Blocks of data entering these systems get a short ''check value'' attached, based on t ...
and CRC-CCITT signatures. Doubling the signatures rendered useless, or at least immoderately difficult, attacks based on CRC invariant modifications. Release 2, April 1990, used a
CRC-32 A cyclic redundancy check (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to digital data. Blocks of data entering these systems get a short ''check value'' attached, based on t ...
signature and one based on CRC-32 but with a few bits in each word shuffled. The subsequent MS-AV from Microsoft, designed by
Check Point Check Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security managem ...
, apparently relied on only an eight bit checksum—at least out of a few thousand files there were hundreds with identical signatures.


Functionality

''Quarantine'' * allowed suspect files to be ** Deleted ** Moved to a quarantine area ** Flagged in a report * Standard executables were scanned, or one could use up to twenty file matching patterns * Twenty exclusion patterns were available * Twenty directory paths could be included, or twenty excluded The 1990 version also allowed * Background processing * Checking of executables and libraries as a file is opened ** Timing of checks, e.g. if one opened a word file, WORD and all its libraries could be checked: ** Immediately ** Every half an hour ** Once a day or every ten days, etc. ''Quarantine'' allowed system managers to track all modifications of a selected files or file structures, hence ''Quarantine'' users also got early warnings of failing disks or disk interface cards.


Achievements

In 1990 ''Quarantine'' received the LAN Magazine, Best of Year, Security award. In that year "Quarantine" was reportedly responsible for finding the first stealth virus at the
University of Toronto The University of Toronto (UToronto or U of T) is a public research university in Toronto, Ontario, Canada, located on the grounds that surround Queen's Park. It was founded by royal charter in 1827 as King's College, the first institution ...
, when all pattern matching virus detectors had failed.


Legacy

The efforts and expenses to convert ''Quarantine'' to other platforms went unrewarded as
Tripwire A tripwire is a passive triggering mechanism. Typically, a wire or cord is attached to a device for detecting or reacting to physical movement. Military applications Such tripwires may be attached to one or more mines – especially fragme ...
's 1991 copy of ''Quarantine'' for *nix was better funded and publicized than OnDisk could afford to match. Later efforts include modularized reliability and intrusion approaches that include either SHA-1 or MD5 signatures, or both if you like. ''Quarantine'' stopped shipping in 1994.


References

Antivirus software {{malware-stub