SecuLution security-by-design approach already secures in default configuration against more potential dangers than any Antivirus solution ever could. The patented Whitelisting technology makes it possible to prevent even completely unknown malicious software from running. We illustrated the principle here here for you.
However, SecuLution is compatible with all current Antivirus solutions, if you want to continue using them.
The whitelisting of applications/software, also known as Application Whitelisting, is based on the concept of allowing only software that is whitelisted by known applications to run. In a network whose endpoints are protected by an Application Whitelist/Application Control solution, it can no longer run anything that is not explicitly allowed.
The concept completely reverses the approach taken with virus scanners today, almost 100% of which is used to protect a network, and therefore offers an incomparably higher level of protection. Because classical Antivirus software always depends on knowing the malicious code it is supposed to block. See also SecuLution Antivirus.
To put it even more simply, each of us acts at the doorstep according to exactly the same principle. You only let those in your house who are listed on your own whitelist as being trustworthy. All the others can't get through the door.
While the SecuLution Agent has a network connection to the SecuLution Server appliance, requests are always sent to the appliance. This allows a zero-second reaction time for changes. If the agent is offline, it accesses a locally stored and encrypted database. See also SecuLution Agent
Good question. We do not understand either. Did you know about Application Whitelisting before you read this today?
No. Querying a hash that is generated by the SecuLution Agent from the respective software takes only 30 ms. This is approximately the time that a ping needs. Because of this behavior and the very small package size, which is checked against the Server, SecuLution works in an extremely resource-conserving manner. If you compare this value with a heuristic live check of a Virus-Scanner, SecuLution is faster about a factor of 10,000. Yes, we know this is an apples and oranges comparison. But it gives an impression of the dimensions we are talking about.
The SecuLution Server contains the Whitelist you maintain and the associated rules for the contained objects.It is installed as a virtual machine in your network and you have full control over your data at all times. No usage data is transferred to the Internet. Your data will remain yours. Guaranteed.
The weaknesses found in the hash algorithms MD5 and SHA1 have no effect on the security of SecuLution since it is still not possible to generate a malicious software that has a predetermined hash. It is not possible to create a file that has the same hash as a software already contained in SecuLutions whitelist.
In the media SHA1 and MD5 are described as being "broken" because it is possible to generate collisions. A "collision" with respect to hashes means that you can create two different input files (file1 and file2) which after passing through the hash algorithm result in the same hash. However, it is not possible to influence the resulting hash in any way.
To perform an attack on the security offered by SecuLution, an attacker would have to create a file whose hash is already contained in SecuLution's Whitelist ("pre-image" attack). A collision attack is about creating two different files which have the same non-determinable hash; A pre-image attack is about creating a file that has a specific, predefined hash. These are two completely cryptographically different tasks. Successful pre-image attacks are also not known with SHA1 and MD5.
For technical questions about SecuLution in practice, please refer to our online documentation for a FAQ section:
Could not find your question in our FAQ? Just write us what you want to know, our support team will answer you as soon as possible.
Weekdays from 7am – 4pm