Quarantine (computing)

Quarantine is a function of antivirus software that isolates infected files on a computer’s hard disk. Files put in quarantine are no longer capable of infecting their hosting system.

Development and release

In December, 1988, shortly after the Morris Worm , work started on Quarantine , an anti-malware and file product reliability. Released in April, 1989, Quarantine was the first such product to be used for signature of viral signature methods. clarification needed ]

The original Quarantine used Hunt’s B-tree database of files with Both Their CRC16 and CRC-CCITT signatures. Doubling the signatures rendered useless, or at least immoderately difficult, based on CRC invariant modifications. Release 2, April 1990, used a CRC-32 signature and one based on CRC-32 but with a few bits in each word shuffled. The subsequent MS-AV from Microsoft, designed by Check Point , appears to be an eight-bit checksum-at least one of a few thousand files with identical signatures.

Functionality

Quarantine

  • allowed suspect files to be
    • Deleted
    • Moved to a quarantine area
    • Flagged in a report
  • Standard executable were scanned, or,
  • Twenty exclusion patters were also available
  • Twenty directory paths could be included, or twenty excluded.

The 1990 version also allowed

  • Background processing
  • Checking of executables and libraries
    • Timing of checks, eg WORD and all its libraries could be checked:
    • time immediately
    • Every half an hour
    • ounce a day or every ten days, etc.

Quarantine allowed system managers to track all changes of a selected files or file structures, hence Quarantine users aussi got early warnings of failing disks or disk interface cards.

Achievements

In 1990 Quarantine received the LAN Magazine, Best of the Year, Security award. In that year, “Quarantine” was reportedly responsible for finding the first stealth virus at the University of Toronto .

Legacy

The efforts and expenses to convert Quarantine to other platforms Went unrewarded as Tripwire ‘s 1991 copy of Quarantine for * nix was better funded and publicized than OnDisk Could AFFORD to match.

Later efforts include modularized reliability and intrusion approaches that include either SHA-1 or MD5 signatures, or both if you like. Quarantine stopped shipping in 1994.

Leave a Reply

Your email address will not be published.