Quarantine was an antivirus software from the early 90s that automatically isolated infected files on a computer's hard disk. Files put in quarantine were then no longer capable of infecting their hosting system.
In December, 1988, shortly after the Morris Worm, work started on Quarantine, an anti-malware and file reliability product. Released in April, 1989, Quarantine was the first such product to use file signature instead of viral signature methods.[clarification needed]
The original Quarantine used Hunt's B-tree database of files with both their CRC16 and CRC-CCITT signatures. Doubling the signatures rendered useless, or at least immoderately difficult, attacks based on CRC invariant modifications. Release 2, April 1990, used a CRC-32 signature and one based on CRC-32 but with a few bits in each word shuffled. The subsequent MS-AV from Microsoft, designed by Check Point, apparently relied on only an eight bit checksum—at least out of a few thousand files there were hundreds with identical signatures.
Functionalityedit
Quarantine
allowed suspect files to be
Deleted
Moved to a quarantine area
Flagged in a report
Standard executables were scanned, or one could use up to twenty file matching patterns
Twenty exclusion patterns were available
Twenty directory paths could be included, or twenty excluded
The 1990 version also allowed
Background processing
Checking of executables and libraries as a file is opened
Timing of checks, e.g. if one opened a word file, WORD and all its libraries could be checked:
Immediately
Every half an hour
Once a day or every ten days, etc.
Quarantine allowed system managers to track all modifications of a selected files or file structures, hence Quarantine users also got early warnings of failing disks or disk interface cards.
Achievementsedit
In 1990 Quarantine received the LAN Magazine, Best of Year, Security award. In that year "Quarantine" was reportedly responsible for finding the first stealth virus at the University of Toronto, when all pattern matching virus detectors had failed.
Legacyedit
The efforts and expenses to convert Quarantine to other platforms went unrewarded as Tripwire's 1991 copy of Quarantine for *nix was better funded and publicized than OnDisk could afford to match.
Later efforts include modularized reliability and intrusion approaches that include either SHA-1 or MD5 signatures, or both if you like. Quarantine stopped shipping in 1994.
Referencesedit
This malware-related article is a stub. You can help Wikipedia by expanding it.
quarantine, antivirus, program, this, article, multiple, issues, please, help, improve, discuss, these, issues, talk, page, learn, when, remove, these, template, messages, this, article, technical, most, readers, understand, please, help, improve, make, unders. This article has multiple issues Please help improve it or discuss these issues on the talk page Learn how and when to remove these template messages This article may be too technical for most readers to understand Please help improve it to make it understandable to non experts without removing the technical details September 2010 Learn how and when to remove this template message This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Quarantine antivirus program news newspapers books scholar JSTOR December 2009 Learn how and when to remove this template message Learn how and when to remove this template message Quarantine was an antivirus software from the early 90s that automatically isolated infected files on a computer s hard disk Files put in quarantine were then no longer capable of infecting their hosting system Contents 1 Development and release 2 Functionality 3 Achievements 4 Legacy 5 ReferencesDevelopment and release editIn December 1988 shortly after the Morris Worm work started on Quarantine an anti malware and file reliability product Released in April 1989 Quarantine was the first such product to use file signature instead of viral signature methods clarification needed The original Quarantine used Hunt s B tree database of files with both their CRC16 and CRC CCITT signatures Doubling the signatures rendered useless or at least immoderately difficult attacks based on CRC invariant modifications Release 2 April 1990 used a CRC 32 signature and one based on CRC 32 but with a few bits in each word shuffled The subsequent MS AV from Microsoft designed by Check Point apparently relied on only an eight bit checksum at least out of a few thousand files there were hundreds with identical signatures Functionality editQuarantine allowed suspect files to be Deleted Moved to a quarantine area Flagged in a report Standard executables were scanned or one could use up to twenty file matching patterns Twenty exclusion patterns were available Twenty directory paths could be included or twenty excludedThe 1990 version also allowed Background processing Checking of executables and libraries as a file is opened Timing of checks e g if one opened a word file WORD and all its libraries could be checked Immediately Every half an hour Once a day or every ten days etc Quarantine allowed system managers to track all modifications of a selected files or file structures hence Quarantine users also got early warnings of failing disks or disk interface cards Achievements editIn 1990 Quarantine received the LAN Magazine Best of Year Security award In that year Quarantine was reportedly responsible for finding the first stealth virus at the University of Toronto when all pattern matching virus detectors had failed Legacy editThe efforts and expenses to convert Quarantine to other platforms went unrewarded as Tripwire s 1991 copy of Quarantine for nix was better funded and publicized than OnDisk could afford to match Later efforts include modularized reliability and intrusion approaches that include either SHA 1 or MD5 signatures or both if you like Quarantine stopped shipping in 1994 References edit nbsp This malware related article is a stub You can help Wikipedia by expanding it vte Retrieved from https en wikipedia org w index php title Quarantine antivirus program amp oldid 1050271993, wikipedia, wiki, book, books, library,
