Interview with the main developer Dr.Web СureIt! 7.0
Dear habravchane, recently we released a beta Dr.Web CureIt! 7.0 - our free utility, which is used by millions around the world. Today we bring to your attention an interview with one of the main developers of Dr.Web ureIt! and the head of this project - Konstantin Yudin.
In the new CureIt! - completely new interface. In connection with which he was completely redesigned, what goals were behind this?
')
First of all, Dr.Web CureIt! - curing utility, so its main functionality - a quick search for active threats and their treatment. In this regard, we have simplified the interface. Removed the full check under the hood, to focus the user's attention on the task - to check for viruses, or to cure the system from active threats. Everything else is in the background.
But another change is also no less important - Dr.Web CureIt! It has become a completely independent product - a separate module with its own features and functionality, and not a wrapper scanner, with a bunch of annoying user messages. Nevertheless, it is recognizable and similar to its big brother (Dr.Web Security Space), so that the user does not need to relearn much.
In your opinion, enjoy the new CureIt! it became even more convenient? Could you put yourself in the user's place and give, say, 3 differences with the old CureIt!
Treatment for us before was a priority. Now in Dr.Web CureIt! we made it even simpler and more efficient. Well, look, the person launches the utility, he has the “Start scan” button and you do not need to think about which test options he needs to choose — full, fast or custom, as before.
Its task is to cure the threat, or check the PC for the presence of active threats. Now all this is one direct action “start a test”. In the previous version, users most often launched a full scan, since believed that it is the safest and is guaranteed to find everything you need. In fact, a full scan is a scan of all disks on a PC, it can last for several hours or even days (depending on the content and volume of the user), and this doesn’t compare at all with the idea of Dr.Web CureIt! utilities (“start, check, close”). Now there is only one button - you will not miss :)
Another difference, which is also probably worth noting, is the ability to scan any items in the selective scan mode: check only the disks, the boot sector, check for rootkits or Windows recovery points. If the user is experienced and knows exactly what he is looking for, then there is an opportunity to select the desired item. In the previous version of Dr.Web CureIt! there was a quick check in which all these points were monolithically checked and their check could not be disabled. Now we have added “flexibility”, if you please, for more advanced users.
Speaking everything above, I didn’t really mention the main point. After all, we completely redesigned the scanning architecture. If a person wants to check his files or PC entirely, anti-rootkit is not activated in this mode - there is no need to check files through it, which increases the speed of the scan. In the previous version, any verification, regardless of where the file is located, went through a complex anti-rootkit system. These are quite heavy operations, which greatly reduced the speed of testing and stability.
Due to what has the speed of checking dramatically increased? Will this affect user security?
First of all, due to the transition to the multithreaded scanning service of Dr.Web Scanning Engine, which uses all processor cores to scan files in parallel.
Also, due to the new subsystem of the search for rootkits, which is activated only when necessary, as mentioned above.
If fast check old Dr.Web CureIt! could take 30-40 minutes, now it goes within 7-13 minutes. This is a minimum of time that cannot be jumped, unless you disable some of the functionality, which is undesirable because The main task is to identify all active threats and cure the computer.
We are talking about increased stability. But did users often complain about this before?
One of the big problems, not only of Dr.Web CureIt !, but also of the past scanner, was that with a long check the car could go to the blue screen. This again was due to the fact that terabytes of data were checked through anti-rootkit. And few people know that on board we have our own mini-OS under the hood, which also does not add stability. In version 7.0, we seriously revised our vision of how everything should work quickly and safely, and without compromising quality.
And the second point - reduced the number of conflicts. After all, Dr.Web CureIt! - A utility that works everywhere, even with third-party antivirus. We have removed controversial issues, because of which systems sometimes clashed, due to this increased reliability. As version 7.0 showed, over the past six months we have stopped receiving requests for technical support with blue screen problems to technical support, they are also BSOD.
Significantly expanded the ability to selectively scan the computer - for what it was done?
First of all for user convenience.
The seventh version of the treating utility provides the ability to block the network connection in the process of checking the computer - how important is this for the safety of the computer? Is it necessary for all users to do this?
In the seventh version, a new feature appeared - the ability to block network connections while running Dr.Web CureIt! .. Its essence, first of all, is to prevent re-infection at the time of testing and treatment. Those. If you have some kind of threat, which is trying to connect to the command center, to load a new load (payload), then this option can be cut off her campaign to the owner. Either any network worm that constantly tries to get to your machine, or the exploits come from the Internet all the time. By enabling this option, you will secure your car at the time of inspection and treatment. Re-infection from these sources will not follow.
What can be expected in the final version?
We still have some new chips planned. Before the main release. The first of these is the quarantine manager, which will be embedded directly in CureIt! .. This is done so that the user has the ability to perform any manipulations with the threats found. See what was cured, deleted, moved to quarantine. Or restore the file to its original location if it was a false positive. You can also delete all found threats in quarantine. Plus see some information about a specific threat.
The second revision is still under question, perhaps there will be such a function, which will be when Dr.Web CureIt! Disable low-level writing to disk. This is done to prevent re-infection of the boot sectors and protect against bootkits. The question is controversial, we will think about whether to include it or not.
Another feature is that after the verification is completed, a link to the report will be available, a person will be able to follow the link and open a verification log in a text editor, for transfer to tech support or a forum for helpers, or to see in detail what was at the time of verification.
In the new CureIt! - completely new interface. In connection with which he was completely redesigned, what goals were behind this?
')
First of all, Dr.Web CureIt! - curing utility, so its main functionality - a quick search for active threats and their treatment. In this regard, we have simplified the interface. Removed the full check under the hood, to focus the user's attention on the task - to check for viruses, or to cure the system from active threats. Everything else is in the background.
But another change is also no less important - Dr.Web CureIt! It has become a completely independent product - a separate module with its own features and functionality, and not a wrapper scanner, with a bunch of annoying user messages. Nevertheless, it is recognizable and similar to its big brother (Dr.Web Security Space), so that the user does not need to relearn much.
In your opinion, enjoy the new CureIt! it became even more convenient? Could you put yourself in the user's place and give, say, 3 differences with the old CureIt!
Treatment for us before was a priority. Now in Dr.Web CureIt! we made it even simpler and more efficient. Well, look, the person launches the utility, he has the “Start scan” button and you do not need to think about which test options he needs to choose — full, fast or custom, as before.
Its task is to cure the threat, or check the PC for the presence of active threats. Now all this is one direct action “start a test”. In the previous version, users most often launched a full scan, since believed that it is the safest and is guaranteed to find everything you need. In fact, a full scan is a scan of all disks on a PC, it can last for several hours or even days (depending on the content and volume of the user), and this doesn’t compare at all with the idea of Dr.Web CureIt! utilities (“start, check, close”). Now there is only one button - you will not miss :)
Another difference, which is also probably worth noting, is the ability to scan any items in the selective scan mode: check only the disks, the boot sector, check for rootkits or Windows recovery points. If the user is experienced and knows exactly what he is looking for, then there is an opportunity to select the desired item. In the previous version of Dr.Web CureIt! there was a quick check in which all these points were monolithically checked and their check could not be disabled. Now we have added “flexibility”, if you please, for more advanced users.
Speaking everything above, I didn’t really mention the main point. After all, we completely redesigned the scanning architecture. If a person wants to check his files or PC entirely, anti-rootkit is not activated in this mode - there is no need to check files through it, which increases the speed of the scan. In the previous version, any verification, regardless of where the file is located, went through a complex anti-rootkit system. These are quite heavy operations, which greatly reduced the speed of testing and stability.
Due to what has the speed of checking dramatically increased? Will this affect user security?
First of all, due to the transition to the multithreaded scanning service of Dr.Web Scanning Engine, which uses all processor cores to scan files in parallel.
Also, due to the new subsystem of the search for rootkits, which is activated only when necessary, as mentioned above.
If fast check old Dr.Web CureIt! could take 30-40 minutes, now it goes within 7-13 minutes. This is a minimum of time that cannot be jumped, unless you disable some of the functionality, which is undesirable because The main task is to identify all active threats and cure the computer.
We are talking about increased stability. But did users often complain about this before?
One of the big problems, not only of Dr.Web CureIt !, but also of the past scanner, was that with a long check the car could go to the blue screen. This again was due to the fact that terabytes of data were checked through anti-rootkit. And few people know that on board we have our own mini-OS under the hood, which also does not add stability. In version 7.0, we seriously revised our vision of how everything should work quickly and safely, and without compromising quality.
And the second point - reduced the number of conflicts. After all, Dr.Web CureIt! - A utility that works everywhere, even with third-party antivirus. We have removed controversial issues, because of which systems sometimes clashed, due to this increased reliability. As version 7.0 showed, over the past six months we have stopped receiving requests for technical support with blue screen problems to technical support, they are also BSOD.
Significantly expanded the ability to selectively scan the computer - for what it was done?
First of all for user convenience.
The seventh version of the treating utility provides the ability to block the network connection in the process of checking the computer - how important is this for the safety of the computer? Is it necessary for all users to do this?
In the seventh version, a new feature appeared - the ability to block network connections while running Dr.Web CureIt! .. Its essence, first of all, is to prevent re-infection at the time of testing and treatment. Those. If you have some kind of threat, which is trying to connect to the command center, to load a new load (payload), then this option can be cut off her campaign to the owner. Either any network worm that constantly tries to get to your machine, or the exploits come from the Internet all the time. By enabling this option, you will secure your car at the time of inspection and treatment. Re-infection from these sources will not follow.
What can be expected in the final version?
We still have some new chips planned. Before the main release. The first of these is the quarantine manager, which will be embedded directly in CureIt! .. This is done so that the user has the ability to perform any manipulations with the threats found. See what was cured, deleted, moved to quarantine. Or restore the file to its original location if it was a false positive. You can also delete all found threats in quarantine. Plus see some information about a specific threat.
The second revision is still under question, perhaps there will be such a function, which will be when Dr.Web CureIt! Disable low-level writing to disk. This is done to prevent re-infection of the boot sectors and protect against bootkits. The question is controversial, we will think about whether to include it or not.
Another feature is that after the verification is completed, a link to the report will be available, a person will be able to follow the link and open a verification log in a text editor, for transfer to tech support or a forum for helpers, or to see in detail what was at the time of verification.
Source: https://habr.com/ru/post/144399/
All Articles