Dr. Web

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Dr. Web
Dr. Web
Initial release 1992 (1992)
Stable release 11.0
Development status Active
Operating system Linux
Mac OS X
Microsoft Windows
Windows Mobile
Available in Russian, English, French, German, Japanese, Korean
Type Antivirus
Website www.drweb.com

Dr.Web is a Russian anti-malware company, and the name of its flagship software suite. First released in 1992, it became the first anti-virus service in Russia.[1] Doctor Web is one of a few anti-virus vendors in the world that owns its technologies for detecting and curing malware.

The software also offers anti-spam solutions and is used by Yandex, Russia's biggest search provider, to scan e-mail attachments. There is also an add-on for all major browsers which checks links with the online version of Dr Web.[2]

Dr.Web has withdrawn from AV tests such as Virus Bulletin VB100% around 2008 stating that they no longer represent the ability to counteract contemporary malware threats.[3]

Main features[edit]

  • Can be installed on infected computer.
  • Detects and cures complex polymorphic and encrypted viruses and rootkits.
  • An ability to copy important data into secure repository allows the Dr.Web for Windows users restore the damaged data without contacting Dr.Web Support.
  • Supports most existing formats of packed files and archives including multi-volume and self-extracting archives.
  • Compact virus database and light updates. One virus database entry can detect up to thousand similar viruses.
  • Virus database updates happen immediately after new virus identification up to many times per hour. Dr.Web decided to abandon the virus database update schedule idea since virus epimedics never happen on schedule.
  • Crossplatform — Dr.Web uses single scanner engine and virus database for different operating systems.
  • Low impact on system performance. Optimized scanning technology means known-good clean files are not checked by Dr.Web which recudes the system load.

Home user products and feature comparison[edit]

Dr.Web products for home users come in three variants: Dr.Web Anti-virus, Dr.Web Security Space and Dr.Web Katana. Dr.Web Security Space is the complex antivirus solution that uses all the technologies developed by Dr.Web, Dr.Web Anti-virus is a basic antivirus and Dr.Web Katana is a non-signature anti-virus offering preventive protection against the latest active threats, targeted attacks, and attempts by Trojans and exploits to use vulnerabilities, including zero-day ones, to penetrate systems. It can be used with antivirus software of other vendors in order to apply Dr.Web preemprive protection such products lack.

Dr.Web Security Space Dr.Web Anti-virus Dr.Web Katana
Anti-virus + + -
Preventive protection + + +
Anti-spam + - -
HTTP monitor + + -
Parental Control + - -
Firewall + + -
Anti-virus network + - -
Protection against data loss (backup) + - -
Dr.Web Cloud + - +
Block access to removable devices + - -

Main products[edit]

Doctor Web offers products for:

  • workstations and servers running Windows;
  • smarphones and tablets running Android;
  • workstations running Mac OS X;
  • corpoate and nation wide networks;
  • ISP (AV-desk service)
  • mail and file servers running UNIX systems;
  • gateways running UNIX systems;
  • file servers running Novell Netware;
  • Lotus Domino servers running Microsoft Windows;
  • Microsoft Exchange servers;
  • smarphones running BlackBerry OS;
  • smarphones running Symbian OS;
  • smartphones running Windows Mobile.

Dr.Web Security Space[edit]

Dr.Web Security Space includes applications that provide comprehensive protection for Windows and Android and anti-virus security for Mac OS X, Linux, Symbian OS and Windows Mobile.


Dr.Web CureIt! Is an anti-virus scanner based on Dr.Web Scanning Engine, the standard virus scanning engine of Dr.Web products. Although Dr.Web CureIt! Has limited performance capabilities in comparison with Dr.Web Anti-virus for Windows (no resident monitor, no command line scanner, no updating utility, etc.), it is nevertheless able to effectively scan the system and perform necessary actions for detected threats. You can use Dr.Web CureIt! free of charge to scan your personal computer. For any commercial use of Dr.Web CureIt!, however, a license is required.


A solution for remote centralised curing onWindows PCs and servers, including those running different anti-virus software, regardless of local network size.

Dr.Web Security Space for Android[edit]

This anti-virus solution offers a reliable protection of the mobile devices working under the Android™ operating system as well as TV sets, media players and game consoles working under Android TV™ platform from various virus threats designed specifically for these devices.

The application employs the most advanced developments and technologies of Doctor Web aimed at detection and neutralization of malicious objects which may represent a threat to the device operation and information security. Dr.Web uses Origins Tracing™ for Android — the unique algorithm to detect malware designed specially for Android. This algorithm allows detecting the new virus families using the knowledge database on previous threats. Origins Tracing for Android can identify the recompiled viruses, e.g. Android.SMSSend, Android.MobileSpy, as well as the applications infected by Android.ADRD, Android.Geinimi, Android.DreamExploid. The names of the threats detected using Origins Tracing for Android are Android.VirusName.origin.

Users ofDr.Web Security Space or Dr.Web Anti-virus are entitled to use Dr.Web Security Space for Android free of charge.

Dr.Web Katana[edit]

A non-signature anti-virus offering preventive protection against the latest active threats, targeted attacks, and attempts by Trojans and exploits to use vulnerabilities, including zero-day ones, to penetrate systems.

Please note that Dr.Web Katana is not a replacement for a signature-based anti-virus; it operates efficiently in conjunction with other anti-viruses besides Dr.Web.

The technologies used in Dr.Web Katana are included in Dr.Web Security Space and Dr.Web Anti-virus 11.0, so users of these products do not need Dr.Web Katana.

Notable discoveries[edit]

Flashback Trojan[edit]

Dr.Web discovered the Trojan BackDoor.Flashback variant that affected more than 600,000 Macs.[4]


Dr.Web discovered the Trojan.Skimer.18, a Trojan that works like an ATM software skimmer.[5] The Trojan can intercept and transmit bank card information processed by ATMs as well as data stored on the card and its PIN code.


Main article: Linux.Encoder.1

Dr.Web discovered the ransomware Linux.Encoder.1 that affected more than 2,000 Linux users.[6] Linux.Encoder.2 which was discovered later turned out to be an earlier version of this ransomware.

Trojan.Skimer discovery and attacks on Doctor Web offices[edit]

The day that Doctor Web published a news item about Trojan.Skimer.18 getting recorded in the company’s virus database (December 18, 2013), Doctor Web received a threat supposedly from the Trojan writers or criminal organization sponsoring this malware’s development and promotion:[7]


On behalf of Syndicate we congratulate you with successful disassembly of NCR ATM software skimmer. The source code of writers is attached.

Good job but it’s prospectless. Profit from Dr.Web_ATM_shield is dirt-cheap because bankers never give money willingly. However the development of Dr.Web_ATM_shield threatens activity of Syndicate with multi-million dollar profit. Hundreds of criminal organizations throughout the world can lose their earnings.

You have a WEEK to delete all references about ATM.Skimmer from your web resource. Otherwise syndicate will stop cash-out transactions and send criminal for your programmers’ heads. The final of Doctor Web will be tragic.

On March 31, after two arson attacks were carried out on Igor Daniloff’s anti-virus laboratory in St. Petersburg,[8] company received a second threat.

Dear Dr.Web, the International carder syndicate has warned you about avoidance of interference (unacceptable interference) in the ATM sphere. Taking into account the fact that you’ve ignored syndicate’s demands, we employed sanctions. To emphasis the syndicate’s purpose your office at Blagodatnaya st. was burnt twice.

If you don’t delete all references about atmskimmer viruses from your products and all products for ATM, the International carder syndicate will destroy Doctor Web’s offices throughout the world, In addition, syndicate will lobby the Prohibition of usage of Russian anti-viruses Law in countries that have representation offices of the syndicate under the pretext of protection against Russian intelligence service.

Incoming letters of this e-mai are being monitoring, arguments of this dispute will be specified.

Doctor Web released a statement that the company considers it its duty to provide users with the ultimate protection against the encroachments of cybercriminals and consequently, efforts aimed at identifying and studying ATM threats are in progress as is work to improve Dr.Web ATM Shield.[9]



  • The first experiments of Igor Danilov to cure viruses take place (using AIDStest and other anti-viruses and debuggers).
  • The first resident anti-virus monitor Tadpole is created.


  • Tadpole is rewritten and becomes more flexible and versatile.
  • The anti-virus doctor (scanner) Tornado is created. Tornado could interact with hard disk file system at a low level (BIOS) and cope with the new Ghost-1963 virus and was distinguished by a high scanning speed.


  • Spider's Web incorporating the Spider guard (Tadpole successor) and doctor Web (the successor to Tornado). That moment became the starting point in the history of Dr.Web’s development.
  • Igor Danilov took part in the "1 & 1" contest, held this year for Eastern European countries, to find interesting software products and technologies. His SpiderWeb won a grant providing its maker with a stand at CeBIT'93.


  • Dr.Web at CeBIT'93 (Hanover, Germany).
  • Scorpion disc inspector is created. Like the Tornado, Scorpion worked with a hard disk file system at the BIOS level, which enabled it to detect stealth viruses.
  • The first polymorphic virus is created. Its emergence became a watershed separating real ant-viruses capable of detecting and curing polymorphs from otherprograms performing some of the anti-virus functions. Dr.Web becomes the first program in the history of the anti-virus industry that could detect and cure complex polymorphic viruses.It is this anti-virus technology that first made Dr.Web famous among professionals.
  • Igor Danilov participated in the All-Russian Seminar and got acquainted with Igor Lozinsky and other virologists.


  • The heuristic analyzer, which detects previously unknown viruses, is implemented.
  • A processor emulator to uncoil and detect polymorphic viruses is implemented. Dr.Web Anti-virus becomes one of the few in the world to have coped the world-famous polymorphic virus Phantom-1.
  • Doctor Web anti-virus scanner 1.00 is released.
  • Commercial distribution of the Dr.Web anti-virus begins.


  • Dr.Web anti-virus is presented at CeBIT'95 (Hanover, Germany).
  • A feature is created that enables updates to be delivered to the Dr.Web virus database without changing the code of the program.
  • Dr.Web for WinWord is released.
  • Dr.Web becomes one of the first anti-viruses for Novell NetWare.
  • For the first time Igor Danilov presents a report at the EICAR-95 conference in Zurich. Computer virologists from all over the world attend these conferences


  • The January issue of Virus Bulletin magazine features the results of comparative testing for programs capable of neutralizing polymorphic viruses.
  • Virus Bulletin magazine publishes its first review of the Dr.Web Anti-virus. The Dr.Web heuristic analyzer is awarded the highest mark.
  • The online Dr.Web scanner service appears.


  • Dr.Web 4.0 is released. It incorporated innovations that fundamentally changed the anti-virus's architecture and operational routines.


  • The first comprehensive system to prevent virus penetration is created for Windows 95/98.
  • The resident monitor SpIDer Guard for Windows 95/98 joined the Dr.Web family.
  • Dr.Web becomes the first anti-virus in the world to feature a virtual machine memory scan under Windows NT.


  • The Dr.Web anti-virus is certified by the Russian Defence Ministry.
  • Dr.Web virus database updating frequency increases dramatically. Today the databases are updated every day on an hourly basis.


  • The Dr.Web engine is licensed to the Chinese anti-virus developer KingSoft.


  • Igor Danilov establishes Doctor Web and becomes its technical director.


  • Dr.Web Enterprise Suite for corporate network protection is released.
  • Dr.Web engine is licensed to the South Korean developer of the Virus Chaser.


  • The free utility, Dr.Web CureIt!, is released and immediately becomes the most popular and trusted means for emergency virus curing among users of other anti-viruses.
  • The Technical Support Center in the Ukraine is opened.


  • Doctor Web Central Asia is established in the Republic of Kazakhstan.
  • Doctor Web Deutschland GmbH office opens in Germany.


  • The first version of Dr.Web AV-Desk is released. From this point on, the Software-as-a-Service (SaaS) era in Russia’s anti-virus industry is underway. Now service providers are delivering the Dr.Web Anti-virus to home users on a monthly subscription basis. Doctor Web becomes the first company to offer an anti-virus as a service on the Russian market and, to this day, is still the undisputed leader in this segment of the anti-virus market.
  • The first Dr.Web anti-virus for mobile devices is released. Since viruses for mobile devices are scarce at this time, Doctor Web makes the unprecedented decision to provide the product free of charge. The motto: "protection from non-existing threats must be free!". Doctor Web adheres to this principle with regard to all its anti-viruses for mobile devices till 2012 when the number of threats to mobile platforms starts growing exponentially.


  • Doctor Web France opens for business.
  • Doctor Web announces that it will no longer participate in comparative tests by the British magazine Virus Bulletin, as they "have little to do with assessing the capabilities that are really in demand in the face of today's virus threats".
  • Dr.Web Office Shield appliance is released. Like many Doctor Web products, it is ahead of its time. In 2012, four years after its release, Dr.Web Office Shield is named top innovation for SMB software by PC Magazine.
  • Dr.Web AV-Desk is recognized as one of the best security products in 2007 by PC Magazine.


  • Doctor Web releases an anti-virus for Mac OS X. The number of viruses for Mac OS X has been negligible only because there have been too few users to make virus writing for Macs profitable; Doctor Web invested in developing this product and is proud of its quality. Only in April 2012, after Doctor Web found aof many thousands of Macs, did Apple release a utility that removes Backdoor.Flashback.39, thus acknowledging de facto the existence of viruses for Macs.


  • Dr.Web AV-Desk makes it possible to provide business users with the Dr.Web Anti-virus Service.
  • The in-house developed firewall has been incorporated into Dr.Web products for home users.
  • Doctor Web Pacific opens its office in Japan.


  • Dr.Web Enterprise Security Suite achieves certification required to deliver software to Gazprom.
  • Doctor Web Software Company (Tianjin), Ltd opens in China.


  • Doctor Web marks the 20th anniversary of Dr.Web anti-virus development


  • Dr.Web Security Space 9 is released.


  • Dr.Web Security Space 11 is released. Version 11 has an extended arsenal of protective technologies that provide enhanced protection against zero-day exploits and other deceptive techniques that criminals use today and will use in the future. Dr.Web utilises state-of-the-art hardware capabilities to control the operation of all the installed applications and the operating system.
  • Dr.Web Katana is released, which is designed to protect against new threats that a traditional anti-virus is not yet equipped to recognize. The new anti-virus Dr.Web Katana is based on proactive technologies that do not involve the use of virus databases: the decision as to whether a particular malware program should be neutralised is made only on the basis of a mining model of the behaviour of the applications running on a computer.

See also[edit]


External links[edit]