Kaspersky Internet Security 2012

 
 
 

iChecker and iSwift technologies in Kaspersky Internet Security 2011/2012: general information and operating principles

Back to "Technical articles / How to..."
2012 Aug 09 ID: 3893
 
 
 
 

Intellectual technologies iChecker and iSwift allow accelerating work of Kaspersky Internet Security 2011/2012 either in the real-time protection or in the on-demand scan mode. Technologies achieve the highest efficiency some time after installation of Kaspersky Internet Security 2011/2012. These technologies add to each other thus accelerating anti-virus scan of various objects in different file and operating systems.

iChecker technology

iChecker operating principles:

During the first scan the check sum of an object is saved. Check sum is a unique digital signature of an object (file) that allows identifying this object (file). Check sum changes every time the object is modified. This information is saved in a special table. During the next scan of an object the previous and current check sums are compared. If the check sum is different it means the object was changed and it should be scanned for a malicious code once again, if the check sum is the same, the object was not changed and therefore it is not scanned. 

Advantages of iChecker technology:

  • Copy of the previously scanned object is recognized in any other folder, message or archive. 
  • iChecker technology allows working with objects on removable drivers, start-up objects, mail attachments, etc. 
  • Uses resources of Windows OS to optimize and accelerate the speed during the first scan of start-up objects and first full scan. 

Restrictions of iChecker technology:

  • The technology does not work with big files as in this case it is faster to scan the file then to calculate its check sum.

The technology works with limited number of formats (such as exe, dll, lnk, ttf, inf, sys, com, chm, zip, rar).

iSwift Technology

iSwift operating principles:

The technology has been developed for NTFS file system. In this system NTFS-identifier is given to each object. This NTFS-identifier is compared with the values in the special iSwift database. If the values do not coincide with the NTFS-identifier then the object is scanned or rescanned, if it has been changed.

InformationThis algorithm considers the previous scan date and decides whether the object should be re-scanned or not. The decision is based on a geometric series with some random elementS: for example if from the moment of the first scan to the last scan the same period or more passed then the object will be re-scanned. The algorithm does not consider intermediate object scans and their number, only the time period between the first and the last scan is considered. The object will be also scanned in the case of the object settings being changed to stricter ones. 

Advantages of iSwift technology:

  • iSwift is quicker than iChecker, as it does not calculate check sums of scanned objects. 
  • It works with objects of any formats, sizes and types. 

Restricitions of iSwift technology:

  • The technology is connected to a definite file location in the file system. If the file was copied/ relocated then it is scanned again. 
  • The technology can be used for NTFS file system only.
 
 
 
 
Did the provided info help you?
Yes No
 
 
 

Applies To:

  • Kaspersky Internet Security 2011
  • Kaspersky Internet Security 2012