Malware-infected email attachments or files from the internet are common causes of system compromise. Existing technologies are not completely reliable. They only detect known malware or require opening the file for inspection, which can lead to secondary infection events.
The technology described here cleans infected files while maintaining full readability. MalwarePreventer minimizes risk by isolating them from the primary digital infrastructure. The technology can be comprehensively integrated into existing IT systems and networks to enable convenient use.
BACKGROUND
Possible vectors for malware include email attachments, files from unsafe sources on the internet, and documents from tunnels such as medical report transmission systems or the electronic health record (ELGA). These can contain malware disguised in metadata that only becomes active when opened. This affects not only files of unknown origin—even files from potentially legitimate sources can cause an infection if the sender's infrastructure is unnoticed. Existing antivirus technologies typically analyze and clean files in the end-user environment or on the server in a network. Unidentified or novel malware can enter the system when the infected file is opened. This creates the risk of compromise or file theft through, for example, zero-day exploits.
TECHNOLOGY
MalwarePreventer technology uses isolated hardware without a network connection to regenerate incoming files and thus free them of malware. The file is sent unopened to the control unit, which forwards it unopened to the display unit via an outbound-only connection. The display unit opens the file and browses it page by page. The control unit digitizes the displayed image information using a process modeled on the scanning process (airgap). It determines metadata and control information based on a QR code generated and additionally displayed by the display unit. The control unit assembles a new file from the individual images. The file is enriched with binary text content using OCR technology.
MalwarePreventer prevents the compromise of the entire system by completely isolating the display unit as a processing unit from the network.
In the worst case, a compromise can only lead to the failure of the display unit, which is automatically restored through appropriate precautions (self-healing).
The file throughput is hardware-scalable. MalwarePreventer can be integrated into existing server configurations and email infrastructure or implemented as a cloud-based service .
An Austrian, an American, and an EU patent have been granted. Numerous additional international applications have been filed based on the positive preliminary report from the International Patent Office. The patent filings were funded by the Austrian Research Promotion Agency (FFG). Test models have been in productive use in my practice ( www.dr-hartl.at ) for three years without any problems.
ADVANTAGES
Cleanup of both known and unknown threats
Removal of malware by re-creating the file
Development status
Prototypes available
TRL = 4
Potential applications
IT security
Malware protection service models
Keywords
Malware
Data Protection
Antivirus
software
Hardware
IT Security
service
IPR
Austrian Patent 525721
European Unitary Patent 433926
International Patent Office:
Positive preliminary report on patentability: PCT/AT2021/060433
American Patent 12,339,966 B2
Options
Out-licensing
Business cooperation
Operation "on-prem" or "as a service"