/QuickDag

QuickDag – Also known as Quick Diagnostics Analysis Gen, is a tool for IT Pros to quickly detect malicious files and help diagnose computer problems. Starting in 2017, relaunched 2024.

QuickDag – Quick Diagnostics AlGorithm

Our repos and pages are being re-written to incorporate new changes, new features, and new information. This is page is not fully completed or refined. QuickDag has come a long ways since it was created in 2017, and it has undergone changes and gained maturity. Bear with us as we re-write this page to better and more accurately reflect what QD is and how it will help you.

QuickDag is a program for security and IT professionals, it's primary feature NexGen, is a built from scratch highly advanced offline malware detection algorithm assisted by machine learning. It does not use anyone elses engines or APIs and it does not require internet connectivity. It can even be copied to a thumb drive and ran completely offline. Our sister company Invise Solutions, where the idea of QuickDag began, runs QD every day, on every client PC, as part of a small standard set of general diagnostic tools. Using the program we are designing every single day for years in the real-world has give us a unique and strong advantage. We like to ask the questions of why and how. If malware isn't detected, why, and how can detection be added. This has been the biggest idea driving QuickDag. We are determined to create something that becomes more and more useful for us, as well as everyone else we work with. Life as a technician and technology expert is hard enough already, and we want to make certain aspects easier and faster with the tools we create.

The trend of web-based core APIs for software and programs, a shift away from natively designed and created apps, and a shift away from a central server management API for software such as antimalware means that in a network of 100 or more computers, each are streaming and constantly downloading the core API, updates, etc, and this kind of software is extremely inefficent. It creates a single point of failure where all a piece of malware needs to do is block the antimalware API – a lot harder to do if the API, or fallback API, is on the local network which also is the DHCP and DNS server, because then the malware has to identify which server that is and blocking it would blocking internet connectivity. Modernizing software development has it's advantages and we support such efforts, but trends like this are dangerous and inefficent. This is why things like QuickDag has tremendous potential. QuickDag and NexGen are light on resources, the algoritm is deisgned to be run and then closed when not needed. It doesn't sit in the background taking up resources. It doesn't require connectivity. It can be enforced through the network and run as a LogOn script where it's copied from a network server or even a router. Developement is ongoing and we are adding more features and creating more options.

Detecting What Others Cannot: QuickDag is offline and does not rely on the VirusTotal API or related. It often takes 2-3 days for traditional AV and antimalware vendors to add signatures for malware. That's the wrong approach and it always has been. Becuase we use QD everyday at our sister company, our approach isn't about the money or approach is long-term improvement and accurate detection. Our tests and real-world experience prove that we more accurately detect malware without connection to VirtusTotal than most other players in the game. If QD doesn't perform well, we want to know why so we can fix it.

Turning The Tides: This isn't tradition, we break that. This is malware detection that turns the tables against malware and uses their own tricks against them. Our algorithm works on a sliding scale consideirng roughly 128 different peices of criteria and characteristics to determine if a program or peice of software is benign or malicious. We aren't counting machine trained data points, these are specifically crafted over hundreds of hours studying and testing malware vs normal programs. The questions are how and why. Was this new piece of malware detected? If not, why, and how can we detect it. We are not in the fingerpriting business.

Light & Fast, By Design: Use minimal amount of RAM, and most scans take only 5-8 minutes. On a fresh install of Windows 11, QuickDag typically finishes in 1m 15s.

A Combination of Algorithms: QuickDag and NexGen use a combination of algorithms, and it becomes smarter overtime. We aren't in the fingerprinting business, and when malware is missed or detected with a low malicious confidence, our time is spent trying to determine what needs to be added to our algoritm to detect this kind of mwalware and why it wasn't detected in the first place. One challenge in the industry is identifying the maliciousness of malware that isn't running in memory; sandboxing and running malware and malicous programs in VMs, even cloud VMs, are a hot trend. We are currently working on several breakthrough ideas for simulating pieces of code, without sandboxing the entire program, which gives us NexGen the data points it needs to understand if a file or program is malicous. If sandboxing is needed, IT professionals and even IT business owners, can host their own sandbox API on their local network and the customer data never has to leave your network and thus become a liability and statistic in another databreach because another company got hacked.

Completely Anonymous / Completely Private: QuickDag and MexGen rely upon and require certain data to be collected to improve detection and the overall program, but this data does not have a chance or opportunity to contain private data, because that isn't the data that is looked at. At the end of a scan, the scan log itself is uploaded, minus any paths to user folders, along with information about malicious/benign programs themselves and statistics of the innerworkins inside those programs that QuickDag sees.

Learns Overtime / Learns Immedietely: As more people use QD, it learns what files are seen frequently and what is out of place. We are designing several additional modes for Baseline which can used to incorportate what it knows about your network. NexGen can detect trends and adjust scores accordingly both offline and online. When you mark a file as safe, it learns this. Even if the files you mark as safe don't end up in the logic engine updates we release (if it really is safe then it should), your local user generated engine will still retain your changes. This is not a whitelist, it's training data. We are also working QD versions for central networks and MSPs that learn over time for computers and networks you manage. No need to wait for an update from us to stop a malware outbreak from occuring on your network.

This is the public repo for QuickDag (formly Quick Dagger). Employees and collaberators, submit pull requests or publish commits to the private code repo here. -> github.com/inviselabs/quickdag-private.