Security news April 30, 2006

A new security company says it has developed a novel approach to protecting PCs from software that exploits unpatched Windows vulnerabilities.

Exploit Prevention Labs Inc., founded in 2005 by some of the same executives behind the PestPatrol antispyware product, has developed software that scans network traffic for known exploits, called zero days, which take advantage of unpatched bugs in Windows software.


Called SocketShield, the software also acts as a Web site filter, preventing users from visiting sites that are known to distribute malicious code.

Unlike the major security products, SocketShield doesn’t protect against a wide variety of known malware. Instead, it blocks against a select group of zero-day attacks known to be in circulation. Currently, that means that the product blocks about 15 malicious exploits that take advantage of Internet Explorer and Firefox bugs, said Roger Thompson, the company’s chief technology officer.

“We’re not saying that we’re all things to all people. We’re just a nifty layer, but it’s an important layer,” he said. “We know which exploits are important and which ones are in use, and we protect you until you can patch.”

Though SocketShield is focused on browser exploits, it could also be used to protect against other types of attacks, Thompson said.

Some users are worried about the zero-day exploits. Last month, security vendor eEye Digital Security Inc. released a work-around for an unpatched Internet Explorer vulnerability after hackers published code that could be used to exploit it. The patch was downloaded more than 150,000 times before Microsoft finally patched the bug.

SocketShield’s focus on scanning for network traffic and its ability to block known malware sites makes it a little different from other antivirus products, said Richard Stiennon, chief research analyst at IT-Harvest, a research firm in Birmingham, Mich. “Vendors are not really good at finding the sites that are trying to infect you,” he said. “They’re not good at searching the Web because there are hundreds of millions of Web sites to look at.”

The first non-beta version of SocketShield will ship in June and cost $29.95 for a one-year subscription. Renewals will cost $19.95 per year.

*

Related Articles:
  • New IM worm chats with intended victims: A new worm that targets users of America Online's AOL
  • Backdoor Trojan targets Microsoft Access: Virus writers have created a Trojan which uses an unpatched
  • Mozilla fixes several Firefox flaws: Mozilla has updated its Firefox browser to close seven different
  • Bigger Threats, Better Defense: Today's malicious code does not just target your computer -
  • VoIP Security Services Taking Hold: "Eavesdropping is taking place, and people don't realize it," says
    • Articles:

    Leave a Reply

    You must be logged in to post a comment.