As further evidence of the trend toward convergence of security products, Internet Security Systems Inc. on Monday will release a new version of its RealSecure Desktop Protector software, which will include a new application-protection feature.
Desktop Protector already combines IDS, firewall and several other security functions in one box.
The new functionality can prevent modified or unknown processes from running on PCs. The software works by creating a baseline picture of all of the known, approved processes running on a machine and then storing the cryptographic checksums of all processes and any DLLs that they call.
If the PC tries to start an unknown or modified process, Desktop Protector will either alert the user or kill the process outright, depending on how the user has configured the software.
Desktop Protector 3.5, formerly known as BlackIce Agent for Workstations, also includes intrusion detection, communications control and other features that have been in past releases.
But its the new application protection that has customers interested.
"What this will do is solve one of the problems with [firewalls], which is that when an application sends an outbound request, the firewall automatically trusts the inbound reply," said Brian Donohue, security engineer at the University of Washington in Seattle. "That puts you at risk of allowing rogue applications to get in there and do bad things."
The software also includes several options that give security administrators tighter control over the protection on users desktops. For example, the Icecap Manager feature enables administrators to manage all of their client machines from a central location. And the silent installation option installs all of the softwares protective features on a users machine but omits the user interface.
RealSecure Desktop Protector 3.5 will be available Monday.
- More Security Coverage