Panda to Update, Reposition TruPrevent Security Software

The TruPrevent refresh is one of Panda's many wide-ranging initiatives targeting individual consumers, SMBs and large enterprises this year.

BILBAO, Spain—In a series of wide-ranging discussions with eWEEK.com on Monday, Spanish security company Panda Software revealed its plans to update, reprice and reposition its proactive, anti-malware software product TruPrevent, along with laying out a broad outline of product plans for 2005.

The companys TruPrevent product, which promises to intercept and terminate unknown threats before they can infect or spread, was released in August 2004.

Designed as an add-on to traditional anti-virus and anti-spyware products, the stand-alone version has not lived up to Pandas expectations. The company is readying a major update, adding new features and capabilities, and it will almost double the products price in the United States.

TruPrevent today is built around behavior analysis, where it conducts real-time analysis of programs as they execute.

The software intercepts all calls to Windows, and then determines whether they are malicious. Although past heuristic-based anti-virus products have drowned in a sea of false positives, none was observed during PC Magazine Labs tests of TruPrevent last fall.

/zimages/1/28571.gifClick here for a review of Panda TruPrevent Personal 2005.

"We have over 400,000 users, and the false-positive rate is negligible," said Josu Franco, business development manager at Panda Software International S.L. And because TruPrevent reports back to Pandas Labs when it discovers a bad piece of code, it also has dramatically increased the number of worms, Trojans, viruses and spyware programs that Panda has been able to identify, and then has blocked them using more traditional software schemes.

"We identified 200 signatures a week last year, and 2,000 signatures a week this year," said Pedro Bustamante, chief marketing officer at Panda Software.

The core of the new features includes what the company is calling "genetic scanning" of applications. Traditional anti-virus software compares executables with a database of unique strings gleaned from actual viruses and other malware. Genetic scanning looks for suspicious clusters of instructions, potentially hazardous subroutine activity and other information gleaned from deconstructing program code.

"I dont want to tell you too much how it works," said Patrick Hinojosa, Pandas chief technology officer, so as not to help spyware and virus writers circumvent the secret "genetic" algorithms. The genetic scanning capability already has been added to the companys free online scanner, ActiveScan, which can be downloaded here.

Panda also plans on adding buffer-overflow detection to TruPrevent. Their technology aims to detect and prevent programs from executing instructions in areas of memory set aside for data. According to Panda, nearly 50 percent of all vulnerabilities today incorporate some sort of buffer-overflow technique.

/zimages/1/28571.gifRead more here about buffer-overflow attacks.

Theres a high risk of false positives with this type of technique, as many popular applications—including some from Microsoft Corp.—legitimately use this approach. But the company claims that the software will consult its database of legitimate applications before stopping an application that attempts to execute code in memory.

The company also is working on technology for TruPrevent that will block other systems on a network from connecting to your PC—unless they are running updated anti-virus and firewall software. This wont stop a determined attack, but it should keep worms from spreading via open networks in coffee shops and college campuses.

Next Page: A a new category of malware-detection software?