Since its inception, the one big drawback to anti-virus software has been its reactive nature. Until a vendor sees at least one copy of a new virus, it doesnt know what to look for and therefore cant build a new signature to stop the new creation. So you end up with a Catch-22 situation where customers are being hit with new viruses and worms that their anti-virus software cant stop because the viruses and worms are unknown.
The advent of heuristic scanning technology helped alleviate much of that problem, but at this point, anti-virus is still essentially a reactive technology. Network Associates Inc. is attempting to change that with its launch Thursday of VirusScan Enterprise 8.0i, which it is touting as the first anti-virus product to include proactive virus-fighting capabilities.
To do this, NAI has integrated features from its IntruShield and Entercept IPS (intrusion prevention system) products, one of the goals that company executives discussed after the acquisitions of IntruVert Networks and Entercept Security Technologies Inc.
The new release includes the IPS features and system firewall protection that is designed to help protect machines in the time period between the outbreak of a new virus and the release of a signature to stop it. There is also protection against buffer overruns, the most common security vulnerability found in commercial software. This feature only extends to Microsoft Corp. applications right now.
VirusScan 8.0i also gives administrators the ability to block specific ports for inbound or outbound traffic, and to block access to files, folders and directories.
But perhaps the most intriguing new feature in VirusScan is its ability to trace the IP address of machines sending viruses and then cut off all further communication with those PCs. This can help choke off the flood of virus-laden e-mails that are sent by PCs infected with mass-mailing viruses.
The new version, which is in beta now, is scheduled for release July 23, said NAI officials in Santa Clara, Calif.