BILBAO, Spain—In a series of wide-ranging discussions with eWEEK.com on Monday, Spanish security company Panda Software revealed its plans to update, reprice and reposition its proactive, anti-malware software product TruPrevent, along with laying out a broad outline of product plans for 2005.
The companys TruPrevent product, which promises to intercept and terminate unknown threats before they can infect or spread, was released in August 2004.
Designed as an add-on to traditional anti-virus and anti-spyware products, the stand-alone version has not lived up to Pandas expectations. The company is readying a major update, adding new features and capabilities, and it will almost double the products price in the United States.
TruPrevent today is built around behavior analysis, where it conducts real-time analysis of programs as they execute.
The software intercepts all calls to Windows, and then determines whether they are malicious. Although past heuristic-based anti-virus products have drowned in a sea of false positives, none was observed during PC Magazine Labs tests of TruPrevent last fall.
“We have over 400,000 users, and the false-positive rate is negligible,” said Josu Franco, business development manager at Panda Software International S.L. And because TruPrevent reports back to Pandas Labs when it discovers a bad piece of code, it also has dramatically increased the number of worms, Trojans, viruses and spyware programs that Panda has been able to identify, and then has blocked them using more traditional software schemes.
“We identified 200 signatures a week last year, and 2,000 signatures a week this year,” said Pedro Bustamante, chief marketing officer at Panda Software.
The core of the new features includes what the company is calling “genetic scanning” of applications. Traditional anti-virus software compares executables with a database of unique strings gleaned from actual viruses and other malware. Genetic scanning looks for suspicious clusters of instructions, potentially hazardous subroutine activity and other information gleaned from deconstructing program code.
“I dont want to tell you too much how it works,” said Patrick Hinojosa, Pandas chief technology officer, so as not to help spyware and virus writers circumvent the secret “genetic” algorithms. The genetic scanning capability already has been added to the companys free online scanner, ActiveScan, which can be downloaded here.
Panda also plans on adding buffer-overflow detection to TruPrevent. Their technology aims to detect and prevent programs from executing instructions in areas of memory set aside for data. According to Panda, nearly 50 percent of all vulnerabilities today incorporate some sort of buffer-overflow technique.
Theres a high risk of false positives with this type of technique, as many popular applications—including some from Microsoft Corp.—legitimately use this approach. But the company claims that the software will consult its database of legitimate applications before stopping an application that attempts to execute code in memory.
The company also is working on technology for TruPrevent that will block other systems on a network from connecting to your PC—unless they are running updated anti-virus and firewall software. This wont stop a determined attack, but it should keep worms from spreading via open networks in coffee shops and college campuses.
?”> Today, the product is sold as an add-on to traditional anti-virus products from Symantec Corp., McAfee Inc. and others. But with the new “genetic” scanning and buffer-overflow capabilities, Panda hopes to create a new category of malware-detection software called “Personal Intrusion Protection Systems,” or PIPS. The company also plans on raising the retail price from $30 to about $50, to increase the perceived value of the product. The new versions rollout and repositioning will begin in about a month.
TruPrevent also will be rolled out into Pandas entire lineup, from the least expensive anti-virus product to the top-line enterprise server. It was the first breakthrough product to emerge from Panda Research, an R&D group that the company set up four years ago. “We put 15 to 20 percent of our revenue into research,” said CEO Mikel Urizarbarrena, which works out to about $20 million for 2004.
The company also has completed its own firewall, designed to block exploits and attack, which replaces technology that had previously been licensed from Sygate Inc.
Panda Software says it sees the firewall as a core security component that the company needs to own. Will Panda build a full-on, application-level firewall as well? “Eventually, we will be going toward there,” Bustamante said.
Panda also is readying a high-end product for the largest enterprises. Within a month, Panda and Crossbeam Systems Inc. will offer a version of the GateDefender appliance that can scan up to 8 gigabits per second of HTTP and SMTP traffic for viruses, spam and objectionable content.
For a review of Panda GateDefender 8050,
And on the low end, Panda plans on partnering with a low-cost router manufacturer to release an integrated IPS and AV hardware box. These products will compete with other SMB (small and midsize business) products from Fortinet Inc., Sonicwall Inc. and Juniper Networks Inc.s NetScreen division.
To help it crack the enterprise market, the company plans on building a team of analysts and consultants that will perform corporate security audits, as a prelude to a widespread rollout of Pandas products. No decision has been made, however, as to whether that team will charge for its services, or if the cost will be built into the hardware and software.
Other plans include releasing software to protect PDAs and cell phones, along with securing Linux from malware. The company also plans to release a network security tool that encrypts all network traffic to protect from “WiPhishing,” man-in-the-middle and other network-based attacks. “The biggest problems in the future will be with mobile devices and with Linux,” CTO Hinojosa said.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.