Proventia Desktop Takes New Tack on Malware

Internet Security Systems' latest intrusion prevention system offering introduces a virus-fighting technology that does not rely on digital audiotape files or signatures to detect malware.

Internet Security Systems Inc. this week will unveil its Proventia Desktop intrusion prevention system offering and introduce a virus-fighting technology that does not rely on digital audiotape files or signatures to detect malware.

Known as the Virus Prevention System, the feature employs virtual-machine technology to prevent viruses from executing on PCs. When the Proventia software detects a potentially malicious attachment, the system executes the attachment inside a virtual-machine environment and observes its behavior.

/zimages/4/28571.gifClick here to read about an integrated version of the Proventia appliance for SMBs.

If the program exhibits malicious behavior, such as attempting to harvest addresses from the Microsoft Corp. Outlook contact list or trying to kill anti-virus software, Proventia quarantines the message and attachment.

If there is no malicious behavior, the software allows the attachment to execute on the users PC. But in both cases Proventia creates a fingerprint of the attachment for future reference.

ISS has been testing the VPS technology internally in its lab, and company officials said it stopped upward of 90 percent of the known malware released last year. The company plans to roll out VPS across its Proventia product line eventually.

"This is a major step forward, but were not trying to replace anti-virus software," said Tom Noonan, CEO of ISS, based in Atlanta. "We started out trying to build something that would replace AV [anti-virus] software, but we realized that enterprises werent going to just turn off their AV. Thats not going to happen. So, VPS is designed as a complement to AV."

The new desktop offering includes spyware protection, a desktop firewall and protection against buffer-overrun exploits. There is also an application control feature that lets administrators define how programs can be used.

Proventia Desktop is the last major piece in ISS line of intrusion prevention offerings. Two years ago, the company began shifting its business model away from its software roots when it announced its Proventia IPS appliances. Since then, the company has integrated the IPS technology into its managed security offering and introduced an integrated security appliance.

Now, with the launch of Proventia Desktop, Noonan said he believes ISS has a comprehensive set of products that can stack up against any other IPS vendors wares. "We certainly like our chances with the offerings we have," Noonan said.

"I think a lot of the other IPS vendors have very solid offerings, but in a lot of cases theyve concentrated on adding speed, to the exclusion of some other features. We can go as fast as customers want, but we also wanted to bring in feature sets that provide the best protection possible," Noonan said.

Features of Proventia Desktop

  • Virus Prevention System
  • Spyware protection
  • Personal firewall
  • Buffer-overrun exploit protection
  • Application control
  • Password protection

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.