Security Vendors Offer Free Zero-Day Tools

To help IT administrators and users get a better fix on systems vulnerabilities, eEye, Secunia and Sourcefire have all published resources about new software holes and how to scan for existing problems.

Just in time for the holiday season, a trio of security applications makers released free resources aimed at helping businesses and users identify potential software vulnerabilities on their computers.

To help stem the rush of so-called zero-day threats that seek to take advantage of previously undiscovered software flaws and drop malware onto users PCs, applications vendors eEye Digital Security, Secunia and Sourcefire published new information sites and desktop scanning tools intended to help root out program glitches that could lead to future attacks.

eEye of Aliso Viejo, Calif., which markets network security and vulnerability management software, introduced a vulnerability tracking site focused exclusively on tracking emerging flaws, dubbed the Zero-Day Tracker.

The online resource offers detailed information and analysis, along with remediation strategies related to new security vulnerabilities, including some data the company said is not available from any other source.

Operated by the companys eEye Research unit, the Zero-Day Tracker promises to elaborate on individual vulnerabilities independent of other reports. It also aims to separate less serious flaws that could be used to carry out conceptual denial-of-service attacks from vulnerabilities that can be used to deliver more severe malware threats.

eEye officials said that they launched the effort based on the sheer volume of calls they have received about the zero-day problem.

"The increasing proliferation of zero-day vulnerabilities means the previous window of opportunity IT had to secure networks between the release of a software patch and an attack has been slammed shut," Marc Maiffret, chief technology officer at eEye, said in a statement.

"More zero-day security vulnerabilities and attacks are being discovered every day and dealing with them can easily dominate an enterprises IT efforts. As a result, weve been overwhelmed by requests from our customers to give them the information and time they need to protect their networks."

The software maker said it would constantly update the site with new vulnerability data, and offer users the ability to make suggestions regarding flaws that have yet to be detailed on the resource.

Secunia, of Copenhagen, Denmark, which makes vulnerability management software, launched a free zero-day flaw scanning application labeled Software Inspector to help companies locate potential weak points in their IT infrastructure.

/zimages/2/28571.gifMicrosoft issues Word zero-day attack alert. Click here to read more.

Created through the combination of several elements of the companys products, specifically its Secunia File Signatures, and Advisory Intelligence technologies, the Software Inspector promises to detect both missing security patches and insecure versions of programs installed on users computers.

Secunias File Signatures are specialized rules for identifying installed applications and their exact versions on Microsoft Windows based systems, and the form said its complete database currently contains more than 110,000 guidelines for searching for more than 4,000 unique applications and their exact configurations.

Sourcefire, a provider of network intrusion detection software based in Columbia, Md., announced the availability of OfficeCat, a free security tool that promises to help companies identify potential threats in Microsoft Office files.

Unlike products that are used to detect attempts to exploit previously-reported Microsoft vulnerabilities, Sourcefire said that OfficeCat is specifically geared to test if a Windows file contains potential security risks before it is ever opened.

Sourcefire is best known as the creator of the popular open-source intrusion prevention and detection technology known as Snort.

"As security threats continue to evolve, Sourcefire is dedicated to delivering solutions for both commercial users and the open-source community that enable users to protect themselves from attacks against their networks and information," said Matt Watchinski, director of the Sourcefire Vulnerability Research Team.

"OfficeCat fills a unique need among users to identify potential avenues of attack that can significantly impact their network security. As one of the leading network security research organizations, our goal is to provide users with the best possible security backed by the latest discoveries."

In its annual report of the top 20 most serious security issues in the world released in mid-November, research and education specialists SANS Institute ranked zero-day flaws as one of the most pressing issues for enterprise IT administrators.

Along with the increasing professionalism of malicious hackers, zero-day exploits will continue to haunt businesses in 2007, SANS experts said.

"Weve come from a world of disruptive behavior that was easy to see, with the trend moving toward value orientation from criminals who dont want their work to be noticed," said Marc Sachs, director of SANS Internet Storm Center research group.

"The most effective way for them to do that is to use vulnerabilities that targets have no means of patching, or zero-day attacks, and we expect the amount of activity along those lines to continue to increase."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.