News Feature

Security Startup Targets Zero Day Problem

April 28, 2006 — CIO —

A new security company says it has developed a novel approach to protecting PCs from software that exploits unpatched Windows vulnerabilities.

Exploit Prevention Labs, founded in 2005 by some of the same executives behind the PestPatrol antispyware product, has developed software that scans network traffic for known exploits, called 0days, which take advantage of unpatched bugs in Windows software.

Called SocketShield, the software also acts as a website filter, preventing users from visiting sites that are known to distribute malicious code.

Unlike the major security products, SocketShield does not protect against a wide variety of known malware. Instead, it blocks against a select group of 0day attacks known to be in circulation. Currently, that means that the product blocks about 15 malicious exploits that take advantage of Internet Explorer and Firefox bugs, said Roger Thompson, the company’s chief technology officer.

"We’re not saying that we’re all things to all people. We’re just a nifty layer, but it’s an important layer," he said. "We know which exploits are important and we know which ones are in use, and we protect you until you can patch."

Though SocketShield is focused on browser exploits, it could also be used to protect against other types of attacks, Thompson said.

Some users are worried about these 0day exploits. Last month, security vendor eEye Digital Security released a workaround for an unpatched Internet Explorer vulnerability after hackers published code that could be used to exploit it. That patch was downloaded more than 150,000 times before Microsoft finally patched the bug.

SocketShield’s focus on scanning for network traffic and its ability to block known malware sites makes it a little different from other antivirus products, said Richard Stiennon, chief research analyst with IT-Harvest, a research firm in Birmingham, Mich. "Vendors are not really good at finding the sites that are trying to infect you," he said. "They’re not good at searching the Web because there are hundreds of millions of websites to look at."

The first non-beta version of SocketShield will ship in June and will cost US$29.95 for a one-year subscription. Renewals will cost $19.95 per year.

— Robert McMillan, IDG News Service

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.

Comments

Share [+]

TOOLS

Comments

Digg This

SlashDot

CENTER OF EXCELLENCE

Security

» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.

» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.

» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.

» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.

» Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.

Center sponsored by