by CIO Staff

Security Startup Targets Zero Day Problem

Apr 28, 20062 mins
IT Strategy

A new security company says it has developed a novel approach to protecting PCs from software that exploits unpatched Windows vulnerabilities.

Exploit Prevention Labs, founded in 2005 by some of the same executives behind the PestPatrol antispyware product, has developed software that scans network traffic for known exploits, called 0days, which take advantage of unpatched bugs in Windows software.

Called SocketShield, the software also acts as a website filter, preventing users from visiting sites that are known to distribute malicious code.

Unlike the major security products, SocketShield does not protect against a wide variety of known malware. Instead, it blocks against a select group of 0day attacks known to be in circulation. Currently, that means that the product blocks about 15 malicious exploits that take advantage of Internet Explorer and Firefox bugs, said Roger Thompson, the company’s chief technology officer.

“We’re not saying that we’re all things to all people. We’re just a nifty layer, but it’s an important layer,” he said. “We know which exploits are important and we know which ones are in use, and we protect you until you can patch.”

Though SocketShield is focused on browser exploits, it could also be used to protect against other types of attacks, Thompson said.

Some users are worried about these 0day exploits. Last month, security vendor eEye Digital Security released a workaround for an unpatched Internet Explorer vulnerability after hackers published code that could be used to exploit it. That patch was downloaded more than 150,000 times before Microsoft finally patched the bug.

SocketShield’s focus on scanning for network traffic and its ability to block known malware sites makes it a little different from other antivirus products, said Richard Stiennon, chief research analyst with IT-Harvest, a research firm in Birmingham, Mich. “Vendors are not really good at finding the sites that are trying to infect you,” he said. “They’re not good at searching the Web because there are hundreds of millions of websites to look at.”

The first non-beta version of SocketShield will ship in June and will cost US$29.95 for a one-year subscription. Renewals will cost $19.95 per year.

— Robert McMillan, IDG News Service

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.