Making the list
Savant's anti-malware software acts as a bouncer
- By Greg Crowe
- Feb 18, 2007
When it comes to protecting your computer against viruses and other malware, anti-malware software usually uses one of two methods.
The more common is 'blacklisting,' which keeps a list of certain programs or behaviors and bars anything on that list from running. This approach can be very effective'until the computer is invaded by a piece of malware that isn't on the list. This can be minimized with near-constant updates, but there is a limit to the time that can be spent on updating.
The other basic method is (as you may have guessed) 'whitelisting,' which keeps a list of specific programs that have permission to run on the computer, and forbids anything else to execute. This makes for rather tight security'but what happens when a user wants to install and run a new, legitimate program?
Savant technology from Savant Protection takes whitelisting to a whole new level. It does this by assigning each legitimate program on the system a unique access key, and then checking for that specific key when the program requests processing time from the CPU. If the program has undergone changes since the key was made, or if a program tries to run with no key, then it won't run.
To get authorization to run a nonwhitelisted program, Savant does not rely upon user passwords. Instead, each user chooses a static file on their system. This file can be practically any file in any folder, as long as it isn't modified or moved. This key file can also be located on removable media, such as a CD or flash drive, and without that key file present Savant's security cannot be bypassed. Whenever the user wants to start a particular program, he or she then must identify that file. Failure to do so means the program doesn't run.
Savant includes free Savant Enterprise Management System, a software utility that lets administrators get activity reports of Savant-enabled computers in a network. SEMS can be installed on any computer in the network that is running a local Web server, such as Microsoft IIS or Apache. Also, SEMS handles lost keys. If a file should become lost or deleted, an administrator with the highest level of security can reset or assign a new key file through SEMS.
We found Savant to be very effective in blocking unwanted CPU activity. It becomes a bit overzealous when running an approved program that generates new DLL files each time it runs. But that is what the Learn mode is for; it allows programs to run and learns their behaviors, so in the future that program will not be blocked.
The pricing scheme for Savant is as unusual as its security methods. To start using Savant, you sign up for an account, and they give you a number to use to activate any installations of Savant you chose. At the end of the month, they will charge your account $6.99 for each desktop and $14.95 for each server that was running Savant under that activation number. The great part about this is, while you can install Savant on any number of systems, you pay only for the systems that were used that month. There are no up-front costs, no licenses or maintenance fees, and in addition, the use of the SEMS is free. We found this pricing scheme to be quite reasonable considering the level of security Savant provides.
Savant would be beneficial to practically any office that has application security concerns. Many health care and local government organizations already are using Savant, as are some federal departments.
Greg Crowe is a former GCN staff writer who covered mobile technology.