Package intercepts malicious payloads

Package intercepts malicious payloads

What if it didn't matter if your antivirus software and firewall failed to catch e-mail bearing a malicious executable file?

That's the idea behind software whose developers say it is being tested by intelligence agencies and the National Imagery and Mapping Agency. ImmuneNode and ImmuneServer, from BBX Technologies Inc. of New York, work on Microsoft Corp. 32-bit operating systems starting with Windows 98 and NT 4.0 by preventing any payload from executing and thus changing systems files, said John Michener, chief scientist.

'People shouldn't use Windows for trusted systems in the first place,' Michener said. 'They should use BSD Unix or Trusted Solaris' from Sun Microsystems Inc.

But because there are millions upon millions of systems running Windows, they have to be protected, he added.

BBX's package doesn't replace filters and firewalls. None of what Michener called 'that whole cocktail of defenses,' matter if one piece of malicious code gets through. With typical defenses, network administrators are always playing catch-up. The next generation of bad payloads, he said, will be polymorphous'they'll acquire new file sizes and names with each copy, further thwarting defenses.

Worse, he said, a growing number of Web sites, including those of otherwise reputable retailers, leave behind not merely cookies but active spyware that detects and reports browsing histories and keystrokes.

'We're seeing toolkits from China and the Middle East that can scrape passwords off screens,' he said.

So Michener said his company's concentration on destroying code before is executes. If the payload is compressed, 'even at unzip we'll blow it away,' he said.

Government licenses for ImmuneServer start at $2,500, copies of ImmumeNode at $200. The product is distributed through resellers and systems integrators.

(Corrected 8:39 a.m. May 20, 2003)

inside gcn

  • blockchain (Immersion Imagery/

    DARPA eyes 'less-explored avenues' of blockchain

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group