Package intercepts malicious payloads

Package intercepts malicious payloads

What if it didn't matter if your antivirus software and firewall failed to catch e-mail bearing a malicious executable file?

That's the idea behind software whose developers say it is being tested by intelligence agencies and the National Imagery and Mapping Agency. ImmuneNode and ImmuneServer, from BBX Technologies Inc. of New York, work on Microsoft Corp. 32-bit operating systems starting with Windows 98 and NT 4.0 by preventing any payload from executing and thus changing systems files, said John Michener, chief scientist.

'People shouldn't use Windows for trusted systems in the first place,' Michener said. 'They should use BSD Unix or Trusted Solaris' from Sun Microsystems Inc.

But because there are millions upon millions of systems running Windows, they have to be protected, he added.

BBX's package doesn't replace filters and firewalls. None of what Michener called 'that whole cocktail of defenses,' matter if one piece of malicious code gets through. With typical defenses, network administrators are always playing catch-up. The next generation of bad payloads, he said, will be polymorphous'they'll acquire new file sizes and names with each copy, further thwarting defenses.

Worse, he said, a growing number of Web sites, including those of otherwise reputable retailers, leave behind not merely cookies but active spyware that detects and reports browsing histories and keystrokes.

'We're seeing toolkits from China and the Middle East that can scrape passwords off screens,' he said.

So Michener said his company's concentration on destroying code before is executes. If the payload is compressed, 'even at unzip we'll blow it away,' he said.

Government licenses for ImmuneServer start at $2,500, copies of ImmumeNode at $200. The product is distributed through resellers and systems integrators.

(Corrected 8:39 a.m. May 20, 2003)

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.