Better security for client PCs
Proventia Desktop takes fresh approach to common threats
- By Greg Crowe
- Mar 15, 2006
With hackers and viruses lurking around every digital corner, protecting users' personal computers is second in importance only to protecting your servers. There are so many security suites on the market from big names like McAfee Inc. and Symantec Corp. that standing out in the crowd is getting increasingly difficult.
At first glance, Proventia Desktop from Internet Security Systems Inc. of Atlanta may look like just another security suite, with features such as a personal firewall and virus protection. But we spotted some differences.
First and foremost is the way it handles viruses. Unlike a typical antivirus program, Proventia does not work off a signature file. Instead, its engine finds viruses by examining their behavior. If that doesn't do the trick, it will run suspicious executables in a virtual environment sealed off from the rest of the system. The surest way to detect a piece of malignant code is to run it, but that is not advisable except in a virtual environment. Using these methods, Proventia can keep your computer safe without constant updates.
The virtual space Proventia Desktop creates also gets a workout from the software's buffer overflow detection system. Repeated attacks designed to overflow a buffer and crash a system get redirected to the virtual space. Consequently, the virtual system crashes instead of the actual one, kind of like a breaker in an electrical circuit.
The SiteProtector management interface allows you to manage all the instances of Proventia Desktop from one location. In one window you can see all the attack attempts on all computers in the network, or by groups that you create. With this centralized control panel, you can implement application control for any of the applications running in your system. You can pull information from Windows Active Directory to regulate which programs can be used by which people or groups, preventing unauthorized programs from running on a system, thus further ensuring its safety.
The SiteProtector interface is easy to use and graphically intuitive, although it will take some practice to find everything you need to keep track of.Nothing bad got through
The key question for any piece of security software is whether it does its job. The answer with Proventia Desktop is yes. The software intercepted no fewer than 70 viruses, worms, probes and other port access attempts in just 24 hours, including several instances of the insidious Slammer worm. And as near as we could tell, it didn't let anything harmful through.
It should be noted that these 70 items were caught by various elements of the Proventia Desktop package. Some were foiled by the firewall, others by the antivirus scanner, and still others by buffer overflow detection. It stands to reason that any one of these components, if running alone and unaided, would catch far fewer pieces of malware.
The product stands out for its expandability and interoperability. All products in the Proventia line use the same virus and intrusion detection engines (even the appliances) and can be centrally managed. This Enterprise Security Platform allows you to choose which areas of your network you want to use Proventia for, with the option of adding components later without having to buy anything twice.
With most security software, if you buy the client-level product and then decide you need an enterprise solution, you essentially have to buy a whole new product.
On a per-license basis, the $65 price tag is comparable to many off-the-shelf security suites. As you'd expect, you can achieve greater savings in bulk, but the prices don't really drop off until you get to the 350-user level.
But considering the protection you get, even the single license price is a pretty good deal.
Greg Crowe is a former GCN staff writer who covered mobile technology.