 |
| CNN WEB SITES: |
|
| TIME INC. SITES: |
| MORE SERVICES: |
| video on demand |
| video archive |
| audio on demand |
| news email services |
| free email accounts |
| desktop headlines |
| pointcast |
| pagenet |
| DISCUSSION: |
| message boards |
| chat |
| feedback |
| SITE GUIDES: |
| help |
| contents |
| search |
| FASTER ACCESS: |
| europe |
| japan |
| WEB SERVICES: |
Warding off hack attacks
|
August 7, 1998 Web posted at: 1:40 PM EDT by Ellen Messmer |
From...
|
(IDG) -- If you're worried about computer viruses or hostile applets penetrating your organization's network, new tools for battling hostile code from Symantec and eSafe should help you rest easy.
Symantec later this month will ship Norton AntiVirus 5.0 in two versions, one for NT servers and the other for Windows desktops. The latest version of the product not only blocks about 16,500 computer viruses but also adds the ability to guard against hostile code such as Java or ActiveX.
"There are less than 100 known applets written for malicious purposes," said Marian Merritt, senior product manager at Symantec. "But our customers have told us that ideally they want to use a single product ... for combating hostile code that, strictly speaking, is not a software virus. As defined, a computer virus replicates itself while a malicious ActiveX or Java applet might simply execute once to do damage when downloaded.
Symantec's Norton AntiVirus 5.0, which costs $499.95 for the NT server version and $49.95 for the desktop version per user, now includes a "quarantine" feature that lets the user isolate a damaged file and repair it rather than destroying the file.
|
| ||
|---|---|---|
|
IDG.net home page | |
| Network World Fusion home page | ||
| Free registration required to access Network World | ||
| Free Network World Fusion newsletters | ||
| Get Media Grok and The Industry Standard Intelligencer delivered for free | ||
| Reviews & in-depth info at IDG.net | ||
|
IDG.net's bridges & routers page | |
| IDG.net's hubs & switches page | ||
|
IDG.net's network operating systems page | |
| IDG.net's network management software page | ||
| IDG.net's personal news page | ||
| Questions about computers? Let IDG.net's editors help you | ||
|
Search IDG.net in 12 languages | ||
| Subscribe to IDG.net's free daily newsletter for network experts | ||
| News Radio | ||
|
Fusion audio primers | |
|
|
PC World News Radio | |
|
|
Computerworld Minute | |
A "scan and deliver" feature lets the user send off any suspected virus or hostile code that has been intercepted to Symantec's laboratories to be analyzed in order to create the antidote. "If the virus is in a sensitive file, you can also strip out the sensitive data before sending it to us, if needed," Merritt said.
When a new virus or hostile code is identified, the software remedy for the problem is stored in a database and readied for download to all other Symantec product users so they can guard against the newly identified attack code.
This approach could also work for Trojan horses, a type of malicious code that is secretly installed by an attacker in order to take over the network and applications running on it. Symantec said it is examining the latest threat on that horizon-code called "Back Orifice" from a hacker group known as Cult of the Dead Cow.
Back Orifice, demonstrated by the group's members at last weekend's Defcon 6.0 hacker convention in Las Vegas, lets the attacker take over all functions and files related to NT server once the hostile code is installed. Group members said the software could be installed remotely, for example by e-mail, using buffer-overflow attacks.
Feeling eSafe
To combat the hostile-code threat, another vendor, eSafe, is also readying new wares.
The Seattle-based company says it, too, hears cries from enterprise users asking for more integrated software packages to ward off all types of hostile code. To that end, eSafe Technologies next week will start shipping eSafe Protect Gateway 2.0, software designed to work with any of nine different firewalls from vendors such as Check Point Technologies, Sun and Network Associates.
"It will check for viruses or executable code at the gateway, " said Jerry Huyge, eSafe's product manager. The gateway software lets you scan both incoming and outgoing HTTP, FTP or SMTP traffic at the firewall.
James Byrd, the PC/LAN manager for the Indiana University Employees Federal Credit Union, said he had been beta-testing the eSafe software on the organization's Check Point firewall.
"Our main concerns (had been) bad Java and ActiveX applets," Byrd said. Prior to using the eSafe gateway, the credit union was in the practice of blocking all Java and ActiveX applets. However, it's much more convenient to simply check for malicious applets than eliminate them, Byrd said.
In addition, eSafe Protect Gateway can be set up to handle content filtering by checking text based on keyword identification of sensitive information. When sensitive content is spotted, eSafe Protect Gateway sends an alert to administrators or blocks the transmission. The software will cost between $1,750 to $5,995, depending on the number of users.
At the beginning of September, eSafe plans to release Protect Enterprise 2.0, software with similar functions for NT and Unix servers as well as Novell's NetWare, plus a desktop component. Through a central console, administrators would then be able to set up virus-checking or content-filtering controls at the firewall, server and desktop level.