News
News
4/28/2006
01:45 PM
Connect Directly
RSS
E-Mail
50%
50%

New SocketShield Said To Stop Zero-Day Exploits

Startup Exploit Prevention Labs is offering free downloads of its beta zero-day exploit protection software, which is meant to serve as a "Band-Aid" until software flaws are patched.

A start-up security company on Friday unveiled a beta of zero-day exploit protection software that it claims will protect users' PCs until they can apply patches from the likes of Microsoft.

SocketShield, which can be downloaded free-of-charge from the Web site of Exploit Prevention Labs, is a signature-based monitor that detects and blocks vulnerability exploits, not the worm or virus or spyware or Trojan horse payloads that traditional anti-virus software sniffs out.

"We actually recognize and kill the exploits as they come in," said Roger Thompson, one of the company's co-founders and its chief technology officer. "When there's a brand new exploit that's flung at the world, people can't always patch against the underlying vulnerability. Sometimes there is no patch, sometimes you can't patch just because Microsoft wants you to."

It's not unusual, for instance, for bugs in Windows, Internet Explorer, or Firefox, among others, to be made public weeks, or sometimes months, before a fix is released. In late December 2006, a bug in how Windows handled Windows Metafile images was quickly exploited by thousands of malicious Web sites that silently installed adware and spyware. Microsoft rushed an "out-of-cycle" patch to users, but they were still vulnerable for over a week.

The software, which Thompson compared to a "Band-Aid" because it's meant only as a temporary stop-gap until software flaws are fixed, is complementary, not competitive with anti-virus and anti-spyware programs.

"Think of it as like an EMT [emergency medical technician]," said Thompson, who keeps a patient alive until a doctor's available.

SocketShield, which runs on all 32- and 64-bit editions of Windows, scans the incoming data stream of every application pulling bits from outside the PC, and examines the stream just after the data packets have been reassembled.

"Ninety-eight percent of the time, [criminals] are using the same exploit, all they change is the payload," said Thompson. So while an anti-virus company might have to create multiple signatures to detect each new payload, SocketShield needs only one signature to find them all.

Because the time that SocketShield's defense is most valuable can be relatively short -- the "window" between when a vulnerability goes public and a patch is provided by the vendor -- speed is of the essence, said Thompson. "We're going to be very rapid deployment, and we have both a human and machine intelligence network" set up. SocketShield, for instance, pings for updates every five minutes.

The software also uses a "blacklist" that blocks sites known to be spewing drive-by download exploits. The company runs what Thompson called "huntingpots," purposefully vulnerable systems that search for sites using exploits to spread spyware, adware, or other malicious software. The term is a play on the usual "honeypot."

"We know where some of the exploit servers are, and when we find new ones, we blacklist those servers to SocketShield."

During the month-long planned beta, users can run SocketShield for free, but once the test run is through, an annual subscription to the software service will cost $29.95.

Thompson and co-founder Bob Bales were formerly with PestPatrol, the anti-spyware company that was acquired by Computer Associates in 2004. Bales founded PestPatrol, while Thompson was its director of research.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.