New SocketShield Said To Stop Zero-Day Exploits - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:45 PM

New SocketShield Said To Stop Zero-Day Exploits

Startup Exploit Prevention Labs is offering free downloads of its beta zero-day exploit protection software, which is meant to serve as a "Band-Aid" until software flaws are patched.

A start-up security company on Friday unveiled a beta of zero-day exploit protection software that it claims will protect users' PCs until they can apply patches from the likes of Microsoft.

SocketShield, which can be downloaded free-of-charge from the Web site of Exploit Prevention Labs, is a signature-based monitor that detects and blocks vulnerability exploits, not the worm or virus or spyware or Trojan horse payloads that traditional anti-virus software sniffs out.

"We actually recognize and kill the exploits as they come in," said Roger Thompson, one of the company's co-founders and its chief technology officer. "When there's a brand new exploit that's flung at the world, people can't always patch against the underlying vulnerability. Sometimes there is no patch, sometimes you can't patch just because Microsoft wants you to."

It's not unusual, for instance, for bugs in Windows, Internet Explorer, or Firefox, among others, to be made public weeks, or sometimes months, before a fix is released. In late December 2006, a bug in how Windows handled Windows Metafile images was quickly exploited by thousands of malicious Web sites that silently installed adware and spyware. Microsoft rushed an "out-of-cycle" patch to users, but they were still vulnerable for over a week.

The software, which Thompson compared to a "Band-Aid" because it's meant only as a temporary stop-gap until software flaws are fixed, is complementary, not competitive with anti-virus and anti-spyware programs.

"Think of it as like an EMT [emergency medical technician]," said Thompson, who keeps a patient alive until a doctor's available.

SocketShield, which runs on all 32- and 64-bit editions of Windows, scans the incoming data stream of every application pulling bits from outside the PC, and examines the stream just after the data packets have been reassembled.

"Ninety-eight percent of the time, [criminals] are using the same exploit, all they change is the payload," said Thompson. So while an anti-virus company might have to create multiple signatures to detect each new payload, SocketShield needs only one signature to find them all.

Because the time that SocketShield's defense is most valuable can be relatively short -- the "window" between when a vulnerability goes public and a patch is provided by the vendor -- speed is of the essence, said Thompson. "We're going to be very rapid deployment, and we have both a human and machine intelligence network" set up. SocketShield, for instance, pings for updates every five minutes.

The software also uses a "blacklist" that blocks sites known to be spewing drive-by download exploits. The company runs what Thompson called "huntingpots," purposefully vulnerable systems that search for sites using exploits to spread spyware, adware, or other malicious software. The term is a play on the usual "honeypot."

"We know where some of the exploit servers are, and when we find new ones, we blacklist those servers to SocketShield."

During the month-long planned beta, users can run SocketShield for free, but once the test run is through, an annual subscription to the software service will cost $29.95.

Thompson and co-founder Bob Bales were formerly with PestPatrol, the anti-spyware company that was acquired by Computer Associates in 2004. Bales founded PestPatrol, while Thompson was its director of research.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll