New SocketShield Said To Stop Zero-Day Exploits - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:45 PM

New SocketShield Said To Stop Zero-Day Exploits

Startup Exploit Prevention Labs is offering free downloads of its beta zero-day exploit protection software, which is meant to serve as a "Band-Aid" until software flaws are patched.

A start-up security company on Friday unveiled a beta of zero-day exploit protection software that it claims will protect users' PCs until they can apply patches from the likes of Microsoft.

SocketShield, which can be downloaded free-of-charge from the Web site of Exploit Prevention Labs, is a signature-based monitor that detects and blocks vulnerability exploits, not the worm or virus or spyware or Trojan horse payloads that traditional anti-virus software sniffs out.

"We actually recognize and kill the exploits as they come in," said Roger Thompson, one of the company's co-founders and its chief technology officer. "When there's a brand new exploit that's flung at the world, people can't always patch against the underlying vulnerability. Sometimes there is no patch, sometimes you can't patch just because Microsoft wants you to."

It's not unusual, for instance, for bugs in Windows, Internet Explorer, or Firefox, among others, to be made public weeks, or sometimes months, before a fix is released. In late December 2006, a bug in how Windows handled Windows Metafile images was quickly exploited by thousands of malicious Web sites that silently installed adware and spyware. Microsoft rushed an "out-of-cycle" patch to users, but they were still vulnerable for over a week.

The software, which Thompson compared to a "Band-Aid" because it's meant only as a temporary stop-gap until software flaws are fixed, is complementary, not competitive with anti-virus and anti-spyware programs.

"Think of it as like an EMT [emergency medical technician]," said Thompson, who keeps a patient alive until a doctor's available.

SocketShield, which runs on all 32- and 64-bit editions of Windows, scans the incoming data stream of every application pulling bits from outside the PC, and examines the stream just after the data packets have been reassembled.

"Ninety-eight percent of the time, [criminals] are using the same exploit, all they change is the payload," said Thompson. So while an anti-virus company might have to create multiple signatures to detect each new payload, SocketShield needs only one signature to find them all.

Because the time that SocketShield's defense is most valuable can be relatively short -- the "window" between when a vulnerability goes public and a patch is provided by the vendor -- speed is of the essence, said Thompson. "We're going to be very rapid deployment, and we have both a human and machine intelligence network" set up. SocketShield, for instance, pings for updates every five minutes.

The software also uses a "blacklist" that blocks sites known to be spewing drive-by download exploits. The company runs what Thompson called "huntingpots," purposefully vulnerable systems that search for sites using exploits to spread spyware, adware, or other malicious software. The term is a play on the usual "honeypot."

"We know where some of the exploit servers are, and when we find new ones, we blacklist those servers to SocketShield."

During the month-long planned beta, users can run SocketShield for free, but once the test run is through, an annual subscription to the software service will cost $29.95.

Thompson and co-founder Bob Bales were formerly with PestPatrol, the anti-spyware company that was acquired by Computer Associates in 2004. Bales founded PestPatrol, while Thompson was its director of research.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll