Proventia offers advanced virus protection

New functionality boosts desktop PC software’s defenses

The experts told us years ago that pattern matching, the traditional way to detect viruses, would eventually fall to the wayside in favor of nontraditional methods. The experts were wrong. Only pattern matching can reveal a virus’ name, and we need to know that for two reasons. First, we have to know the name to clean the virus off our systems, and second, we need to know what damage it might have done.

But when trying to detect zero-day virus attacks — those that exploit software vulnerabilities that software vendors have not yet discovered — we need to catch the infections before the detection pattern arrives from the vendor.

Internet Security Systems (ISS) has developed a technology that you can add to your antivirus solution. The company’s new Virus Prevention System (VPS) now ships with several products. We decided to test it in Proventia Desktop, ISS’ agent program for locking down and fortifying desktop PCs and mobile devices.

By accident, ISS sent our labs a copy of the Proventia Desktop agent that had all the security features turned on and no way to turn them off. When we executed the agent, it silently installed on our PC running Microsoft Windows XP, leaving its icon in the right hand tray. But we couldn’t execute any programs on our workstation.

Although we are not hackers, we couldn’t resist a challenge. At the end of the day, after applying our knowledge of the operating system’s unusual features, we had penetrated all defenses and regained complete control of our computer. But we also respected the multiple layers of security that ISS had piled on our PC. We dutifully reported our penetration methods to a designated ISS technician, so the company probably closed the arcane security holes we jumped through.

We were already satisfied that Proventia could prevent unauthorized application programs from executing, so we began to test its defenses against malicious software. To see how it performed against zero-day attacks, we blocked updates to Proventia, waited one week and then hit the system with viruses that had appeared in that time. Although our sample was small, Proventia detected the new viruses.

VPS works by executing new software within a virtual machine and examining it for viruslike behaviors. ISS has identified more than 600 such behaviors and constantly adds more. Adding a pattern to a traditional antivirus program enables it to detect one virus, but adding an update to VPS empowers it to detect a whole class of viruses.

VPS detected all of a large number of common viruses, spyware and other malicious programs when we exposed them on the workstation. The system impressed us by not giving a single false positive.

We like that VPS detects viruses within a virtual machine. Inside a virtual machine, which is a self-contained operating environment that behaves as if it were a separate computer, the system can test a suspicious program to extremity without fear of it harming your system. When VPS works with your current PC antivirus program, the odds are stacked against the viruses.

Proventia adds a remarkable number of protections to the desktop. But that means it is necessarily a complex product. Our experience is that complex products are sometimes easy to break. When we installed the agent on one of our PCs, for example, the desktop kept freezing, displaying a gray screen after about three minutes of use.

We advise thorough testing before you implement Proventia, and check the company’s Web site for known conflicts with other programs.

Greer is a network security consultant. Bishop operates Peoples Information.com, an Internet consulting firm. They can be reached at egreer@thecourageequation.com.

Proventia DesktopInternet Security Systems
(800) 776-2362
www.iss.net

Price: The cost of Proventia Desktop starts at $65 per agent.

Pros: The product adds a large integrated package of security programs to the workstation.

Cons: The software supports a limited number of platforms and currently gives native support to only two.

Platforms: The product operates on Microsoft Windows 2000 Professional or XP Professional.

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above