Proventia offers advanced virus protection

New functionality boosts desktop PC software’s defenses

The experts told us years ago that pattern matching, the traditional way to detect viruses, would eventually fall to the wayside in favor of nontraditional methods. The experts were wrong. Only pattern matching can reveal a virus’ name, and we need to know that for two reasons. First, we have to know the name to clean the virus off our systems, and second, we need to know what damage it might have done.

But when trying to detect zero-day virus attacks — those that exploit software vulnerabilities that software vendors have not yet discovered — we need to catch the infections before the detection pattern arrives from the vendor.

Internet Security Systems (ISS) has developed a technology that you can add to your antivirus solution. The company’s new Virus Prevention System (VPS) now ships with several products. We decided to test it in Proventia Desktop, ISS’ agent program for locking down and fortifying desktop PCs and mobile devices.

By accident, ISS sent our labs a copy of the Proventia Desktop agent that had all the security features turned on and no way to turn them off. When we executed the agent, it silently installed on our PC running Microsoft Windows XP, leaving its icon in the right hand tray. But we couldn’t execute any programs on our workstation.

Although we are not hackers, we couldn’t resist a challenge. At the end of the day, after applying our knowledge of the operating system’s unusual features, we had penetrated all defenses and regained complete control of our computer. But we also respected the multiple layers of security that ISS had piled on our PC. We dutifully reported our penetration methods to a designated ISS technician, so the company probably closed the arcane security holes we jumped through.

We were already satisfied that Proventia could prevent unauthorized application programs from executing, so we began to test its defenses against malicious software. To see how it performed against zero-day attacks, we blocked updates to Proventia, waited one week and then hit the system with viruses that had appeared in that time. Although our sample was small, Proventia detected the new viruses.

VPS works by executing new software within a virtual machine and examining it for viruslike behaviors. ISS has identified more than 600 such behaviors and constantly adds more. Adding a pattern to a traditional antivirus program enables it to detect one virus, but adding an update to VPS empowers it to detect a whole class of viruses.

VPS detected all of a large number of common viruses, spyware and other malicious programs when we exposed them on the workstation. The system impressed us by not giving a single false positive.

We like that VPS detects viruses within a virtual machine. Inside a virtual machine, which is a self-contained operating environment that behaves as if it were a separate computer, the system can test a suspicious program to extremity without fear of it harming your system. When VPS works with your current PC antivirus program, the odds are stacked against the viruses.

Proventia adds a remarkable number of protections to the desktop. But that means it is necessarily a complex product. Our experience is that complex products are sometimes easy to break. When we installed the agent on one of our PCs, for example, the desktop kept freezing, displaying a gray screen after about three minutes of use.

We advise thorough testing before you implement Proventia, and check the company’s Web site for known conflicts with other programs.

Greer is a network security consultant. Bishop operates Peoples Information.com, an Internet consulting firm. They can be reached at egreer@thecourageequation.com.

Proventia DesktopInternet Security Systems
(800) 776-2362
www.iss.net

Price: The cost of Proventia Desktop starts at $65 per agent.

Pros: The product adds a large integrated package of security programs to the workstation.

Cons: The software supports a limited number of platforms and currently gives native support to only two.

Platforms: The product operates on Microsoft Windows 2000 Professional or XP Professional.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group