Finjan offers mobile code security software

Finjan Software Inc. today announced the availability of SurfinShield Corporate 4.0, a robust desktop defense against hostile mobile code that can reside in Java, ActiveX, VisualBasic script, Internet cookies and various plug-ins.

Major features include auto-launch blocking, enhanced centralized security policy management and runtime code monitoring. The product is expected to ship June 7.

Hostile mobile code poses a threat to online users, said Steven Foote, senior vice president for operations at Hurwitz Group Inc., an analysis firm specializing in strategic business applications. Hostile mobile code can kill user applets, catch passwords and take over browsers without users' knowledge. Because attacks can be launched indirectly, through breaches of World Wide Web sites that targeted users visit, they can be difficult to trace.

Once in a browser, hostile code can launch e-mail and send messages or copy business plans, Foote said. Both types of attacks already have taken place.

"A lot of people don't know about the threat" posed by mobile code, said Jeanne Fuchs, an account manager with federal reseller Patriot Technologies Inc., Frederick, Md. Some customers who buy Finjan products "already have had a problem," she said.

The tools to launch mobile code attacks are easily obtained and can be operated by the "average high school student," said Bill Lyons, Finjan's president and chief executive officer. "Most people are vulnerable."Defense Department components are among the current users of Finjan's server product, SurfinGate.

Anti-virus products, based on recognition of known signatures, are inadequate against mobile code attacks, Lyons said. Mobile code defense should be based on security policy and should be "about prevention," he said. Unlike a virus attack, mobile code may invoke perfectly legitimate functions such as application launch and file copy, but they are functions that, for a given user, may violate security policy. A virus writer "wants to get his name in lights," whereas mobile code attacks are about stealing and espionage, he said.

Patriot, which carries Finjan products on its General Services Administration schedule, recommends a strategy of "multiple lines of defense," said Mark Williamson, director of the reseller's information security service. He finds, for example, that Finjan software "plugs and plays well" with CheckPoint Software Technologies Ltd. firewalls and Internet Security Systems Inc.'s intrusion-detection systems, which Patriot also sells. SurfinShield Corporate 4.0 ranges from $30 to $127 per seat on Patriot's GSA schedule.

-- Adams is a free-lance writer based in Alexandria, Va. She can be reached at



SurfinShield Corporate 4.0

* Features auto-launch blocking, which bars hostile applets from launching applications such as Microsoft Corp.'s Excel, Word, Access and PowerPoint without the user's knowledge.

* Offers an enhanced "demilitarized zone," where Java applets and ActiveX controls can be monitored to detect possible violations of an organization's security policies. If necessary, suspicious code can be "killed."

* Isolates and monitors ActiveX controls as well as Java code.

* Offers improved security policy management and extends the Auto-Immune database to include ActiveX code. The database contains a list of suspicious applets and controls; this list is constantly updated and is available to all desktop clients.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.