Proventia offers advanced virus protection

New functionality boosts desktop PC software’s defenses

The experts told us years ago that pattern matching, the traditional way to detect viruses, would eventually fall to the wayside in favor of nontraditional methods. The experts were wrong. Only pattern matching can reveal a virus’ name, and we need to know that for two reasons. First, we have to know the name to clean the virus off our systems, and second, we need to know what damage it might have done.

But when trying to detect zero-day virus attacks — those that exploit software vulnerabilities that software vendors have not yet discovered — we need to catch the infections before the detection pattern arrives from the vendor.

Internet Security Systems (ISS) has developed a technology that you can add to your antivirus solution. The company’s new Virus Prevention System (VPS) now ships with several products. We decided to test it in Proventia Desktop, ISS’ agent program for locking down and fortifying desktop PCs and mobile devices.

By accident, ISS sent our labs a copy of the Proventia Desktop agent that had all the security features turned on and no way to turn them off. When we executed the agent, it silently installed on our PC running Microsoft Windows XP, leaving its icon in the right hand tray. But we couldn’t execute any programs on our workstation.

Although we are not hackers, we couldn’t resist a challenge. At the end of the day, after applying our knowledge of the operating system’s unusual features, we had penetrated all defenses and regained complete control of our computer. But we also respected the multiple layers of security that ISS had piled on our PC. We dutifully reported our penetration methods to a designated ISS technician, so the company probably closed the arcane security holes we jumped through.

We were already satisfied that Proventia could prevent unauthorized application programs from executing, so we began to test its defenses against malicious software. To see how it performed against zero-day attacks, we blocked updates to Proventia, waited one week and then hit the system with viruses that had appeared in that time. Although our sample was small, Proventia detected the new viruses.

VPS works by executing new software within a virtual machine and examining it for viruslike behaviors. ISS has identified more than 600 such behaviors and constantly adds more. Adding a pattern to a traditional antivirus program enables it to detect one virus, but adding an update to VPS empowers it to detect a whole class of viruses.

VPS detected all of a large number of common viruses, spyware and other malicious programs when we exposed them on the workstation. The system impressed us by not giving a single false positive.

We like that VPS detects viruses within a virtual machine. Inside a virtual machine, which is a self-contained operating environment that behaves as if it were a separate computer, the system can test a suspicious program to extremity without fear of it harming your system. When VPS works with your current PC antivirus program, the odds are stacked against the viruses.

Proventia adds a remarkable number of protections to the desktop. But that means it is necessarily a complex product. Our experience is that complex products are sometimes easy to break. When we installed the agent on one of our PCs, for example, the desktop kept freezing, displaying a gray screen after about three minutes of use.

We advise thorough testing before you implement Proventia, and check the company’s Web site for known conflicts with other programs.

Greer is a network security consultant. Bishop operates Peoples, an Internet consulting firm. They can be reached at

Proventia DesktopInternet Security Systems
(800) 776-2362

Price: The cost of Proventia Desktop starts at $65 per agent.

Pros: The product adds a large integrated package of security programs to the workstation.

Cons: The software supports a limited number of platforms and currently gives native support to only two.

Platforms: The product operates on Microsoft Windows 2000 Professional or XP Professional.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group