Install What You Need with Windows Server 2008 Windows Server 2008 is Microsoft's most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »   Identify Hardware and Software That Meet Microsoft Standards The "Certified for Windows. Server 2008" logo identifies hardware and software solutions that meet Microsoft standards for compatibility and best practices with the Windows Server 2008 operating system. »   Windows Server Catalog: Certified Hardware Devices Search the Windows Server 2008 catalog to find solutions to deploy with confidence. »   Windows Server Catalog: Certfied Servers Search the Windows Server 2008 catalog to find servers you can deploy with confidence. »   Download the Windows Server 2008 Trial With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. »

Related Articles •Prefetch Search Results With Browster •Microsoft AntiSpyware: Separated at Birth

- ITSMWatch Newsletter -

Tech Focus: Security Cybersecurity: Laws Only Go So Far Mozilla Firefox vs. Internet Explorer: Which is Safer? Is Your Blog Leaking Trade Secrets? The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip? Stopping Spammers at The Point of Sale

Product Watch •IOGEAR KVM - Includes Audio/Peripheral Sharing •Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities •USSD Series - SDRAM-Based Solid State Drives to 256 GB •UltraSMS - Send SMS From Your PC •Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage more products >>

Datamation Definitions data mining ERP extranet grid computing intranet network appliance outsourcing storage VPN virus

FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Executive Tech HTML Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Stay up to date with the latest storage technology news, advice, and information! Visit Internet.com/Storage.

Give Your PCs An Immune System
March 22, 2005
By Brian Livingston

The new kinds of malware that are zooming around the Internet these days make you long for a simpler time when the only way a PC could catch a computer virus was to insert an infected floppy disk.

Now that PCs are connected to the Internet 24 hours a day, your network is constantly threatened by intrusions. Fortunately, security-research firms are coming up with some new approaches to the problem that offer some hope.

Sana Security is one such firm, and it's recently released an advance in the art of corporate defense. I previously wrote on June 4, 2004, about Sana's server-side product, Primary Response 2.2. The product's new version, 3.0, installs on and protects client PCs as well as servers from attacks, company officials say.

Primary Response belongs to a new category of security software known as host-based intrusion prevention systems or HIPS. The implications of this development are worth your attention

How Primary Response Detects Malware

Unlike antivirus programs, which rely on signatures of known malware, Primary Response looks for unusual computer behaviors to determine which programs are malicious. John Zicker, president and CEO of Sana, said in an interview that Trojan horses, keylogger programs, and other baddies tend to exhibit three characteristics:

• Persistance. Malware tends to run every time Windows starts — unlike most applications, which are launched when a user clicks an icon.

• Stealth. A Trojan tends to hide, obscuring its existence by running without visible windows and burying its executable payload somewhere on a hard disk where it's least likely to be found.

• Purposefulness. Dangerous software has a mission, as Sana Software puts it. It wants to open a communications channel to its home server, secretly record the activities of a PC, and accept commands from its distant master. All of these behaviors can be detected by HIPS and used to shut down the attacks, Zicker says.

Sana doesn't claim that Primary Response can eliminate the need for antivirus and anti-adware products. Instead, the company states that, in addition to these other software defenses, Primary Response can give companies protection against "day zero" threats — new viruses and worms that signatures haven't yet been developed for.

Eliminating Day-Zero Attacks

I traveled to Sana Software's headquarters in San Mateo, Calif., for a demonstration. Chief technology officer Vlad Gorelik illustrated how Primary Response prevented the operation of Guptachar, an encrypted Trojan horse that had infected a PC. Even more impressive, the program was able to halt a Windows "root kit" known as Hacker Defender. This is a sinister program that's invisible to many antivirus products because it hides in Windows system files.

My initial suspicion was that Primary Response 3.0 would work only on a desktop PC that had been thoroughly cleaned or on which Windows had just recently been installed. Otherwise, the security program wouldn't detect the unusual behavior of a Trojan. Because the rogue app was running before Primary Response was able to analyze the PC, it might look like normal behavior.

That's not the case, according to company officials. Version 3.0 of the software is designed to be installed even on PCs that are already infected with malware. The security program can detect, for example, hidden processes that execute from the Windows directory -- one sign that applets are up to no good -- and kill the offenders automatically.

The Future Of Host-Based Intrusion Prevention

Other companies besides Sana offer host-based intrusion prevention products as well. I'll look at some of those in this space next week.

Meanwhile, Primary Response 3.0 is one such product that your company should evaluate. It's a terrible comment on computer security that we now need separate programs for antivirus, antispam, anti-adware, and zero-day purposes. But having many layers of defense is a reality in today's Wild West networking environment.

Primary Response 3.0 starts at $32 USD per desktop PC, with server licenses starting at $875 per server. The client program runs on Windows 2000 Pro and XP Pro. The server agent runs on Windows NT 4.0, 2000, 2003, and Solaris 8. A management module runs on those servers plus Windows NT 4.0.

For more information, see Sana Security's Primary Response page.

Tools:

Add itmanagement.earthweb.com to your favorites Add itmanagement.earthweb.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed