Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
The Role of Security in IT Service Management

Preparing for an IT Audit

More Webcasts

Search EarthWeb Network

Be a Commerce Partner
Home Improvement
Compare Prices
Imprinted Gifts
Phone Cards
Corporate Awards
Computer Hardware
Logo Design
Condos For Sale
Build a Server Rack
Remote Online Backup
Imprinted Promotions
PDA Phones & Cases
Promos and Premiums

Linked Data Planet Conference & Expo

IT Management : Columns : Executive Tech: Give Your PCs An Immune System

Install What You Need with Windows Server 2008
Windows Server 2008 is Microsoft's most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »

Identify Hardware and Software That Meet Microsoft Standards
The "Certified for Windows. Server 2008" logo identifies hardware and software solutions that meet Microsoft standards for compatibility and best practices with the Windows Server 2008 operating system. »

Windows Server Catalog: Certified Hardware Devices
Search the Windows Server 2008 catalog to find solutions to deploy with confidence. »

Windows Server Catalog: Certfied Servers
Search the Windows Server 2008 catalog to find servers you can deploy with confidence. »

Download the Windows Server 2008 Trial
With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. »

Related Articles
Prefetch Search Results With Browster
Microsoft AntiSpyware: Separated at Birth
- ITSMWatch Newsletter -
Tech Focus: Security

Cybersecurity: Laws Only Go So Far

Mozilla Firefox vs. Internet Explorer: Which is Safer?

Is Your Blog Leaking Trade Secrets?

The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip?

Stopping Spammers at The Point of Sale

Product Watch
IOGEAR KVM - Includes Audio/Peripheral Sharing
Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities
USSD Series - SDRAM-Based Solid State Drives to 256 GB
UltraSMS - Send SMS From Your PC
Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Stay up to date with the latest storage technology news, advice, and information! Visit

Give Your PCs An Immune System
March 22, 2005
By Brian Livingston

Brian Livingston The new kinds of malware that are zooming around the Internet these days make you long for a simpler time when the only way a PC could catch a computer virus was to insert an infected floppy disk.

Now that PCs are connected to the Internet 24 hours a day, your network is constantly threatened by intrusions. Fortunately, security-research firms are coming up with some new approaches to the problem that offer some hope.

Sana Security is one such firm, and it's recently released an advance in the art of corporate defense. I previously wrote on June 4, 2004, about Sana's server-side product, Primary Response 2.2. The product's new version, 3.0, installs on and protects client PCs as well as servers from attacks, company officials say.

Primary Response belongs to a new category of security software known as host-based intrusion prevention systems or HIPS. The implications of this development are worth your attention

How Primary Response Detects Malware

Unlike antivirus programs, which rely on signatures of known malware, Primary Response looks for unusual computer behaviors to determine which programs are malicious. John Zicker, president and CEO of Sana, said in an interview that Trojan horses, keylogger programs, and other baddies tend to exhibit three characteristics:

Persistance. Malware tends to run every time Windows starts — unlike most applications, which are launched when a user clicks an icon.

Stealth. A Trojan tends to hide, obscuring its existence by running without visible windows and burying its executable payload somewhere on a hard disk where it's least likely to be found.

Purposefulness. Dangerous software has a mission, as Sana Software puts it. It wants to open a communications channel to its home server, secretly record the activities of a PC, and accept commands from its distant master. All of these behaviors can be detected by HIPS and used to shut down the attacks, Zicker says.

Sana doesn't claim that Primary Response can eliminate the need for antivirus and anti-adware products. Instead, the company states that, in addition to these other software defenses, Primary Response can give companies protection against "day zero" threats — new viruses and worms that signatures haven't yet been developed for.

Eliminating Day-Zero Attacks

I traveled to Sana Software's headquarters in San Mateo, Calif., for a demonstration. Chief technology officer Vlad Gorelik illustrated how Primary Response prevented the operation of Guptachar, an encrypted Trojan horse that had infected a PC. Even more impressive, the program was able to halt a Windows "root kit" known as Hacker Defender. This is a sinister program that's invisible to many antivirus products because it hides in Windows system files.

My initial suspicion was that Primary Response 3.0 would work only on a desktop PC that had been thoroughly cleaned or on which Windows had just recently been installed. Otherwise, the security program wouldn't detect the unusual behavior of a Trojan. Because the rogue app was running before Primary Response was able to analyze the PC, it might look like normal behavior.

That's not the case, according to company officials. Version 3.0 of the software is designed to be installed even on PCs that are already infected with malware. The security program can detect, for example, hidden processes that execute from the Windows directory -- one sign that applets are up to no good -- and kill the offenders automatically.

The Future Of Host-Based Intrusion Prevention

Other companies besides Sana offer host-based intrusion prevention products as well. I'll look at some of those in this space next week.

Meanwhile, Primary Response 3.0 is one such product that your company should evaluate. It's a terrible comment on computer security that we now need separate programs for antivirus, antispam, anti-adware, and zero-day purposes. But having many layers of defense is a reality in today's Wild West networking environment.

Primary Response 3.0 starts at $32 USD per desktop PC, with server licenses starting at $875 per server. The client program runs on Windows 2000 Pro and XP Pro. The server agent runs on Windows NT 4.0, 2000, 2003, and Solaris 8. A management module runs on those servers plus Windows NT 4.0.

For more information, see Sana Security's Primary Response page.

Brian Livingston is the editor of and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Add to your favorites
Add to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Executive Tech Archives



Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live