width= Webcast: "They Did What?!" March. 19. Learn Which Steps to Take to Mitigate IT Management Errors. Sign up now!

Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
Developing and Implementing a Rollout Plan

Asking the Right Questions

Using ITIL to Manage Virtualization

IT Portfolio Rationalization

Understanding the Role of the Configuration Management Database (CMDB) in ITIL

'They Did What?!'

More Business/IT Alignment Webcasts

More ITSM Webcasts

Search EarthWeb Network

Be a Commerce Partner
Flights Hotels & Cars
Promotional Pens
Graphics Cards
Help Desks
Server Racks
Get Bonus Tones
Promote Your Website
2nd Mortgage
Web Design
Boat Donations
Domain Registration
Computer Deals
Cheap Plane Tickets

Travel Ideas:
Huatulco Vacations
Copper Mountain Ski
Telluride Hotels
Colorado Vacation Rentals
Destin Hotels
Miami Hotel
Orlando Vacations
IT Management : Columns : Executive Tech: Behavior Blocking Coming to (Some) PCs

Just click on the webcast of your choice to register:
How to Keep Your Remote Data Secure and Available
March 21, 2007 (2 p.m. EDT, 11 a.m. PDT)
Ever-increasing amounts of data continues to be accessed, generated and stored in remote office branch offices (ROBO) environments. Given the increasing threats to information and privacy concerns, data for ROBO environments needs to be protected in a timely and effective manner. Learn about your options for protecting ROBO data.
Register Now >
Thwarting Targeted Attacks
March 29, 2007 (2 p.m. EDT, 11 a.m. PDT)
Organizations continue to face threats from random acts of IT malice launched by amateurs. But the real danger comes from professionals targeting specific people or organizations. Attend this webcast and learn what you can do to prepare your organization for focused and determined attempts to exploit both their personnel and networks.
Register Now >
They Did What!?—Steps to Reducing Business and IT Miscommunication
March 19, 2007 (2 p.m. EDT, 11 a.m. PDT)
Nearly every IT manager has experienced a miscommunication with the business side that caused big problems. Not only is miscommunication between IT and the business almost universal, it can happen both ways. Learn about the steps you can take to reduce miscommunication.
Register Now >
Chilling Changes in the Server Room
March 20, 2007 (2 p.m. EDT, 11 a.m. PDT)
The more your organization depends upon the network and your servers, the more heat they produce and the more power they consume. Learn about technological and data center changes that are driving your cooling bills through the roof and what you can do to stave off higher cooling bills and power costs.
Register Now >

Related Articles
IE 7 Unbalances QuickBooks
Can You Prove Your E-Mail Isn't Spam?
Is IE 7 Really More Secure Than IE 6?
- ITSMWatch Newsletter -
IT Focus
Coping With Compliance

Sarbanes-Oxley and other reporting requirements have greatly complicated the jobs of many IT professionals. These articles include advice, information and tips for effectively managing your compliance efforts.

Looking for the Silver Lining

Compliance Threatened by Archive Failures

10 Tips for Managing 404 Compliance

Sharing the Burden of Compliance

Corporate Compliance Regulations and Standards

Product Watch
VMware ACE - Secure Virtual PC Environments for Remote, Guest Users
WebEx PCNow - Remote Access to a PC Via the Web
Illuminator Virtual Recovery Engine - Application-Aware Recovery Management Platform
SecuBox for Pocket PC - Encrypt Pocket PC, Windows Smartphone
Linksys Managed Switches - Small Business/Branch Switches In Stackables and Standalones

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Are blades right for you? Don't guess. Assess. IBM BladeCenter can simplify your infrastructure. This online tool, co-sponsored by AMD™ Opteron™, helps determine if blades are right for you.

Behavior Blocking Coming to (Some) PCs
November 21, 2006
By Brian Livingston

Brian Livingston A major U.S. Internet service provider (ISP) plans to offer a novel security technology to its millions of customers within the next month.

EarthLink, based in Atlanta, will add "behavior blocking" software provided by Sana Security of San Mateo, Calif., to the ISP's Protection Control Center, a security suite that's currently in use by 1.2 million customers, according to officials of both companies.

Behavior blocking is a hot subject among security researchers because it holds out the promise of stopping virus and rootkit attacks on PCs without the need to constantly update antivirus signatures. Instead, such security products aim to recognize bad behavior and stop it before a rogue program can get control of a PC.

EarthLink's Expanding Security Offerings

In a telephone interview, Ben Kaplan, EarthLink's product manager for security applications, explained that behavior blocking could be a part of the ISP's new security software as early as this December. He describes the products EarthLink offers as follows:

Protection Control Center (PCC) 1.0 is EarthLink's security suite, which is currently free to the ISP's subscribers and $4.95 per month for non-EarthLink subscribers. The company is planning to lower the nonmember price to $3.95 per month or $36 a year, he says.

PCC 2.0 is coming out soon, Kaplan says, and behavior blocking software by Sana Security will be offered as an upgrade. The improved security suite will be sold under the name "PCC 2.0 with Active Shield" and will cost consumers $2.95 per month or $24 a year, he explains.

To select Sana's technology involved a great deal of testing, Kaplan said. "We went through a lot of different products and we felt far and away Sana excelled," he says.

What exactly is behavior blocking and how might it improve on signature-based antivirus scans?

Watching for Code with an Agenda

Timothy Eades, senior vice president of marketing for Sana, says that about 8 percent of malware his company has monitored recently is seeking to glean financial information, such as Social Security numbers, from personal computers. About 10 percent of today's malware is already using rootkit technology to hide itself from antivirus programs, he says.

I wrote about EarthLink's early attempts to protect its Internet-access users from hackers on May 3, 2004. That column described the ISP's ScamBlocker, one of the first widely used  browser toolbars that attempted to prevent end users from unwittingly visit "phishing" sites or other dangerous Web locations.

I last described Sana Security and its behavior-blocking software on March 29, 2005. The technology aims to detect rogue programs by catching them doing hidden or sneaky things.

Sana officials have previously described for me what they look for in malware:

It tries to run itself every time Windows starts up. Most legitimate software doesn't need its modules to run every time Windows starts, but malware consistently tries to insinuate itself into aspects of the Windows Registry that run applets at boot time.

It tries to hide. Spyware and malware usually don't provide an uninstall program. Today's malware much prefers to lay claim to an end user's PC quietly, without boasting "You're Infected!" or taking other overt actions that would alert an end user that something is wrong.

It has an agenda. Most malware tries to collect information from the victim's PC and attempts to contact a hacker's server to transmit the data and await further instructions.

All of these can be signs that an unwanted bit of code is infecting a machine. "We're now tracking 228 behaviors," says Timothy Eades, Sana's senior V.P. of marketing.

The company's research, which is the subject of several patent applications, is key to Sana's ability not just to detect malware but remove it from a PC, Eades says.

Will behavior blocking soon eclipse signature-based antivirus programs as a way to protect computer users? Can these different approaches be independently tested against one another?

Test Beds for Security Products

Sana officials point to a May 2006 study by the Tolly Group, a testing firm that produced a report on the company's behavior blocking technology. The study, sponsored by Sana, found the company's software detected and removed 183 out of 183 threats that were obtained from Web sites. The test involved using Microsoft's Internet Explorer browser, with some of its security features weakened, to visit thousands of known hacker sites. The sites are part of AGNIS, a list of questionable sites maintained by SpywareWarrior.com.

Mainstream computer magazines have been slow to evaluate behavior blocking in security packages, partly because the technique is new enough that novel test suites must be developed. Until major consumer publications join the testing effort for the new technology, the Tolly Group's study can't be scientifically compared against the results from other labs.

As EarthLink's expansion of its security suite takes place, we may get more data on the effectiveness of behavioral defenses, compared with signature-based protection. I hope to find out soon.

An EarthLink statement on its original Protection Control Center is available from the company's press room. Background information on Sana Security is available at its Web site.

Brian Livingston is the editor of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Executive Tech Archives

JupiterWeb networks:


Search JupiterWeb:

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Newsletters | Tech Jobs | E-mail Offers