No News Is Big News for Sana Security

Sana Security today announced version 2.2 of the Primary Response SafeConnect anti-malware utility, which works exactly the same in Vista as in Windows XP.

Sana Security today announced version 2.2 of the Primary Response SafeConnect behavior-based anti-malware utility, now compatible with Windows Vista. The big news for the Vista version is that there's no news. It works exactly the same in Vista (32-bit or 64-bit) as in Windows XP. That's no small feat given Vista's changed driver model and added security, especially the PatchGuard protection in 64-bit Vista's kernel.

PRSC detects malicious software by monitoring the behavior of all running programs. When it detects evil behavior it terminates the offending program and removes all traces of it, without any need for a predefined signature. In testing, the previous version was quite effective - it blocked all of the malware samples except a couple that apparently didn't do anything malicious during the test period. Version 2.2 does monitor a few new behaviors and adds a regularly updated bulletin on malware Sana Security has detected in the wild.

I asked Sana's Chief Technology Officer Vlad Gorelik whether a product like PRSC is even necessary, given the added security built into Vista. According to Gorelik, Sana's experience is that Vista completely blocks about two thirds of existing malware from running. But turn that around - one in three is Vista-compatible. Not all of them trigger User Access Control, and you can be sure that some users will blindly click Allow. Fortunately if the program that an unwitting user released is a stinker, PRSC will catch it as soon as it gets out of line.

Gorelik pointed out that Vista has to be compatible with existing programs; otherwise it would never be accepted. And malicious programs are just a subset of existing programs. Even 64-bit Vista requires a compatibility layer for 32-bit programs, so it's theoretically vulnerable. He suggested that when 64-bit Vista becomes more prevalent, hackers may dig into that compatibility layer.

He also observed that there's a lot of money in malware these days. Internet Explorer is supposed to block installation of unknown ActiveX controls, but the bad guys can afford to commission fancy-looking Flash animations that encourage the user to work around this limitation with step-by-step instructions. Gorelik suggests that similar social engineering attacks will be used in Vista, though we don't yet know exactly what form it will take.

"I think Vista is great," he said, "but you're going to have the same problems under Vista - just a little different flavor. Vista has to run programs, and malicious programs are programs. Any platform that's so broadly deployed is a target."

Primary Response SafeConnect 2.2 comes in two versions, one for Windows XP and 32-bit Vista and another specifically for 64-bit Vista. Windows 2000 is no longer supported in this version. A one-year subscription costs $29.95.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Related stories:

Attack on computer memory reveals vulnerability of widely-used security systems
A team of academic, industry and independent researchers has demonstrated a new class of computer attacks that compromise the contents of “secure” memory systems, particularly in laptops.
Microsoft Releases First Public Beta for 'Longhorn'
This feature-complete, third beta brings with it the ability to simplify administration tasks via improved event logging, task scheduling, enhanced remote management and the scripting capabilities of Windows PowerShell.
Can a Rootkit Be Certified for Vista?
A roomful of hackers, CIOs and CSOs agree that Microsoft's given us the most secure version of Windows yet, but their approval is served up with a garnish of "excepts," "howevers" and "althoughs."
Microsoft 4Q profit rises; Web ad business rocky
(AP) -- With a Yahoo Inc. search deal uncertain at best, Microsoft Corp. plans to invest hundreds of millions of dollars more than expected in the next year to whip its unprofitable online operations into shape.
Bill Gates surrendering Microsoft helm
A Harvard University dropout who ushered in the home computer age and made billions of dollars along the way will have his last official day of work at Microsoft on June 27.
What's The Microsoft Windows XP Service Pack 3 All About
Microsoft has announced an upcoming Windows XP Service Pack 3. There is a test version available. The Windows XP SP3 is primarily a package of previously released updates, security updates and hotfixes. However, a test run by Devil Mountain Software, says it boosts performance.
New 160 GB StoreJet 2.5 SATA External HDD By Transcend
Transcend 160GB StoreJet 2.5 SATA hard drive has speed, phenomenal capacity, convenience and a sleek aluminum case. The SATA HDD is considered by some to be the future of industry due to its power saving low operating voltage use.
Microsoft's FCS Only Partially Delivers the Goods
Review: eWEEK Labs found that Microsoft's new Forefront Client Security package meets only the baseline requirements for an enterprise security solution.

News discussion:

Technology news