Coalition touts file validation as security measure

A coalition of suppliers led by Tripwire, have announced an initiative to build a File Signature Database (FSDB) that would allow...

A coalition of suppliers led by Tripwire have announced an initiative to build a File Signature Database (FSDB) that would allow users to validate the authenticity of files that make up their software systems and applications.

The effort, which is meant to allow companies to improve monitoring and correction of any accidental or malicious file changes that could compromise security, include Hewlett-Packard, IBM, InstallShield Software, Sun Microsystems and RSA Security as members. 

The file signature repository will include individual file information, such as a "born-on" date, file name, digital hash value and other unique attributes published by each of the suppliers.

Companies can then verify the software running on their own systems by comparing it against a heterogeneous collection of "good file information" contained in the FSDB, said Wyatt Starnes, founder and chief executive officer of Tripwire. 

"Nearly 97% of the downtime in larger enterprises is caused by uncontrolled change" in the IT environment, Starnes said. 

While software from suppliers such as Sun, IBM and Microsoft come with functionality that allows users to verify the integrity of files, there is no common way for users to do that today, Starnes said. The FSDB will give users one place to go for verifying heterogeneous file sets. 

The FSDB's approach is different from tracking "known bad" files, such as viruses and other signature-based malicious code, said Chris Christiansen, an analyst at IDC. 

"By knowing what the good state is, improper and corrupted files can be eliminated by exception before they execute their poisonous instructions," Christiansen said. 

The FSDB is populated with more than 11 million known-good file signatures from each of the participating members. Each charter member will populate the database with new file information as new software is published. 

Licensed users will have multiple ways of accessing the file information contained in the FSDB, according to Starnes. One is a web service that will be launched sometime during the first half of 2004 that will give users access over the internet.

Sometime next year, hardware appliances will also become available that will allow users to self-populate and host only the file information relevant to their networks. 

The FSDB will also be made available separately to government and law enforcement agencies. 

"I think it's a great initiative," said Ken Tyminski, chief information security officer at Prudential Financial. "It will give people the ability to ensure the code they have is really the right code. It will also help from a problem-determination perspective. If you think something is not at the right level or has been altered, you can look it up." 

Doing so now involves going to multiple sources for the correct file information, Tyminski said. The FSDB, in contrast, will give users a single place to go for the information. 

Tyminski said he hoped more companies join the initiative. "I would like to see other players involved in this as well. To me, it looks like a win-win for everybody," he added.

Jaikumar Vijayan writes for Computerworld

Read more on IT risk management