Anti-virus technique adds muscle to PC lock-down

Sophos has developed an innovative anti-virus-based approach to locking down PCs.

Sophos has developed an innovative anti-virus-based approach to locking down PCs.

To identify malware, anti-virus products use a signature file that acts as a fingerprint of the virus or worm. Sophos has now applied the same principle to legitimate applications, giving IT directors a simple way to lock down desktop PCs.

The company's anti-virus and application control product lets system administrators selectively block unauthorised VoIP, peer-to-peer and instant messaging applications that present risks to company data and networks.

The product covers about 30 popular file-sharing programs such as BitTorrent and ShareP2P, messaging services such as Yahoo's and MSN's, and Skype, Googletalk and Net2Phone VoIP services.

Phil Cracknell, UK president of the Information Systems Security Association, said, "Companies are in danger of losing control and accountability if they allow their end-users to decide what software they run on their computers."

Graham Cluley, senior technology consultant at Sophos, said, "In time we plan to block distributed computing applications." For example, the popular Seti client.

"So far the emphasis has been on businesses stopping certain types of traffic such as peer-to-peer networking, and any illegal activity," Cracknell said.

Users have generally deployed expensive application firewalls to monitor protocols running across the network. But many applications use Port 80 for web traffic, and so cannot be stopped.

In a separate development, Sophos has come up with a "behavioural genotype" technique for performing static code analysis.

The technology, which is now available in the company's anti-virus software, is designed to combat zero-day attacks by analysing the behaviour of viruses before they have a chance to run.

Sophos said it had deployed behavioural genotype technology to protect users following last month's Stration-X Trojan attack.

According to Cluley, the hacker had tried to circumvent anti-virus protection by releasing 30 versions of the same malware, but since Sophos was analysing the behaviour of the malware, it did not have to issue 30 signature files.

Read more on Voice networking and VoIP