Free Search Engine Identifies Unknown Windows Files

Welcome Guest. | Log In| Register | Membership Benefits

March 10, 2006 (10:07 AM EST)

Free Search Engine Identifies Unknown Windows Files

By Laurie Sullivan , TechWeb Technology News

Bit9 Inc. on Monday will launch a free search engine to identify unfamiliar software applications and executables found on any computer running the Windows operating system.
Users will be able to download a utility at Bit9's Web site to tap into the firm's 4-terabyte database at http://fileadvisor.bit9.com. The database holds approximately 25 million unique files and 250 million records to source and identify the software. Bit9 expects to triple the data the end of the year.
To keep up to date Bit9 collects and catalogs file data on commercial software and drivers from the Web, the National Institute of Standards and Technology (NIST)the National Software Reference Library (NSRL), IBM Corp., and other resources.
Unknown applications or executables are identified in the database by a "cryptographic hash, a mathematical algorithm that runs across the content of the file," said Bit9 Inc. vice president and co-founder John Hanratty, who also co-founded Synernetics, acquired by 3Com, and Agile Networks, scooped up by 3Com. "Any virus worth its chops will come in and rename itself as a legitimate name, for example, a file system."
FileAdvisor provides details on the file originator and the commercial software package it's contained in. Hanratty said the utility uses the cryptographic hash because it's common for malicious code to change its name so it appears harmless to the users.
Bit9 also will introduce the ParityCenter service to integrate with Bit9 Parity. The software provides network visibility to closely monitor unknown files as they are downloaded onto machines in an enterprise before they affect computers.
The problem is that "bad" always changes, said Hanratty. ParityCenter identifies that an executable file is of an unknown type, and keeps it from propagating.
While it's important to monitor unwanted software, IT professionals also "want the ability to control unauthorized and unlicensed software," he said. "They're spending as much money in virus and worm protection, as they are to clean up unauthorized utilities."

Try TechWeb's RSS Feed!
(Note: The feed delivers stories from TechWeb.com only, not the entire TechWeb Network.)

SECURITY WHITE PAPERS AND REPORTS

Configuration Audit and Control for Virtualized Environments
Find out how to maintain the same level of stability and security across both virtual and physical environments, using the same software and approach.

CIGNA Finds Good Therapy: Builds a More Efficient Risk Management, Streamlined Compliance, and System Security Program
To bolster the vulnerability management portion of its overall risk management program, CIGNA selected QualysGuard, thus enabling the company to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, track security fixes, and meet federal, state, and internal policy regulations.

Best Practices for Windows Vista Planning, Migration, and Ongoing Management
It is vital to ensure PC system and data security during migration to Windows Vista. This white paper highlights considerations that must be addressed over the entire migration process.

Auditing: What You Need to Know
All companies must go through a formal auditing process to ensure they're meeting various compliance demands. In theory, this exercise will help them understand where their security holes are and how to make appropriate improvements. But how do companies ensure their auditors understand specific IT security issues and requirements? We find out.