Forget the popular myth of the teen hacker. An older, more sophisticated hacker is out there, spreading malicious code disguised as files and standard Internet apps into corporate networks.
IT managers can take every precaution-blocking inappropriate and suspicious websites, rejecting Visual Basic scripts or other Internet code and scanning each e-mail attachment for viruses, but that won't stop hackers from sneaking unknown viruses and sophisticated code past a company's antivirus and content-filtering gateways.
Today's popular content-security technology ferrets out only known viruses or specified content.
It's this fear of the unknown that's starting to scare some IT managers into adding behavior-blocking, or "sandboxing," technology, as a last line of defense at the desktop.
Behavior blocking prevents malicious code from doing something it's not authorized to do. If a downloaded executable program tries to erase the PC's hard drive or copy its address book, for instance, the software stops it cold.
The desktop is the final frontier for many of these malicious attacks because that's where Internet code, such as macros, scripts, executables, screen savers, plug-ins, Java, and ActiveX apps typically run.
The day Atlanta law firm Mabry & McClelland was hit with the "I Love You" virus last year, the firm bought SurfinShield, Finjan Software's behavior-blocking software.
Craig Cothern, the firm's IT director, said that after trying to restore the e-mail server three times, he started thinking about other options, especially since he couldn't get the virus patch from his antivirus vendor quickly enough.
"SurfinShield works better than an anti-virus solution because it looks for the actions the code takes, not the virus name or characteristic," Cothern said.
Unlike traditional antivirus technology, which scans for known virus characteristics using its signature database-behavior, blocking software uses policies to determine whether an application or a piece of code is acting out of line.
The technique, which has been available for a couple of years from Finjan and other companies, may soon help fill the void in some antivirus products.
»More from InternetWeek
Try TechWeb's RSS Feed!UCLA seeking Programmer/Analyst IV in Los Angeles, CA
Transportation Security Administration seeking CIO in Arlington, VA
Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA
SMDC Health System seeking Applications System Analyst 3 in Duluth, MN
ISES, Inc. seeking Techncial Support in Bridgewater, NJ
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
