As your users gain wider access to the Internet, you run the risk of exposing your enterprise's computing resources to a new hazard: harmful bits of code that can hitch a ride with downloadable mobile code, such as Java applets and ActiveX controls. Mobile-code attacks are no small worry. They can delete or corrupt critical files and even bring a system down. When enduring the extensive data loss such an attack can cause, a company's productivity can really suffer.
An antivirus solution alone won't do the trick. But if you add to your defenses Finjan's SurfinShield Corporate 4.7, you can protect against downloaded mobile-code attacks. SurfinShield automatically destroys any mobile code that violates a company's security policy.
I gave SurfinShield a "good" score. Although it does an excellent job of protecting the confidential information stored on company computers and is easy to use, its maintenance requirements may be a deterrent. Companies that don't already have a dedicated security administrator will need to hire one, and SurfinShield requires constant fine-tuning to be a successful solution in the enterprise environment.
SurfinShield's closest competitor is Trend Micro's Applet Trap. Another is Esafe's Protect Desktop, a desktop firewall product with anti-virus capabilities that lacks SurfinShield's extensive policy management. Pelican Security's Safe TNet claims to protect against mobile code, but it is still in the beta stage.
Generally, mobile codes are designed to perform useful operations, such as transforming a static Web page into a lively multimedia source. But when a mobile code contains harmful bits of code, it can read, delete, and move files to another location. Trojan executables are the most common vehicle for mobile-code attacks, but Java and ActiveX programs are becoming favorites with virus creators.
Antivirus software protects against known attack methods rather than defending against new ones. SurfinShield not only scans downloaded programs for known dangerous mobile code, it also immediately destroys any Trojan executable, Java, or ActiveX program that violates a company's policy. It also protects against any harmful Trojan executable that attempts to intrude via instant-messaging programs such as America Online's AOL Instant Messenger, Yahoo Messenger, and Microsoft MSN Messenger Service.
SurfinShield consists of three components: SurfinShield Server, SurfinConsole, and SurfinShield Client. SurfinShield Server stores the company's security records and each user's local security policy, and supplies a database of malicious mobile code. The SurfinConsole is the administrative component used to set the corporate security policies.
SurfinShield's administration features deserve a lot of praise; administrators can set policies from the organisation level to the group level, all the way down to specific downloadable files. Most administrators will choose to group departments within the organisation, and then fine-tune policies by user.
Installing the components was not a difficult task, and they ran on my Windows NT network with Windows 95/98 and NT 4.0 clients. To test SurfinShield's capabilities, I generated a general security policy for a hypothetical organisation. I set my security policies to a) block, b) allow, or c) allow and monitor download of suspected mobile codes. To monitor, I edited an Access Control List, which includes file and network system, registry, and operating system permissions. When monitored in run time, the Access Control Lists are used to determine which access activities have been permitted. In addition, I was also able to set policies for specific URLs. I could completely block access to these sites or block access to certain files on each site.
Then I created groups and users and set up security policies. Acting as an administrator, I defined a high level of security for my test company's finance group.
I generated reports as well as viewing logs using SurfinShield's run-time monitoring feature, which keeps track of all users and their detected violations as the violations occur. These reports were thorough, with the date and time of the violation as well as a message, user name and location or URL.
SurfinShield passed my tests. However, the key to making SurfinShield work well is in defining groups, setting up security policies, monitoring violations and changes to the Web itself, and maintaining the policies.
SurfinShield Corporate is a powerful and complex proactive mobile-code security solution I recommend for any organisation that depends on the Internet for resources.