Ray Van Eng (08/07/97)                      

Since the publication of our article on grossly misbehaving programs that you can download from the Internet, many of you have wondered how you could protect yourself against such attacks from unscrupulous programmers. So when McAfee Software announced it has formulated a solution to deal with this problem, we felt obliged to pass on the information here.

WebScanX, as the product is known, is claimed by McAfee as being the first software that simultaneously protects web surfers against ActiveX and Java "hostile applets" and Internet-borne viruses.

When a user downloads an applet onto his/her computer, WebScanX will retain the applet in a buffer zone for a background check in which the identity of the applet is compared against a database of previously known hostile Java and ActiveX programs. If a match or a close resemblance is found, the applet will be terminated on the spot before it will be given a chance to execute its logics.

The hostile applet library is kept current by McAfee's own SecureCast "push" technology which distributes the most up-to-date listing to user's desktop.

Even if the applet has gone pass this security check, it will continue to be monitored by WebScanX. Any abnormal conduct like deleting files, allocating memory address or other questionable actions could lead to permamnent disablement to prevent the applet from damaging user systems.

WebScanX works with all versions of the Microsoft and Netscape browsers, including the newest Internet Explorer 4.0 and Navigator 4.0. It also works with many e-mail packages such as Eudora, MAPI and cc:Mail and scans incoming e-mails for rouge objects and computer viruses.

McAfee's WebScanX is not the only game in town. Internet Security Systems is said to have RealSecure , a real-time attack recognition and response system specially designed for network administrators.

RealSecure acts like a network sniffer and checks data packets as they travel throughout the network. Once a subversive behaviour is recognized, the attack can be exterminated authomatically or logged to a database and recorded later for further examination.

The company says that the next version of RealSecure , due later this year, will have the ability to detect ActiveX and Java applets and see if these programs have been stamped with a Verisign digital ID. Any applet that is unsigned or carries a revoked ID is subject to rejection.

Through Netscape's Object Signing and Microsoft's Authenticode technology, Verisign's digital ID can be incorporated in the applet to authenticate the identity of the software developer. However, this process does not guarantee that the software won't do damange to your computer system, it only means that the culprit can be identified if there is a problem.