|
|
|
|
|
|
|
|
Protecting against the emerging threat of PDA viruses (continued)
| Effectiveness |
Protects against synchronization, infrared beaming, and network access |
| Durability |
Continual updates required |
| Size restriction |
50K on PDA |
| Release date |
Full version: March 2001 |
| Price |
$39.95 |
| Ease of use |
Point and click installation, configuration, and updates |
| Company reputation |
25% market share |
Behavioral solutions
Behavioral anti-virus software scans for viruses based on behavior rather than on known virus signatures. Thus, behavioral anti-virus software is proactive rather than reactive in terms of identifying malicious programs. Viruses are detected regardless of whether they have a known signature or if the virus is brand new, obviating the need for updates. Finally, behavioral anti-virus software allows companies to develop programs that won't continually swell in size as the number of viruses increases. Finjan Software is creating a behavioral-based solution for PDA viruses and McAfee Corporation has released Guard Dog for Palm.
Although behavioral anti-virus solutions for the Palm OS help overcome major limitations of the database approach, they have their own limitations. Some behavioral programs require a higher level of technical expertise to install and configure. Another limitation for behavioral anti-virus solutions is that virus creators can invent clever ways to defeat the behavioral monitoring program, which degrades the concept of not needing patches or updates.
Finjan software
Finjan Software is one of the first companies to introduce anti-virus software for computers that's purely based on behavioral monitoring. Finjan's software uses a proactive monitoring technique to "sandbox" programs and to monitor their behavior. Like a child's sandbox, where he or she can play in a defined, protected space, the technical term "sandbox" is used to describe placing programs in a defined or protected space, often so they won't interact with or damage other parts of the system, and so other parts of the system won't interact with or damage them.
Any program that violates a security policy is instantly blocked before the program is allowed to do any damage. The company calls their software "first-strike security" because it doesn't require a known signature file but can detect malicious programs by monitoring the behavior of incoming code. Finjan's software can detect viruses during the first few hours of a new attack, which is when devices are most vulnerable.
Finjan's software for PDAs will reside on the device and protect against synchronization, infrared beaming, and network access. As with other behavioral solutions, Finjan's software is very durable as maintenance will only be required when new behavioral searching technology warrants a new version. Although Finjan's anti-virus software resides on the PDA, size is not a major concern because the software won't increase in size with an increase in viruses. Finjan doesn't expect to release a full-scale version of their product until the end of 2001. As a result, Finjan's product will not have been as thoroughly evaluated and revised as products that are currently available.
|
|
|
|
|
|
|
|
|
|
|
