Abtrusion Security Click here to send someone a link to this page Click here to Bookmark this page
home   products   buy   download   support   about   news   links   contact

Abtrusion Security home

Security products

Purchase Abtrusion Protector

Download of security software for Windows

Abtrusion Protector support

About Abtrusion Security

Security related news

Security links

 

Download Abtrusion Protector

 

Information for

> Corporate Management

> System Administrators

> Security Professionals

> Software Developers

> Home Users

Abtrusion Protector

Abtrusion Protector is an integrity-based launch protection software that injects itself between the Windows kernel and the user-mode application space. Whenever an executable file is loaded by Windows, a call into kernel mode is made. Abtrusion Protector intercepts that call and verifies that the file is allowed to execute before allowing the call to proceed into the Windows kernel.

Abtrusion Protector maintains a database of digital thumbprints of files that are allowed to execute on the computer. Files present on the computer when Abtrusion Protector is first installed are automatically added to the database. Whenever new software is installed to the computer, Abtrusion Protector can be told to record and add thumbprints of the new files to the database.

Abtrusion Protector includes a kernel mode component that performs the actual verification of file thumbprints. It also contains a service component that maintains the database of thumbprints. In addition, it includes a user interface component.

Normally, Abtrusion Protector operates in the background and is virtually invisible to the user. The only time a user has to interact with Abtrusion Protector is when there is a potential breach in security or when installing new software. Abtrusion Protector can also be administered at a central site, without any user intervention at individual workstations.

Files are identified by the strong cryptographic hash function SHA-1. File hashes of executable files are computed using the method used by Windows to sign files, except that Windows normally uses the slightly weaker hash function, MD5. This is utilized by Abtrusion Protector to interoperate with regular certificate-based code signatures. For example, Abtrusion Protector can be set up to automatically allow code signed by specified trusted software vendors.

By default, Abtrusion Protector is set-up to allow code signed by Microsoft. This allows Abtrusion Protector to automatically and safely record files installed by Microsoft security patches, service packs and other updates. It also allows Abtrusion Protector to integrate seamlessly with Windows Update.

Abtrusion Protector protects its own files and registry settings so that no other applications are allowed to modify them. In addition, Windows access control lists are also used to determine which users are allowed to modify settings or install new software to the computer.