Abtrusion Security Click here to send someone a link to this page Click here to Bookmark this page
home   products   buy   download   support   about   news   links   contact

Abtrusion Security home

Security products

Purchase Abtrusion Protector

Download of security software for Windows

Abtrusion Protector support

About Abtrusion Security

Security related news

Security links

 

Download Abtrusion Protector

 

Information for

> Corporate Management

> System Administrators

> Security Professionals

> Software Developers

> Home Users

Abtrusion Protector for Security Professionals

Abtrusion Security is on a quest. We have a vision of how computers will be secured in the future. The Abtrusion Protector product is the first in a line of products designed to control execution of software. By limiting the software that is allowed to start, we prevent many of the common techniques and tools used to hack computers connected to the Internet. We also limit the amount of damage viruses spread by e-mail can do.

While we do think that launch control is a technology that will be very important in the near future, we certainly don't think that proven technologies, such as firewalls and virus scanners will become obsolete. They will have their place, although the role of traditional virus scanners will probably have to be redefined somewhat.

So how does Abtrusion Protector work?

Abtrusion Protector maintains a database of SHA-1 hashes of files that are allowed to execute on the computer. Whenever a file is loaded for execution, the Abtrusion Protector kernel mode driver calculates the hash of the file and then searches for it in the database. If the hash is found, the file is allowed to load. Otherwise an access denied error is returned to Windows.

The Abtrusion Protector driver loads very early in the boot process and controls the loading of device drivers as well as regular programs, dynamic link libraries and OCX controls.

The database of hashes has to be updated whenever new software is installed on the computer. Typically, Abtrusion Protector is told to record the files installed by an install program. Abtrusion Protector also recognizes many different installation file formats and can record all files it finds on a CD or on other software media.

Abtrusion Protector is also able to verify digital signatures and automatically allow files that are signed or files that are installed by signed installations from trusted software vendors. In many cases, this allows software to be installed in a safe way, without any additional administration at all.

If Windows Installer is secured, Abtrusion Protector can be told to automatically record and allow all software installed by it.

In a corporate network, launch rights for Abtrusion Protector can be managed at a central site or can be distributed throughout the company.

Abtrusion Protector also includes features to protect itself from being disabled by hostile software. Registry settings and the Abtrusion Protector files can be protected so that they cannot be modified, except through the Abtrusion Protector user interface, regardless of user privileges. In addition, regular Windows access control lists can be used to limit user access to Abtrusion Protector settings.

Why will launch control software become more important in the future?

We believe that there are several factors that speak for launch control software.

There is a much greater awareness of computer security now than just a few years ago. We are moving towards a future where digital signatures are going to be more and more important to provide security and authenticity of software and not just business transactions. Launch control software provides a way to enforce trust policies. At the same time, digital signatures make launch control software much easier to manage.

Virus scanners are having a hard time to catch up with new viruses. Although virus scanner vendors certainly have talented software developers, so has the underground virus community. New viruses use new techniques to cloak themselves - virus writers test their new creations against the most popular virus scanners too.

Although many virus scanners are surprisingly good at recognizing all forms of known viruses, they will never be able to recognize most custom written hacking tools until it is too late.