Safe`n`Sec Intrusion Prevention System for home PC protection

Today it-security solutions for home PCs can be divided into classes.

• Antiviruses malicious code detection with help of signature databases or heuristic analyzer (decision about program maliciousness is based on code analysis according to several set indexes).
• Personal firewalls analyzing PC traffic along the OS perimeter.
• Sandboxes/Virtualization systems protect PC system by running software in a simulated system – a sandbox. Every harmful action that a malware may do is done in the simulated system and does not affect the real host system files.
• Up-to-date Host Intrusion Prevention software (HIPS) monitors the activity of programs and Operating System. If a program tries to do a potentially harmful activity, HIPS will stop the program before it affects the system and ask user whether to continue program execution or block it.

All these solutions protect user PC from certain threats and can be a good combination for complex PC protection from a variety of malware. The main advantage of HIPS software is an option of detecting and blocking new malware types and modifications which are yet not detected by signature antivirus technology or missed by firewall (when malware conceals as useful utility). Thus intrusion prevention software is an essential element in complex PC protection.

The Safe`n`Sec’s technology is based on system calls intercepting and intellectual analysis at the Operating System level. (See pict.1)

Pict. 1

Intercepting system calls and analyzing system applications activity Safe`n`Sec makes a decision about the malicious actions of application and blocks the attack at initial stage. Spyware is blocked before any damage to the system or data is done.

While OS startup System Interceptor is among the first processes to load and builds in the chain of system calls. This module intercepts system calls of all applications and transfers full information about the system call and the application that generated this call to the iTrust Engine module. The latter identifies application by its unique properties and transfers this data to Rules Engine module. This module analyzes information according to the predefined rules and makes a report. The report is transferred to Intelligent Decision Maker module which analyses all data about application actions. As a result System Interceptor either blocks denied calls or allows execution of “non-dangerous” calls at the system level.

Safe`n`Sec possesses a number of advantages meeting the lacks of traditional security software.

Antivirus whether signature or heuristic-based effectively protects your PC from well known viruses or those which have once damaged users computers. Signature updates are released with some delay and it takes time to conduct tests of an update. Safe`n`Sec proactively protects PC from unknown mlware detecting and blocking all malicious actions before any damage to computer system is done. Heuristic-based antivirus solutions are usually developed for specific operation system & system configuration. Safe`n`Sec is universal software. Safe`n`Sec security software provides efficient protection against viruses, computer worms, trojans, spyware, hacker and fishing-attacks, unskilled actions of novice users etc.

Firewall controls & analyses traffic at computer system entry but not activity inside PC environment. Meanwhile malicious applications, spyware for ex., often use standard ports like e-mail or Internet to get into computer environment. Such malware can be integrated in a useful utility and as such freely enters PC via e-mail or Internet. Firewall fails to detect and block it. Malicious software can also be uploaded at your PC when you download some software from free CDs (magazines covermounting). Safe`n`Sec is preventive protection which divides malicious actions from normal. No matter where the malware comes from – outside or inside your PC Safe`n`Sec blocks any dangerous activity and allows all positive actions.

Sandbox software doesn’t detect whether application is malicious or not. Some sandboxes may ask user whether unknown program should be run in isolated environment or should be added to trusted applications list. In most cases after running in a sandbox the program is allowed to OS system. Safe`n`Sec precisely detects whether the program activity is malicious or not and give user advice what to do with such program (deny or allow).

Combination of traditional antivirus or firewall solutions and new proactive protection technologies provides complex protection and thus the most effective level of computer security. The combination of behavioral and signature technologies allows to control a broad range of events related to various computer threats detection and prevention (see the list below).

	(LAN) Firewall	Personal Firewall	Anti-Spyware, Anti-Adware, etc.	Antivirus	Host Intrusion Prevention Software
Installs on	Server	Client	Server and/or Client	Server and/or Client	Client
Effective against	Network attacks	Host attacks, spyware	Specific malware	Known viruses	Any potential damage
Protective action	Stop traffic	Stop traffic / terminate application	Wipe malicious files / applications	Cure / quarantine / wipe infected files	Block particular action attempted by application or block malicous application completely
Protective action is applied when	Traffic is abnormal	Traffic is abnormal	Malware is detected	File is damaged	Risk of damage exists
Monitors	Network traffic	Network traffic	Application code / Traffic	Application code	Application behavior
Check method	Traffic analysis	Traffic analysis	Signature match / Traffic analysis	Signature match	Behavior analysis
Checks running applications	No	On alarm	At launch	At launch	Constantly
Checks e-mail, downloads, web pages	No	No	Yes	Yes	No
Checks static files on HDD	No	No	Yes	Yes	No
System load	Neglectible	Moderate to neglectible	Heavy to moderate	Heavy to moderate	Neglectible
Requires frequent updates	No	No	Yes	Yes	No
Requires user attendance	Seldom / Not at all	Seldom / Not at all	Often	Seldom	Seldom
Risks, limitations and drawbacks	Host-based attacks	Leaks, custom attacks	New malware	Zero-day viruses	False alarms
Layer of security	Outermost	Outer	Inner	Inner	Innermost
Required for multi-layer security	Absolutely	Recommended	Recommended	Absolutely	Highly recommended
Examples	IPX LAN Firewall, SonicWALL	Norton Personal Firewall Zone-Alarm Pro Agnitum Outpost	Microsoft Antispyware CA eTrust PestPatrol Lavasoft Ad-Aware	Symantec Norton AV McAfee VirusScan Kaspersky AVP	Safe'n'Sec   Panda TruPrevent   Pro PrevX