VirusScan 8.0i is in beta testing, and is expected ship in July. The i is for intrusion prevention, among other marketing adjectives, as NAI has added some functionality from its personal firewall and host intrusion prevention software.
The biggest criticism of antivirus software is that it very often doesn’t stop worms, either because the worm spreads faster than an antivirus signature can be developed, or because it’s a network-to-memory worm, and most antivirus works at the file level.
NAI is trying to address this by building in a firewall, lockdown features, buffer overflow prevention, and some signature-based intrusion prevention. The firm claims many pieces of malware can be stopped without a virus definition.
According to John Bedrick, group marketing manager for systems security at McAfee, NAI recently tested VirusScan 8.0i with its virus definitions 18 months out of date, and found it still stopped 90% of malware attacks rated Medium Risk or above,
The firewall, coupled with the application controls, means that administrators could block port 25 for every application except the user’s mail client, which could prevent an outbreak if one user becomes infected with a mass-mailer, Bedrick said.
Trying to find the source of the attack is extremely tedious and time consuming, and all that time, the damage is still being done, Bedrick said. The software also has a feature that allows hosts to ignore IP addresses known to be compromised by viruses, he said.
The new intrusion prevention currently protects 22 applications and operating system components from known buffer overrun vulnerabilities, using signatures that secure against the vulnerability, not the exploit, Bedrick added.
As well as port lockdown, the software can lock down specific directories, files and applications against tampering by malware. It can also close off network shares, a common vector for malware infection, the firm said.
Bedrick said that unlike other products from NAI and its competitors, VirusScan is not a suite offering. The firewall and intrusion prevention code, while borrowed from other products, is integral to VirusScan.
The software will come with Cisco Systems Inc’s Trust Agent, making it compatible with Cisco’s Network Admission Control program, and can be managed centrally by ePolicy Orchestrator or McAfee ProtectionPilot.
