Is it time to get out of the anti-virus arms race? If new security vendor Bit9, Inc. gets its way, banks may soon be able to eliminate virus scans altogether. Instead of trying to track every new virus and piece of malicious codes that appears, the Waltham, MA-based security vendor allows only the good software to run.
Today, the company has an index of over seven billion applications that fall into the “good guy” category. If a user wants to run a new piece of software, it’s checked against this list, and if it’s not on the list, it doesn’t run.
They’re the only vendor that’s produced such a list, says Gartner analyst Peter Firstbrook. And it’s the perfect solution for desktops that are only supposed to run a limited set of software – such as point of sale terminals, he says.
In the general computing environment, this “whitelisting” approach works well in conjunction with traditional software, speeding up anti-virus scans. However, it doesn’t stop the execution of macros embedded inside Word or Excel files, or browser-based applications – though it does prevent them from installing other executable files on the PC.
The Bit9 Parity 4.0 product can also scan a computer – or all the computers on a company network – and produce a report about exactly what programs are running where. The product can also lock down any given PC or group of PCs to just the applications on the company’s approved list.
Bit9 currently counts 100 companies as clients, including such financial firms as Omgeo, Putnam Investments and Thomson Financial.
“There’s more malware being produced than goodware in the world,” says Patrick Morley, Bit9’s president and CEO.
A big advantage of Bit9’s approach is to protect companies against threats that haven’t yet hit the radar screens of the anti-virus vendors. “The whole concept of ‘just don’t let it run’ is so basic,” says Anthony Zannella, Omgeo’s manager of corporate services and support, in a statement. “I can’t believe that such a simple concept is something that is just starting to catch on now.”
Today, Omgeo uses Bit9’s Parity on almost 1,000 computers in New York and Boston to block specific new threats as they arise much faster than in the past. Reaction time to a major new virus outbreak was reduced from several days to just a few minutes by banning the virus immediately after it appeared, without waiting for anti-virus vendors to develop a signature file for it. Other security vendors are starting to take a look at whitelisting, Morley says, with Symantec and Kaspersky (via Bit9) offering pieces of the technology.
This article first appeared in Bank Technology News. Read full article at American Banker (paid subscription required).