NEWS FROM THE LAB - Wednesday, August 23, 2006

"FSIS2007 Don't Lie" Posted by Mika @ 13:50 GMT

Host-based Intrusion Prevention System (HIPS) is a term commonly used for behavior blocking security software, i.e. software that monitors for potentially dangerous behavior rather than known file signatures.

This morning we blogged about a "small dog" that installs a Trojan-Spy named BZub.BL. We decided to test our IS2007 beta with old antivirus definition fingerprints to see if it would detect the BZub variant - and it did. Below is a screenshot of the alert given by the System Control component.

FSIS2007 detecting BZub.BL

Note that this test used the default System Control setting of "Ask when case is unclear". In that mode our heuristics first determines if the application appears to be harmless or if it is something the user should be warned about. For expert users we recommend using the "Ask my permission" setting that provides utmost control but creates more noise in the form of question dialogs.

FSIS2007's System Control settings

The beta of our Internet Security 2007 is now available for download. Among many of the new features is the newly designed proactive defense - System Control 2.0. We believe this version is much improved and offers better protection against 0-day malware.

If you're technically inclined and are interested in trying out the new beta, you can get it from our beta site. There's an opportunity to win an iPod for testers.