Tuesday, May 30, 2006

Exploit Prevention Lab's SocketShield

Figure 1: Socket Shield’s Main Screen

I have been using Exploit Prevention Lab’s SocketShield for close to one month now. SocketShield is one of several new security applications to protect against “zero-day exploits.” Antivirus, anti-Trojan, anti-spyware and other security scanners depend on signatures to detect and remove malware. However, when a new form of malware appears, it takes time for security firms to investigate and prepare an update. It is during this period, computer systems are vulnerable. This is where “zero-day exploit” protection comes in to play. These applications are not dependent on signatures to work. Rather, they look for features common to all malware. You might have heard the term “heuristic protection.” The term is used to describe learning and adapting capabilities. For example, it is common for spammers to misspell words in the subject line in e-mails to circumvent spam filters. Instead of the “f” word they might write “fukk.” This trick works on spam filters but most people will pick up on this misspell. Heuristic capabilities allow software applications to learn and to anticipate these subtle changes.

Socket Shield alerts user when there is a potential threat. The Socket Shield icon sits quietly in the system tray until it detects a threat at which time an alert bubble appears. I haven’t experience any alerts, which means either I surf the Internet safely or the SocketShield doesn’t work. The only real way to find out is to intentionally expose my system to malware, which I am not willing to do. However, for the other features, I can say that SocketShield does what it advertises. SocketShield updates itself automatically with no problems. It monitors my Internet connection’s sockets as advertised.

Exploit Protection Labs was co-founded and run by two veteran Internet security experts, Roger Thompson and Bob Bales. Both of whom worked at PestPatrol, the popular anti-spyware software. Currently, SocketShield is in public beta testing. The testing phase is anticipated to end sometime in June. Afterwards, it will cost $29.95 for a one year subscription.

System Requirements

  • Pentium 1.2 GHz or higher

  • 256 MB RAM

  • Microsoft Windows 2000, Windows XP Home and XP Professional

Suggested Reading:

  1. Security Startup Targets Unpatched Windows Vulnerabilities –by Robert McMillan, IDG News Service.

  2. Anti-Spyware Pros Launch SocketShield Beta –by Jennifer LeClaire

No comments: