Network Computingwww.networkcomputing.com

		our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/

Anyone with a valid e-mail address can obtain a Class 1 digital signature, and all it takes to acquire a Class 2 signature is a credit check, typically supplied by a credit-reporting company such as Equifax. By no means does a digital signature mean that an authoritative source has evaluated a signed applet or deemed it safe.

To view the Report card.
People with bad intentions may acquire false ID in the form of bogus driver's licenses, passports and credit cards. Each false identity in the credit-reporting company's database can be used to acquire a Class 2 digital ID--and it costs only $20 per year.

It's a chilling scenario, but don't disconnect your company from the Internet just yet. Assessing the risk of encountering malicious Internet-borne software is complicated. On the one hand, only about 250 known malicious applets and ActiveX components exist (to put this in perspective, there are some 15,000 known computer viruses), and the Java applet environment incorporates a number of stringent built-in security measures.

On the other hand, Java security can't be taken lightly. Malicious Internet code is a potentially serious form of industrial espionage: If allowed to execute, both digitally signed applets and ActiveX components can perform virtually any operation on your local computer that the programmer desires. The latitude extended to a signed applet or ActiveX component includes access to your file server.

While we can often dismiss a virus as a nuisance written by an attention-starved programmer whose parents treated him or her badly during childhood, a malicious Internet-carried applet or ActiveX component can be far more dangerous. It's a network-connected opportunity for your competition to inspect, change or delete your files. A virus can alter your master boot record, delete or modify files, and display annoying messages. A malicious program buried inside an Internet Web page cannot only perform virus-like damage, it can also report what it finds back to a Web server host.

Patrolling the Border If you fear that your company's Internet connection could become a competitor's pipeline to your confidential data, you may want to invest in a security tool to lock out intruders. We tested four such tools, focusing on products that promise to identify and neutralize malevolent applets, JavaScript, VBScript and ActiveX components at the server: eSafe Technologies' eSafe Protect Enterprise 1.21, Finjan's SurfinGate 4.0, Security-7 Software's SafeGate 2.1 (Beta) and Trend Micro's InterScan AppletTrap (Beta).

Several client-side products turn back the threat of viruses and malicious Java applets. However, we feel it's best to deal with potentially destructive or inappropriately inquisitive external software on a gateway server, so the bad code never reaches the client computer.

We found that Security-7 Software's SafeGate 2.1 offered the best protection against malicious Internet code. It was quick, kept our clients safe, was easiest to administer and offered the best value for the security dollar, and that's why it earned our Editor's Choice award. But all four products correctly detected and blocked intrusive code samples.