Free Search Engine Identifies Unknown Windows Files
To help ease their minds about what exactly is on all those corporate PCs, administrators can download a utility at Bit9's Web site to tap into the firm's 4-terabyte database.
March 10, 2006
Bit9 Inc. on Monday will launch a free search engine to identify unfamiliar software applications and executables found on any computer running the Windows operating system.
Users will be able to download a utility at Bit9's Web site to tap into the firm's 4-terabyte database at http://fileadvisor.bit9.com. The database holds approximately 25 million unique files and 250 million records to source and identify the software. Bit9 expects to triple the data the end of the year.
To keep up to date Bit9 collects and catalogs file data on commercial software and drivers from the Web, the National Institute of Standards and Technology (NIST)the National Software Reference Library (NSRL), IBM Corp., and other resources.
Unknown applications or executables are identified in the database by a "cryptographic hash, a mathematical algorithm that runs across the content of the file," said Bit9 Inc. vice president and co-founder John Hanratty, who also co-founded Synernetics, acquired by 3Com, and Agile Networks, scooped up by 3Com. "Any virus worth its chops will come in and rename itself as a legitimate name, for example, a file system."
FileAdvisor provides details on the file originator and the commercial software package it's contained in. Hanratty said the utility uses the cryptographic hash because it's common for malicious code to change its name so it appears harmless to the users.Bit9 also will introduce the ParityCenter service to integrate with Bit9 Parity. The software provides network visibility to closely monitor unknown files as they are downloaded onto machines in an enterprise before they affect computers.
The problem is that "bad" always changes, said Hanratty. ParityCenter identifies that an executable file is of an unknown type, and keeps it from propagating.
While it's important to monitor unwanted software, IT professionals also "want the ability to control unauthorized and unlicensed software," he said. "They're spending as much money in virus and worm protection, as they are to clean up unauthorized utilities."
Read more about:
2006You May Also Like