McAfee has added intrusion protection to the latest version of its VirusScan Enterprise software.
Intrusion prevention is designed to protect computers from attacks such as buffer overflows - often used by viruses, worms and hackers to compromise Windows machines.
VirusScan Enterprise 8.0i integrates IPS (intrusion prevention services) and firewall technology with anti-virus software to automatically protect people from new malicious code outbreaks.
The announcement comes as anti-virus software makers and networking equipment vendors look for ways to harden machines against possible compromise and crack down on a host of threats, from spam and spyware to bogus Web pages used in phishing scams.
The IPS technology stems from McAfee's acquisition of Entercept in April 2003. It allows VirusScan to spot malicious code used to exploit vulnerabilities in the Windows and Microsoft applications like Internet Explorer, Outlook and Microsoft Office, said John Bedrick, group marketing manager for systems security at McAfee.
The product requires periodic updates from McAfee, but Bedrick was reluctant to call the IPS updates "signatures", for fear of lumping them in with the frequent anti-virus updates that are required when new worms and viruses appear.
For example, VirusScan 8.0i spots malicious code that tries to exploit a known vulnerability in older versions of a Windows component called the Local Security Authority Subsystem Service (or LSASS). The recent Sasser and Gaobot worms spread by compromising machines using vulnerable versions of LSASS. VirusScan 8.0i protects Windows machines from any of those threats. However, unlike anti-virus software, it does not require a new "signature" for each worm that targeted LSASS, Bedrick said.
While IPS features in VirusScan improves that product's ability to spot malicious computer code, the new features do not turn VirusScan into a full-fledged IPS product. Instead, McAfee added a small set of IPS features that will provide the maximum protection to users while creating the minimum of "noise" such as blocking valid traffic, Bedrick said.
Whereas a comprehensive IPS product like Entercept's prevent buffer overflows of any kind, VirusScan 8.0i limits buffer overflow protection to the 30 or so Windows applications and services that most McAfee customers use, he said. "The idea was to pick the applications and services that were the most commonly exploited," he said.
The new release is part of a larger push into the IPS arena at McAfee. In June, it announced new versions of two intrusion prevention (IPS) products, IntruShield and Entercept, that it said will make it easier to protect corporate networks from so-called "zero day" attacks, attempts to break in to networks using previously unknown vulnerabilities.
McAfee VirusScan 8.0i is not sold as a stand-alone product, but is sold in suites, such as McAfee Total Virus Defense, with other McAfee products. The product is available for free to existing customers with valid support agreements, and to new customers through McAfee and its partners, McAfee said.