New Package Screens Malicious Controls

Network administrators are increasingly finding themselves besieged by the threat of malicious Java applets or ActiveX controls that infiltrate enterprise networks embedded within other applets that externally, at least, appear to be harmless.

Sun Microsystems Inc.’s Java and Microsoft Corp.’s ActiveX technologies have facilitated a shift to a component infrastructure where lightweight application components or controls can be downloaded to remote end users’ desktops. But now the scripting engines of each technology -- JavaScript and VBScript, respectively -- pose new threats. With the introduction of version 2.0 of its SafeGate software product, Security Seven Software Inc. (Boston, hopes to provide a solution to this problem.

SafeGate 2.0 leverages Security-7’s Dynamic Behavioral Inspection function, a technology that inspects Java applets, ActiveX components or other designated executable file types as they arrive at the network gateway for bits of malicious code, in addition to predetermined or pre-specified problem or malicious executables.

Security-7 CEO Jack Hembrough notes, "What’s happening is that as the Web is becoming more and more dynamic, there is more useful dynamic content that is downloaded to people. The problem is that the bad guys see all of this useful stuff going on, and they’re embedding malicious code into these Web pages, Java applets or ActiveX controls and the security manager can’t possibly monitor it all."

SafeGate 2.0 works by allowing the network to trust mobile code delivered by the Dynamic Behavioral Inspection engine based on policy and trust relationships defined by a security administrator.

For its part, the Dynamic Behavioral Inspection engine uses five levels of inspection to ensure that objects comply with a company’s security policy. Accordingly, the Dynamic Behavioral Inspection engine can compare a Java applet’s or ActiveX control’s type, source and destination to an existing security policy to make sure that it is a permitted executable; can decompress .ZIP, .CAB or .JAR files to individually inspect files to determine if they contain trusted or untrusted code; and can inspect incoming code against a profile database of known hostile objects, denying any code that matches the database. The product includes provisions to update the database as new malicious objects are identified.

SafeGate 2.0 also uses Public Key certificate authority technology and the standard Public Key Infrastructure as a means to establish trust levels to determine the acceptability of foreign code. SafeGate 2.0 works with any public or private certificate authority and compares the details of a certificate -- including aspects such as signatory, validity, revocation date, source and integrity -- to a database of trusted certificates in the defined security policy.

According to Chris Christiansen, Internet security program director for International Data Corp. (Framingham, Mass.,, SafeGate 2.0 can provide network security protection beyond that commonly afforded by conventional firewall technology. "Firewalls are effective as a first defense against hostile executables," Christiansen explains. "However, Security-7’s [product] can provide additional protection with its unique method of allowing mobile code based on policy screening and trust relationships."