Malware blocker checks behaviour

Analyses application behaviour and blocks unauthorised actions.

NEC Computers has introduced a new security tool to defend PCs against malware by analysing application behaviour and blocking unauthorised actions.

The software is designed to provide firms with an extra layer of protection, rather than replace other security products such as antivirus tools, NEC said. StormShield, available immediately, learns the behaviour of applications on a user's computer and then issues a warning if any unusual action is attempted. This allows firms to adopt a more proactive approach to security, according to NEC.

"Most antivirus programs find infections by scanning files and looking for a signature, but they can only detect viruses [whose signatures] have been discovered," said David Newbould, product manager of NEC UK's Client Business Unit.

An unknown virus might attempt to spawn itself from Windows Help files, for example, but as the Help system is only supposed to open other Help files, StormShield would block this.

When StormShield is first installed, it goes through a training period where it monitors the way the PC is used, NEC said. However, large firms can centrally configure profiles for different groups of users based on the applications they run. Mobile staff can also be given one profile for when they are attached to the LAN and a different one for when they are on the road.

Newbould said StormShield can detect if an executable is attempting to intercept keystrokes destined for another application and will warn the user. This type of interception behaviour is typically used by spyware to uncover sensitive information such as user login names and passwords.

StormShield also monitors network traffic through the PC using a firewall function that operates at the driver level. This strategy allows it to more effectively stop malware from spreading itself, compared with standard firewalls that operate at a higher level in the TCP/IP stack, according to NEC. While other types of security tools may significantly slow performance, StormShield adds less than one percent to processor utilisation, even on older hardware, said Newbould.

StormShield is priced according to volume, but costs no more than £45 per seat. Administrator seats are priced separately.