Problem solve Get help with specific problems with your technologies, process and projects.

Finjan: A different tack

Ed Skoudis offers a look at Finjin's AV offering.

In addition to the 10 antivirus products Information Security evaluated, we also looked at Finjan's SurfinShield, which offers some intriguing capabilities to help stop malicious code.

SurfinShield offers tight control of all kinds of active content delivered across the network. Unlike signature-based antivirus products, it controls ActiveX controls, Java applets, Javascript and Windows executables by tagging them when they arrive on the system. SurfinShield adds a small, executable header to the active content, and, when any user or program tries to run this content, the Finjan header invokes the SurfinShield screening capabilities. An admin can configure which types of active content or particular specimens will be allowed, denied or executed in a sandbox.

In environments where malicious active content downloaded from the Internet is a particular concern, SurfinShield offers increased protection, giving a level of granular control and customization not available in traditional antivirus products.

However, while SurfinShield attaches its tagging header to active content arriving via Internet Explorer, Outlook, tftp and some versions of Netscape, it doesn't provide protection against content that arrives via CD-ROMs, USB tokens and, of most concern, Windows network shares — a notable limitation. Thus, SurfinShield complements traditional antivirus for active content that arrives mostly via browsers and e-mail clients, but it's certainly not a replacement solution.

>> Read Ed Skoudis' review of 10 desktop antivirus products.

This was last published in June 2004

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.