• United States
by Mandy Andress, Network World Global Test Alliance

WholeSecurity Confidence Online Enterprise Edition

Aug 11, 20033 mins

WholeSecurity’s Confidence Online provides a layer of protection for known and unknown Windows clients remotely connecting to your network.

WholeSecurity’s Confidence Online provides a layer of protection for known and unknown Windows clients remotely connecting to your network. The enterprise edition includes a fat client for VPN connections, a small-footprint ActiveX client that performs a security check on general Web connections and a Web-based management console for logging and alerting.

Confidence Online is a heuristics-based product, examining processes running on the client system looking for suspicious activity – such as the use of a keystroke logger or a hidden window – without relying on specific signatures. If a suspicious process is identified, alerts are sent to an administrator and the offending process can be killed or just logged as an event. End users also can be sent to a specific Web site with further instructions.

The fat client is installed on a client system and runs continuously in the background. We did not see any performance degradation with this client. When a VPN tunnel is created, the client starts a scan on the system.

The ActiveX control is downloaded to unknown client systems when they request access to a specific Web site, ensuring the system does not have any back doors, keystroke loggers, or other malicious program to access logon passwords and other sensitive information that might be entered.

We first ran a number of Trojan and back-door programs WholeSecurity provided. Confidence Online successfully identified these programs on the test systems and took the defined action upon discovery. By contrast, our client anti-virus program did not successfully identify all of these programs.

Next, we visited a few nefarious Web sites that successfully installed spyware back doors on our test system. Confidence Online successfully identified the rogue programs and terminated them as configured. The anti-virus program running on the system did not identify these programs as problematic.

We then infected our test system with the Ratsou Trojan, which, among other things, changes client security settings, installs an Internet Relay Chat server and denial-of-service client, and changes the Windows registry so it is run at startup. Confidence Online did not identify any of the executables used by this Trojan as problematic, but our anti-virus product alerted us to the infection.

We also configured Confidence Online to kill any instance of Solitaire it found running on our test system, which it successfully completed. This feature allows corporate security managers to enforce policies that prohibit programs, such as file sharing or public instant-messaging programs, from running on systems.

Confidence Online provides an interesting approach to client security. It is scalable and easy to use, but our tests show that it should be used with a client anti-virus program to provide multiple layers of security for remote users.