• United States
Neal Weinberg
Contributing writer, Foundry

Whole Lotta Security

Sep 11, 20032 mins

* A look at what WholeSecurity's Confidence Online provides

WholeSecurity’s Confidence Online software provides a layer of protection for known and unknown Windows clients remotely connecting to your network. The enterprise edition includes a fat client for VPN connections, a small-footprint ActiveX client that performs a security check on general Web connections and a Web-based management console for logging and alerting.

Confidence Online is a heuristics-based product, examining processes running on the client system looking for suspicious activity – such as the use of a keystroke logger or a hidden window – without relying on specific signatures. If a suspicious process is identified, alerts are sent to an administrator and the offending process can be killed or just logged as an event. End users also can be sent to a specific Web site with further instructions.

The fat client is installed on a client system and runs continuously in the background. We did not see any performance degradation with this client. When a VPN tunnel is created, the client starts a scan on the system.

The ActiveX control is downloaded to unknown client systems when they request access to a specific Web site, ensuring the system does not have any back doors, keystroke loggers, or other malicious programs.

We first ran a number of Trojan and back-door programs WholeSecurity provided. Confidence Online successfully identified these programs on the test systems and took the defined action upon discovery.

Next, we visited a few nefarious Web sites that successfully installed spyware back doors on our test system. Confidence Online successfully identified the rogue programs and terminated them as configured.

We then infected our test system with the Ratsou Trojan, which, among other things, changes client security settings, installs an Internet Relay Chat server and denial-of-service client, and changes the Windows registry so it is run at start-up. Confidence Online did not identify any of the executables used by this Trojan as problematic.

Confidence Online provides an interesting approach to client security. It is scalable and easy to use, but our tests show that it should be used with a client anti-virus program to provide multiple layers of security for remote users

For the full report, go to: