Security start-up to block Trojans

Start-up WholeSecurity debuts this week with Web server software designed to prevent remote-access trojans or eavesdropping software from penetrating the network during e-commerce or employee interactions over the Internet.

AUSTIN, TEXAS – Start-up WholeSecurity debuts this week with Web server software designed to prevent remote-access Trojans or eavesdropping software from penetrating networks during e-commerce or employee interactions over the Internet.

The company says its Confidence Online helps guard against identity theft and network compromise by detecting and blocking any action by harmful Trojans such as BackOrifice and Subseven, as well as legitimate remote-administration tools such as Symantec’s PCAnywhere. The goal is to prevent any potential entryway from desktops into corporate networks during interaction over the Web, says Tony Alagna, founder of WholeSecurity.

Before founding WholeSecurity in 2000, Alagna was a consultant at the Information Security Penetration Institute in Annapolis, Md., and conducted vulnerability assessments on government networks. The 32-employee company has received $8.5 million in funding from Venrock Associates and New Enterprise Associates.

Confidence Online scans and blocks after it’s automatically downloaded from the Web server to a Microsoft or Netscape browser of an employee or e-commerce partner. The blocking continues until the Web session is over. The software can be configured to delete desktop code, but WholeSecurity does not recommend that in most circumstances.

The software has been beta-tested at Deutsche Bank and the Lower Colorado River Authority (LCRA) in Texas.

“We’re using it to weed out Trojans and spyware like Gator,” says Michael Allgeier, LCRA data security officer. Confidence Online works like a “background check” on computers before they are allowed into the LCRA network, he says.

But the software might elicit controversy because it scans inside laptops, an action some see as a violation of privacy.

“Yes, it is controversial,” acknowledges Scott Olson, WholeSecurity’s vice president of marketing. But the company thinks most people will conclude that the benefits of preventing fraud and network compromise outweigh the desktop-privacy arguments.

Confidence Online costs about $30 per user for employees and per-case pricing for e-commerce applications.

In other security news, Waveset and Entrust are partnering on Entrust Secure Identity Management, which combines Waveset’s identity-management product, Lighthouse, with Entrust’s access-control software, getAccess. Available for Windows and Unix, it’s expected to ship in June at a cost of about $200,000. Waveset’s next version of Lighthouse, Version 4, will ship later this year. It will also include the Entrust public-key infrastructure technology to automate signing and time-stamping of management transactions and audit logs.