I am often asked by frustrated clients “Why doesn’t traditional anti-virus and Internet security software products work?” The unfortunate answer I have to give them is “It’s your fault.” The more diplomatic answer I really use is that the security software cannot prevent something that is explicitly allowed by the computer user. And the computer user is easily tricked into opening a file or email attachment, or clicking on a link that installs a malware exploit over the objectionss of the security software.
Traditional security software solutions work using something called “signatures,” which is a database of known malware exploits. The software compares the product being installed to this database of known exploits, and will attempt to block the installation. Usually there will be a pop-up from the software asking if you want to allow the installation. If you click “Allow” it is game over for you and the malware distributor wins. Newer anti-malware products also use “heuristics” which compares the actions of the newly installed software to the actions of known bad actors, and will attempt to block the program on that basis as well. The two drawbacks are that the user can override the software, and that the software recognizes known exploits. But what about the thousands of brand new or “zero-day” exploits that are released daily?
The developers at Blue Ridge Networks have developed a product called AppGuard that works differently, by preventing installations that happen from drive-by website downloads, or email attachment or links. Actually, it works by preventing all installations of software unless there is explicit permission to allow the installation to complete, as well as hardening some common software that has known vulnerabilties.
“AppGuard uses the concept of Guarding. This concept Guards your computer against certain applications with the greatest risk of malware, such as Microsoft and Adobe products. Guarding is not designed to protect the application, but rather to protect your computer against current or potential zero-day vulnerabilities in the application. AppGuard provides an innovative and practical approach to protecting your PC from malicious software. It stops the cyberattacks that traditional security products often miss, even zero-day malware. AppGuard prevents suspicious applications from running and stops even allowed applications such as your browser from performing high-risk activities that might result in an infected computer.”
AppGuard contains several types of protection:
- Drive-by Download Protection stops suspicious programs from launching.
- Application Containment/Guarded Execution ensures protected applications are prevented from performing high-risk activities that might be exploited by malware.
- MemoryGuard prevents protected programs from writing to or reading from other processes’ memory.
- InstallGuard prevents installation of programs from untrusted vendors.
- Privacy Mode prevents browsers from reading private folders.
Alerts are easy to understand, and overriding the security takes more effort than simply clicking “Allow,” which should reduce the amount of malware remediation that occurs in your businiess. There is also a great reporting module that shows you just what and when malware attempted to strike. For larger businesses there is an Enterprise version provides centralized monitoring, management, and distribution.
This is a product that we just started using and recommending to our clients. If you would like to take it for a spin, click on the link below.
To purchase AppGuard, click the link.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com