By Joris Evers, 13 December 2005 09:40
NEWS
To plug a hole in its intrusion-prevention product, eEye Digital Security may adopt the Clam AntiVirus project and improve the open source software.
eEye's Blink intrusion-prevention product includes system- and application-level firewalls and protects computers against phishing, spyware and exploitation of known vulnerabilities. Ross Brown, eEye's chief operating officer, said: "Antivirus is the only missing piece."
Blink is used by about 250 organisations worldwide, including the US Army and the Department of Homeland Security, according to Brown. Some want the product to include antivirus support, so eEye is considering its options, including adopting the Clam AntiVirus project. "It seems like a good marriage for us," he said.
If eEye picks the open source technology, it plans to improve the software. Some eEye developers would work on real-time and file-scanning capabilities, Brown said.
Clam AntiVirus has been adopted in commercial products, such as appliances that scan email for viruses. It is also available as a free virus scanner for Windows, under the ClamWin name.
Clam AntiVirus is fast in offering signatures for new threats, often quicker than commercial competitors including McAfee and Symantec but it lags in detection capabilities, said Andreas Marx, an antivirus-software expert at the University of Magdeburg in Germany and an authority on testing antivirus software.
Marx said: "The technology used in Clam AntiVirus is far behind." However, they are quite successful, because the scanner is free and the source code is available and portable to any platform."
eEye is still plotting its strategy, deciding between using the open-source antivirus technology and licensing a commercial antivirus-scanning engine from a company such as CA, Brown said. "We don't want to sign a contract and pay a bunch of money for something that is a commodity," he said.
Additionally, eEye is also developing its own antivirus technology, which will use a behavioural approach instead of the classic, signature-based approach used by Clam AntiVirus and most commercial products, said eEye co-founder and chief hacking officer Marc Maiffret.
He said: "We'll definitely be adding antivirus functionality to Blink. Most likely there will be the classic antivirus and the nonsignature-based approach."
Signature-based systems check potentially malicious software against a database of known threats while behavioural systems look at a program's behaviour to determine whether or not it is malicious.
Regardless of if it picks the proprietary or open source route, eEye sees its move as a way to plug a hole in its software, not as a way to push into a new market. "I don't want to get into the antivirus-signature business. Protecting customers from viruses is definitely what we want to do but it in a smarter, more comprehensive method," said Brown.
Marx recommends against adopting Clam AntiVirus. "I like eEye's products but adding Clam AntiVirus would be a very bad idea in my eyes. Mixing good software with bad software will create bad software."
That's why eEye wants to improve the Clam AntiVirus product before they adopt it, said eEye's Brown.
Joris Evers writes for CNET News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below