(Page 2 of 2)
When the user types in the URL of a protected site, Ledingham says, SiteTrust steps in. Without changing the appearance of the user's screen, SiteTrust separates the secure transaction from whatever else might be going on in the browser by running a fresh version of the browser code as its own "process." (A process is the series of commands that the computer executes to run a program, and modern computers can run dozens of them at once.) SiteTrust then monitors this process to make sure that no other program tries to interfere with it. As the user interacts with the site, SiteTrust bypasses many of the vulnerabilities of the operating system, instead taking information from the user's keyboard, encrypting it immediately, and sending it to the website. SiteTrust currently runs on Windows machines and works with the Internet Explorer and Firefox browsers, but Ledingham says that the company is working on Linux, Mac, and Safari versions.
SiteTrust is a new application of the technology behind Verdasys's existing product, the Digital Guardian, which is meant to protect businesses against internal theft. The Digital Guardian also uses a rootkit, installed on every computer in an organization, that watches what users do with sensitive information and flags suspicious behavior. Ledingham notes that, although rootkits have caused controversy in the past, particularly when they were installed without users' knowledge, Verdasys has years of experience designing them so that they don't interfere with a computer's normal use. SiteTrust, Ledingham says, includes an uninstall option so that users can completely remove it if they choose, and it doesn't send any background information about the user to the protected site.
Turner says that he appreciates Verdasys's approach with SiteTrust--in particular, the way that the company has planned for the inevitability of online criminals' targeting the tool itself, lining up improvements to make that more difficult. He adds that the company's distribution model is important to getting SiteTrust to consumers. "People aren't aware that they need this level of protection on their own PC," Turner says. Customers aren't likely to look for additional protection unless encouraged to do so by financial institutions that they trust. Turner also notes that receiving the tool from a trusted institution should help counter consumers' general worries about rootkits.
SiteTrust is launching to six million customers of an undisclosed online broker in the near future. The company plans to make additional deals to protect other websites.
A new technique lets hackers targeting Apple's OS X cover their tracks more effectively.
A researcher discloses the details of the major flaw he discovered earlier this year.
An innovative technology aims to better secure transaction
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
xsarahx
1 Comment
Other possible solutions-
This isn't the first product to tackle this problem. ZoneAlarm Force Field uses virtualization to separate your Web session in case you have malware on your PC (and trap malware from infected sites). There's a little latency but its worth it if you think you're compromised. Google Chrome also uses what they call application virtualization. I think it's from the technology acquired from GreenBorder.
Reply
struwe
1 Comment
Re: Other possible solutions-
Agree, many solutions exist trying to address this - and managing the endpoint is only part of the overall issue. Measures must be taken to manage the connection, filtering, multifactor authentication, mutual authentication and authorization as well to provide a complete solution. Besides the most usable tools (e.g. www.giritech.com) will be able to do so without requiring downloads and installations thus freeing the users to use almost any machine for access.
Reply