FOR

A response to the shortfall in classic firewall and anti-virus solutions, Secure4U is a Windows-based application firewall, which enables you to proactively control any known or unknown application's behavior, especially those that are spread invisibly through email and the Internet. The shortfall in these classic firewalls and anti-virus solutions is that they can only either block all new code's access to the system or compare the code to known threats in a database. This leaves a creaking door, as it were, for any unknown threats to pass through.

Secure4U specifically addresses this security gap, closing it and consequently giving you control of any application's access rights and the tools therefore to implement proactive protection against hostile code (ActiveX, Java, trojan horses, viruses, etc.). It is available in a single-user professional version or an enterprise version for networks with central management from the network console.

The main services provided by this product are encapsulation of any application running within the supported OS environments, a default sandbox for unknown applications, cache and cookie management, fine-grain generation of configuration sets down to single system objects, central configuration tools and deployment support. The cache manager allows the automatic removal of session information in the browser cache, while the cookie manager facilitates the blocking, removal and management of all cookies for all users/profiles on a computer as well as the restriction of cookie placements by web sites.

Savvy features include spawning of process control, whereby Secure4U can prevent the invoking of another application from within a restricted one, or the force-inheriting of a restricted application secured environment. This can prevent misuse of trusted applications by hostile code. For example, in Outlook (the spawning application), you could receive an email with a Word attachment. If you choose to open the attachment file, Outlook will call the Microsoft Word program and send it the attachment document. Microsoft Word is then the spawned application.

There is no doubting that active content is being used more and more to launch invisible attacks. It is worth reminding ourselves (or myself!) what the most common hostile mobile code attacks are. An applet can delete system or user files in the background, or change system or application configurations, making your system unusable. Applets can steal information and data and send them wherever it wishes. An applet can generate a proxy on your computer, enabling other computers on the Internet to remotely access all your resources. Applets can trigger the installation of unwanted or hostile applications, which will then merrily go about carrying out their malicious tasks in the background. Other treats on the hostile code menu include the filtering, manipulation or changing of all information sent or received from the Internet, or impersonating your user ID to undertake malicious or destructive actions in your name.

Any application that is not flagged as trusted or known within Secure4U can be limited to a default sandbox. With this user-definable environment, all system resources can be shielded from untrusted, unknown, or hostile applications. Secure4U seems to be the first commercially available security solution to protect workstations and networks against attacks from any kind of active content received from the Internet or any other domains. With Secure4U you can create a sandbox around any application (known or unknown) and restrict its access to your computer's resources. Within this closed environment any code can run and access calls of the application to system resources. Drivers, the registry database and the file system are shielded and constantly monitored to protect the privacy and integrity of your system.

Secure4U checks for application activities and does not base its security mechanism on a comparison with a database of hostile applet references. It checks all actions and access to resources, but only suspicious or unwanted actions are blocked. Any other application within your user environment can run and access resources without being restricted by Secure4U. You can view which components are installed and running on your computer, where they came from, monitor what an application does and which resources it accesses. Secure4U adds a security perimeter within a Windows workstation, transparently layers it into your operating system, and integrates into existing network security solutions. With this security, Secure4U protects against flaws and holes within the security mechanisms of the web browser and the Java virtual machine.

This fine product has so many excellent features that they cannot all be covered in a single review. Secure4U divides the applications into three groups. The system administrator knows the unrestricted applications and they do not need any access rights restrictions. Restricted applications, while known by the system administrator, need some access rights restrictions. Finally, high-restricted (unknown) applications arrive on the system unknown to the system administrator and could cause harm if their access rights are not restricted.

There is one duty of care to be considered though, when using these application divisions. The Secure4U installation program scans the workstation's hard disk for applications and all those found on the system will be regarded as unrestricted, apart from the ones pre-configured as restricted. It is very important then that the system administrator knows that only 'friendly' applications are installed on the computer when Secure4U is being installed and Sandbox Security recommends that you review your listed applications after installation to make sure you know all the applications installed on your computer. If an application is not included in the list of unrestricted applications or as a restricted application, Secure4U will handle it as a high-restricted (unknown) application and will restrict it in accordance with the settings for high-restricted (unknown) applications. I would actually consider this to be a good design feature, erring on the side of caution as it does, and not a drawback in what is after all a security product. There are excellent instructions in the user manual on creating application groups and restricting a separate application's access rights.

SC On-Line
SC Magazine
www.scmagazine.com