TrendProtect from Trend Micro - a competitor for McAfee Site Advisor
Today I attended a seminar entitled "Web Threats: Challenges and Solutions" held by Trend Micro. The speaker was David Perry, Trend Micro’s Director of Global Education, a gentleman who has been fighting the good fight against the bad guys for quite a few years now - he has a Wikipedia page (http://en.wikipedia.org/wiki/David_Perry_(Trend_Micro)) and his professional bio is online at MySpace (http://blog.myspace.com/index.cfm?fuseaction=blog.view&friendID=143854625&blogID=237987725&MyToken=4bcf2fd4-bc31-4848-ba74-835b57f145af) assuming you can view it because you haven't taken my advice and blocked MySpace access on your networks.
Anyways, the presentation itself was excellent, although it did not teach me much that I do not already know, and it pretty much confirmed what I've been thinking and saying for the past few years about the move away from schwang shaking script kiddies who are trying to prove that they have the biggest one by infecting as many systems as possible, with no concern for stealth or high quality coding, to professional coders, financially motivated crime and tightly targeted or small release attacks that slip under the radar of traditional 'find a sample, update your signatures, push out detection antivirus protection'. Not only that, the full cooked breakfast was very nice - sausages, hash browns, bacon, scrambled eggs, coffee, orange juice, but I digress
It was actually very interesting to watch the audience's reaction to David's presentation (it was a small, dare I say select, audience) - one thing that I found to be exquisitely ironic was that there were seated at my table a couple of representatives from the company that made such a horrific mess of the IT infrastructure of my current employer... you know, the company that allowed tape backups to fail for 4 months, antivirus to remain unupdated for two months, oversaw an Exchange database that was within 500 meg of shutting down completely, it was that close to the maximum database size.. I'll be honest, I looked at those guys and thought to myself, what the hell are they doing here, worrying about internet security, when they can't even get the basics of network maintenance right.
David seemed surprised when I raised my hand as the only person in the room who tries to clean up malware infestations instead of simply wiping a PC and starting afresh. For me, what I can *learn* about an infection is of critical importance. It is of no use to me to wipe a system and reload if I don't know *what* caused the infection, if I can't study what it does, and if I can't learn from the incident how to prevent infection in future.
One of the products that was highlighted during the seminar was TrendProtect, an Internet Explorer and Firefox add-in that provides a visual warning about the safety and reputation of a Web site, also overlaying services such as Google Search results pages with safety recommendations.
Information about TrendProtect can be found here:
TrendProtect is in pretty much direct competition with McAfee's Site Advisor, and Trend offers a real time reputation service when assessing the risks associated with a particular site. It looks at many different criteria when making a judgment about how safe or otherwise a site is that McAfee's Site Advisor does not consider, and I suspect this will give Trend's product a distinct advantage.
Be warned though, Trend Micro are serious when they don't mention Vista in their list of compatible operating systems. For fun, I tried out the install on my Vista x64 system. The install seemed to work just fine, but the toolbar is not available for display.. and guess what happens when I try to uninstall TrendProtect via Add/Remove Programs...
That's ok, I can rip the stuff out by its roots if need be...
I am currently testing TrendProtect at the office and am hoping to post a comprehensive discussion of the product, what it does and how it works, some time in the near future. Watch this space. There is more I can share about how TrendProtect works, but I'm not yet sure exactly what is public, and what is not, so will hold off on discussing in too much detail until Trend gets back to me re specifics of what can and can not be publicised.
My primary concern is that *visual* security cues have traditionally been doomed to failure - users click through warning dialogues and ignore colored address bars. In my limited tests so far, my instinct is that TrendProtect is not "in your face" enough during casual surfing, although the search results overlays willbe more successful because users *must* click on them to get to the sites in question.