Trend Micro Inc. released Wednesday the latest version of an antivirus and security suite for Internet gateways. The software incorporates a new, experimental kind of policy-based screen for e-mail suspected of harboring viruses. The upgraded version of the product is also able to screen companies' incoming and outgoing e-mail for inappropriate content unrelated to work and blocking mass-mailing viruses at the gateway between internal networks and the Internet.
The InterScan Messaging Security Suite for SMTP Version 5.0 is immediately available for download from Trend Micro's Web site. It costs US$6,469 for a 250-seat license, said Sandi Meyer, a Trend Micro spokeswoman. It will be available through resellers in December, she said.
The suite can automatically retrieve instructions from Trend Micro's servers to block e-mail matching the general characteristics of known virus carriers. These general characteristics are put together by Trend Micro's research division TrendLabs when researchers discover new e-mail viruses. The InterScan suite can then automatically update these policy-based e-mail restrictions when the software checks in with Trend Micro's servers.
Antivirus software usually requires specific descriptions of a virus to block it. But virus writers have grown crafty, building viruses that mutate, attack through unusual channels or are otherwise hard to describe for antivirus software. Developing a perfect vaccine can take time. Policy-based defenses are a stop-gap measure that tries to buy researchers the extra time.
"Nimda and Code Red (have) forced everybody to look at security on a larger scale," Meyer said. "The viruses today are like nothing we've ever seen."
Policy-based security software is to virus detection what racial profiling is for law enforcement activities. It blocks e-mail with certain characteristics -- a header with certain words or an attachment with a particular name -- without digging into the code to specifically identify what it will do, in a similar way as a law enforcement officer may consider a person suspicious based solely on his race. If the filtering policy is designed too broadly, legitimate e-mail may also be unintentionally blocked because it looks somewhat similar to virus-infected e-mail, she said.
"We've done what we can to prevent that. It's a new concept. We don't want to force our customers into this," she said. Customers using the feature can permit Trend Micro to automatically change security filters without consultation -- but some security managers may balk at the intrusion. Trend Micro stresses that the service is optional.
"There are two camps, and that's why we're doing this on a trial, voluntary basis," Meyer said. "Some of our customers will not deploy signature files until they personally test it in a production environment. It's the same with policies."
Trend Micro plans to work with early adopters of the policy-based security update service to define what kinds of policy modifications are appropriate and to structure policy updates to meet those standards. Customers can evaluate the service on a trial basis at no cost.
There are broader uses in the workplace for policy-based screening. The policy-based content security feature allows administrators to set parameters for filtering malicious content -- but leaves the definition of "malicious" up to the administrator. The filter can screen for any forbidden content in the message header, subject, body, or attachments of an e-mail.
Certain kinds of company information can be automatically blocked at the Internet gateway, as can e-mail with business-inappropriate content like jokes, profanity or sexual material. Policies can be customized for specific departments, organizations, or individuals.
"The graphics department can be allowed to send large photo files but others can be prohibited, for example," Meyer said.
As a defense measure against virus-laden e-mail, the security suite can also delete e-mail with mass-mailing viruses at the Internet gateway before it enters an internal network of computers, rather than requiring e-mail be blocked or deleted by a receiving computer's antivirus software.