Stopping Malware Before It Starts

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More .

Malicious software doesn’t just drag down individual machines — it’s also a huge drain on networks. That’s why Simplicita has created Simplicita ZBX, an identification and quarantine system that works by targeting both suspicious sites and infected machines.

While the product is now available for Internet service providers, an enterprise version that works with private networks should be available by next summer.

Simplicita ZBX is actually made of up three components that together create a tight ID and quarantine system. (See screen shot below.) First, the Reputation Knowledge Server creates a list of IPs that are known to send malware. To gather this, the company relies heavily on the unsung work of the Shadowserver Foundation, which complies databases of harmful Internet activity.

The Reputation Knowledge Server passes information to the DSN Traffic Switch, which blocks access to malicious sites. Previous efforts at controlling the problem have relied on individual users downloading and installing anti-virus programs. But administrators can’t hope for full compliance, so it’s more effective to simply block access to known trouble spots.

When a computer is infected with malware or when it attempts to access a suspicious site, the third component, the Walled Garden Server, comes into play. If the user has a corrupted machine, this server can provide access to software downloads that can clean it, or provide a link to technical help.

If the user was trying to access a known malware provider, this page could explain why the connection can’t be made.

Simplicita

You can see an example of Simplicita ZBX’s warning page, which tells users how to fix their computers, in this screen shot.

The messages are customizable, and the entire page can be make to look like the host company’s own Web pages, so that users are more likely to see it as an official page.

Simplicita gauges that 3 to 8 percent of computers are infected with some type of malware, and that leads to slower performance and increased network traffic as the malware connects to other machines and attempts to spread itself. The Simplicita system takes the user out of the equation, and simply puts a halt to malicious network traffic. The process is invisible to the users and doesn’t slow down network traffic or result in longer page load times.

The Simplicita software is written as an appliance, and fits in with any existing network. There’s no need to redesign the network to accommodate it. The apps will run with any variant of UNIX.

Simplicita has so far developed Simplicita ZBX for Internet service providers, since they’re large companies and the potential returns are greater. But it recognized the needs of businesses and is currently working with partners to develop a solution that other types of companies could use. While Simplicita ZBX has only been commercially available for six weeks so far, the company already has four providers signed up for testing and two others interested in buying individual components.

As the corporate version isn’t ready yet, Simplicita recommends asking your service provider what type of anti-phishing and anti-botnet software they have in place. Look for an active solution. Relying on individuals to safeguard their machines is only part of the answer. Stopping malicious traffic before it starts, says Simplicita, is far more comprehensive.