November 14, 2001, 4:52 PM — Trend Micro Inc. released Wednesday the latest version of an antivirus and security suite for Internet gateways. The software incorporates a new, experimental kind of policy-based screen for e-mail suspected of harboring viruses. The upgraded version of the product is also able to screen companies' incoming and outgoing e-mail for inappropriate content unrelated to work and blocking mass-mailing viruses at the gateway between internal networks and the Internet.
The InterScan Messaging Security Suite for SMTP Version 5.0 is immediately available for download from Trend Micro's Web site. It costs US$6,469 for a 250-seat license, said Sandi Meyer, a Trend Micro spokeswoman. It will be available through resellers in December, she said.
The suite can automatically retrieve instructions from Trend Micro's servers to block e-mail matching the general characteristics of known virus carriers. These general characteristics are put together by Trend Micro's research division TrendLabs when researchers discover new e-mail viruses. The InterScan suite can then automatically update these policy-based e-mail restrictions when the software checks in with Trend Micro's servers.
Antivirus software usually requires specific descriptions of a virus to block it. But virus writers have grown crafty, building viruses that mutate, attack through unusual channels or are otherwise hard to describe for antivirus software. Developing a perfect vaccine can take time. Policy-based defenses are a stop-gap measure that tries to buy researchers the extra time.
"Nimda and Code Red (have) forced everybody to look at security on a larger scale," Meyer said. "The viruses today are like nothing we've ever seen."
Policy-based security software is to virus detection what racial profiling is for law enforcement activities. It blocks e-mail with certain characteristics -- a header with certain words or an attachment with a particular name -- without digging into the code to specifically identify what it will do, in a similar way as a law enforcement officer may consider a person suspicious based solely on his race. If the filtering policy is designed too broadly, legitimate e-mail may also be unintentionally blocked because it looks somewhat similar to virus-infected e-mail, she said.
"We've done what we can to prevent that. It's a new concept. We don't want to force our customers into this," she said. Customers using the feature can permit Trend Micro to automatically change security filters without consultation -- but some security managers may balk at the intrusion. Trend Micro stresses that the service is optional.
"There are two camps, and that's why we're doing this on a trial, voluntary basis," Meyer said. "Some of our customers will not deploy signature files until they personally test it in a production environment. It's the same with policies."