Bit9 adds malware code IDs to app database

ParityCenter aims to be 'Google of files' and help to identify trustworthy apps

Application control vendor Bit9 said on Tuesday that an update to the company's Parity product will add malicious code IDs to the ParityCenter database of applications, allowing administrators to determine the trustworthiness of new applications that appear on their networks.

Bit9 will partner with Microsoft and IBM and use proprietary Web crawling and honey pot technology to obtain malicious code samples. Those samples will then be classified and stored in ParityCenter, a database of 1.3 billion software application signatures that Bit9 uses to identify legitimate and illegitimate programs. Bit9 executives eventually see ParityCenter as a kind of "Google" for software applications, allowing third-party vendors to positively identify both trustworthy and malicious applications, according to Brian Hazzard, director of product management at Bit9.

"We want to be the definitive source of information about applications for customers, malicious or not," Hazzard said.

Adding malicious code samples to ParityCenter will enable Bit9 customers to get a more complete view of what programs are running on their network and whether they are trustworthy or not, then set appropriate policies for each application, he said.

"Not all software is black or white. A lot of it is gray. You've got programs that aren't malicious, but may not be appropriate for the enterprise," Hazzard said. "Or businesses may say 'Software that's released by Adobe or Microsoft is OK if it's signed by the vendors.'"

Up to now, ParityCenter has focused on cataloging legitimate business applications, with "graylisting" used to flag any unauthorized programs. The database has 1.3 billion entries, as of November, with 290 million added in just the last six months, Hazzard said.

Malicious code samples will make ParityCenter a more comprehensive resource for information about programs that turn up on enterprise networks.

"Think of [ParityCenter] as the largest search engine for identifying software on Windows desktops -- like the Google of files," said Tom Murphy, Bit9's chief marketing officer.

In addition to adding malicious code IDs to ParityCenter, Bit9 is expanding the device control features of Parity to include identification of files introduced by removeable media, and software metering features that allow administrators to track how many users and groups are using a specific application on their network.

The explosion of malicious code in recent years is testing the effectiveness of security products that use traditional malicious code "signatures" to spot attacks, said Murphy.

Those changes are pushing security and desktop management technologies closer together, as enterprises try to put a lid on malicious or incompatible software, ensure compliance with regulations, and block information leaks, he said.

Going forward, Bit9 will be expanding its relationships with anti-malware vendors, though the company is not naming any partners yet. Eventually, Parity will become an extensible architecture that third-party products -- including antivirus, anti-spyware, or vulnerability scanning programs -- can plug into and use to identify applications, Murphy said.

Copyright © 2006 IDG Communications, Inc.

How to choose a low-code development platform