Sana puts a stop to bad behaviors

After seeing Sana Security’s Primary Response SafeConnect in action, I can’t help but think that this new host-based IPS for Windows clients could revolutionize the way that spyware and other malicious code is detected and removed. Based on Sana’s Active Malware Defense Technology, SafeConnect watches for malicious behavior on the host, intercepting and quarantining offending code including Trojans, Browser Helper Objects, root kits, and other contaminants. Host systems are protected without the use of signatures or the time-consuming process of scanning for infection.

In a demo at Sana’s offices, I saw SafeConnect stop several potential infestations downloaded from various hacker sites. Not only was it effective in deterring the new infections, but it also cleaned up a previously infected system, stopping the malicious code when it tried to activate, and then removing traces of the bad application from the hard disk.

SafeConnect’s minimalist UI pops up only when a potential infection occurs, asking the user whether to proceed with the removal or to let the suspicious application run. Right now, there’s no way to create a white list of incorrectly tagged applications, but Sana says that will be addressed in future releases. The product also currently lacks a central management console, but this is planned for release the first quarter of 2006.

If Primary Response SafeConnect delivers on its promise of reliable real-time prevention, it could dramatically reduce the amount of time IT spends tracking down and removing malware from host systems. Although I and my clients have been well served by scanning and eradication products such as LavaSoft’s Ad-Aware and Spybot’s Search & Destroy in the past, I wouldn’t mind not having to use them any longer.

Sana Primary Response SafeConnect

Sana Security

Cost: $34.95 for stand-alone version, quantity one

Availability: November