One of the most interesting apps in the realm of security that I saw at this year’s DEMO conference was the new anti-virus product from a company called CoreTrace. The product, called BOUNCER, takes an entirely different approach to blocking unwanted malware. Instead of using a blacklist like today’s anti-virus products do, the software does application whitelisting. This type of security is so effective that at the recent DEFCON conference, CoreTrace’s app stopped 100% of the computer viruses during the ‘Race to Zero” competition. Compare that with the other security vendors’ AV products: their average detection rate was 60%. McAfee had the best overall detection at 90%, but still only detected 24% and 13% of Netsky.P and MS07-014 variants, respectively. Meanwhile, BOUNCER prevented all the viruses from executing.
How does it do this? Through whitelisting. Designed for use in a networked environment where I.T. makes the rules, BOUNCER allows admins to establish sources of “trusted change.” For example, admins could specify that Windows Update and Adobe's Updater are permitted applications that are allowed to make changes to the computer. After doing establishing the rules, users and automated application delivery systems (like patch management systems), can update applications without needing I.T. to create a new policy every time. The result is that computers stay safe and secure, but both users and I.T. are happy because less time and effort is spent on updating applications.
BOUNCER is currently available for purchase at prices which start at $50 per desktop. Volume licensing is available.