RealTime IT News

Tech Leaders Shepherd File ID Spec

As previously announced, several technology companies Tuesday unveiled a plan to create a relational database of secure file signatures and a schema to guide those files to preserve the integrity of complex data.

Led by security software maker Tripwire, the File Signature Database (FSDB) has been developed with contributions from HP , IBM , InstallShield Software, RSA Security and Sun Microsystems to manage the mounting flood of complex, rapidly-changing software environments.

FSDB is a bank of file metadata from various published software that enables customers to identify, authenticate and assure the integrity of files. If it reaches fruition, it will make change management proactive, as opposed to reactive, through a granular file dependency structure. Preserving the integrity of the data -- or making sure the code does not go sour during a change -- will help enterprise customers reduce systems management vulnerabilities.

The vendors wish to hash out open standards and methods to cope with customer outcry for more secure computing, which because of the deluge of assaults on software systems and applications by unsolicited intruders, has become a major cause of concern for IT enterprises.

However, Tripwire Founder, President and CEO Wyatt Starnes said on a conference call with representatives from the partner companies that FSDB is far from just a new, souped up intrusion detection proposal.

"This not just another form of virus checking," Starnes said. "This is a radical way of looking at this issue. We did a study of maliciously-intended data change and we found that it was only responsible for 3 to 5 percent of network downtime. While large organizations spend billions on hacking, we are still seeing that most downtime is a result of weak IT process and procedures."

Starnes said employees and software are the ones largely responsible for unintended accidental data change. But he acknowledged that the consortia behind FSBD can't make it a customer problem, but instead need to find a way to shore up a network's defenses against data change, particularly at a time when companies such as IBM and HP are hawking e-business on demand and adaptive infrastructures where data changes on the fly.

HP CTO Jan-Maarten van Dongen, who represented his company on the call agreed, citing the spec as the result of customers requesting a higher quality-of-service to reduce the likelihood of unpredictable behaviors.

"There is hardly any way to track down what [data] has changed," van Dongen. "How can you guaratee acountability if you're not even sure what's running?"

Dave Bartlett, Director of Autonomic Computing, IBM, said the thrust behind FSBD is akin to IBM's strategy for autnomic computing, in which self-managing, self-healig software products sit on servers to accommodate complex data management needs.

"Even the most significant virus checking is one step behind the bad guy," Starnes argued. "What we need is a stronger ability to secure systems at the core file level and up through the operating systems and applications sets. We need to eliminate the bad code, rather than filter a prehistoric database."

Analysts, such as IDC's Chris Christiansen, said FSBD marks a transition from tracking bad files, such as viruses and other signature-based malicious code to knowing what corrupted files need to be eliminated before they "execute their poisonous instructions."

Gartner analyst John Pescatore discussed the initiative with internetnews.com.

"In general, this is a very good thing," he said. "Users of those products can easily implement detection if one of them is modified or someone's tries to substitute a version with a Trojan horse or back door inserted. This would be much more powerful if Microsoft and Red Hat (or other Linux distributions and other open source, like Apache) joined in, but at least this is a start."

But Microsoft to date has embarked on its own Trustworthy Computing initiative, which is focused more on shoring up the defense of its own software and as a symbol to the public that it does consider software safeguarding a serious matter.

Pescatore cautioned that the group's official signature database needs to be steadfastly protected and that enterprises are still much better off if they prevent unauthorized changes than if they just detect them.

Starnes said the initiative consists of a relational database of some 11 million files. The database consists of 'born-on' file information, such as file name and digital hash values, which provides a unique file 'signature' archive to accommodate disparate operating systems and applications programs.

There is also a schema, some of which will be published out in the open, such as the data harvesting aspect, for all to use. But some will remain proprietary. What will fall into which camp has yet to be fully determined, but the consortia aims to bow commercial implementations in 2004.

The initiative is open to all operating system, application and infrastructure vendors. In the meantime, charter members will be populating the database with new file information as new software is manufactured and released.

"No vendor is an island," Starnes said. "Platform vendors must work together to meet customers' needs."