RealTime IT News

Tech Players Push for Anti-Virus Spec

A group of big-name technology firms has announced plans to develop an open specification to help stop the scourge of network viruses, worms, denial-of-service attacks and host software vulnerabilities.

The Trusted Computing Group (TCG), which counts Intel , HP and Verisign among its members, used the spotlight of this week's Networld+Interop show to outline plans for the new "Trusted Network Connect" specification which is due later this year.

The TCG said the non-proprietary spec will help network operators establish security policies requiring endpoints to achieve a minimum level of trust before connecting to their networks. Once completed, the spec will outline specific network policies to block vulnerable or untrusted systems from connecting to an enterprise network.

A Trusted Network Connect sub-group has been formed under TCG's Infrastructure Work Group to develop the specification. Anti-virus and network security firms have also signed on to participate in the effort, including Extreme Networks, Foundry Networks, Funk Software, InfoExpress, iPass, Juniper Networks, Meetinghouse Data Communications, Network Associates, Sygate, Symantec, Trend Micro and Zone Labs.

The non-profit TCG was formed in April 2003 to develop, define, and promote open specs for embedded hardware-enabled trusted computing and security technologies.

The group also plans to introduce a logo program to let IT department and end users determine which systems are compliant with TCG standards.

The move to create an open spec for multi-vendor networks comes at a time when malicious worm attacks and the exploiting of software vulnerabilities are at an all-time high. Security researchers have warned repeatedly that the existing approach to security enterprise networks is risky and have called for a industry-wide approach to securing the endpoints of host connections.

The TCG's Trusted Network Connect spec aims at setting up a common architecture to ensure endpoint integrity by establishing a level of trust in the state of an endpoint. "Specifically, solutions based on the specification will ensure the presence, status, and upgrade level of mandated applications; revisions of signature libraries for anti-virus and intrusion detection and prevention system applications; and the patch level of the end-points operating system and applications," the group said.

It will seek to ensure that there is authentication of the endpoint machine and/or the user before connecting to the network. The spec will also provide quarantine measures for endpoint machines not meeting the security policy requirements for trust. If the trust requirements are not met, the spec will outline procedures to fix the problem by upgrading software or virus signature libraries.

The specification will be developed to work on platforms with or without the Trusted Platform Module, a microchip that stores encryption keys, passwords and digital certificates in platforms. "While any networks incorporating solutions based on the Trusted Network Connect specification will be protected, networks of systems using Trusted Platform Modules will benefit from a higher level of security and trust," the group said.