News

  • Home > News

        Security software denies rogue apps on XPe

        Jonathan Angel | Date: May 7, 2008 | Comments: 1


        Savant Protection has announced an endpoint security solution for Windows XP Embedded-based systems, including ATMs and POS (point of sales/service) systems. Savant's "Protection" package aims to stop unauthorized software from running, while having very little effect on system or network performance, according to the vendor.



        (Click here for a larger view of Savant Protection)

        Savant Protection uses an approach that is orthogonal to antivirus, anti-malware software, or desktop firewalls. That is, it can be used with or without them, according to Savant. Unlike these other security solutions, it requires no network access, since it does not need to download patches, lists, or virus signatures. It also does not tie up a system with scheduled system scans. Therefore, it is said to be particularly suited to relatively low-powered embedded systems that must operate autonomously.

        Savant is described as a "shim" that places itself between a computer's queue of applications waiting to be run and its CPU. Any unknown or unauthorized software, including viruses and malware, will be proactively blocked, the company says.

        The first time Savant is run, it quickly scans all applications that are installed on a system, "training" itself to each and assigning each a unique identifier and cryptographic key. From that point on, the product will not interfere with applications that were part of a default system image. However, attempts to run new software will simply not succeed, the vendor claims.


        Savant's management console
        (Click to enlarge)

        Savant, which includes a password-protected management console (above), can be run in three different modes: "battleship," "normal," and "learn." In battleship mode, a system will silently refuse to run any unauthorized application. When WindowsForDevices.com tested this mode, we noticed that Internet Explorer refused to save downloaded applications to disk, for example.


        Savant can prompt a user every time an executable is run

        In normal mode, a system will run applications, but with a series of prompts, as shown above. Prompts occur whenever the system attempts to run an .EXE, .DLL, .MSI, or other executable, so they can be quite numerous. Therefore, a learn mode is also available. If switched on before a program is run, this mode will record a log of all executables that were used, as well as their locations on disk (below). The user can then choose whether to allow or disallow then in future, the company says.


        Savant's management console can log all executables as they are run
        (Click to enlarge)

        Ken Steinberg, president/CTO of Savant Protection, said "Embedded devices are often deployed in high availability environments spanning diverse geographical areas with little or no local IT management support, yet we expect them to run flawlessly for years on end. Savant is designed to protect and harden these systems regardless of deployment strategy, management proximity or accessibility by cybercriminals."

        Savant requires Windows XP Embedded or Windows XP, a 300MHz Pentium II or greater, 256MB of RAM, and approximately 40MB of hard disk space. A 30-day demo version of the software can be downloaded from the company's website, here. Annual licensing is approximately $50 per device, with consideration for volume and multiple year agreements.

        Related stories: