Computerworld - A coalition of vendors led by Portland, Ore.-based Tripwire Inc. today announced an initiative to build a File Signature Database (FSDB) that would allow users to validate the authenticity of files that make up their software systems and applications (download PDF).
The effort, which is meant to allow companies to better monitor and correct any accidental or malicious file changes that could compromise security, includes several well-known charter members: Hewlett-Packard Co., IBM, InstallShield Software Corp., Sun Microsystems Inc. and RSA Security Inc.
The file-signature repository will include individual file information, such as a "born-on" date, file name, digital hash value and other unique attributes published by each of the vendors. Companies can then verify the identity and integrity of the software running on their own systems by comparing it against a heterogeneous collection of "good file" information contained in the FSDB, said Wyatt Starnes, founder and CEO of Tripwire.
"Almost 95% to 97% of the downtime in larger enterprises is caused by uncontrolled change" in the IT environment, Starnes said.
Although software from vendors such as Sun, IBM and Microsoft Corp. come with functionality that allows users to verify the integrity of files, there's no common way for users to do that today, Starnes said. The FSDB will give users one place to go for verifying heterogeneous file sets.
The FSDB's approach is different from tracking "known bad" files, such as viruses and other signature-based malicious code, said Chris Christiansen, an analyst at Framingham, Mass.-based IDC, in a statement accompanying the announcement.
"By knowing what the good state is, improper and corrupted files can be eliminated by exception before they execute their poisonous instructions," Christiansen said.
The FSDB is currently populated with more than 11 million known-good file signatures from each of the participating members. Each charter member will populate the database with new file information as new software is published.
Licensed users will have multiple ways of accessing the file information contained in the FSDB, according to Starnes. One is a Web service that will be launched sometime during the first half of 2004 that will give users access over the Internet. Sometime next year, hardware appliances will also become available that will allow users to self-populate and host only the file information that's relevant to their networks.
The FSDB will also be made available separately to government and law enforcement agencies.
"I think it's a great initiative," said Ken Tyminski, chief information security officer at Prudential Financial in Newark, N.J. "It will give people the ability to ensurethe code they have is really the right code. It will also help from a problem-determination perspective. If you think something is not at the right level or has been altered, you can look it up."
Doing so now involves going to multiple sources for the correct file information, Tyminski said. The FSDB, in contrast, will give users a single place to go for the information.
Tyminski said he hopes more companies join the initiative. "I would like to see other players involved in this as well. To me, it looks like a win-win for everybody," he added.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
