Vendors Show Holiday Spirit With Free Tools

T'is the season for giving, and security vendors are tapping into their vast stores of vulnerability research data to shower the public with free testing tools.

eEye Digital Security on Tuesday launched its Zero Day Tracker, a Website that monitors zero day vulnerabilities, or security flaws for which exploitation information is made publicly available before a vendor issues a patch.

Leveraging data gathered by eEye's research arm, the Website lists affected applications and threat scores, and also highlights -- in large, boldface type -- the number of days a vulnerability has been left unpatched by the affected vendor. The Aliso Viejo, Calif.-based vendor, which regularly assigns threat scores to the security vulnerabilities in other vendors' products, is positioning the Zero Day Tracker as an archive for information and analysis on unpatched security holes and how to mitigate their impact.

Sourcefire, the vendor responsible for the commercial development of the open source intrusion prevention technology Snort, on Wednesday introduced OfficeCat, a free tool that can scan Microsoft Office files and alert users of those containing malware.

OfficeCat, which works without actually opening the file, is a response to a steady stream of zero day vulnerabilities in Microsoft Office files, and utilizes data Sourcefire gathered while developing Snort signatures. Officecat also provides remediation advice to users when it finds infected files.

Software bugs are also the focus of a new service from Danish security research firm Secunia. Called Software Inspector, the free service scans PCs and roots out vulnerable software.

The service is powered by a Java applet and can scan instant messaging, Web browsers, email, and multimedia applications, and includes a sampling of threat detection signatures from Secunia's proprietary File Signatures technology, which incorporates more than 100,000 rules and can detect more than 4,000 applications.