Security Vendors Show Holiday Cheer With Free Tools
eEye Digital Security on Tuesday launched its Zero Day Tracker, a Web site that monitors zero-day vulnerabilities or security flaws for which exploitation information is made publicly available before a vendor issues a patch.
Leveraging data gathered by eEye's research arm, the site lists affected applications and threat scores plus highlights -- in large, bold type -- the number of days that a vulnerability has been left unpatched by the affected vendor. Aliso Viejo, Calif.-based eEye, which regularly assigns threat scores to the security vulnerabilities in other vendors' products, is positioning the Zero Day Tracker as an archive for information and analysis on unpatched security holes and how to mitigate their impact.
Sourcefire, the vendor responsible for the commercial development of Snort, an open-source intrusion prevention technology, on Wednesday introduced OfficeCat, a free tool that can scan Microsoft Office files and flag those that contain malware.
The OfficeCat tool, which works without actually opening the file, is a response to a steady stream of zero-day vulnerabilities in Microsoft Office files. It uses data that Sourcefire gathered while developing Snort signatures. OfficeCat also provides remediation advice to users when it finds infected files.
Software bugs also are the focus of a new service from Danish security research firm Secunia. Called Software Inspector, the free service scans PCs and roots out vulnerable software.
Software Inspector is powered by a Java applet and can scan instant messaging, Web browsers, e-mail and multimedia applications. The service includes a sampling of threat detection signatures from Secunia's proprietary File Signatures technology, which incorporates more than 100,000 rules and can detect more than 4,000 applications.