Global Hauri, leader of real-time virus eradication and publisher of ViRobot antivirus software, today released LiveCall Suite, a security tool to prevent fraud and identity theft for any online transaction. With LiveCall a bank or e-tailer will be able to assess the potential security threat of a client PC. The bank or e-tailer can allow critical transactions only if the client computer is clear of any malicious code or will advise the client to clean the user's PC before a transaction is allowed.
REGULATORY PUSH. Hauri developed LiveCall to address the problem of increased identity theft though "Trojan" keystroke-tracking programs on users' PCs. Hauri's solution not only benefits banking and e-tail sites, it could also be used by ISPs to keep the vast population of home PCs clean of this kind of threat. This product hits the market only weeks before a new California law takes effect July 1, which requires companies to alert their California customers if hackers or employees steal information that could be used for identity theft.
When logging on to a Web site in order to purchase goods or make payments through a bank account, a small program downloads to the user's PC and checks for any Trojans. LiveCall, controlling this application, sits on a server at the other end of the Web connection. LiveCall not only looks for typical Trojan behavior, such as recording keystrokes, listening in on communications, or accessing a network, it also affects a complete memory scan a unique feature. When it finds a Trojan, it blocks the transaction and offers to remove it from the client's PC before continuing any further transaction.
"Because companies are required to comply regardless of where they're headquartered, we believe the California law will lead to a nationwide increase in firms reporting hacking incidents and will inspire companies to take additional security measures in order to avoid the hassle and publicity of such disclosures," explains Eric Kwon, CEO of Global Hauri. "Despite growing concern over identity theft, it appears that companies aren't doing all they can to protect customer data. We've succeeded in delivering customers the most powerful antivirus solution on the market."
ASSESSING TRUSTWORTHINESS. Online transactions have been increasing rapidly as more companies encourage customers to conduct business over the internet. Many of these companies invested heavily to secure the network connection to their client's machine. As an example a bank would deploy PKI infrastructure so that all transactions from client PC to a bank's transaction server would be done securely.
Typically it is very difficult for a hacker to hack into a bank's network or the PKI encrypted network. However, the client PC is "untrustworthy" because the bank has no control over the security of the client's PC. The LiveCall provider can further offer an optional cleaning service to the client.
Hacking into client PCs and "backdooring" have increased sharply, resulting in the risk of "terminating" a secure network in an "untrustworthy" PC. It is not practical for a bank to expect all of its online customers to have PCs updated with the latest antivirus scans and firewalls. A "hijacked" PC could send customers login ID and password to a widely available hacking tool slipped into the PC.
Identity theft such as key logging uses a method for key stroke listening at a very basic component of a computer, hacking the I/O (input/output) stage. That means that a hacker can receive key logging information from the victim's computer before it is encrypted by PKI. By Jim Charos from CeBIT America