It might be a stretch to call the recent "Melissa" virus a positive event because it disrupted
thousands o government and commercial computer systems. But it did put the focus on content
filtering, a network security technology that observers say has been undervalued. In the long run,
many believe this new focus will prove beneficial to users.
As a macro virus attached to an e-mailed Microsoft Corp. Word document, Melissa would
not have been picked up by traditional security solutions such as firewalls or intrusion-detection
systems, which are designed to detect items that break certain global access rules. The only way
to detect a virus such as Melissa is to examine what is inside the e-mail, which can only be done
through content filtering, supporters of the technology said.
Filtering products have been around for years, but manufacturers have been struggling to
meet the needs of organizations that employ varying security policies among different users.
Recently, however, vendors have released filtering products that can be tailored to the needs of
user groups, and industry has begun working on standards that allow these products to work with
Content filtering encompasses several areas of protection. As well as guarding against
viruses, it includes:
E-mail filtering, which controls incoming e-mail that contains spam, file attachments that
are too large or hoax e-mails. It also can be used internally to make sure confidential information
is not accidentally or intentionally sent outside of the organization.
Uniform Resource Locator filtering, which blocks access to inappropriate sites not connected
to a user's work needs.
Malicious-code protection, which prevents hostile code embedded in Java and ActiveX
scripts in otherwise innocuous World Wide Web pages from reaching the user's browser and
The most obvious benefit of filtering products is the ability to boost network security, but
many organizations also use them for internal network control. For example, URL filters can be
used to block access to certain sites and to maintain productivity. Message Inspector, an e-mail
filter produced by Elron Software Inc. uses context-sensitive filtering to weed out offensive or
sensitive communications in e-mail, newsgroups or FTP sites. Message Inspector is an example
of the newer generation of filter products that examine messages for words and phrases used in
conjunction with each other to narrow the range of filter targets. This strategy differs from the
one employed by traditional products that block communications based on factors such as
keywordsa process that can generate a lot of "false positive" alarms.
Melissa presented a clear idea of why people need a gateway-based virus-detection product,
"Viruses need to be kept out of the enterprise altogether because you just can't update all
virus-detection software on desktops in time to catch them."
The International Computer Security Association is working on what it calls the Common
Content Inspection program to define a general application program interface (API) that would
enable filter vendors to fit their products to a range of firewalls.
1, disrupt [dis'rʌpt]
2, hoax [həuks]