Verisign unveils secure content delivery service

Companies selling software and antivirus products will soon be able to secure products they distribute to customers online, according to an announcement Thursday by digital authentication company VeriSign Inc.

The company, which manages more than 400,000 digital certificates on Web sites worldwide, will launch a secure content delivery service called Trusted Content Delivery (TCD) in the first quarter of 2003. The service will attempt to address security issues that complicate the job of distributing software applications and updates over the Internet.

Among the services available through the TCD program are anti-intrusion protection that secures the distribution pipeline using digital authentication certificates at both the sending and receiving side of a transaction.

A variety of methods for securing the distributed software will also be available through the TCD service. Those methods will include software code-signing using VeriSign certificates to prevent the spoofing of legitimate software vendors and version control features allowing vendors to ensure customers use the proper version of a released software update and will even revoke flawed updates, VeriSign said.

Auditing features will enable IT administrators to generate reports on the software update status of clients across networks, verifying that all users are running legal and up-to-date versions of software applications.

TCD is being marketed to large companies as well as government, VeriSign said.

The new service comes as more and more software vendors and corporations are turning to online distribution of software updates to address security vulnerabilities in products.

Notably, Microsoft Corp.’s Windows XP contains an automatic update feature that notifies users when updates for that operating system are available and allows them to download and install updates over the Internet.

The growing demand for antivirus software by both businesses and home users has also called attention to the need for a secure delivery channel. Most antivirus vendors rely on the Internet-based subscription services that automatically distribute updated virus signatures to customers. Those signatures inoculate those customers against new viruses and other emerging threats.

But the ready acceptance of online software distribution can make it easy for malicious hackers to put worms and other destructive code on the computers of unsuspecting users.

In November, Russian antivirus software maker Kaspersky Labs Ltd. fell victim to a hacker who commandeered the company’s e-mail server to distribute copies of the BrideX e-mail worm to recipients of Kaspersky’s newsletter.

No price information for the new program was provided by VeriSign.