To reduce the risk of malicious ActiveX files being sent to employees' desktops via the Internet, Germany's second-largest bank recently began weeding them out using a new open protocol.
Although only a skilled hacker would be able to enter a PC through ActiveX files, HypoVereinsbank didn't want to open a door to attacks on the client PCs in its 1,400 offices that are used by many of the bank's 46,000 workers, said Thomas Zaech, the Munich-based bank's Internet access manager.
To scrub out the questionable files, HypoVereinsbank in December deployed filtering software from Webwasher.com AG in Paderborn, Germany. This software relies on the Internet Content Adaptation Protocol (ICAP), a recently developed open standard for Internet proxy servers to communicate with content servers.
With the open standard, Zaech said, it will be easier to integrate various software and hardware products than it would be using proprietary application programming interfaces (API).
Zaech said the Webwasher technology will cost HypoVereinsbank about US$470,000 over several years, including support.
Freedom of Choice'
The ICAP Forum in Sunnyvale, Calif., boasts a membership of more than 60 vendors, including Oracle Corp., Novell Inc. and smaller firms that provide Internet services, caching servers, hardware and security.
On Jan. 22, after more than a year in existence, the forum released Version 1.3 of the ICAP specification, which was recently submitted to the Internet Engineering Task Force for review.
Officials of the ICAP Forum claim that the open standard will make it possible for products to communicate and scale more easily, especially when compared with proprietary APIs.
"The ICAP approach gives us freedom of choice," Zaech said. "With API-based solutions, such as Netscape's proxy server, you're locked on a specific solution. I am able to combine the best-fitting cache with the best-fitting add-on."
Analysts said that with the ICAP approach, vendors could sell products tailored to help firms keep pornography, viruses and other objectionable material from entering their corporate PC networks via the Internet. Through an open approach, a firm can use a range of devices, whereas an API might work with only a small number of vendors' hardware and software products, analysts said.
William Hurley, an analyst at The Yankee Group in Boston, said a major objective of the ICAP Forum is to ease the distribution of content around the Internet. This effort would help vendors and could also help end users, he added.
"Ultimately, it can drive costs down for enterprise users," Hurley said.
Two other standards groups were formed last year to work toward efficiency in internetworking: The Content Alliance, a creation of Cisco Systems Inc. in San Jose; and Content Bridge, whose members include Inktomi Corp. and Sun Microsystems Inc.
"As these protocols mature, they will allow managers of networks to make intelligent decisions about what types of traffic to allow over a network," Hurley said.
John Pescatore, an analyst at Gartner Group Inc. in Stamford, Conn., said that he first learned of ICAP more than a year ago but that "it just hasn't caught on in the US" That will change as more internetworking devices combine functionality, he added.
For example, major vendors such as Intel Corp. are developing a single device that sits on the edge of a Web server farm and provides caching, load-balancing and Secure Sockets Layer acceleration for all the Web servers, Pescatore said.