Firewall to zap XML viruses

The licensing deal will allow Forum to include CA's eTrust antivirus software in its XML firewall for blocking unwanted traffic into company networks, Forum said on Friday. The product, called Forum XWall, will be able to scan traffic for viruses, worms and other malicious software in applications that use XML code.

"Virus attackers are looking for other ways of getting into the organization. E-mail and the Web are the two dominant forms now and are well-protected," said Bill Mann, vice president of product management at CA. "But XML isn't really protected at the moment."

Salt Lake City-based Forum Systems plans to announce the addition of the antivirus module to XWall on Monday. It will be available at the beginning of May, with pricing ranging from $5,000 to $40,000.

The 5-year-old company is one of several companies that make software or devices for securing applications that use XML to format data or XML-based communications protocols, called Web services.

There is a need for XML-specific products, according to these companies and industry analysts, because traditional security products are designed primarily to inspect Internet protocols, rather than XML or Web services protocols.

Although they have not seen viruses written specifically for XML, these applications are still not adequately protected, executives from Forum Systems and CA said.

The licensing agreement with Forum Systems is not exclusive, CA's Mann said.

Forum Systems CEO Wes Swenson predicted that XML viruses will become common as people store Office documents in XML format and as developers use the Simple Object Access Protocol, which is written in XML, in tools for company-to-company communication.

"When you do have an XML-based virus attack, it will affect mission-critical servers as opposed to e-mail server and Web servers," Swenson said.