Desktop security software vendors Finjan Inc will next week announce version 4.7 of its malicious code detection tool, SurfinShield Corporate, which will include protection from executables delivered via instant messaging systems. CEO Bill Lyons said the upgrade is in response to recent improvements to IM offerings from the likes of America Online Inc and Microsoft Corp, which enable file transfer using instant messaging protocols.

The product has previously been restricted to sniffing out malicious applets embedded in web pages and scanning email attachments for potentially damaging commands, but the growth in IM use has prompted Finjan cater for that market too, said Lyons. The systems from AOL, Microsoft, Yahoo Inc and Tribal Voice Inc are covered by the new software, but ICQ, the Mirabilis system now owned by AOL, is not compatible. Nimrod Vered, head of product management, said some of ICQ’s methods of transferring files were bizarre, but the two companies are in talks to eventually make their products compatible.

Also included in the new version will be what Finjan labels a Personal Surveillance Protection feature. This essentially adds to SurfinShield code to detect when an executable intends to use a machine’s audio or video recording functions, to prevent the disturbing event of a hacker bugging a home or office using his victim’s own PC. Trojan programs such as BackOrifice allow this kind of surveillance to take place, by recording audio as .wav files and emailing it back to the hacker without the user’s knowledge.

SurfinShield operates by dummy-running executable files in a demilitarized zone or sandbox to scan for damaging code and comparing it against security policies preset by the user. The new version also includes the ability to white-list certain types of program, such as application installation wizards. Version 4.7 will be released November 10, with support for French, German, Spanish and Italian languages and will cost approximately $59 per seat.