Companies lose billions of dollars per year due to stolen data by malware on users' computers. Waltham, MA, data-protection company Verdasys hopes to change that. Running under the assumption that a computer is already affected by malware, Verdasys’ SiteTrust, released Monday, bypasses operating systems and browsers to protect transactions. "Our premise," said Verdasys chief technology officer Bill Ledingham, "is that, rather than trying to clean up the machines, assume the machine is already infected and focus on protecting the transaction that goes on between the consumer and the enterprise website."

Current anti-virus software discover and eliminate less than 50% of existing malware, writes Ledingham. “Analysts estimate that 2/3 of consumer machines are currently infected with some type of malware.”

Don't trust the yellow lock.  Transaction-side encryption like SSL doesn’t work if a user’s computer is already infected with malware that sees the data before it is encrypted. “The old assumption that SSL can secure credentials and sessions does not old true if the chain of information custody between inputs and SSL on the client is not secure,” says Verdasys.

SiteTrust is an enterprise-end service geared towards banks, e-trading and commerce sites. Customers of specific sites download the software from that company. The program digs deeper into the user’s computer than malware does, allowing it to circumvent infections already on individual CPUs.

SiteTrust is a “fingertip to server” data-security system. It completely bypasses a user’s operating system, encrypting data at the keystroke. It also protects against imitation sites, always a concern in this post-Kaminsky internet.

Verdasys says SiteTrust has so far been successful.

“In two externally funded studies conducted by independent malware expert firms, SiteTrust was found to be 100% effective against all known malware threats,” says a Verdasys press release.

The service is currently only for Windows, though Mac and Linux applications are in development. It works with Internet Explorer and Firefox.

By Mark Alvarez