[ISN] Security UPDATE -- Spyware Detection and Classification -- July 20, 2005

InfoSec News isn at c4i.org
Thu Jul 21 03:31:38 EDT 2005


====================

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Map, Scan and Audit Your Network for Security Compliance
   http://list.windowsitpro.com/t?ctl=ED1D:4FB69

Using Security Compliance Software to Improve Business Efficiency and 
Reduce Costs
   http://list.windowsitpro.com/t?ctl=ED05:4FB69 

====================

1. In Focus: Spyware Detection and Classification

2. Security News and Features
   - Recent Security Vulnerabilities
   - VeriSign Buys iDEFENSE
   - Firefox 1.0.5 Fixes a Dozen Security Problems
   - IIS Application Isolation

3. Instant Poll

4. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

5. New and Improved
   - PC Protection

====================

==== Sponsor: Qualys ====

Map, Scan and Audit Your Network for Security Compliance
   Testing and improving your network security has never been easier. 
Requiring NO software, QualysGuard will safely and accurately audit 
your network and provide you with the necessary fixes to proactively 
guard your network. Qualys delivers the most vulnerability checks 
in the industry (4,000+), the highest scan engine accuracy - 
certified 99.997% accuracy based on more than a million scans per 
month and timely, up-to-date security checks and network intelligence. 
QualysGuard also delivers complete risk management functionality 
including: asset prioritization, business risk assessment, trend 
analysis, compliance reporting, remediation workflow, and more. 
   Try the Free Scan today and make sure your network perimeter can 
withstand an attack:
   http://list.windowsitpro.com/t?ctl=ED1D:4FB69

====================

==== 1. In Focus: Spyware Detection and Classification ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You've probably heard by now that Microsoft is, or was, interested in 
making a deal to acquire Claria--a company known for its personal-
information-tracking software. Formerly known as Gator, Claria is for 
the most part considered to be a propagator (no pun intended) of 
spyware that's bundled with many popular software packages such as the 
Kazaa peer-to-peer file-sharing application. 

Last I heard, Microsoft scrapped its plans to acquire the company, 
although I'm not sure if that's true. Nevertheless, Microsoft caught 
some additional heat last week because it downgraded the severity 
rating of Claria's software in Windows AntiSpyware. The severity rating 
of similar software from other companies, such as WhenU and 180solutions, 
was reported to have also been downgraded. 

In an open letter published at its Web site (see the URL below), Microsoft 
said it made no exceptions for Claria and that the company "decided that 
adjustments should be made to the classification of Claria software in 
order to be fair and consistent with how Windows AntiSpyware (Beta) 
handles similar software from other vendors."
   http://list.windowsitpro.com/t?ctl=ED0D:4FB69

The letter goes on to say that "Today, anti-spyware vendors use different 
approaches, definitions, and types of criteria for identifying and 
categorizing spyware and other potentially unwanted software. This 
has limited the industry's ability to have a broad, coordinated impact in 
addressing the problem. That is a key reason Microsoft is a founding member 
of the Anti-Spyware Coalition, a group of technology companies and anti-
spyware companies working alongside public interest groups to address key 
spyware issues."

The Anti-Spyware Coalition (first URL below) was actually convened by the 
Center for Democracy and Technology earlier this year. Microsoft was one 
of over a dozen entities that took part in the initial meeting. The 
coalition recently published the first draft of its "Anti-Spyware 
Coalition Definitions and Supporting Documents" (second URL below), 
which is now open for a 30-day public comment period.
   http://list.windowsitpro.com/t?ctl=ED1E:4FB69
   http://list.windowsitpro.com/t?ctl=ED13:4FB69

The definitions outline a number of different types of spyware and 
describe the underlying technology and why it might or might not be 
useful. Microsoft and numerous other companies undoubtedly use these 
definitions as part of their guidelines for classifying software in 
their respective antispyware solutions. So reading the documents might 
help you get a better understanding of what spyware is from the 
perspective of various vendors. 

Another interesting part of the documents is the outline for vendor 
dispute and false positive resolution. I'd guess that Claria and other 
vendors have used that, or a similar process, to have Microsoft review 
its software more closely, resulting in changes in software's severity 
rating in Windows AntiSpyware. 

If you're interested in learning more and helping shape the way 
coalition members handle spyware detection and classification, be sure
to read the first draft and send any comments you might have to the 
coalition before the end of the public comment period, August 12. After 
that time, the coalition will work to publish a final release sometime 
in the fall. 

====================

==== Sponsor: BindView ====

Using Security Compliance Software to Improve Business Efficiency and 
Reduce Costs
   Learn To Sort Through Sarbanes-Oxley, HIPAA And More Legislation 
Quicker And Easier! In this free white paper, get the tips you've been 
looking for to save time and money in achieving IT security and regulatory 
compliance. Find out how you can simplify these manually intensive, 
compliance-related tasks that reduce IT efficiency. Turn these mandates 
into automated and cost effective solutions - Download your copy today!
   http://list.windowsitpro.com/t?ctl=ED05:4FB69

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=ED0F:4FB69

VeriSign Buys iDEFENSE
   VeriSign announced that it acquired security research firm iDEFENSE 
for $40 million in cash. iDEFENSE provides security-related information to 
companies around the world.
   http://list.windowsitpro.com/t?ctl=ED16:4FB69

Firefox 1.0.5 Fixes a Dozen Security Problems
   Mozilla Foundation released Firefox 1.0.5, which fixes a dozen security 
problems and improves stability. While Firefox 1.0.5 does represent an 
improvement over previous versions, it has some known issues, so be sure to 
read about those for any caveats that might apply to your particular 
systems. 
   http://list.windowsitpro.com/t?ctl=ED17:4FB69

IIS Application Isolation
   From time to time, you're probably called on to deploy a Web application 
that traffics sensitive information. That application might also reside 
on an IIS server that hosts other applications. What questions and 
considerations do you think about as you devise your plan for implementing 
the highest degree of application isolation you can manage? Brett Hill 
helps you think things through in this article on our Web site. 
   http://list.windowsitpro.com/t?ctl=ED14:4FB69

====================

==== Resources and Events ====

Sort Through Sarbanes-Oxley, HIPAA, and More Legislation Quicker and 
Easier!
   In this free Web seminar, get the tips you've been looking for to save 
time and money in achieving IT security and regulatory compliance. 
Find out how you can simplify these manually intensive, compliance-related 
tasks that reduce IT efficiency. Turn these mandates into automated and 
cost-effective solutions. Register now!
   http://list.windowsitpro.com/t?ctl=ED08:4FB69

Recover Your Active Directory
   Get answers to all your Active Directory recovery questions here! 
Join industry guru Darren Mar-Elia in this free, on-demand Web seminar and 
discover how to use native recovery tools and methods, how to implement a 
lag site to delay replication, limitations to native recovery 
approaches, and more. Learn how you can develop an effective AD backup 
strategy. Register today!
   http://list.windowsitpro.com/t?ctl=ED06:4FB69

All High-Availability Solutions Are not Created Equal--How Does Yours 
Measure Up?
   In this free Web seminar, you'll get the tools you need to ensure your 
systems aren't going down. You'll discover the various categories of 
high-availability and disaster-recovery solutions available and the 
pros and cons of each. You'll learn what solutions help you take 
preemptive, corrective action without resorting to a full system failover, 
or in extreme cases, that perform a non-disruptive, automatic switchover 
to a secondary server.
   http://list.windowsitpro.com/t?ctl=ED09:4FB69

Antispam product not working?
   Many email administrators are experiencing increased frustration 
with their current antispam products as they battle new and more dangerous 
email threats. In-house software, appliances, and even some services may 
no longer work effectively, require too much IT staff time to update and 
maintain or satisfy the needs of different users. In this free Web 
seminar, learn how you can search for a better way to protect your email 
systems and users.
   http://list.windowsitpro.com/t?ctl=ED0A:4FB69

Integrate Fax Services with Business Applications for Big ROI
   In this free eBook, you'll discover all you need to know about fax 
technology! You'll learn how to improve business processes by 
minimizing manual faxing and integrating faxing into your business 
workflow for improved ROI. The eBook will also look at the how-to of the 
desktop fax client, fax automation, faxing hardware and software 
technologies, and the future of faxing. Let this important guide help 
you stay on top of fax server technology within your business 
environment.
   http://list.windowsitpro.com/t?ctl=ED0C:4FB69

Influencers 2005:  Thriving In The Face Of Regulation: How to Accommodate 
the New Corporate Governance Regime and Achieve Optimum Financial 
Performance
   Join Arthur Levitt, former chairman of the SEC, Arnold Hanish, and Scott 
Mitchell as they discuss the most important management challenge facing 
businesses today--Wednesday, July 20 at 11:00 a.m. EDT. Register here: 
   http://list.windowsitpro.com/t?ctl=ED07:4FB69

====================

==== 3. Instant Poll ====

Results of Previous Poll: Does your network firewall provide stateful 
application-layer inspection in addition to the traditional stateful 
packet inspection?
   The voting has closed in this Windows IT Pro Security Hot Topic 
nonscientific Instant Poll. Here are the results from the 10 votes.
   - 50% Yes
   - 50% No

New Instant Poll: Do you regularly scan your external network IP 
addresses for open ports on your network and compare the results 
against a known good baseline?
   Go to the Security Hot Topic and submit your vote for 
   - Yes, I regularly scan my network and compare against a baseline.
   - Yes, I periodically scan but merely review the results.
   - No, I don't scan, but I think I should.
   - No, I don't think scanning is useful.
   http://list.windowsitpro.com/t?ctl=ED18:4FB69

==== Featured White Paper ====

Do You Know If Your Network Is At Risk Of A Trojan Attack?
   Discover the various methods available for controlled Internet access 
and how to use them to increase security and decrease legal exposure.
Download your free white paper now!
   http://list.windowsitpro.com/t?ctl=ED0E:4FB69

====================

==== 4. Security Toolkit ==== 

Security Matters Blog: Endian Firewall--Check It Out
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=ED1B:4FB69

Endian Firewall easily turns a computer into a firewall appliance. The
open-source project is based on IPCop, sports a Web-based configuration, 
and has OpenVPN built in for quick setup of a VPN. 
   http://list.windowsitpro.com/t?ctl=ED12:4FB69

FAQ
   by John Savill, http://list.windowsitpro.com/t?ctl=ED19:4FB69 

Q: How can I determine whether a Dfs root is a standalone root or a fault-
tolerant root stored in Active Directory (AD)?

Find the answer at
   http://list.windowsitpro.com/t?ctl=ED15:4FB69

Security Forum Featured Thread: Changing a Password Without Logging In
   A forum participant wants to know whether there is a way for users to 
change their passwords themselves without logging on to the domain. Join 
the discussion at 
   http://list.windowsitpro.com/t?ctl=ED0B:4FB69

====================

==== Announcements ====
   (from Windows IT Pro and its partners)

Check Out the New Windows IT Security Newsletter!
   Security Administrator is now Windows IT Security. We've expanded 
our content to include even more fundamentals on building and 
maintaining a secure enterprise. Each issue also features product coverage 
of the best security tools available and expert advice on the best way to 
implement various security components. Plus, paid subscribers get online 
access to our entire security article database (over 1900 security 
articles)! Order now:
   http://list.windowsitpro.com/t?ctl=ED11:4FB69

Vote for the Next MCP Hall of Famer
   Help decide who the most valuable member of the MCP community is. Take 
the time to reward excellence to those that deserve it and to make yourself a 
part of the first ever MCP Hall of Fame. Voting only takes a few seconds, 
so cast your vote now for Round 5. Click here:
   http://list.windowsitpro.com/t?ctl=ED1C:4FB69

====================

==== 5. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

PC Protection
   Privacyware offers the Total Endpoint Protection Suite, which 
combines the company's Privatefirewall 4.0 and SafeEnd's USB Port 
Protector in a package that's currently priced at $39.99 per seat 
(with a 50-seat minimum). Privatefirewall is a firewall and 
Intrusion Detection System (IDS). You can select from versions of 
Privatefirewall that add Computer Associates' eTrust PestPatrol 
Anti-Spyware software only or that add both CA's PestPatrol and 
eTrust EZ Antivirus software. USB Port Protector lets only pre-
authorized devices connect through a USB port. For more information, 
go to
   http://list.windowsitpro.com/t?ctl=ED20:4FB69

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

====================

==== Sponsored Links ====

Argent versus MOM 2005
   Experts Pick the Best Windows Monitoring Solution
   http://list.windowsitpro.com/t?ctl=ED04:4FB69

====================

==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=ED1F:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com

====================

This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.
   http://list.windowsitpro.com/t?ctl=ED10:4FB69

View the Windows IT Pro privacy policy at
   http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.






More information about the ISN mailing list