[ISN] Security UPDATE -- Spyware Detection and Classification --
July 20, 2005
InfoSec News
isn at c4i.org
Thu Jul 21 03:31:38 EDT 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Map, Scan and Audit Your Network for Security Compliance
http://list.windowsitpro.com/t?ctl=ED1D:4FB69
Using Security Compliance Software to Improve Business Efficiency and
Reduce Costs
http://list.windowsitpro.com/t?ctl=ED05:4FB69
====================
1. In Focus: Spyware Detection and Classification
2. Security News and Features
- Recent Security Vulnerabilities
- VeriSign Buys iDEFENSE
- Firefox 1.0.5 Fixes a Dozen Security Problems
- IIS Application Isolation
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
5. New and Improved
- PC Protection
====================
==== Sponsor: Qualys ====
Map, Scan and Audit Your Network for Security Compliance
Testing and improving your network security has never been easier.
Requiring NO software, QualysGuard will safely and accurately audit
your network and provide you with the necessary fixes to proactively
guard your network. Qualys delivers the most vulnerability checks
in the industry (4,000+), the highest scan engine accuracy -
certified 99.997% accuracy based on more than a million scans per
month and timely, up-to-date security checks and network intelligence.
QualysGuard also delivers complete risk management functionality
including: asset prioritization, business risk assessment, trend
analysis, compliance reporting, remediation workflow, and more.
Try the Free Scan today and make sure your network perimeter can
withstand an attack:
http://list.windowsitpro.com/t?ctl=ED1D:4FB69
====================
==== 1. In Focus: Spyware Detection and Classification ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
You've probably heard by now that Microsoft is, or was, interested in
making a deal to acquire Claria--a company known for its personal-
information-tracking software. Formerly known as Gator, Claria is for
the most part considered to be a propagator (no pun intended) of
spyware that's bundled with many popular software packages such as the
Kazaa peer-to-peer file-sharing application.
Last I heard, Microsoft scrapped its plans to acquire the company,
although I'm not sure if that's true. Nevertheless, Microsoft caught
some additional heat last week because it downgraded the severity
rating of Claria's software in Windows AntiSpyware. The severity rating
of similar software from other companies, such as WhenU and 180solutions,
was reported to have also been downgraded.
In an open letter published at its Web site (see the URL below), Microsoft
said it made no exceptions for Claria and that the company "decided that
adjustments should be made to the classification of Claria software in
order to be fair and consistent with how Windows AntiSpyware (Beta)
handles similar software from other vendors."
http://list.windowsitpro.com/t?ctl=ED0D:4FB69
The letter goes on to say that "Today, anti-spyware vendors use different
approaches, definitions, and types of criteria for identifying and
categorizing spyware and other potentially unwanted software. This
has limited the industry's ability to have a broad, coordinated impact in
addressing the problem. That is a key reason Microsoft is a founding member
of the Anti-Spyware Coalition, a group of technology companies and anti-
spyware companies working alongside public interest groups to address key
spyware issues."
The Anti-Spyware Coalition (first URL below) was actually convened by the
Center for Democracy and Technology earlier this year. Microsoft was one
of over a dozen entities that took part in the initial meeting. The
coalition recently published the first draft of its "Anti-Spyware
Coalition Definitions and Supporting Documents" (second URL below),
which is now open for a 30-day public comment period.
http://list.windowsitpro.com/t?ctl=ED1E:4FB69
http://list.windowsitpro.com/t?ctl=ED13:4FB69
The definitions outline a number of different types of spyware and
describe the underlying technology and why it might or might not be
useful. Microsoft and numerous other companies undoubtedly use these
definitions as part of their guidelines for classifying software in
their respective antispyware solutions. So reading the documents might
help you get a better understanding of what spyware is from the
perspective of various vendors.
Another interesting part of the documents is the outline for vendor
dispute and false positive resolution. I'd guess that Claria and other
vendors have used that, or a similar process, to have Microsoft review
its software more closely, resulting in changes in software's severity
rating in Windows AntiSpyware.
If you're interested in learning more and helping shape the way
coalition members handle spyware detection and classification, be sure
to read the first draft and send any comments you might have to the
coalition before the end of the public comment period, August 12. After
that time, the coalition will work to publish a final release sometime
in the fall.
====================
==== Sponsor: BindView ====
Using Security Compliance Software to Improve Business Efficiency and
Reduce Costs
Learn To Sort Through Sarbanes-Oxley, HIPAA And More Legislation
Quicker And Easier! In this free white paper, get the tips you've been
looking for to save time and money in achieving IT security and regulatory
compliance. Find out how you can simplify these manually intensive,
compliance-related tasks that reduce IT efficiency. Turn these mandates
into automated and cost effective solutions - Download your copy today!
http://list.windowsitpro.com/t?ctl=ED05:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=ED0F:4FB69
VeriSign Buys iDEFENSE
VeriSign announced that it acquired security research firm iDEFENSE
for $40 million in cash. iDEFENSE provides security-related information to
companies around the world.
http://list.windowsitpro.com/t?ctl=ED16:4FB69
Firefox 1.0.5 Fixes a Dozen Security Problems
Mozilla Foundation released Firefox 1.0.5, which fixes a dozen security
problems and improves stability. While Firefox 1.0.5 does represent an
improvement over previous versions, it has some known issues, so be sure to
read about those for any caveats that might apply to your particular
systems.
http://list.windowsitpro.com/t?ctl=ED17:4FB69
IIS Application Isolation
From time to time, you're probably called on to deploy a Web application
that traffics sensitive information. That application might also reside
on an IIS server that hosts other applications. What questions and
considerations do you think about as you devise your plan for implementing
the highest degree of application isolation you can manage? Brett Hill
helps you think things through in this article on our Web site.
http://list.windowsitpro.com/t?ctl=ED14:4FB69
====================
==== Resources and Events ====
Sort Through Sarbanes-Oxley, HIPAA, and More Legislation Quicker and
Easier!
In this free Web seminar, get the tips you've been looking for to save
time and money in achieving IT security and regulatory compliance.
Find out how you can simplify these manually intensive, compliance-related
tasks that reduce IT efficiency. Turn these mandates into automated and
cost-effective solutions. Register now!
http://list.windowsitpro.com/t?ctl=ED08:4FB69
Recover Your Active Directory
Get answers to all your Active Directory recovery questions here!
Join industry guru Darren Mar-Elia in this free, on-demand Web seminar and
discover how to use native recovery tools and methods, how to implement a
lag site to delay replication, limitations to native recovery
approaches, and more. Learn how you can develop an effective AD backup
strategy. Register today!
http://list.windowsitpro.com/t?ctl=ED06:4FB69
All High-Availability Solutions Are not Created Equal--How Does Yours
Measure Up?
In this free Web seminar, you'll get the tools you need to ensure your
systems aren't going down. You'll discover the various categories of
high-availability and disaster-recovery solutions available and the
pros and cons of each. You'll learn what solutions help you take
preemptive, corrective action without resorting to a full system failover,
or in extreme cases, that perform a non-disruptive, automatic switchover
to a secondary server.
http://list.windowsitpro.com/t?ctl=ED09:4FB69
Antispam product not working?
Many email administrators are experiencing increased frustration
with their current antispam products as they battle new and more dangerous
email threats. In-house software, appliances, and even some services may
no longer work effectively, require too much IT staff time to update and
maintain or satisfy the needs of different users. In this free Web
seminar, learn how you can search for a better way to protect your email
systems and users.
http://list.windowsitpro.com/t?ctl=ED0A:4FB69
Integrate Fax Services with Business Applications for Big ROI
In this free eBook, you'll discover all you need to know about fax
technology! You'll learn how to improve business processes by
minimizing manual faxing and integrating faxing into your business
workflow for improved ROI. The eBook will also look at the how-to of the
desktop fax client, fax automation, faxing hardware and software
technologies, and the future of faxing. Let this important guide help
you stay on top of fax server technology within your business
environment.
http://list.windowsitpro.com/t?ctl=ED0C:4FB69
Influencers 2005: Thriving In The Face Of Regulation: How to Accommodate
the New Corporate Governance Regime and Achieve Optimum Financial
Performance
Join Arthur Levitt, former chairman of the SEC, Arnold Hanish, and Scott
Mitchell as they discuss the most important management challenge facing
businesses today--Wednesday, July 20 at 11:00 a.m. EDT. Register here:
http://list.windowsitpro.com/t?ctl=ED07:4FB69
====================
==== 3. Instant Poll ====
Results of Previous Poll: Does your network firewall provide stateful
application-layer inspection in addition to the traditional stateful
packet inspection?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 10 votes.
- 50% Yes
- 50% No
New Instant Poll: Do you regularly scan your external network IP
addresses for open ports on your network and compare the results
against a known good baseline?
Go to the Security Hot Topic and submit your vote for
- Yes, I regularly scan my network and compare against a baseline.
- Yes, I periodically scan but merely review the results.
- No, I don't scan, but I think I should.
- No, I don't think scanning is useful.
http://list.windowsitpro.com/t?ctl=ED18:4FB69
==== Featured White Paper ====
Do You Know If Your Network Is At Risk Of A Trojan Attack?
Discover the various methods available for controlled Internet access
and how to use them to increase security and decrease legal exposure.
Download your free white paper now!
http://list.windowsitpro.com/t?ctl=ED0E:4FB69
====================
==== 4. Security Toolkit ====
Security Matters Blog: Endian Firewall--Check It Out
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=ED1B:4FB69
Endian Firewall easily turns a computer into a firewall appliance. The
open-source project is based on IPCop, sports a Web-based configuration,
and has OpenVPN built in for quick setup of a VPN.
http://list.windowsitpro.com/t?ctl=ED12:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=ED19:4FB69
Q: How can I determine whether a Dfs root is a standalone root or a fault-
tolerant root stored in Active Directory (AD)?
Find the answer at
http://list.windowsitpro.com/t?ctl=ED15:4FB69
Security Forum Featured Thread: Changing a Password Without Logging In
A forum participant wants to know whether there is a way for users to
change their passwords themselves without logging on to the domain. Join
the discussion at
http://list.windowsitpro.com/t?ctl=ED0B:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Check Out the New Windows IT Security Newsletter!
Security Administrator is now Windows IT Security. We've expanded
our content to include even more fundamentals on building and
maintaining a secure enterprise. Each issue also features product coverage
of the best security tools available and expert advice on the best way to
implement various security components. Plus, paid subscribers get online
access to our entire security article database (over 1900 security
articles)! Order now:
http://list.windowsitpro.com/t?ctl=ED11:4FB69
Vote for the Next MCP Hall of Famer
Help decide who the most valuable member of the MCP community is. Take
the time to reward excellence to those that deserve it and to make yourself a
part of the first ever MCP Hall of Fame. Voting only takes a few seconds,
so cast your vote now for Round 5. Click here:
http://list.windowsitpro.com/t?ctl=ED1C:4FB69
====================
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
PC Protection
Privacyware offers the Total Endpoint Protection Suite, which
combines the company's Privatefirewall 4.0 and SafeEnd's USB Port
Protector in a package that's currently priced at $39.99 per seat
(with a 50-seat minimum). Privatefirewall is a firewall and
Intrusion Detection System (IDS). You can select from versions of
Privatefirewall that add Computer Associates' eTrust PestPatrol
Anti-Spyware software only or that add both CA's PestPatrol and
eTrust EZ Antivirus software. USB Port Protector lets only pre-
authorized devices connect through a USB port. For more information,
go to
http://list.windowsitpro.com/t?ctl=ED20:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Sponsored Links ====
Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
http://list.windowsitpro.com/t?ctl=ED04:4FB69
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=ED1F:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=ED10:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list