[ISN] Security UPDATE--The Future of Malware Defense? -- March 16,
2005
InfoSec News
isn at c4i.org
Fri Mar 18 02:37:59 EST 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
High Availability for Windows Services
http://list.windowsitpro.com/t?ctl=53D5:4FB69
10 Ways to Effectively Secure Active Directory
http://list.windowsitpro.com/t?ctl=53D9:4FB69
====================
1. In Focus: The Future of Malware Defense?
2. Security News and Features
- Recent Security Vulnerabilities
- New Security Patches and Updates from Microsoft
- Microsoft Takes Action Against Malware
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- Security Chat
- FAQ
- Security Forum Featured Thread
5. New and Improved
- Fight Phishing
====================
==== Sponsor: The Neverfail Group ====
High Availability for Windows Services
It is no stretch to say that Windows high availability must be a
fundamental element in your short- and long-term strategic IT
planning. This free white paper discusses the core issues
surrounding Windows high availability, with a focus on business
drivers and benefits. You'll learn about the current market
solutions, technologies and real-world challenges including cost-
benefit analyses. Plus, find out how to assess technical elements
required in choosing a high availability solution, including the
robustness of the technology, time-to-failover, and implementation
difficulties. Download this white paper now!
http://list.windowsitpro.com/t?ctl=53D5:4FB69
====================
==== 1. In Focus: The Future of Malware Defense? ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
You're probably aware that Microsoft is working on branding its
antivirus and antispyware solutions. The company has already
released an antispyware solution into public beta testing and has
acquired well-established GeCAD Software and Sybari Software
antivirus products.
Some industry analysts think that the most logical way to address
spyware is to evolve antivirus solutions to incorporate that ability
to prevent spyware from infecting systems in the first place. That's a
reasonable approach, even though it's another step towards a single
point of failure, which many security administrators try to avoid.
I read some interesting comments at CNET.com, which published an
interview with Bill Gates. The article implied that eventually
antivirus solutions and possibly antispyware solutions will become
integral parts of Windows. There's more to the story, which isn't
covered in the CNET.com article.
I mentioned in an earlier column that Microsoft has published a
research paper on root kits and has developed a detection tool that
it hasn't made available to the public. The company released another
interesting research paper several months ago that offers further
insight into what other kinds of security-related technology the
company might offer in the future.
The second paper, "Can We Contain Internet Worms?," was published in
August 2004. In it, Microsoft researchers discuss how worms might
become more readily containable as computers collaborate in a more
automated manner. The concept, which the researchers have dubbed
"Vigilante," proposes "a new host centric approach for automatic
worm containment."
The summary states that the technology "relies on collaborative worm
detection at end hosts in the Internet but does not require hosts to
trust each other. Hosts detect worms by analysing attempts to infect
applications and broadcast self-certifying alerts (SCAs) when they
detect a worm. SCAs are automatically generated machine-verifiable
proofs of vulnerability; they can be independently and inexpensively
verified by any host. Hosts can use SCAs to generate filters or
patches that prevent infection." You might think of this technology
as sort of like a much smarter version of Snort or other intrusion
detection and prevention systems.
In essence, the proposal discusses a means of having hosts monitor
their own activity and automatically contain misbehaving processes.
When a host detects a worm, it can generate an alert that's
broadcast to other hosts. The general idea is to decentralize
detection systems so that worms can't evade detection by evading a
particular network point. A key to the idea is that an SCA could
verify worm detection by reproducing its effects. So hosts attain a
level of trust by doing their own verification, instead of depending
on third parties to provide signatures to endpoint detection
systems.
Although the paper doesn't mention this specifically, the
implications are huge. The same principles could be applied to
viruses, Trojan horses, spyware, and just about any kind of
application or network behavior. Such a system would become
vulnerability-centric; instead of having to develop signatures for
each variation of malware, the system would instead identify the
vulnerability and be able to act to defend the system against it.
For example, it could shut down an application, reconfigure a
firewall, or generate some sort of patch. There is much more to
learn about the concept in the paper, which you can download in PDF
format at the Microsoft Web site.
ftp://ftp.research.microsoft.com/pub/tr/TR-2004-83.pdf
====================
==== Sponsor: NetIQ ====
10 Ways to Effectively Secure Active Directory
Active Directory is vulnerable to malicious and inadvertent
security attacks, thus protecting Active Directory from internal
and external threats is a constant challenge. In this free white
paper, learn how to configure Active Directory to be resistant to
threats, and regulate changes so data consistency is protected and
security policies are enforced. Download this white paper now and
learn how to ensure a secure Active Directory environment.
http://list.windowsitpro.com/t?ctl=53D9:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=53DA:4FB69
New Security Patches and Updates from Microsoft
Microsoft didn't release any new security bulletins in March, but
the company did update previous bulletins (MS02-005 and MS02-015) to
include patches for Windows 98 and Windows Me. The company also
released an updated version of its Malicious Software Removal Tool.
http://list.windowsitpro.com/t?ctl=53DD:4FB69
Microsoft Takes Action Against Malware
Paul Thurrott examines what Microsoft is doing both this year and
next to deal with spyware, adware, and similar types of electronic
attacks.
http://list.windowsitpro.com/t?ctl=53DE:4FB69
====================
==== Resources and Events ====
Plan For or Prevent Exchange Messaging Disasters
In this free Web seminar, join Exchange MVP Paul Robichaux as he
describes some operational scenarios in which "disaster recovery"
takes a back seat to "business continuance." Learn how to be prepared
for events that might otherwise wipe out your messaging capability
and how you can survive them with your messaging and job intact.
http://list.windowsitpro.com/t?ctl=53D4:4FB69
Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server
experts will present real-world information about administration,
development, and business intelligence to help you implement a best-
practices migration to SQL Server 2005 and improve your database
computing environment. Receive a 1-year membership to PASS and
1-year subscription to SQL Server Magazine. Register now!
http://list.windowsitpro.com/t?ctl=53D6:4FB69
Infosecurity Europe 2005
Infosecurity Europe is Europe's number one, dedicated Information
Security event held April 26-28, 2005, Grand Hall, Olympia, London.
Now in its 10th year, the event continues to provide an unrivalled
education program, new products & services, exhibitors and visitors
from every segment of the industry. To register for FREE, please
visit:
http://list.windowsitpro.com/t?ctl=53E7:4FB69
Empower Users and Produce Substantial ROI
Join industry expert David Chernicoff in this free Web seminar to
learn how to integrate and automate fax from messaging systems such
as Microsoft Exchange Server and Outlook and other various
applications. And learn how to improve document handling and delivery
by streamlining the integration of fax services into everyday
business processes.
http://list.windowsitpro.com/t?ctl=53D7:4FB69
Achieve High Availability and Disaster Recovery for Microsoft Servers
Attend this free Web seminar for your chance to win a $1000
American Express Gift Check! In this Web seminar, discover what it
takes to minimize the likelihood of downtime through reliability and
resilience in your Microsoft server environment, including Exchange,
SQL Server, File Server, IIS, and SharePoint. Sign up today!
http://list.windowsitpro.com/t?ctl=53D3:4FB69
====================
==== 3. Instant Poll ====
Results of Previous Poll: Do you think Microsoft should offer Internet
Explorer (IE) 7.0 for Windows 2000 platforms?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 44 votes.
- 77% Yes
- 23% No
New Instant Poll: Do you consider IIS 6.0 to be a secure platform?
Go to the Security Hot Topic and submit your vote for
- Yes
- No
http://list.windowsitpro.com/t?ctl=53E1:4FB69
==== 4. Security Toolkit ====
Security Matters Blog
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=53E6:4FB69
Got NT? Better Have Extended Support or a Good Firewall!
Windows NT systems contain a critical vulnerability for which a
patch is available--if you have an extended support contract. You can
also defend your NT systems with a good firewall.
http://list.windowsitpro.com/t?ctl=53DF:4FB69
Security Event Log Chat
Randy Franklin Smith is one of the foremost authorities on the
Windows Security event log and a respected trainer who teaches
Monterey Technology Group's "Security Log Secrets" course. Here's
your chance to ask Randy your questions about the Security log and
get answers Microsoft doesn't provide. Join the chat today at
4:00 P.M. Eastern / 1:00 P.M. Pacific time. For details, visit
http://list.windowsitpro.com/t?ctl=53E4:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=53E2:4FB69
Q. Should I define a "catch-all" subnet for my Active Directory (AD)
sites?
Find the answer at
http://list.windowsitpro.com/t?ctl=53DC:4FB69
Security Forum Featured Thread: Best Network Security Scanner
A forum participant writes that he's decided to purchase software
to check his network for open ports, vulnerabilities, permissive user
rights, open shares, accounts with administrative rights, unapproved
Instant Messaging (IM) software, and so on. He wonders what the best
tool to use might be. Join the discussion at
http://list.windowsitpro.com/t?ctl=53D8:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Get Windows IT Pro at 44% Off!
Windows & .NET Magazine is now Windows IT Pro! Act now to get an
entire year for just $39.95--that's 44% off the cover price! Our
March issue shows you what you need to know about Windows Server 2003
SP1, how to get the best out of your IT staff, and how to fight
spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0.
This is a limited-time, risk-free offer, so click here now:
http://list.windowsitpro.com/t?ctl=53E0:4FB69
Get SQL Server Magazine and Get Answers
Subscribe to SQL Server Magazine today and get the latest "Top SQL
Server Tips" handbook (includes over 60 helpful SQL Server tips) and
free online access to every article ever published in the magazine--
that's thousands of problem-solving solutions, expert tips, tricks,
and the latest insider notes to help you get the most out of SQL
Server. Sign up today:
http://list.windowsitpro.com/t?ctl=53E5:4FB69
====================
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Fight Phishing
Cyberworlds offers Swidgets Email Xray, which lets you look inside
Microsoft Outlook email messages to detect phishing attempts. The
program lets you view your email messages as plain text so there's no
possibility of being harmed by a malicious script or link. Email Xray
also reveals the email headers and source code and lets you easily
email this information to your Help desk or service provider. Email
Xray works with Internet email and Microsoft Exchange Server messages,
can be installed across a LAN, and lets administrators modify or
disable specific features. Email Xray runs under Windows
XP/2000/Me/98SE and works with Outlook 2003/2002/2000. Email Xray
costs $14.95 (quantity and academic discounts and 15-day free trial
copy are available). For more information, go to
http://list.windowsitpro.com/t?ctl=53E9:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin at windowsitpro.com. If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=53E8:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by
Security Administrator, the leading publication for
IT professionals securing the Windows enterprise from
external intruders and controlling access for internal
users. Subscribe today.
http://list.windowsitpro.com/t?ctl=53DB:4FB69
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list