[ISN] Security UPDATE--The Future of Malware Defense? -- March 16, 2005

InfoSec News isn at c4i.org
Fri Mar 18 02:37:59 EST 2005


====================

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

High Availability for Windows Services 
   http://list.windowsitpro.com/t?ctl=53D5:4FB69

10 Ways to Effectively Secure Active Directory
   http://list.windowsitpro.com/t?ctl=53D9:4FB69 

====================

1. In Focus: The Future of Malware Defense?

2. Security News and Features
   - Recent Security Vulnerabilities
   - New Security Patches and Updates from Microsoft
   - Microsoft Takes Action Against Malware

3. Instant Poll

4. Security Toolkit
   - Security Matters Blog
   - Security Chat
   - FAQ
   - Security Forum Featured Thread

5. New and Improved
   - Fight Phishing

====================

==== Sponsor: The Neverfail Group ====

High Availability for Windows Services 
   It is no stretch to say that Windows high availability must be a 
fundamental element in your short- and long-term strategic IT 
planning. This free white paper discusses the core issues 
surrounding Windows high availability, with a focus on business 
drivers and benefits. You'll learn about the current market 
solutions, technologies and real-world challenges including cost-
benefit analyses. Plus, find out how to assess technical elements 
required in choosing a high availability solution, including the 
robustness of the technology, time-to-failover, and implementation 
difficulties. Download this white paper now!
   http://list.windowsitpro.com/t?ctl=53D5:4FB69

====================

==== 1. In Focus: The Future of Malware Defense? ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You're probably aware that Microsoft is working on branding its 
antivirus and antispyware solutions. The company has already 
released an antispyware solution into public beta testing and has 
acquired well-established GeCAD Software and Sybari Software 
antivirus products.

Some industry analysts think that the most logical way to address 
spyware is to evolve antivirus solutions to incorporate that ability 
to prevent spyware from infecting systems in the first place. That's a 
reasonable approach, even though it's another step towards a single 
point of failure, which many security administrators try to avoid.

I read some interesting comments at CNET.com, which published an 
interview with Bill Gates. The article implied that eventually 
antivirus solutions and possibly antispyware solutions will become 
integral parts of Windows. There's more to the story, which isn't 
covered in the CNET.com article. 

I mentioned in an earlier column that Microsoft has published a 
research paper on root kits and has developed a detection tool that 
it hasn't made available to the public. The company released another 
interesting research paper several months ago that offers further 
insight into what other kinds of security-related technology the 
company might offer in the future. 

The second paper, "Can We Contain Internet Worms?," was published in 
August 2004. In it, Microsoft researchers discuss how worms might 
become more readily containable as computers collaborate in a more 
automated manner. The concept, which the researchers have dubbed 
"Vigilante," proposes "a new host centric approach for automatic 
worm containment." 

The summary states that the technology "relies on collaborative worm 
detection at end hosts in the Internet but does not require hosts to 
trust each other. Hosts detect worms by analysing attempts to infect 
applications and broadcast self-certifying alerts (SCAs) when they 
detect a worm. SCAs are automatically generated machine-verifiable 
proofs of vulnerability; they can be independently and inexpensively 
verified by any host. Hosts can use SCAs to generate filters or 
patches that prevent infection." You might think of this technology 
as sort of like a much smarter version of Snort or other intrusion 
detection and prevention systems. 

In essence, the proposal discusses a means of having hosts monitor 
their own activity and automatically contain misbehaving processes. 
When a host detects a worm, it can generate an alert that's 
broadcast to other hosts. The general idea is to decentralize 
detection systems so that worms can't evade detection by evading a 
particular network point. A key to the idea is that an SCA could 
verify worm detection by reproducing its effects. So hosts attain a 
level of trust by doing their own verification, instead of depending 
on third parties to provide signatures to endpoint detection 
systems. 

Although the paper doesn't mention this specifically, the 
implications are huge. The same principles could be applied to 
viruses, Trojan horses, spyware, and just about any kind of 
application or network behavior. Such a system would become 
vulnerability-centric; instead of having to develop signatures for 
each variation of malware, the system would instead identify the 
vulnerability and be able to act to defend the system against it. 
For example, it could shut down an application, reconfigure a 
firewall, or generate some sort of patch. There is much more to 
learn about the concept in the paper, which you can download in PDF 
format at the Microsoft Web site. 
   ftp://ftp.research.microsoft.com/pub/tr/TR-2004-83.pdf

====================

==== Sponsor: NetIQ ====

10 Ways to Effectively Secure Active Directory
   Active Directory is vulnerable to malicious and inadvertent 
security attacks, thus protecting Active Directory from internal 
and external threats is a constant challenge. In this free white 
paper, learn how to configure Active Directory to be resistant to 
threats, and regulate changes so data consistency is protected and 
security policies are enforced. Download this white paper now and 
learn how to ensure a secure Active Directory environment.
   http://list.windowsitpro.com/t?ctl=53D9:4FB69

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=53DA:4FB69

New Security Patches and Updates from Microsoft
   Microsoft didn't release any new security bulletins in March, but 
the company did update previous bulletins (MS02-005 and MS02-015) to 
include patches for Windows 98 and Windows Me. The company also 
released an updated version of its Malicious Software Removal Tool.
   http://list.windowsitpro.com/t?ctl=53DD:4FB69

Microsoft Takes Action Against Malware
   Paul Thurrott examines what Microsoft is doing both this year and 
next to deal with spyware, adware, and similar types of electronic 
attacks. 
   http://list.windowsitpro.com/t?ctl=53DE:4FB69

====================

==== Resources and Events ====

Plan For or Prevent Exchange Messaging Disasters
   In this free Web seminar, join Exchange MVP Paul Robichaux as he 
describes some operational scenarios in which "disaster recovery" 
takes a back seat to "business continuance." Learn how to be prepared 
for events that might otherwise wipe out your messaging capability 
and how you can survive them with your messaging and job intact.
   http://list.windowsitpro.com/t?ctl=53D4:4FB69

Get Ready for SQL Server 2005 Roadshow in a City Near You
   Get the facts about migrating to SQL Server 2005. SQL Server 
experts will present real-world information about administration, 
development, and business intelligence to help you implement a best-
practices migration to SQL Server 2005 and improve your database 
computing environment. Receive a 1-year membership to PASS and 
1-year subscription to SQL Server Magazine. Register now!
   http://list.windowsitpro.com/t?ctl=53D6:4FB69

Infosecurity Europe 2005
   Infosecurity Europe is Europe's number one, dedicated Information 
Security event held April 26-28, 2005, Grand Hall, Olympia, London. 
Now in its 10th year, the event continues to provide an unrivalled 
education program, new products & services, exhibitors and visitors 
from every segment of the industry. To register for FREE, please 
visit:
   http://list.windowsitpro.com/t?ctl=53E7:4FB69

Empower Users and Produce Substantial ROI
   Join industry expert David Chernicoff in this free Web seminar to 
learn how to integrate and automate fax from messaging systems such 
as Microsoft Exchange Server and Outlook and other various 
applications. And learn how to improve document handling and delivery 
by streamlining the integration of fax services into everyday 
business processes.
   http://list.windowsitpro.com/t?ctl=53D7:4FB69  

Achieve High Availability and Disaster Recovery for Microsoft Servers
   Attend this free Web seminar for your chance to win a $1000 
American Express Gift Check! In this Web seminar, discover what it 
takes to minimize the likelihood of downtime through reliability and 
resilience in your Microsoft server environment, including Exchange, 
SQL Server, File Server, IIS, and SharePoint. Sign up today!
   http://list.windowsitpro.com/t?ctl=53D3:4FB69 

====================

==== 3. Instant Poll ====

Results of Previous Poll: Do you think Microsoft should offer Internet 
Explorer (IE) 7.0 for Windows 2000 platforms?
   The voting has closed in this Windows IT Pro Security Hot Topic 
nonscientific Instant Poll. Here are the results from the 44 votes.
   - 77% Yes
   - 23% No

New Instant Poll: Do you consider IIS 6.0 to be a secure platform?
   Go to the Security Hot Topic and submit your vote for 
   - Yes
   - No
   http://list.windowsitpro.com/t?ctl=53E1:4FB69

==== 4. Security Toolkit ==== 

Security Matters Blog 
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=53E6:4FB69

Got NT? Better Have Extended Support or a Good Firewall!
   Windows NT systems contain a critical vulnerability for which a 
patch is available--if you have an extended support contract. You can 
also defend your NT systems with a good firewall.
   http://list.windowsitpro.com/t?ctl=53DF:4FB69 

Security Event Log Chat
   Randy Franklin Smith is one of the foremost authorities on the 
Windows Security event log and a respected trainer who teaches 
Monterey Technology Group's "Security Log Secrets" course. Here's
your chance to ask Randy your questions about the Security log and 
get answers Microsoft doesn't provide. Join the chat today at 
4:00 P.M. Eastern / 1:00 P.M. Pacific time. For details, visit
   http://list.windowsitpro.com/t?ctl=53E4:4FB69

FAQ
   by John Savill, http://list.windowsitpro.com/t?ctl=53E2:4FB69 

Q. Should I define a "catch-all" subnet for my Active Directory (AD) 
sites?

Find the answer at
   http://list.windowsitpro.com/t?ctl=53DC:4FB69

Security Forum Featured Thread: Best Network Security Scanner
   A forum participant writes that he's decided to purchase software 
to check his network for open ports, vulnerabilities, permissive user 
rights, open shares, accounts with administrative rights, unapproved 
Instant Messaging (IM) software, and so on. He wonders what the best 
tool to use might be. Join the discussion at
   http://list.windowsitpro.com/t?ctl=53D8:4FB69

====================

==== Announcements ====
   (from Windows IT Pro and its partners)

Get Windows IT Pro at 44% Off!
   Windows & .NET Magazine is now Windows IT Pro!  Act now to get an 
entire year for just $39.95--that's 44% off the cover price! Our 
March issue shows you what you need to know about Windows Server 2003 
SP1, how to get the best out of your IT staff, and how to fight 
spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0. 
This is a limited-time, risk-free offer, so click here now:
   http://list.windowsitpro.com/t?ctl=53E0:4FB69

Get SQL Server Magazine and Get Answers
   Subscribe to SQL Server Magazine today and get the latest "Top SQL 
Server Tips" handbook (includes over 60 helpful SQL Server tips) and 
free online access to every article ever published in the magazine--
that's thousands of problem-solving solutions, expert tips, tricks, 
and the latest insider notes to help you get the most out of SQL 
Server. Sign up today:
   http://list.windowsitpro.com/t?ctl=53E5:4FB69 

====================

==== 5. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Fight Phishing
   Cyberworlds offers Swidgets Email Xray, which lets you look inside 
Microsoft Outlook email messages to detect phishing attempts. The 
program lets you view your email messages as plain text so there's no 
possibility of being harmed by a malicious script or link. Email Xray 
also reveals the email headers and source code and lets you easily 
email this information to your Help desk or service provider. Email 
Xray works with Internet email and Microsoft Exchange Server messages, 
can be installed across a LAN, and lets administrators modify or 
disable specific features. Email Xray runs under Windows 
XP/2000/Me/98SE and works with Outlook 2003/2002/2000. Email Xray 
costs $14.95 (quantity and academic discounts and 15-day free trial 
copy are available). For more information, go to
   http://list.windowsitpro.com/t?ctl=53E9:4FB69

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Security Administrator print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rsecadmin at windowsitpro.com. If we print your submission, you'll get 
$100. We edit submissions for style, grammar, and length.

====================

==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=53E8:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com

====================

This email newsletter is brought to you by 
Security Administrator, the leading publication for 
IT professionals securing the Windows enterprise from
external intruders and controlling access for internal
users. Subscribe today.
   http://list.windowsitpro.com/t?ctl=53DB:4FB69

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.





More information about the ISN mailing list