Internet security 2011

What’s new in Norton Internet Security 2011?

2010-06-21T16:04:00.000-07:00

The new Norton AntiVirus 2011 and Norton Internet Security 2011 beta products include several new and improved features which I'm going to detail here.

Norton Internet Security 2011 Conclusion
This is really a short summary of some of the key new features in 2011. There are several other changes to enhance the usability, quality, performance, and lastly--but most importantly,--protection. Give the Beta a try and let us know what you think. We will have our eyes and ears open for your feedback.

Norton Internet Security 2011 Security Features:
Reputation Scan
In our 2009 products, we introduced Norton Insight which dramatically improved performance by not scanning known good files.

In 2010 products, we went one step further by using reputation data to mark files as good, bad or unknown.

With 2011, we are enhancing this even more by providing fine-grained reputation information about files and by allowing users to perform a Reputation Scan of their files. You can choose to do a quick or full scan or a custom scan of a folder or a drive. Once the scan is done, you will see how your files are rated based on their Trust Levels, Age and Prevalence. Reputation Scan will also compare your results against the rest of the Norton Community. It is an excellent tool to give you an idea of your machine’s risk profile.

For example, in the screenshot above, my files have better Trust Levels, Age and Prevalence values compared to the rest of the community. I did this test on a clean computer, and your results will vary depending on what you have running on your computer.

You can also filter the results and choose to look at only files with low prevalence or files that are very new or have unproven or poor trust rating.

Norton Safe Web for Facebook
Facebook has become a top social site on the web. More and more people spend a lot of time on Facebook, and this gives cybercriminals the opportunity to use Facebook to propagate malware. We hear about these scams everyday – like the Farm Town scam that happened a few days ago.

This feature lets users scan their feed for malicious URLs using Norton Safe Web. You get a report of the scan, which you can choose to share on your Facebook Wall.

New and Improved Download Insight
In Norton Internet Security2010, Download Insight analyzed downloads from Internet Explorer and Firefox. In 2011, we have expanded the number and types of applications that will be monitored by Download Insight. In addition to Internet Explorer and Firefox, the list of supported applications includes browsers like Chrome, Opera, and Safari; instant messengers like Yahoo Messenger, AOL Messenger, and MSN Messenger; email clients such as Outlook and Outlook Express; download managers and FTP clients like FileZilla;and P2P clients like Bittorrent and Limewire.

Furthermore, we have added the ability to dynamically expand coverage of many more applications.

For most of these applications, when you download an executable file, you will see the familiar Download Insight notification telling you if the file is safe or unknown, or if it is a threat. If it is a threat, it will be remediated automatically. For some download applications, you may not see the Download Insight notification during the download but if you try to run the downloaded file and the file is unknown or bad, Download Insight will alert you before allowing the file to run.

Norton Rescue Tools
Norton Rescue Tools are a set of tools that help you recover a badly infected computer. In addition to the familiar Norton Bootable Recovery Tool, this year we are introducing Norton Power Eraser. These tools complement each other and can be used in various situations.

Norton Bootable Recovery Tool
We come across many computers that have been so badly infected that it is virtually impossible to install any security product on them. The only way to clean up these computers is to use the Norton Bootable Recovery Tool. Since the Norton Bootable Recovery Tool loads its own clean boot environment, it is not affected by malware on the system. Even though we had made the ISO image for this tool available, it was not easy for users to burn a CD or DVD from it. You had to download the ISO and then find an application to help you burn a CD or DVD. To add to that, many recent Netbooks do not have a CD or DVD drive. We needed to provide a way to get access to this tool on media that will work on your computer and make it very easy to use!

In 2011, we have made it really easy to create the Norton Bootable Recovery Tool on a CD or DVD, or install it on a USB drive. All you need to do is to go to the “Start” menu, locate the Norton Internet Security or Norton AntiVirus folder and select the “Norton Bootable Recovery Tool” link. That link will take you to a Web page where you can download a wizard that will walk you through the process of creating your custom copy of the Norton Bootable Recovery Tool, as shown in the following screens.

It is really easy to burn the Norton Bootable Recovery Tool on media that you can use – CD, DVD, or USB--or just create an ISO image.

The Norton Bootable Recovery Tool Wizard also allows you to automatically update the threat definitions with the latest version, and it allows you to add drivers required to access storage or network devices on your particular system.

Norton Power Eraser
This brand new tool is rescue tool that is used in slightly different circumstances. Norton Power Eraser will be a free tool available to anybody. It will detect and repair new malware threats that are not typically detected by Norton product scanners. The focus for this tool will be detecting and fixing "0-day" malware and top threats like Fake AV (also known as rogue ware or crime ware).

Norton Internet Security 2011 Performance Alerts
Performance of security products continues to be a concern amongst users. Every year, Norton takes great strides in improving our product’s performance. This year we have made significant improvements that will make our products the fastest yet. In a lot of cases though, there is some other application that is slowing your computer down to a crawl. Ever wondered if you could somehow know what that application was? Enter Performance Alerts.

In our 2009 products, we put the CPU and Memory meter on our UI. The reason was to show the world that Norton is lean and mean, and let our users measure it. In 2010, we introduced the performance graph, which lets you track your computer’s CPU and memory consumption over time, and also tracks installation of other products on your computer.

In 2011, we have taken it one step further by adding real time proactive Performance Alerts. We measure the four broad metrics of performance: CPU usage, memory usage, disk IO, and handle counts. If a particular process is taking too many resources, you will get a notification like this:

You can click "Details & Settings" to get more information. For example, in this case cpuhog.exe was consuming too much CPU.

We expect our users to run legitimate resource-hungry applications knowing that they will consume a lot of resources, so we have given you the ability to exclude certain apps from being monitored. Once you exclude those apps, you will not see performance alerts for them.

We did a lot of research on exactly how much an application can consume before we should alert you. We don’t want to alert you too many times, but still want to provide you with details if you think your computer is running slow for some reason. We came up with three different levels based on your sensitivity to system performance. The default is the medium level but you can make Performance Alerts less or more aggressive by changing its levels to high or low respectively.

We have also considered battery-powered computers and automatically lowered our thresholds so that we tell you if an application is consuming too much of something that will drain your battery faster.

F-Secure Internet Security 2011 Beta Released

2010-06-21T16:00:00.001-07:00

Buy Security Software 2011

F-Secure Internet Security 2011 Beta is now available for download.

Latest version
Version: IS 10.50 (build 164)
Released: June 14, 2010

Supported operating systems
Windows XP
Windows Vista (32-bit, 64-bit)
Windows 7 (32-bit, 64-bit)

F-Secure Internet Security 2011 Beta Features:
All-in-one security solution for your online life
(Beta: Non-released version of our product or solution that is still in an active development phase. You should use this version for testing purposes only.)

F-Secure® Internet Security keeps you and your family safe on the Internet. It protects your data and privacy when you send e-mail, download music, bank, shop or play online. This comprehensive security package provides complete protection against online threats with powerful detection and removal of all types of malicious software.

What's new in Internet Security 2011
- Easier and faster to use -- Based on multiple usability studies, the user interface of IS 2011 has been improved, giving you an easy access to the most important tasks and features.
- Reliable protection -- Automated malware removal logic has been taken to a new level by utilizing prevalence information from F-Secure cloud services, making your Internet use safer with minimum distraction from virus alerts.
- Easier to take into use -- Thanks to enhanced installation, restarting is no longer required on Windows Vista and Windows 7. This applies only to new installations.

Benefits for beta participants
- Six-month subscription -- As a beta tester of our product, you will get a free six-month subscription during which you will automatically receive the latest updates to the software.
- Opportunity to influence -- Getting feedback during the beta period is
important to us. This is a unique opportunity for you to have a say on the final product.
- Rewards for active feedback -- Rewards will be given for the best enhancement suggestions and for active feedback.

Kaspersky Internet Security 2011 had been released!

2010-06-09T06:21:00.000-07:00

The leading security software company Kaspersky Lab announces the release of the latest versions of its flagship consumer products Kaspersky Internet Security 2011.

Kaspersky Internet Security 2011 has everything that you need to stay safe and secure while you're surfing the web. It provides constant protection for you and your family ¨C whether you work, bank, shop or play online.

More informations of the NEW Kaspersky Internet Security 2011 here: Kaspersky Internet Security 2011.

Review: Norton Internet Security 2010

2009-12-16T21:01:00.000-08:00

Buy Norton Internet Security 2010 for only $53.99 (~~NOT $69.99~~ Save $16.00)

When late 2008 rolled around, and Symantec was launching yet another version of its venerable Norton Internet Security 2009 software, I was originally sceptical that Symantec would actually deliver on its promises that its new version would be faster and better than the last.

After all, in the earlier years of this decade, Symantec’s Norton software was not one for seductive speed, but ever slower speeds degrading into a cyber soup of silicon sludge.

Although many were quick to blame Microsoft, people soon realised that their Internet security software was slowing them down way too much, and over the years, despite Symantec still staying atop the security software sales spreadsheets, Symantec’s sweet sales success was starting to sour.

Seeing the potential of its software besmirching the Symantec name irreparably, Symantec’s CEO surged forward with a new plan: re-write its security software to make it the best in the industry, so as to super-strengthen its stranglehold on the summit of sales supremacy while swiftly swinging its way back into the good books of consumers.

That was NIS 2009’s mission, and it clearly succeeded. Competitors rushed to ensure their security suites were also speeded up, signifying the arrival of much better performance from most of the industry, even on low-specced netbooks.

Now, with the 2010 version, Symantec still leads the pack in consistently strong performance (while not always being the very top spot, as seen in this Passmark AV report- PDF link), strengthens its various features and introduces, as has some of its competitors, a cloud-based “reputation” engine that can immediately tell you whether the file you’ve just downloaded is seen as safe by Norton users, is seen as dangerous, or is too new to accurately give a rating on.

For consumers who blindly download things without any real knowledge of what they’re doing, aside from adding nice new programs to their computers, this simple reputation sensing tool won’t stop users from junking up their machines with shovelware freebie downloads, but it could well save them from malicious malware that specialises in menacing mostly non-cyber-savvy users – at that crucial moment right before they accidentally install said malware.

Although there are still yet other new features that you can read about in other reviews on or Symantec’s main website, another area that Symantec excels in, at least when it comes to its software, is graphical user interfaces.

I’ve seen what the competition has to offer, and for some reason, Symantec just has the superior user interface, something it has always had, even in the bad ol’ days of earlier Norton versions.

The competition all sport very functional interfaces too, some even looking as though they have been inspired a bit by Norton over the years, but just like the iPhone has a level of smooth that competitors have struggled to simply match, let alone improve on, so too does Norton Internet Security have a level of smooth that effectively leaves competitors choking on some very powdery silicon dust, facemasks at the ready.

Buy Norton Internet Security 2010 for only $53.99 (~~NOT $69.99~~ Save $16.00)

How to import / export settings in Kaspersky Internet Security 2010?

2009-11-07T19:28:00.000-08:00

This How to articles Concerning Kaspersky Internet Security 2010.

Kaspersky Internet Security 2010 includes the option of importing and exporting settings. This is a helpful feature when, for example, you need reinstall the OS, save the program settings and usу them after the OS reinstall. You can export settings into a configuration file and import the saved settings back once both the OS and product have been reinstalled. You can also use this option if you want to load settings of Kaspersky Internet Security 2010 onto another computer.

In order to export the application settings into a file, perform the following:

Open the main application window

Click the Settings link in the right upper corner of the window

Select Settings in the menu

Click the Save button in the Application settings management section

Enter the file name and select the folder where the file will be saved

Click the Save button

Click the OK button

Close the main application window

In order to import the application settings from a file, perform the following:

Open the main application window

Click the Settings button in the right upper corner of the window

Select Settings in the menu

Click the Load button in the Application settings management section

Select the folder where the configuration file is saved and select the file

Click the Load button

Click the OK button

Minimize the main application window

Download or Buy Kaspersky Internet Security 2010.

Setting Update Source of KIS 2010

2009-11-04T01:32:00.000-08:00

Keeping Kaspersky Internet Security 2010 (KIS 2010) updated is a prerequisite for reliably protecting your computer. If you can’t update kaspersky sometimes, you will change the update source of your KIS 2010 by manually. In order to update your Update Source of KIS 2010 ( or Kaspersky Antivirus 2010). Perform the following steps:

Step 1. Run Kaspersky Internet Security 2010. If the application was not launched and in the right bottom corner there is no the K icon, then simply press Start -> All Programs -> Kaspersky Internet Security 2010 -> Kaspersky Internet Security 2010.

Step 2. You will see Kaspersky Internet Security 2010 main window. Click the “Settings” link in the right upper part of the window. Select the “My Update Center” section in the left part of the window. Click the “Settings” button in the “Update source” section. In the window “Update settings” click the “Add” link. Then type “http://dnl-01.geo.kaspersky.com” (dnl-01 can be instead of dnl-02, dnl-03… dnl-19) to the textbox of “Source”. Click the “OK” button in the window “Select update source”.

Step 3. Unselected the Kaspersky Lab’s update servers. Click the “OK” button in the windows.

Now you can update your Kaspersky Internet Security 2010 from the new update source. This Howto article is powered by Security Software & Internet Security 2010.

Run your applications with Kaspersky Internet Security Freely

2009-10-26T04:19:00.000-07:00

Kaspersky Internet Security 2010 is a full-featured security suite. But sometimes, in order to test some softwares or solve the problem that some of our safe applications, such as some games, were blocked by Kaspersky Internet Security 2010 (KIS 2010), we can use the following method to prevent our applications being blocked!

1. Open KIS 2010, click the label "Setting". See picture 1
Picture 1

2. In the window "Settings", click "Threats and exclusions" on the left, then click the button "Settings" in the section of "Exclusions" and reach another window "Trusted zone". See picture 2
Picture 2

3. In the new openedwindow "Trusted zone", click the label "Trusted applications", then click the label "Add" and two labels "Browse" and "Apllications" appear for you to choose. See picture 3

Picture 3

4. Click the label "Browse" and find the application which we do NOT want to be disabled or blocked by KIS 2010. Then a new window "Exclusions for application" will be shown. See picture 4

Picture 4

5. Checked all the four options of "Exclusions" and click the button"OK". See picture 5

Picture 5

6. Click the button "OK" in all opened windows for the setting.

After that, our applications which have been allowed will not be blocked or disabled by KIS 2010.

Download Kaspersky Internet Security 2010 or other Internet Security 2010 Software Here: Security Software.

[Reviews] BitDefender - Total Security 2010 review

2009-10-15T23:00:00.000-07:00

Buy BitDefender Total Security 2010 securely online at a bargain price $69.95

We've been impressed in the past by BitDefender and Total Security 2009 was one of the best alternatives to more established names in this market. The new version promises a similarly comprehensive set of features and had us wondering exactly what else the company can do to improve on its past success.

Installation is quick and easy and setup involves registering an account, selecting a default settings profile for the software (choose between ‘typical', ‘parent', ‘gamer' or ‘custom'), the nature of your home setup and a level of expertise from novice to expert. This configures the software nicely for first-time use and it's easy to change these modes later if necessary.

We liked the interface of the previous version, which managed to collect a wide range of tools together in an approachable and manageable way. There has been an aesthetic refresh here to make things a bit more colourful and streamlined but thankfully the general layout remains the same, splitting tools into a general ‘dashboard' overview, security, tune-up, file-storage and network.

Another useful feature that has been retained is the software's ability to track and report potential system issues, varying from out of date virus definitions to backup and tune-up recommendations, Windows update alerts and registry clean-up. Monitored areas can be configured manually and flagged issues can be corrected using the ‘Fix all' method or individually, as required.

The clever way of structuring the interface and alerts in the ‘basic' and ‘novice' modes is necessary to keep track of the wide range of utilities provided with Total Security. Aside from essential firewall, anti-virus, anti-malware and anti-phishing, additional security includes anti-spam, parental control, home network monitoring and system vulnerability checks. There's also a range of tune-up tools that include a defragmenter, disc and registry clean-up and a duplicate file finder. Files can be encrypted or permanently wiped, and local backups are complemented by 2GB of online storage.

For a more detailed look at how these features work, check out last year's review of the software, since not much has changed, but suffice to say that this comprehensive collection is up there with the best on the market. The package is easy to configure and use, with additional features accessible in the ‘advanced' mode using a more conventional layout. The aforementioned profiles are a useful new way to switch between different software configurations without having to manually change settings, and they improve usability further.

Aside from tweaks to the interface there aren't any major additions to the software or tool-set this year, with the majority of improvements focused around refreshing security to cope with new threats, speedier scans and improved intrusion detection. Parental controls are also far more detailed and now allow you to track activities and set specific time intervals at which children can access the web.

In terms of performance, BitDefender seems to have retained the impressive statistics from recent versions and still has a low impact on system resources. Scans are notably faster thanks to a new optimised approach, which skips files that are known to be safe, and while independent certification is pending from bodies such as West Coast Labs and VBA, we would expect these to go through without a hitch if last year's performance was anything to go by.

We're not too concerned with the lack of major additions to Total Security 2010, as there's not a lot that can be added to a security suite that was already so feature-packed. It's refreshing to see that BitDefender hasn't jacked up the price to reflect its ability to compete with similarly feature-packed rivals such as Norton 360, and at £44.95 (covering three PCs for one year) for the Total Security suite this is good value for money.

Those who aren't interested in tune-up, backup and the file shredder will alternatively be able to access the rest of the tools on offer with the ‘Internet Security' alternative, which costs £29.95. Finally, users of the 2009 version will be able to upgrade for free for the remainder of their existing subscription period (if relevant), which, along with the free 30-day trial, is an excellent way to test out the new version for a little while before upgrading.

BitDefender - Total Security 2010 features - Verdict
BitDefender sticks with a tried and trusted formula for its 2010 range and this is certainly no bad thing. The suite is as feature-packed as they come, is extremely approachable for new users and still offers the level of tweaking advanced users may prefer. Its system monitoring and notification tools work well, and low impact on performance and water-tight security offer plenty of peace of mind. The low price point rounds off this package and we'd still consider this to be one of the best alternatives to more expensive, more established suites such as Norton 360.

BitDefender - Total Security 2010 price
Buy BitDefender Total Security 2010 securely online at a bargain price $69.95

[Reviews] Kaspersky - Internet Security 2010 review

2009-10-14T01:40:00.000-07:00

Buy Kaspersky Internet Security 2010 securely online at a bargain price $59.95

To paraphrase a politician whose career isn't having its finest moments right now, Kaspersky's Internet Security 2010 is a serious application for serious times. Professionally presented from the off, it's a suite of utilities for battling the many nasties that attempt to infiltrate your computer. As such, the product includes anti-virus, firewall, spam, phishing and banner ad protection, along with defences against denial of service attacks.

There's clearly a lot going on under the bonnet here, and the software is perhaps understandably insistent on you removing any other security software that may conflict with it as part of its installation. Once you've done that, the installation itself is quite a speedy job, and after the usual downloading of updates and activation of the product (and we hate that the latter has become a feature you'd describe as ‘usual', but we sense we're on the losing side of the battle there), you're presented with the main Kaspersky control screen.

This is a tidy and professional piece of work, with large tabs down the left-hand side of the screen giving you access to the more advance features: but otherwise, you'll be fine just leaving the program to get on with its work.

The main front screen, complete with a radar-esque bar at the bottom (who said security programs couldn't do a bit of eye candy?), gives you clear access to the main tools you're likely to need, and as usual you can manually choose to scan your machine, for instance, or simply schedule things in and carry on regardless.

Either way, Kaspersky is excellent at its job. With a modest system footprint, it ingratiates itself into your day to day working, adding things like a link filter to your web browser and e-mail scanning to your mail client. And while you can customise what parts of the suite you want to use, we found it best to leave it to its work. For the duration of our test, it kept our machine running at its usual speed and deflected the malware and tests we threw in its direction.

There are some new features and tweaks, too. A sandbox mode provides a ‘safe' environment to run certain applications (a nice idea, well executed, but is it any surprise that Internet Explorer is the only tool in there when you load up for the first time?), and there are accommodations for gamers, too. And performance continues to evolve, making for a satisfying package.

If there's a downside, it's that it nags you a little too often for our liking, and for less experienced users, we suspect that's not what they want to see: a security package that can completely fly under the radar is presumably the goal there. However, you can't argue with Kaspersky where it counts, and its product is strong, secure, well presented and a solid barrier against the worries of the web world.

Kaspersky - Internet Security 2010 features - Verdict
A strong package, and one that continues to improve. Some nice new features, and an all-round professional job that covers most of what the majority of people are likely to worry about in terms of PC security.

Kaspersky - Internet Security 2010 price
Buy Kaspersky Internet Security 2010 securely online at a bargain price $59.95

From: itreviews.co.uk

[Freeware] Security Essentials graduates to v1.0

2009-09-29T18:51:00.000-07:00

Microsoft has released version 1.0 of Security Essentials, the successor to Live OneCare. Originally known as Morro, Security Essentials retains the core features of OneCare, but abandons the additional heft of a firewall, performance tuning, and backup and restore options in exchange for making the program free. Rather than taking aim at full-featured security suites made by Symantec or Eset, the features available in Security Essentials indicate that Microsoft is aiming to compete with basic-but-free security apps.

For the select 75,000 public beta testers who got their hands on the program when the limited public beta was offered in June, there will be few appreciable differences between the beta and the final version. For the rest of the planet, Security Essentials features key defenses that are boilerplate for any respectable security program.

Microsoft Security Essentials Features:

It uses both definition file and real-time defenses against viruses and spyware, and also offers rootkit protection. The program's reputation-based detection and software signature-based detection seem to rely heavily on Microsoft SpyNet, the unfortunately named cloud-based service that compares file behavior across computers running various Microsoft operating systems.

SpyNet was introduced in Windows Vista and extended to Windows 7, but Microsoft Security Essentials is the only way to access the network on Windows XP. Unlike other security vendors that allow customers to take advantage of the benefits of their behavioral detection engines while opting out of submitting information, there's no way to do that with SpyNet.

You can choose between two SpyNet memberships. Basic submits to Microsoft the detected software's origins, your response to it, and whether that action was successful, while the Advanced membership submits all that plus the location on your hard drive of the software in question, how it operates, and how it has impacted your computer. Both basic and advanced warn users that personal data might be "accidentally" sent to Microsoft, although they promise to neither identify nor contact you. Opting out of SpyNet, however, is not an option in Security Essentials.

Security Essentials benefits greatly from having a simple, streamlined interface. There are four tabs, each with a concise and understandable label: Home, Update, History, and Settings. The program also uses easy-to-grasp labels, imported from OneCare: green for all good, yellow for warning, and red for an at-risk situation.

From the Home window, you can run a Quick Scan, Full Scan, or Custom Scan, and a link at the bottom of the pane lets you change the scheduled scan. The Custom Scan lets users select specific folders or drives to scan, but it doesn't allow for customizing the type of scan used. For example, you're not going to be able to choose to scan only for rootkits or heuristics, as you can with other security programs. The program installs a context-menu option for on-the-fly scanning in Windows Explorer, too.

The Update pane manages the definition file updates, with a large action button, and History provides access to a spreadsheet-style list of All detection items, your Quarantine, and items you've Allowed to run. Although it's a basic layout, this no-frills approach to security could prove appealing to computer users who are overwhelmed by more detailed security choices.

The Settings window allows users to further customize the program by scheduling scans, toggling default actions to take against threats, adjusting real-time protection settings, creating whitelists of excluded files, file types, and processes, and the aforementioned SpyNet options. There's also an Advanced option which is still fairly basic: here you can set Security Essentials to scan archives, removable drives, create a system restore point, or allow all users to view the History tab.

Security Essentials comes pre-configured to run a scan weekly at two in the morning, when your Microsoft thinks your system is likely to be idle. New malware signatures are downloaded once per day by default, although you can manually instigate a definition file update through the update tab. Attachments and downloaded files will be automatically scanned by Security Essentials.

Help is only available in the form of the standard offline Help manual that comes with all Microsoft programs. There's nothing fancy here.

Microsoft Security Essentials Performance:
I found that it installed in less than one minute, and completed its first Quick Scan in less than 30 seconds. The Full Scan took more than an hour to reach the halfway point, and this was borne out by tests performed by CNET Labs' benchmarks. Microsoft Security Essentials actually sped up the boot time of our test computer by more than two seconds, and it sped up the shut-down time by more than two and a half seconds. However, compared to major security vendors it was significantly slower at scanning--Security Essentials took 2,340 seconds to scan, whereas most scans would clock in between 1,000 and 1,100 seconds.

In our iTunes decoding test it scored similarly to its competition, about 7 seconds slower than an unsecured computer. In our MS Office test and media multitasking tests it was faster than some--503 seconds versus 552 seconds for Norton AntiVirus 2010 in the Office test, and 844 seconds versus 876 seconds for Trend Micro Internet Security Pro 2010 in the media test.

While running the Full Scan, I noticed that it took up about 86 MB of RAM. However, it felt far lighter, and I was able to perform resource-intensive tasks like uploading photos without any noticeable freezes.

Third-party virus detection efficacy scores were not available at the time of writing, and it's not currently clear whether Security Essentials shares the same detection engine as Live OneCare. However, CNET reporter Ina Fried mentioned that Security Essentials stopped her from accidentally coming down with a case of Koobface.

Conclusion

Microsoft Security Essentials is a lightweight security app that people might turn to for a number of key reasons. It's easy on the system resources, it's easy to figure out how to use, and it comes pre-configured. It only works on legally licensed Microsoft computers, which is understandable but potentially leaves a large segment of the unprotected population still unprotected. You can't opt out of contributing to SpyNet, which isn't understandable at all. Overall, it's recommended for those who want something to set and ignore, but users who want more robust configuration choices or don't want to contribute to the cloud should look elsewhere.

McAfee Internet Security 2010 Released

2009-09-22T04:54:00.000-07:00

upto 3 Users ~~$69.99~~ Only $44.99 Now, save $25.00. Buy McAfee Internet Security 2010 3 Users Now

3-User McAfee Internet Security 2010
Comprehensive, award-winning PC security to freely explore online
McAfee® Internet Security makes PC and online protection easy for everyone. This set-it-and-forget-it solution comes with award-winning McAfee SiteAdvisor® web security, so you know the safety of web sites before you visit, bank, shop or trade online. This powerful security bundle keeps your family and your PCs safe from viruses, spyware, hackers, online scammers, identity thieves and other cybercriminals.

McAfee® Internet Security is now available with revolutionary Active Protection technology, providing immediate protection against malicious threats to your PC. A new threat can be analyzed and blocked in milliseconds, rather than waiting hours for traditional techniques. Active Protection is the best technology to keep you safe from emerging online threats.

With unmatched performance, McAfee® Internet Security runs silently in the background without slowing down your PC, boasting faster start-up, shut-down and scan times.

McAfee's security products use award-winning technology, are easy to install, and come with unlimited email and chat assistance. With continuous and automatic updates, McAfee ensures that you're running the most current security to combat the ever-evolving threats on the Internet for the duration of your subscription.

An Internet connection is required to install this software and to receive automatic updates and upgrades to keep your security up to date. You may install this product on up to 3 computers in your home.

McAfee Internet Security 2010 Benefits and Features:
McAfee® Internet Security software, now available with revolutionary Active Protection technology, offers comprehensive PC and online security with accelerated performance, and helps keep you and your family safe from online threats.

1. Revolutionary McAfee Active Protection technology (NEW) provides instant protection and the highest detection rates against today's threats.

2. New technology is able to recognize unknown viruses, stopping new threats instantly.

3. McAfee SiteAdvisor® (UNIQUE) technology indicates website safety before you click with red, yellow, or green color codes.

4. McAfee runs silently in the background and has accelerated performance (UPGRADED).

5. Identity theft protection, anti-phishing, and SiteAdvisor software all help keep your identity safe.

6. Parental controls allow you to limit where and when your kids go online.

7. New battery mode decreases power consumption by deferring power hungry scans until your PC is plugged in.

8. Online account management lets you easily add other PCs to your subscription.

9. QuickClean safely removes junk files that slow your PC and take up space on your hard drive.

McAfee Internet Security 2010 System Requirements:
Microsoft® Windows 2000 (32-bit) with Service Pack 4 (SP4) or higher,
Windows XP (32-bit) with Service Pack 1 (SP1) or higher,
Windows Vista (32- or 64-bit) and Windows Vista Service Pack 1 (SP1) or higher
Windows 7 (32-bit or 64-bit)
800 X 600 or higher resolution
256 MB RAM
150 MB of available free drive space
Internet connection
Microsoft® Internet Explorer 6.0 or later
Optional: Mozilla Firefox 1.5 or later

Supported Email Programs:
POP3 – Outlook Express, Outlook, Eudora, Netscape, IncrediMail and Thunderbird; Japanese only: Shuriken, Becky and PostPet
MAPI – Outlook
Web – MSN/Hotmail, or email account with POP3 access

Required For Anti-Spam Toolbar Plug-In:
Outlook Express 6.0 or later
Outlook 2000 or later
Eudora 6.0 or later
Thunderbird 1.0 or later
Anti-Spam also supports any other POP3 email client (without SSL) and Web accounts (MSN/Hotmail paid accounts and accounts with POP3 access)

Buy McAfee Internet Security 2010 3 Users Now for Only $44.99 USD

Panda Internet Security 2010

2009-07-05T22:29:00.000-07:00

BUY Panda Internet Security 2010 For Only USD $79.95 Here

BUY Panda Internet Security 2010 For Only USD $79.95 Here

Protection for up to 3 home PCs
Panda Internet Security 2010
Maximum protection against all kinds of Internet threats.
Panda Internet Security 2010 is a security suite that lets you use the Internet with complete peace of mind. It protects you from viruses, spyware, rootkits, hackers, online fraud, identity theft and all other Internet threats. The anti-spam engine will keep your inbox free from junk mail while the Parental Control feature ensures your children can use the Web safely. And thanks to the new Collective Intelligence technology, the solution is now much faster than previous versions.

Maximum protection with minimum impact on your PC

For 20 years Panda Security has been innovating and protecting its customers against viruses and other threats. As always, you can rest assured that Panda products combine the best protection technologies with the latest advances in speed and efficiency to minimize use of your computer's resources. This product also includes new tech support services for your complete peace of mind.

Panda Internet Security 2010 Includes:
Anti-Virus
Anti-Spyware
Anti-Phishing
Anti-Rootkit
Firewall
Identity Protect
Anti-Spam
Parental Control
Backup
Technical support service and automatic upgrades

BUY Panda Internet Security 2010 For Only USD $79.95 Here

Panda Internet Security 2010 Key Features:
1. Anti-Malware Protection
1.1 Anti-Malware Engine
Automatically detects and eliminates viruses, spyware, Trojans, rootkits, bots and other malware before they infect your computer.

- NEW! Panda USB Vaccine protects your USB drives from infection.
- IMPROVED! 80% reduced memory consumption.
- IMPROVED! Scans files in real-time and on-demand.
- IMPROVED! Scans emails before they reach your inbox, regardless of your email program.
- IMPROVED! Scans Internet traffic regardless of your browser type.
- IMPROVED! Scans Instant Messaging traffic in MSN Messenger, Windows Live Messenger, Yahoo Messenger and AOL.
- IMPROVED! Removes all traces of clutter left by spyware on your PC.

1.2 Advanced Proactive Protection
Technologies from Panda Security are widely recognized as the most effective against new and unknown malware.

- NEW! New detection technologies include generic signatures and remote heuristic scanning from the cloud.
- IMPROVED! Genetic Heuristic Engine combines advanced algorithms to detect new variants of the most dangerous malware families.
- IMPROVED! TruPrevent Technologies 2.0 silently analyze the behavior of programs, blocking those that try to damage your PC. This last line of defence blocks zero-day targeted attacks and terminates any malicious activity that has evaded traditional protection systems.

1.3 Personal Firewall
Protects you against Internet-borne worms and hacker attacks.

- IMPROVED! Smart auto-configuration allows good programs to run while blocking malicious ones.
- IMPROVED! Shields your PC from hackers on the Web.
- Wireless Monitor protects your wireless network from intruders.
- Intrusion prevention blocks known and unknown hacker attacks and vulnerability exploits.

2. Identity Theft Protection
2.1 Anti-Rootkit Technology
IMPROVED! Detects and removes silently-installed rootkits used by malware or hackers to evade traditional antivirus products.

2.2 Anti-Phishing Filter
Recognizes fraudulent email and protects you from scams while you shop, bank or pay bills online.

2.3 Anti-Banking Trojan Engine
Detects the most dangerous identity theft malware used by cyber-criminals to steal banking credentials. Specialized heuristics and generic detection techniques ensure maximum protection for online transactions. NEW!

BUY Panda Internet Security 2010 For Only USD $79.95 Here

3. Safe Internet Browsing
3.1 Web Filter
IMPROVED! Lets you use the Internet safely without the risk of infections, vulnerability exploits, browser hijacking or phishing websites. By analyzing website content, links and Web reputation scores, Panda Security provides protection against all types of Web-based malware and scams

3.2 Personal Information Filter
IMPROVED! Prevents theft from your PC of credit card numbers, social security numbers and any other personal information you define.

3.3 Anti-Spam Filter
Keeps your inbox free from junk mail. With the new spam engine detection rates are now over 97%, ensuring uninterrupted service and delivering the emails you really need.

3.4 Parental Control
Lets your children browse the Internet safely by blocking access to violent, adult, or racist content, as well as other inappropriate websites. From the solution’s control panel –and regardless of the browser type- you can assign predefined filters (child, adolescent, employee…) to users or customize filter rules according to your specific needs.

4. Backup & Restore
4.1 Backup & Restore
Safeguards your most important files against accidental loss or damage. It prevents loss of important documents either unintentionally, or through hard disk problems or other accidents. Backup and restoration from hard drive, CD, DVD, other external media or online are both extremely simple and easy.

4.2 NEW! Includes a 2GB online backup
To safeguard your most important files and allow access to them anytime, anywhere. This ultimate safety layer provides 2 gigabytes of free, secure storage for one year.

BUY Panda Internet Security 2010 For Only USD $79.95 Here

Kaspersky Internet Security 2010

2009-07-05T22:27:00.000-07:00

BUY Kaspersky Internet Security 2010 For Only USD $59.95 Here

BUY Kaspersky Internet Security 2010 For Only USD $59.95 Here

Kaspersky Internet Security 2010
Complete PC Protection
Kaspersky Internet Security 2010 automatically protects you and your family at all times - whether you work, bank, shop or play online.

Kaspersky Internet Security 2010 has everything you need for a safe and secure Internet experience.

All the features and technologies of Kaspersky Anti-Virus 2010 are included in this product.

Fully Automated Real-Time Protection
Kaspersky Internet Security stops your PC being slowed down by cybercriminals and delivers unsurpassed on-line safety whilst protecting your files, music and photos from hackers:

Keeps your money and identity safe Improved!
Protects against bank account fraud
Safeguards against online shopping threats
Cybercriminals won't hi-jack your PC
Family protection from on-line predators
Your files won't be ruined by hackers Improved!
Keeps your PC running smoothly
Safer Wi-Fi connections
Two way personal firewall

BUY Kaspersky Internet Security 2010 For Only USD $59.95 Here

Kaspersky Internet Security 2010 New And Improved Features
Kaspersky Internet Security 2010 offers a number of new and improved features together with unique protection technologies to address the latest online threats, keep your PC running smoothly and customize protection according to your activities:

Unique Safe Run Mode for questionable applications and websites New!
Security Application Monitor to give you full picture on programs installed on your PC Improved!
Identity Information Controller to give valuable data an extra layer of protection Improved!
Kaspersky Toolbar for Internet browsers to warn you about infected or unsafe websites New!
Advanced identity theft protection, including improved secure Virtual Keyboard Improved!
Urgent Detection System to stop fast emerging threats Improved!
Next generation proactive protection from zero-day attacks and unknown threats Improved!
Special Game Mode to suspend alerts, updates and scans while you play New!

BUY Kaspersky Internet Security 2010 For Only USD $59.95 Here

Kaspersky Internet Security 2010 Advanced Features For Better Protection
Kaspersky Internet Security 2010 has a range of unique tools for heightened security. Protecting your family and keeping your PC healthy:

Run questionable applications and websites in Safe Run Mode New!
Enter logins and passwords using secure Virtual Keyboard Improved!
Enable Parental Control for added child safety online
Turn on Game Mode to suspend alerts, updates and scans New!
Add folders and files with valuable data to the protected area Improved!
Scan system and installed applications for vulnerabilities
View applications working on your PC and customize their rules
Tune up your OS and Internet browser settings for better security
Restore correct system settings after malware removal
Burn a Rescue CD to restore your system in case of infection Improved!
Remove activity traces in your Internet browser (history, cookies, etc.)

Get Protection From a Range of Threats
Award-winning technologies in Kaspersky Internet Security 2010 protect you from cybercrime and a wide range of IT threats:

Viruses, Trojans, worms and other malware, spyware and adware
Rootkits, bootkits and other complex threats
Identity theft by keyloggers, screen capture malware or phishing scams
Botnets and various illegal methods of taking control of your PC
Zero-day attacks, new fast emerging and unknown threats
Drive-by download infections, network attacks and intrusions
Unwanted, offensive web content and spam

BUY Kaspersky Internet Security 2010 For Only USD $59.95 Here

Kaspersky Internet Security 2010 System Requirements
1. Required for all installations:
300 MB free space on the hard drive (the exact number is based on antivirus database size)
CD-ROM (for installation of the program from CD)
Computer mouse
Internet connection (for product activation)
Microsoft Internet Explorer 6 or higher (for downloading updates)
Microsoft Windows Installer 2.0 or higher

2. Operating Systems
Microsoft Windows XP, all editions (Service Pack 2 and higher)
Microsoft Windows Vista, all editions (32/64 bit)

3. Hardware Requirements
Intel Pentium 300 MHz or higher (or equivalent)
256 MB available RAM
Intel Pentium 800 MHz 32 bit (x86) / 64 bit (x64) or higher (or equivalent)
512 MB available RAM

BUY Kaspersky Internet Security 2010 For Only USD $59.95 Here

Facebook ban Google access to user data

2008-05-16T02:59:00.000-07:00

securitysofts

May 16, according to foreign media reports, although claiming to promote the social networking site Facebook's open and can carry data, but the premise is: Do not touch my user data.

Thursday, Facebook released a one-paragraph 7 of the blog articles, in a nutshell, is prohibited Google has just launched the "Friend Connect" the use of Facebook's API (Application Programming Interface).

The article said "Now Google has launched a Friend Connect, we have the opportunity to start an assessment of the technology, found that the technology will be without the permission of the user, sent to a third party Facebook user information, this practice Does not meet our users to achieve privacy protection standards, in violation of our terms of service. As we have to ban other users without access to information on the permit application, we must stop Friend Connect Facebook users access to information, until its compliance with To our rules. We have repeatedly and Google on the issue of the contacts, hoping to cooperate with them, in full accordance with the wishes of users share personal information. "

In conclusion, the article mentioned that "We believe that, MySpace's Data Availability, Google's Friend Connect and Facebook Connect will participate in the social network of a great transformation that allows users to enjoy a better, more secure social experience, while protecting their privacy is not Violations. We look forward with the developer community and industry to help all of our users to carry personal information anytime, anywhere, and privacy are not violated. "

Nearly a week, two major U.S. social networking sites MySpace and Facebook and Google were launched to help users of personal information, and other data into third-party site tools. Of which, MySpace product called "Data Availability", allowing users with Yahoo, eBay and other companies operating sites share personal data. "Facebook Connect" allows users to personal data or friends out into third-party site.

At present, users in the use of a variety of network services, often need to sign a different site, which is very time-consuming effort. MySpace, Facebook and Google have launched a new product is to solve this problem, through these products, users can use the same site at different friends list and to maintain the consistency of their social activities.

The social networking sites, and other sites allow users to share personal information There is a certain risk. Because in a very long time, the social networking sites are considered to be "the wall in the Garden." Social networking sites for the strict control of the user data, an increase of users to other sites difficult, from a certain extent, enhance user loyalty. With the increase in user activity, social networking sites attractive to advertisers is also increasing. Facebook and MySpace allows users to transfer of personal data to other sites, equivalent to their overturned on a wall.

CBS will be 1.8 billion U.S. dollars acquisition of CNET

2008-05-16T02:55:00.000-07:00

securitysofts

The May 15, according to foreign media reports, the U.S. CBS (CBS) announced today that will be about 1.8 billion U.S. dollars acquisition of CNET Networks. Prior to this, CNET with the dissenting shareholders for the growing.

Under the agreement, CBS will pay CNET shareholders of the purchase price of 11.50 U.S. dollars per share, representing a CNET Wednesday's closing price premium of 45 percent, but higher than the maximum CNET shares over the past two years. Affected by this news, CNET shares Thursday on the Nasdaq before trading was up 42 percent, rose to 11.30 U.S. dollars; CBS shares in the New York Stock Exchange before trading was down 3 percent, fell to 24.10 U.S. dollars.

CBS said that through this transaction, the company will be among the top 10 Internet company in the United States included, the number of visitors per month as an independent 54 million people in the world, has about 200 million users. CBS President and CEO Leslie Muwei Si (Leslie Moonves) said: "CNET is a profit, growth, well-managed Internet companies, the acquisition of such a company very little chance." He also said that the deal will help CBS will provide their own content to a global audience.

Mu Weisi said, CBS with a combination of CNET, will be in the fast-growing advertising market occupied an important position, but also by a large amount of new content, promotion and advertising program to accelerate its own development. CNET's assets, including the Internet, entertainment, news and information Web site CNET, ZDNet and GameSpot.com. CBS said in a statement, CNET has a large scale access to international markets, especially the Chinese market.

After the completion of the transaction, CNET's Web site will be incorporated into the CBS news and sports sites, CBS radio and CBS television digital media platform, and the CBS network's audience distribution networks. CBS network audience by more than 300 partner sites formed, covering 82 percent of U.S. Internet users.

In the meantime, CNET is facing a dissenting shareholder-sponsored proxy battle to Jana Partners investment company headed by the opposition groups have been committed to elections seven new members to the eight-member board of directors of CNET. So far, Jana Partners also on CBS did not comment on the acquisition of CNET transactions. Jana Partners CENT is the first major shareholders, as at February 20 holders of the latter 10 per cent of the shares.

CNET was established in 1992, is the world's first website to the concept of IT companies listed. But in recent years, CNET has encountered strong challenges from competitors. 2005 to 2007 between, CNET shares fell 19 percent, while the Nasdaq composite index rose 22 percent. At the same time, other Internet company's shares are soaring. The first quarter of 2008, CNET's net loss of 6.1 million U.S. dollars, a loss of 4 cents a share, on revenue of 91.4 million U.S. dollars, year-over-year growth of 89.1 million U.S. dollars of 2.6 percent.

Unisys revealed: biometric security technology in identity management has become increasingly important

2008-05-14T20:44:00.000-07:00

securitysofts

With the popularity of Internet banking, in order to protect the security of online transactions, most banks through the use of digital certificates to ensure the authenticity of the user identity. As of September 2007, China's financial center of the digital certificate issuance of over 1.9 million. However, according to the Centre "2007 China Internet banking investigation report" shows that there are still outstanding 71.7 percent of respondents use Internet banking because of suspected network-security without the use of online banking, this proportion than in 2006 increased by 10 percent. Unisys Global Public Sector Director, Greater China Qin Feng said that with the online services and transactions increase, as security management business, banks and the Government's major task. In this regard, traditional settings, including password plus token has been inadequate, as the technology development, dynamic password, such as fingerprint recognition technology has been adopted to deal with the new network identity theft issues.

Unisys in 2007, has published two related report also proved that the Asia-Pacific region and Hong Kong in favour of using biometrics technology to enhance security management capacity. "Asia-Pacific consumer finance market research report: return and compromise", Unisys testing with existing customers in the maintenance of the relationship between the bank or choose a new bank will make a compromise in which the findings show that the highest of all banks Recognition System The third option business. In addition, "global security Unisys confidence index" showed that in Hong Kong, 97% of the respondents were willing to take more security means, such as biometrics. 87% of Hong Kong residents expressed grave or very worried that personal information was unauthorized access or abuse and credit card information theft.

In fact, the Government and the industry is growing rapidly experience the biometric technology value to ensure that they adopt the appropriate safety measures to reduce the security risk in the complex of exposure. Establish consumer confidence, consumer confidence was, this is more and more well-known biometric authentication methods, and represents a great advantage.

Based on biometrics and other authentication measures enterprises can be used to guarantee to consumers protect their personal information the most realistic approach. But if the people accept the new security measures, enterprises need to inform these new security measures in principle, as well as their targets to be achieved. Why, for example, to extract fingerprints » Their photos will be preserved where?

Today, people long for in life and access to safe, and this desire has never been stronger. They expect, or even expect them to life in all aspects of security and protection for all - whether dealing with the relationship between health care providers, social or e-mail exchanges, such as online shopping. More importantly, the people also hope that new technology can bring about faster and greater convenience, including the Airport Customs rapid access, and hope to be able to launch mobile phone banking business.

With the public's acceptance of biometric technology, the use of the technology matures, innovation will be further voice, face, fingerprint and iris recognition and other biometric identification methods familiar to expand to new areas. A promising option is the blood recognition technology, the use of this technology exists in the wrist or finger vein of biological information code. Similarly, a biometric identification technology, automatic rapid DNA matching may also be more widely recognized. Biometric's continued investment in research and development activities will promote the further deepening and expanding to new markets, such as access to family and the elderly care services.

More and more use of "pre-registration choose (opt-in)" security projects will promote support for remote scanning of the further application of technology, to achieve regional security on the verification and faster access. For example, Unisys has registered visitors (Registered Traveller) program allows frequent access to passengers flying in support of the certificate to identify more easily through airport security checks, and will not lower safety standards. At present the United States already use the item, Australia also began to actively explore, travel facilitation (Facilitated Travel) and security early warning concept enjoys popular support.

The most important is the application of a variety of biometric security solutions and other authentication methods, or combine, such as radio frequency identification (RFID) and smart card technology. Beijing Frontier General Inspection Station at the end of 2007 launched self-service clearance system, self-service clearance system will take full advantage of the smart passports, documents and fingerprint recognition technology, through advanced information technology, to complete the border inspection procedures. Where can change from the existing passport holders of the new smart travel documents of passengers, when a simple, by fingerprints, machine quickly identify accurate, visitors can clearance rate from the present 45 seconds / 10 were substantially upgraded to Seconds / person, to effectively improve the efficiency of port clearance, saving passengers time to designate the seizure.

Regardless of what the use of safety measures, the most effective security would be to enterprises as a whole, to assess all possible security risks, including the risk of internal and external risks. This means the overall security can help enterprises further reduce security threats and risks.

Well-to-business and government, the next step is to identify and maintain globally consistent application of security, privacy in the context of strengthening moral solution. 2007, industry, government and academia alliance of global Centre for Ethical Identity Assurance (CEIA) was established to develop and promote the identity authentication standards, and support compatible with various sectors and geographical business practice. CEIA is an important measure for the drafting of a "consumer bill of rights" Bill to protect personal information and preventing identity fraud.

The reality is that the identity and biometric technology, technology-based security improvements can enhance people's privacy, convenience and choice. More and more people have realized this, but if you want to achieve this advantage, the Government and the fact that enterprises need to clearly communicate to consumers, highlighting the need of consumers in the privacy and security to choose between, they can At the same time get the two. Technology has been chosen so that enterprises can meet its security needs of the correct solution portfolio. There is no doubt that biometric technology will be those who seek to take the overall identity management methods of government and industry security solutions to play a major role.

Senior Network Management talk about how to protecting ARP virus

2008-05-14T04:26:00.000-07:00

securitysofts

Visit our Web site readers are mostly in the enterprise network management and network security enthusiasts, I believe the most recent period for us the most headaches is the ARP to deceive the type worm, the virus is very troublesome to deal with, a machine infected Net result of all the machines in the Internet disruption or chaos. The author also has categories for the ARP deception by the worm Kunrao, below the author in accordance with their own experience and experience and we are working together to deceive the ARP-like virus under control ideas.

1, ARP deception virus overview:
We can not for lack of space between here substantially on the ARP to deceive the working principle of the virus and spread mechanism, the author of the ARP is only a deception virus probably introduced. The so-called ARP deceive the virus is actually a computer infected with the virus constantly posing as the gateway IP address, repeatedly told the network gateway in all the computer's MAC address corresponding information is infected machines MAC, such as his contract Far greater than the actual gateway sent the ARP information and data.

Therefore, the correct ARP packets have been false data packets disguised by the mask, leading to other computers to the Internet when the corresponding data will be sent to the Gateway (in fact the gateway corresponding MAC is already poisoning the MAC address of the machine ), Then send and receive data from poisoning machines and completely normal machines, the gateway address is correct and complete Skip, resulting in network access problems, out false information to deceive on the page, other computer or the Internet is slow Can not get online, or even access to the address into a false pages, and so on.

2, ARP deception virus control key:
ARP deceive the birth and spread of the virus outbreak and the key is that he sent to the network in a large number of false data packets, false data packets is to tell the contents of other computers Gateway is the MAC address of the infected MAC, such as the machine's MAC address 1111-1111-1111 is, your IP address is 192.168.1.5, the network is truly the gateway address 192.168.1.254, then falsely told the other data packets is the corresponding computer 192.168.1.254 MAC address is 1111-1111-1111.

As TCP / IP protocol transmission from the low-level data link layer to start high-level network layer, so the computer must be identified by MAC address, the network of other computers have received the corresponding MAC address 192.168.1.254 is 1111-1111-1111 , Then they will be the first through the MAC and ARP cache of information to determine the target gateway computer.

So by the above analysis we can be more specific, that is, to prevent the virus ARP deception is the key to dealing with this illegal data packets - IP address is the gateway and the MAC address of the computer is infected with the virus.

3, ARP virus prevention ideas:
This paper is a discussion of the ARP cheating worm control ideas, is not burning in a Prevention of the measures, if ARP has been deceiving the outbreak of the virus, network administrators then you need to do is to detect the virus by sniffer target computer, I specific methods in the previous "close-Downloader virus" has been introduced in the article, here is not described in detail.

Below that line of thought under control - we will control the key points on handling ARP packets deceit, deception because we know that the contents of the packet is "IP address is the gateway and the MAC address of the computer is infected with the virus", as long as for this Packet filter can be. The network does not have the virus when we can know the true gateway to the correct corresponding MAC address, it is only through arp-a switch on or directly in the query. Here assume that the real gateway corresponding MAC address is 2222-2222-2222.

Then we need to switch settings on a list of filtering access control strategy, will switch from all the various ports sent out on the direction of the source address is 192.168.1.254 However, the source MAC address is not 2222-2222-2222 or destination address is 192.168 .1.254 And purpose of the MAC address is not 2222-2222-2222 packets discarded (Add to the black hole loopback loop), while the corresponding close automatically switch ports.

4, ARP deception control the virus simulation process:
As ARP deceive the spread of the virus is sent through switch broadcasting false information, and the information content of the false data source or destination IP address information must include 192.168.1.254, and the corresponding MAC address is not necessarily correct 2222-2222-2222, Such false information will be before we switch on the set of access control lists or filter shielding strategy, combined with the corresponding port completely shut down automatically to avoid ARP deceive the spread of worms. After infected with the virus will not be able to access the computer, he will be linked network administrators, thus helping us to quickly positioning of the computer, the first time to solve the problem.

Tip:
But if taken in the enterprise network topology in a switch ports such as the HUB has also connect the equipment, then connect HUB if the equipment under the computer virus infection ARP deception, it will automatically switch ports are still closed, the entire HUB Even under all the computer equipment will not be able to access, it is proposed to make full use of all or switch to connect corporate computers.

5, summed up:
Such preventive measures are needed with ACL access control lists and routing strategies such as routing switching equipment function, we must first ensure that the exchange of routing equipment to support these functions, a reasonable addition to the establishment, can not filter out the correct Data packets. Of course, this content is the author several times in the fight against the virus ARP deceive the idea of a preventive, and hope more friends to explore, learn more proposals, we will make progress together ARP deception killing the virus completely.

Sichuan Wenchuan county earthquake death toll is currently 11,921 people!

2008-05-13T05:01:00.000-07:00

securitysofts From: china.com.cn

State Information Office in May 13, 2008(Tuesday) afternoon 16:00 of the State Council Information Office press release Office held a press conference, the Ministry of Civil Affairs Vice-Minister Luo Ping, China Seismological Bureau spokesman Zhang Hong-wei, and so on 4 Chuan Wenchuan earthquake disaster and earthquake relief progress and answering a reporter's question.

Reuters: There are two issues, the first question, we all know that a lot of people have not been rescued and are now 24 hours, generally you think the number of days in hope that there can be rescued or they need about how kind of Time » The second issue, we also know that in the northern or western Sichuan, there are many large a particularly long tunnel, you have such equipment after the collapse of the tunnel was or how the future can guarantee their safety »

Civil Affairs Bureau relief Secretary Wang Zhenyao: Thank you very much on this issue Reuters questions.

You know now the first phase of disaster relief, disaster relief throughout the course of a very important time period is 24 hours, 48 hours, 72 hours after the earthquake occurred, is the urgent need to engage in the implementation stage. First, it is within the community before the half-hour or a few hours before is the key, why the last two days to resolutely personnel, the armed forces, armed police, all kinds of rescue teams into the disaster area, that is to participate in the coordination of the whole guidance Rescue activities.

Judging from the current situation, the disaster killed 11,921 people has come to see now why would like to open up the road, is to check every detail, in addition to the county what other townships and villages which, in addition to schools, there are not some individual, Have buried the population, so the first stage is now urgent rescue, relief is rescue, now this is very tense and conducting. We say that the first task is to save people.

Now we earthquake relief, as long as there is a hope, any information, to ensure that the implementation of relief, the current needs of the staff into the area, officers into the organization and implementation of those houses collapsed, every check is still not survive Or the staff to check whether there are victims, should now be said to focus on the implementation of large areas of search and rescue. May be a few days later, it may have some sporadic, but at present is to focus on the main area of the search results.

Let's bless the victims, bless China!

China Netcom using IPv6 and other new communications technologies protect the Olympic Games

2008-05-11T21:21:00.000-07:00

Attracted worldwide attention in 2008 Beijing Olympic Games will soon began, to provide communications support for the Olympic operators have also used the new technology. Tencent Technology recently learned that China Netcom used by the new technologies, including the new generation of broadband network technology (IPv6), a high-level security assurances, and so on the video surveillance network, China Netcom said it will use these technologies to Olympic venues , The Olympic command center and other key areas of real-time monitoring, protection of the Olympic Games of the smooth and orderly held. In addition, China Netcom provided by the Olympic tournament network management system: the Beijing Olympic Games can also many events in the networking management, facilitate access to Olympic organizers race information.

It is understood that the former China Netcom in the previous Olympic tournament also bear some security work for the 2008 Olympic communications support has accumulated useful experience.
Edit by: securitysofts

Blocked enterprises confidential information leak from seven physical channels

2008-05-11T21:06:00.000-07:00

Enterprise information leakage, in addition to information systems, but also through physical channels, a number of industrial espionage to be no suspicion of defrauding employees of the company confidential information. The Culture and Education How do you stop these people.

Enterprise information leakage, in addition to information systems, but also through physical channels, a number of industrial espionage to be no suspicion of defrauding employees of the company confidential information. The Culture and Education How do you stop these people.

U.S. companies each year because of hacking and illegally intruded into, physical security incidents and other criminal activities suffered the loss of up to 300 billion U.S. dollars. A company may become a target of espionage, regardless of financial data, intellectual property, or customer data, the spy who are interested. Spy physical invasion of the most common motive is to engage in industrial espionage.

Following is commonly used by spies several means, the experts on the basis of this proposed approach to stop.

Channel 1:

Employees into the company behind the spy

Spyware companies most likely to sneak into the way technology is also one of the lowest levels: the main entrance from behind the authorized staff to enter. According to statistics, 90% of the companies too easily into. In order to get mixed, with a spy may be a cup of coffee or a sandwich or wear false identity papers Taiyaodabai access. The regulations also prohibit smoking for espionage through the back door into the building to provide convenient, because smokers often gathered in the back door Tunyuntuwu. In addition, there are many people directly through the door into the delivery.

Once the spy into the company, in many ways to sensitive information. They can impersonate IT support staff, copying documents unattended. Or simply to empty conference room, with access to notebook computers, from access to data on corporate networks. In many cases, several espionage cases together, posing as a consultant, posing as another employee, if someone walked into the past, expressed regret spy on, pretend, "is scheduled to repeat the meeting room," then Shankai.

Stop approach: We can not simply the development of security policies on Wanshi, must implement: If someone is unable to prove that their employees, security personnel, reception and other staff shall not be allowed to enter the building. Many companies also report on suspicious persons formulate a clear point of order.

Two channels:

Spies posing as employees

Spyware is often disguised as IT support staff, sitting in the previous user's PC, no one would doubt their identities. Some spy waiting for opportunities to find the office empty; In other cases, spyware will be posing as cleaners, the company managed to get after work.

A company has to employ experts to find the security flaws, but asked him to avoid the use of the system CEO. However, to leave the CEO in his office, CEO's assistant asked him: "You want to update the CEO's computer» "In this way, he sat the" Fortune "Top 50 companies next to the CEO's desk. Although he avoided as far as possible to see any of the above sensitive computer information, a more sensitive information will not work if you do not see. This is indeed a Taida Yi.

Stop approach: First, to enhance staff safety awareness. Most companies rarely in strengthening the awareness of staff have input, the majority of people think that building in general be OK. Lawless elements used precisely this mentality. Companies need to provide what is appropriate and what is inappropriate, then the implementation.

The second is to use protection tools, such as a password screen protection for data encryption, and has requested access to a large number of employees (for example, IT managers and executives) use a strong password. It is regrettable, however, most networks have not taken adequate and effective protection, many companies set up a common and stupid passwords, these accounts is often a password.

Finally, the importance of the need to classify information, and the priorities for storage. Even if only to the IT managers and senior staff of the accounts implemented encryption, can also solve the problem of 70%.

Commercial spy everywhere

Three channels: spies posing as visitors

Another sneak into the company is posing as a means of legitimate visitors, such as telephone or electrical Weixiu Gong, burglar alarms or fire department inspectors sent to check the smoke alarm and other staff. Spy bought fluorescent T-shirt and work boots, and then downloaded from the Internet Hot Stamping logo, posing as a dress, as long as the package will spend the first seven U.S. dollars. But security experts posing as visitors in the building Zhuanyou company, found detailed information on customer accounts, payroll data disk, with the default voice mail guide, advertising expenditure information, bank statements, Staff Directory, and filled the company's strategy notes The whiteboard.

Stop approach: an attempt to enter the building must verify the identity of the foreigners, and not only verify identity. Employees should be required to visitors at his employer's name and then check the information online, then call the other side, to ensure the accuracy of visitors. This is very cumbersome, but it is very necessary.

Four channels: Web applications through espionage theft

Not all spies have adopted a low technology content; According to SANS Institute in 2007 released the top 20 Internet security risks report shows, more and more people in the use of Web application security vulnerabilities. Report of the existence of loopholes in the Web application as the first Dah Sing emerging risks, it can lead to strokes in the site, data theft, computer has been connected to the endangered sites. The report said, Web application attacks in 2008 will be substantially increased.

To stop: The Web scanning tools can help find application loopholes with the source code if the assessment tools and application penetration testing a combination of better results. SANS Institute proposed inspection of the targeted Web application framework, and adopt corresponding measures for reinforcement.

Channel 5: spy bribe-house staff

Engage in espionage destruction is an effective means of bribe-house staff and theft of information. This often means high-tech ride and not the top, as long as the use of existing staff access, you can download large amounts of data.

To prevent: the use of access control and should take the initiative to review technology. For example, if a 30 day visit record, but a sudden visit to 100 records every day, then this is a dangerous signal that needs attention. In addition, if employees suddenly begin to access data from home, but also attention. With anomaly detection procedures can be found in such acts.

Moreover, the use of the operating system's access control capabilities are also important. People did not spend very much time to a reasonable allocation of these features, many employees access to the actual task beyond the completion of the necessary access.

Anti-hacking technology to

Six channels: "keystroke recorders" theft

Sneaked into the building can be installed inside the spy keystroke recorders. Such equipment will be the keystrokes of computer users through the e-mail to the address specified, but also to save keystrokes in the flash memory. Many keystroke recorders were found almost impossible, such as directly connected to the keyboard connector of the keystroke recorders. There had been such a thing: spies posing as office cleaners, use of such tactics from a British bank Qiede almost 300 million pounds.

Block approach: a comprehensive examination of the physical computer equipment. If unable to fully inspect the computer, the glue can be used to connect to the computer keyboard are all Nianlao so keystrokes on the keyboard to connect.

Channel 7: theft through phishing

Phishing is a use of social engineering tricks, espionage aimed at trick people into disclosing information (such as the password) or jeopardize the implementation of the operation of confidential data, such as clicking on the link, thereby allowing others to remotely control the computer. In fact, phishing is the most important one of the Internet security risks.

Stop approach: continuously strengthen their security awareness, through the exercise to simulate phishing act. The company also should be avoided in public sites reveal too much information, including the company logo and employee's email address.

Another solution is to disable the computer USB port, or use a centralized tool to restrict the use of ports and external equipment, which will increase the difficulty of espionage export data.
Edit by: securitysofts

Kaspersky nearly 20 kinds of practical use

2008-05-11T20:44:00.000-07:00

Kaspersky is the more common use of antivirus software, the article on the use of a number of Kaspersky skills, let Kaspersky more convenient to use
The following methods set up Kaspersky, will be especially handy to use:

1: President Kabbah must be fully installed before unloading other soft kill. If you have a conflict, in the normal Windows environment can not kill any anti-installed software and then need to enter the security mode, the installation of an anti-operation. Kabbah 6.0 and rising serious conflict [even if the closure of rising monitoring] [Jinshan also the case], the specific performance of the boot into the desktop after the Dead! For many netizens said, after Kabbah antivirus system led to the collapse of the situation can not start, I have encountered! Personal feeling is that viruses or Trojan associated with the system files. Kabbah Tip: You can not remove, I have chosen is: delete. In the process and remove viruses or Trojan associated with system files were deleted, resulting in a system crash! Some prefer Cuosha 1000, can not pass up a feeling. After the collapse of several systems, I chose the Zhuangwan system, in the case of non-toxic system installed immediately Kabbah, to install software, Internet! Kabbah's protection or good, so viruses or Trojan infection was not so easy, there will be no recurrence of the collapse of the system!

2: Kabbah must remember that the "self-protection" on the check, to prevent malicious code amended Kabbah! The default is on the elections, it is better not to amend.

3: In the first Zhuangwan Kabbah after a comprehensive scan this time may be president of points], in subsequent scans, we can confirm the safety of the documents [such as: movies, games] does not scan, this can greatly save scan时间. Method: Set - - confidence in the region - excluding tag - add - that you can choose the safety of the document. Kabbah scanning the cabinet is quite time-consuming.

4: reduction systems or heavy equipment in the system, be sure to do a good job in the virus database backup, restore or re-installation. Under normal circumstances, Kabbah of the virus on this file in the directory: C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab need only to AVP6 backup to other disk [Application Data folder attribute is hidden, To be amended to find, and then in the reduction or heavy equipment, you AVP6 backup coverage to the directory under it. [Note Kabbah switch off the self-protection, or else they might not be able to copy into account]. And then withdraw from Kabbah, President Kabbah re-entry, he will remind you restart the computer to complete the update, which can then be convenient to have previously updated the virus to direct the use of [remember that open "self-protection"]! If the above content backup, and that your virus database will be a reduction in your previous restore points of that place, you will re-update the virus, president more time!

5: Kaspersky dmp file is interrupted because of Kaspersky procedures after generation of temporary files, delete can rest assured, in no way affect the use of.

6: President Kabbah during the upgrade, it will affect the speed of Internet access, particularly for a greater impact on online games. Moreover, the failure of President Kabbah sometimes upgrade will keep repeatedly connect to the network, affecting the normal operation of the game. Is set to upgrade manually, can be avoided.

7: real-time monitoring of the document, Kabbah in default on all the networks set, all local disk, all the mobile disk are to monitor, if your computer configuration is not high, then the document can be customized monitoring, it Only monitoring system can be set, the other can be released, since in general can do a regular full scan. Laws are as follows: Open Kabbah's main interface options: setting - paper - custom - the scope of protection, the default for all local disk, all set in front of the net remove the hook, then right-click the "add" to open " My Computer ", select System-General is the C-], then under the" includes all of the folders "option in front of the hook bear, and then set point - OK - Application - determined that a completely OK.

8: If you are not using Microsoft's mail, can anti-spam features to remove.

9: win2000. win2003 installed Kabbah 6.0 need to download the orca. msi this change msi file tools, installation, its version of the 3.1.4000.1830, is win2003sp1SDK in the tool. 2 orca with open KIS6.0 or kav6.0, found LaunchCondition this Table, will MsiNTProductType = 1 or Version9X delete this line, then save msi file, you can installed in 2003.

10: installation repeatedly restart, this may be the computer out the existing anti-virus program firewall program did not fully uninstall the swap, these procedures manual uninstall out after re-install the test.

11: adsl users often broken network and unloading Kabbah after the Internet security suite normal, the general security suite Kabbah is due to the settings, select the "network attack against the defense," Kabbah detection has been attacked, the protective net off. Click on the "intrusion detection system" - "set up" and get rid of its default, "the prohibition of attacks on computer time" in front of that could be the hook. Here to explain to remove the blockade, only removed the blockade of the time constraints, the blockade is the same function effectively.

No. 1

12: 360 Jihuo Ma is activated KAV [Kabbah anti-virus software], if you like to activate KIS Internet security suite that is necessary to amend the registry, the registry in the HKEY_LOCAL_MACHINE \ SOFTWARE \ KasperskyLab \ AVP6 \ environment in the ProductType of the KIS into KAV it can use, but recommended key.

13: Kabbah Shazhu often hear the same sounds, is not feeling very不爽, and sometimes do not pay attention to also threaten his jump, to close Kabbah of "self-protection" and then to C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 6.0 \ Skin \ sounds, using their favorite to replace the original Wav files on the line.

14: Kabbah 6.0 KEY document was included in the blacklist, this situation is the result of President Kabbah updated server blocked this KEY, this time in service as long as the option to delete the original and re-KEY to add a The key to use it. It is also possible, the same Kabbah in a KEY part of the update on the server was blocked, but in another part of updating the server has not been closed, so you can choose再换KEY before the other servers to update try.

15: Kabbah after the installation of the virus prompted the damage

1, the system time to adjust your normal time.

2, follow the prompts to download the updated virus.

3, key damaged, replace the other can use the key.

4, Kabbah completely uninstall the software and installation directory and registry keys on the complete removal of President Kabbah, re-install Kabbah.

16: Kabbah antivirus after all EXE files are opened up, "Select Open With" tips.

Solution:

1, restart the computer in accordance with a command prompt F8 to enter the safe mode

2, the implementation of this order assoc. Exe = exefile [Note: assoc with. Exe between a space], the screen shows ". Exe = exefile"

3, now close the command prompt window, press [Ctrl + Alt + Del] key combination for a "Windows security" window, click Shutdown button to select the "restart" option, the normal mode is activated, all the EXE files can be a normal operation. This method applies win2000, winXP

17: If you are using the 163 like-mail and use FOXMAIL, Outlook Express software, you are set on, otherwise there might not be able to see your mail, or download e-mail attachments can not be the case

Method: Set - services under the network settings - port settings - found that the port for 80 items - the Xiaogou removed!

18: loaded KIS6.0 just friends, there will be a restart after you have not conducted a comprehensive computer scanning tips, but what if the shielding of the ads will prompt a pop-up box, you can not let it Then Tip: Choose: "services" and "Confirmation" of the hook to the front of it.

19: You can not uninstall the normal Kabbah solution

1, please stop the process

2, in the "services" to stop klblmain services, and startup type to "Disabled" [According to this need, if unloaded automatically install the interface, please do so in accordance with the above]

3, manually delete the following several folders: C: \ Program Files \ Kaspersky Lab, C: \ Program Files \ Common Files \ Kaspersky Lab, C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab [to Open hidden folders]

4, kaspersky do with the registry, keyword search, find deleted after. Of course, the registry can be used to delete the unloading specialized tools, such faster. Delete the registry and delete the folder does not require the order, and then restart the installation process, we must reopen!
Edit by: securitysofts

From "Edison Chen incident" read computer data security, experts teach you how to protect privacy

2008-05-11T03:39:00.000-07:00

Edison Chen, "Yan Zhao leaked" the recent incidents of public opinion become hot spots, around the Yanzhao sources and leaked process, computer data security issues once again become a community-wide discussion of the topic. According to reports, Chen's computer may be sent to repair the leak led to Yan Zhao, then general users, enterprises and institutions should be how to protect their confidential information and date?
The rising data security experts said that the artist may have compromised Yanzhao three conditions: First, for service, not the private information from the hard drive to delete the second, delete means too simple, such as direct DEL keys Delete or format the hard drive; third, using a professional means delete, but was resumed with professional equipment. Rising data security experts have warned, no matter DEL delete or format the hard disk, not from the fundamental guarantee for removal of hard data, so the destruction of important data, we must seek assistance from professional security company.
Rising data security experts, data security services, including data recovery and data destruction, which are highly professional work. For ordinary users, be they computer failures, the virus caused the destruction of data loss, or delete their information professionals are likely to be fully restored. Therefore, if the user would like to restore, or removal of the important privacy of computer data, we must seek help from rising this brand security company, can be the appropriate services, protection of private information from disclosure. And the usual computer maintenance, to have the best brand of professional firms.
According to experts, the most advanced data recovery techniques, even from the hammer to drive in the restoration of the damaged part of the data. Therefore, contains important information on individuals and businesses drives, computers, hackers often become targets of the hunt. Some professional hackers will handle the waste from the enterprise hard drive in the restoration of confidential data, for sale abroad. Rising data security experts advise users and business units, storage of confidential information and computer hard drives should not be arbitrary treatment.
Experts suggest that for ordinary users speaking, the use of rising anti-virus software integration in 2008 "document to smash the" delete files after the function, can allow the majority of data recovery means failure. If more thorough in order to remove the data on your hard drive, you can turn to professionals such as rising data recovery, they have years of experience in data security, and will sign with the users of data in the process of destruction of private information confidential contract, you do not have to worry about The privacy of information leakage.
Edit by: Securitysofts

Break the speed limit

2008-05-11T03:31:00.000-07:00

In today's attention to mission-critical applications and the immediate response of the generation, data delayed stifled the user experience. Gartner research institutions that delay is "the application performance of the silent killer", a delay hindered the user to enjoy the benefits of WAN, but also makes wide-area network (WAN) can not develop their potential. Therefore, service providers and users would like the issue of delay can be resolved, at the same time play the application's performance.

With the consolidation of IT resources and web applications for internal and external users by the change, customers have become very dependent on the smooth and safe transmission network in order to achieve applications. However, even when there are sufficient bandwidth, latency (network transmission document the time spent) will also reduce the efficiency of application.

Delay is a method to solve the realization of the entire WAN application acceleration, and strive to achieve the transmission speed local area network.

The wide area network optimization

Accelerate the application of a new generation of wide-area network optimization solutions. An application acceleration solutions may be a hardware, a package or two of the integrated. The Internet or by reducing the number of data transmission network, these solutions can accelerate application delivery. Through the use of sophisticated data compression algorithm that can achieve this purpose.

Reverse - positive cache technology is another way to accelerate the flow. Users do not have to have been from the remote server to receive, in their access client, hidden in local memory. By easing congestion and speed up SSL encryption so that the transfer protocol optimization, while addressing such as Microsoft's CIFS (a tedious document processing agreement, originally designed for LAN operations) of such general agreement document the problem. The rapid messaging (MAPI), the Microsoft Exchange Server and Outlook e-mail clients used by the agreement, is another benefit a lot from the acceleration of the agreement.

What is driving the demand for application accelerator »

Decentralized business model (in the traditional concept, which is a strategic approach) to promote the application of the threat accelerator market profit growth, become a potential corporate debt. Delay only accelerate the market for one of the factors, other factors including:

Server decentralization: the decentralization of resources could achieve the effective control is to comply with government regulations and ensure business continuity in the key. As the "Sarbanes - Oxley Act" (The Sarbanes-Oxley Act (SOX) and "The New Basel Capital Accord" (BASEL II), such provisions require companies to protect their critical applications and customer data ( As in the case of patients with medical information), control access to data and prove that they aim to achieve the protection of the measures taken and when applications, data and resources have been concentrated in a few regions, to provide for the protection of the highly decentralized state, More easily.

WAN Capacity: WAN link with limited bandwidth. When a user tries to spread throughout the enterprise network sent more rich content, such as page images, multimedia and other large-volume document, which has become one of the obstacles can not be ignored. Through consumption than traditional client / server at least up to 10 times the bandwidth, the traditional web application to the problem worse. Faced with the pressure, including the costs, IT managers can not expect only the help of additional bandwidth, we can find a way out.

Feasibility: not connected to data centers and enterprises in other sectors connected equipment, work will stop. To create a smoother-based applications, the network can understand a higher level (from 4-7) the content and services, transport services is bound to complete the conditions. Equally important is the uninterrupted operation in the workplace, there should be a number of branch offices and remote users connect the line to ensure uninterrupted business processes in the case continue.

Competition: because the manager or the end-user enterprises will deploy more applications, applications (the same requirements of the limited bandwidth) will intensify the competition between. This will lead to business-critical applications for non-critical communications traffic and slow down. Therefore, to ensure that application performance and reliability requirements of a fully compatible with a high degree of reliability of the wide area network optimization controller.

Security: As the mobility of employees, companies need to provide for their employees access to enterprise applications and other major decentralization of resources means security. In many cases, secure access must be extended to enterprises such as customers and partners such "an outsider."

Manageability: IT managers can not control or manage their invisible things. If IT managers fail to spread awareness of what is happening in the business, the ability to control or change their on how best to improve the performance there will be no clear concept.

Support: data replication and disaster recovery high on the feasibility of a key role. Since the establishment of enterprise data centers away from the support of the original location, so they can not send high-bandwidth, low-latency server, allowing the copying of data, can not meet their recovery point objectives of the request. Enterprises must overcome the technical obstacles, so as to avoid loss of data to ensure that in the event when faced with catastrophic events, to carry out a smooth switch.

Changing attitudes

Taking into account the trend and the driver of factors, wide-area Internet companies are re-visit the application accelerator, as part of its strategy to optimize and create new customer value and unique competitive advantages.

To Cathay Pacific Airways as an example. In order to support the future expansion of Cathay Pacific Airways need to upgrade networks, all from the private system needs to change public system. The system can use IP-based applications, improve customer experience. Companies selected Juniper Networks WX series WAN application acceleration platform is in order to accomplish this task. As a result, high-speed links, and do not respond to the demand for equipment upgrades, Cathay Pacific wide area network capacity increased by 68 percent, and the existing network to minimize interference and effective by eliminating the demand for more high-speed connections and equipment to update the savings Cost.

Another example is BuzzCity Pte Limited. Singapore-based BuzzCity Pte is a mobile applications and content delivery company. The company needs to support its core business of the Web current and future performance, while reducing the expansion of applications and hardware costs. By Juniper Networks DX Series platform, provide load balancing and application acceleration, the company can easily break through the heavy before the monthly 75 million to 90 million page views, while supporting up to 60:1 for the customer's server ratio.

The last whole year, Juniper DX and WX series series solutions in the IT industry was the rapid growth in profits. This reflects the return of the IP network operators expect traffic growth, its causes, including further strengthen the interaction and so on, the use of broadband, video and continuously enhance network reliability. IP network provider in which the strategy and their corporate customers is a key business tool. In addition, the market is showing a high-performance, integrated solutions development of the momentum to improve operating efficiency.

Application acceleration solution seems to be a change in thinking. The rules of the game is no longer guarantee the normal operation of a second time or output or even trading volume. Today's network goal is to provide users with compatible, high-performance, reliable and safe application of experience.
Edit by: Securitysofts

On a unified multi-threat security solutions

2008-05-11T03:18:00.000-07:00

Increasingly complex security threats, continued to improve the regulatory requirements and continuous development of new applications to the enterprise network security has brought more new problems. As the management problems, increase the number of single-point solution is not always the best option. Fortinet's Asia Pacific vice president Jens Andreassen, consider the question is: How can we carry out a practical security gap analysis, and choose a suitable manufacturers to improve network security, and will not increase the complexity of management.

Every day in their efforts to safeguard network security IT managers face increasingly complex challenges, because they face the threat of more complex, the increasing burden of compliance, and new applications and technology has also brought more loopholes.

Hackers are now more concerned about the access to economic interests rather than Yangmingliwan, and organized crime in the network security in the struggle began increasing the proportion occupied. In addition, because the network layer to maintain sustained vigilance and have developed a variety of firewall and intrusion prevention system (IPS), therefore, not only confined to the security of the network, thereby including the content (data) layer.

Information security, anti-virus, anti-spam, Web filtering, anti-spyware technology needs… this list continues to lengthen, it is very difficult to keep up with this small business development speed.

Compliance with the protection of the guiding principles for IT managers have brought a heavier responsibility. They must not only adopt the latest technology to deal with potential threats, and must prove to make every effort to protect sensitive data and networks.

All kinds of traffic and activities must be recorded in the log, in order to review and prove their compliance, and also to facilitate evidence collection. This is for the rapid identification and repair of network security loopholes in the system is essential. These more weight to their burden.

Therefore, in order to fully enhance operational efficiency and gain a competitive advantage and business success, IT managers for their hard work and efforts to provide a better user mobility, interoperability and third-party network access capabilities.

The addition of new or upgrade existing applications to achieve the various new technologies to improve the basic, perhaps can improve business performance, but unfortunately, it also added a new attack loopholes.

Practical Network Security
IT security in general is only part of the overall IT budget, and the overall IT budget and the overall operating budget is only a small part. We need not only the threats of the business in accordance with the potential impact on their grade level, but also need to balance the budget in IT related technologies and products. All of this must be in accordance with the rules, to reduce capital expenditures and related operating expenses.

This explains the integration of all network security functions more and more interested in the reasons, because it can reduce the implementation of safety facilities and management of the complexity and cost.

But it also concerned about the unity of the IT managers to provide a practical approach in particular, the method can be summarized as the following three points:

1) security to be regarded as more networks and the availability of an important part of this availability enables users to complete its main business. In practice, security technology and products is how they choose to serve this objective decision. This approach is that the benefits of IT in accordance with the overall goals and core business easily make security decisions.

2) integration of many companies that manufacturers are "wholly or do, or do the whole", while some companies still insist on buying the best single totally different functional products. But the reality is: even if the integration of two or three functions can also bring significant benefits, such as reducing the complexity of management and reduce the impact on the environment (because less equipment) and generate a higher return on investment. These factors will help reduce the risk of network protection, so as to cope with equipment from different manufacturers result of the evolving security "threat situation."

3) no matter what the programme, must be the safety of existing investments added. This is almost needless to repeat the obvious, but too many manufacturers seem to think their solution is better than years of IT managers cautious investment, implementation, training and experience. The complexity of the management can never be totally avoided, but it can choose the right products to reduce.

Fix the network and found security flaws
Develop small-scale network integration plan and from the unified threat management as a means of benefit are: IT infrastructure will be divided into functional regional network, which the district can be physical (such as: data center or core network) or the logic (For example: visitors access or e-mail communication). Through this scheme, there will be able to figure out what kind of safety deficiencies, and to enable IT administrators ultimately determine the appropriate solution.

IT managers should ask a simple question: whether or not the function of regional networks using the appropriate products and technologies.
1) peripheral
2) Data Center
3) core network
4) ROBO / SOHO
5) secure e-mail communications
6) end

Neighboring
The network perimeter is the first line of defense is the focus of various external threats, particularly network and content on the criminal purpose of the external threats. The potential defect is common in VPN (IPSEC or SSL), firewall, intrusion prevention system (IPS) and various anti-virus solutions - throughput, availability, as the threat of procedure.

Data Center
Data Center has a variety of servers and applications to help business users work. Here is the greatest challenge throughput and real-time operation, in particular with important applications and content of anti-virus scanning on the throughput and real-time operation. If unable to keep up with security solutions, certain things will be slipped into the past, many users of the impact, if not all users.

Core Network
Core Internet challenges including high bandwidth and a large number of concurrent sessions, and the existence of small packets of real-time applications such as voice over IP (VoIP).

Many solutions that can be achieved on the 512-byte packet of high throughput. But in reality, when dealing with small packet performance usually decreased significantly. Although the main core network and firewall, VPN and the operation of the IPS, but the choice of the solution must provide scalable capacity, performance, high availability and redundancy. It belongs to speed up the network and content protection capacity of the ATCA hardware and dedicated ASIC processor areas.

Remote office / branch office (ROBO) and small office / home office
Remote office / branch office (ROBO) and small office / home office (SOHO) has brought many of the same issues, and also an increase of wireless networks and various access equipment (such as: DSL modem) roaming users and attack vulnerabilities , And other real-time voice and presence applications. For any programme to provide a small packet throughput of the inspection is very important.

Secure e-mail communications
E-mail is an important way to virus infection, resulting data is the main source of insecurity, the main legal disputes spread medium. In regulatory terms, advanced archiving is an important function, outside of the important content filtering to protect confidential information.

Terminal
Depth protection requirements on the network pay close attention to the various terminals: desktop computers, notebook computers and PDA, and so more and more. Security flaws in this area could damage the integrity of networks and applications, enterprises can meet the safety standards is the key. Guard against spyware and viruses the ability of particular importance. Personal Firewall and reliable VPN client can work together to increase protection.

Fully integrated
Measure unified threat management (UTM) solutions, regardless of network security features of the whole or in part, it is important to choose the manufacturers not only to provide a variety of security technology, but also to provide unified management, reporting and threat analysis. Otherwise, all kinds of totally different end product will still have the same management burden and operating costs an even greater impact.

Unified management, reporting and analysis
Security infrastructure management mainly involves the formulation of security policy, issued and implemented, and all parts of a variety of network security device configuration management. UTM solution should be able to provide a single management and control platform, a unified security features, strategies and configuration change control, thus realizing precise management control.

Strategic management of the reporting requirements of a strong, these features will be all kinds of equipment and technology integration activities, while providing network capacity and use of data to achieve a good network management. Scheduled and on-demand report, coupled with a large number of standard reports, means that when needed it easy to customize. These features include the relationship between the incident, evidence analysis and vulnerability scanning, and so on, in and management control platform more closely integrated, have become very important.

Unified Threat Research
Any UTM solutions are dependent on the timely updated summary of features, URL and other threats to information, so as to follow up the rapid evolution of the threat. Automatic Updates will be able to do this, but by the hour rather than daily updates service level agreements for the network to provide the best protection.

Aggregate
A unified security solutions, even if only two or three functions, but also able to network security concerns of IT managers to provide a method in their network infrastructure in the integration of a variety of new security technology. Solutions must provide a unified management and reporting control platform, all the functions of integration as one. Without these things, the solution can not be achieved lower operating costs requirements.

UTM should be end-to-end network solutions for comprehensive and uniform protection, the solution enables IT administrators the flexibility to apply to the use of environmental security features to protect various parts of the network.
Edit by: Securitysofts

[Virus Security]Symantec, Intel work on security on microchips

2007-08-15T07:45:00.000-07:00

Symantec and Intel are jointly developing security products that could be built into tiny computer microprocessors, Symantec Vice President Rowan Trollope said on Tuesday.

The program, dubbed Project Hood, is part of an effort by both companies to expand their use of virtualization technology, or using software to replicate entire computer systems.

They are developing software security "appliances" that would work with virtualization technology that Intel is already incorporating into its computer chips, Trollope said.

Appliances are specialized computers that handle tasks such as storing data, streaming music or securing a network.

Instead of designing the security software to run on Microsoft's Windows or another operating system, Symantec and Intel are building it so it can directly interact with the Intel chips.

"It runs underneath and alongside the operating system," Trollope said.

The companies are developing the products for use on servers and business desktop computers, though they may eventually expand the effort to consumer PCs, he said.

Edit By: Adrian Flucuş

[Network Security]U.N. Internet sites hit by hackers

2007-08-15T07:40:00.000-07:00

Hackers breached the United Nations Web site during the weekend, prompting the world body on Monday to stop posting new information while technicians evaluated the system, U.N. officials said.

Early on Sunday, the hackers defaced the official Web site on pages reserved for Secretary-General Ban Ki-moon with slogans accusing the United States and Israel of killing children.

The United Nations quickly removed the hackers' messages and on Monday stopped updating the site while the system was assessed, U.N. spokeswoman Michele Montas said.

In addition to the main U.N. site, the web pages for the Economic and Social Council and the Paris Web site of the U.N. Environment Program were also attacked, Montas said.

She said U.N. investigations were underway and "quick action was taken to prevent damage to the computer system." Key financial information was not affected, she said.

A repeating message on the secretary-general's page read: "Hacked By kerem125 M0sted and Gsy That is CyberProtest Hey Ysrail and Usa, Dont kill children and other people Peace for ever No war" according to snapshots of the site by bloggers.

One of the three hackers claimed to be Turkish.

CNET, a computer and technology publisher. "The perpetrators appeared to have used a well-known and highly preventable technique called SQL injection, which takes advantage of flawed database programming to activate malicious lines of code," CNET said on its web site.

The defacements, which affected the secretary-general's site and news pages (HTTP://www.UN.org/news) were cleaned within hours, Montas said.

In an e-mail to CNET's news.com Web site, Giorgio Maone, an Italian software developer who has worked with the world body, said, “The U.N. staff just deployed a cosmetic patch, which hides it from the most obvious tests, but it cannot prevent an attack” and said he had offered his assistance.

At the Web site www.M0sted.org, there is a list of sites allegedly hacked by the group, including Harvard and other universities and Norfolk and Norwich University Hospital in Britain, CNET said.

Edit By: Adrian Flucuş

[Network Security]Study finds kids justify illegal downloads

2007-08-15T07:30:00.000-07:00

Children in Europe are aware of the risks of illegal downloading, but often rationalize their act by saying that everyone — including their parents — is doing it, according to a major European Commission survey.

Other excuses included: the download is for personal and private purposes; the Web sites presumably remunerate the artists; claims of harm inflicted on artists lack credibility; and DVDs and CDs are simply too expensive.

Almost all of the children surveyed in the 27 European Union member countries as well as in Norway and Iceland said they expect to continue downloading. They also said the risk of downloading a virus was far more dissuasive than the risk of legal proceedings.

The survey results, released Friday, found that most kids use the Internet several times a day and, while Internet use is to some extent limited by parents, most own their own mobile phones, the use of which is largely unsupervised.

The survey also found that children are much more attuned to such potential online risks as security, viruses, identity theft and potential dangerous contact with strangers than parents imagine, and tend to know about the necessary precautions.

Edit By: Adrian Flucuş

[Network Security]UK MPs urge Internet firms to tackle cyber "Wild West"

2007-08-15T07:23:00.000-07:00

Internet companies, retailers and the government must do far more to protect people from the dangers of the "lawless Wild West" of cyberspace, an influential group of British Members of Parliament said on Friday.

In a critical report, the MPs said the government and industry have a "laissez-faire" approach to online crime that could lead to an “economically disastrous” loss of public confidence in the Internet.

With computer fraud growing more sophisticated, people have little hope of protecting themselves alone, the House of Lords' Science and Technology Committee said.

"You can't just rely on individuals to take responsibility for their own security," said committee Chairman Lord Broers. "They will always be outfoxed by the bad guys."

Cybercrime is one of the fastest growing criminal activities, not just in Britain, and includes a huge range of illegal activity including financial scams, computer hacking, downloading pornographic images, virus attacks, stalking by e-mail and creating websites that promote racial hatred.

The lawmakers said that industry - from software makers and Internet service providers to banks and shops - must do far more to protect customers.

And they criticised the government for insisting that responsibility for security rests with Internet users, who are often faced with a “bewildering” set of options.

"This is no longer realistic, and compounds the perception that the Internet is a lawless 'Wild West'," the report said.

The government must work with the European Union to see if more responsibility for security could be legally handed to computer and software makers, the report said.

A network of police computer laboratories should be set up to fight the "flourishing" online crime industry.

Senior police must get the extra funds needed to launch a central e-crime unit and a Web site where people could report online offences.

The report also highlighted the lack of clear figures on e-crime. The government should also make sure the courts are aware of the seriousness of the problem.

"The choice is either to intervene now…to keep the threat to the Internet under control, or to let it grow unchecked, and risk an economically disastrous, long-term loss of public confidence in the Internet," the report concluded.

Edit By: Adrian Flucuş

[Network OS]Novell wins rights to Unix copyrights

2007-08-12T19:26:00.000-07:00

SCO also owes Novell for licensing revenue paid by Sun and Microsoft

August 11, 2007 - Novell Inc. won a significant ruling in its lengthy battle with The SCO Group Inc. on Friday.

A judge in the U.S. District Court for the District of Utah Central District found that Novell is the owner of the Unix and UnixWare copyrights, dismissing SCO's charges of slander and breach of contract.

The judge also ruled that SCO owes Novell for SCO's licensing revenue from Sun Microsystems Inc. and Microsoft Corp. SCO is obligated to pass through to Novell a portion of those licenses, the judge said.

In the ruling, the judge said SCO must pay Novell, but the amount will be determined in a trial, said Pamela Jones, founder and editor of Groklaw, a Web site that follows open-source software legal issues.

In another major blow to SCO, the judge said that because Novell is the owner of the Unix copyrights, it can direct SCO to waive its suits against IBM Corp. and Sequant. "SCO can't sue IBM for copyright infringement on copyrights it doesn't own," Jones said.

The ruling is good news for organizations that use open-source software products, said Jim Zemlin, executive director of the Linux Foundation. "From the perspective of someone who is adopting open-source solutions to run in the enterprise, it proves to them that the industry is going to defend the platform, and that when organizations attack it from a legal perspective, that the industry collectively will defend it," he said.

The decision is "abysmal" news for SCO, according to Zemlin. "Their future is looking bleak," he said.

SCO, which may still appeal Friday's decision, did not reply to requests for comment.

In a statement, Novell said the ruling cut out the core of SCO's case and in the process eliminated SCO's threat to the Linux community.

Still outstanding are several counterclaims. For example, Novell's slander of title counterclaim against SCO is still ongoing and will go to trial, Jones said.

The case is so complex that the judge asked the parties to file a document with what they think is outstanding in the IBM case, Jones said. Those documents must be filed by Aug. 31.

The battle began in 2003 when SCO filed a suit against IBM claiming that it had violated SCO's rights by contributing Unix code to Linux. The following year, SCO sued Novell, saying that Novell falsely claimed it owned rights to Unix.

Edit By: Nancy Gohring

[Network Security]'Hackers' deface UN site

2007-08-12T19:16:00.000-07:00

Some sections still offline hours after Turkish trios uses SQL injection attack

August 12, 2007 - "Hackers" defaced the United Nations' Web site early Sunday with messages accusing the U.S. and Israel of killing children. As of late afternoon, some sections, including the area devoted to Secretary General Ban Ki-Moon, remained offline.

The attack, spelled out by an Italian software developer on his blog and later reported by the BBC, replaced blurbs of recent speeches by Ban with text attributed to a trio of would-be hackers.

HACKED BY KEREM125 M0STED AND GSY
THAT IS CYBERPROTEST HEY ÝSRAIL AND USA
DONT KILL CHILDREN AND OTHER PEOPLE
PEACE FOR EVER
NO WAR

The section of the U.N.'s site dedicated to Ban was still offline as of 5 p.m. EDT Sunday. It sported a message reading: "This site will be temporarily unavailable due to scheduled maintenance."

Giorgio Maone, a software developer from Palermo, Italy, noted the incident timeline and posted several screenshots of the defacement on his blog. Maone pegged the attack as an SQL injection exploit, which let the attackers add their own HTML code to the site. SQL injection attacks are a common tactic by defacers, and have been used against numerous government and commercial sites worldwide. In June, Microsoft Corp.'s U.K. Web site was defaced by an SQL injection.

"There's a technical reason for the missing apostrophe [in DON'T], though, because messing with this very character (') is part of the technique apparently used by the attackers," said Maone in his blog post Sunday. "The [U.N.'s] site is vulnerable to an [SQL injection] attack...this is a very well known kind of vulnerability, fairly easy to avoid and very surprising to find in such a high profile site.

"Moreover, the hole seems not to be patched yet, thus the site could be defaced again at will," Maone added.

In the past, "Kerem125," "m0sted" and "gsy," are names that have been used by would-be hackers claiming to be from Turkey, said the BBC. An Australian insurance company, for example, had its site defaced in late July by a group that included kerem125.

The U.N. could not be reached Sunday for comment.

While site defacing is common, large-scale attacks have been rare. Last year, however, nearly 1,000 Danish sites were defaced by Islamic attackers who protested controversial cartoons that featured the Prophet Mohammed. And in 2001, a month-long defacement dustup raged between Chinese and American entities after a U.S. spy plane was forced down by Chinese fighters.

Edit By: Gregg Keizer

[OS Related]Dell expands Linux PC sales to Europe, China

2007-08-09T22:19:00.000-07:00

Dell said on Tuesday it has decided to expand sales of consumer personal computers loaded with the Linux operating system to the United Kingdom, France, Germany and China.

The world's No. 2 PC maker started selling Ubuntu Linux PCs to consumers in May in a program that was limited to the United States. Ubuntu is a free version of the software.

Linux software, the main rival to Microsoft's market-dominating Windows, has been one of the fastest-growing types of software on business computers over the past decade.

But it has yet to gain a foothold in the consumer market, where Windows sits on more than 90 percent of personal computers.

Dell says that so far the bulk of its U.S. Linux sales have to open-source enthusiasts. They tend to like the software because it is free, thousands of compatible programs are also free, and it is easy to customize.

But Dell says that a small number of Linux buyers are first-timers interested in trying out an alternative to Windows. If that group grows it could hurt Microsoft's profit growth.

Every PC that is sold with Linux installed on it instead of Windows means one less license fee payment from a PC maker.

Microsoft and PC makers don't disclose the size of those license fees. Retail versions of Windows Vista generally sell for $200 to $400.

On Monday No. 3 PC maker Lenovo Group said it would introduce a broad line of Linux laptops, the strongest endorsement to date of the open-source software by a major PC maker.

Dell said that the Linux machines it sells in Europe, which went on sale Tuesday, come with Ubuntu Linux.

Customers in China will be sold PCs factory-installed with Novell Inc's Suse Linux. The company did not say when those will go on sale.

Dell made the announcement in San Francisco at the annual LinuxWorld convention.

Edit By: Adrian Flucuş

[PC Related]Apple unveils redesigned iMac desktops

2007-08-09T22:10:00.000-07:00

Apple unveiled a line of slimmer desktop computers on Tuesday in a long-expected update of its iMac brand, positioning it for the back-to-school and holiday shopping seasons.

The new iMacs, which will sport thinner aluminum casings, have displays measuring 20 inches and 24 inches and will cost $1,199 to $1,799, depending on their configurations, said Apple Chief Executive Steve Jobs at a media event at Apple’s headquarters in Cupertino, California.

The cost of the 24-inch iMac has been dropped by $200, and Apple has eliminated the 17-inch iMac computer, Jobs said.

The last update to the iMac line was in September 2006, when Apple introduced a model with a 24-inch screen - its largest - and said the entire model line would be powered by Intel chips instead of ones from International Business Machines Corp. .

"Apple has grown two to three times the market for the past several quarters," said analyst Shannon Cross of Cross Research. "This product launch should position them well for the back-to-school and holiday seasons."

Apple recently launched the iPhone mobile device in a bid to build a third major product line alongside its Macintosh computers and iPod media players, but desktop and laptop sales still account for the bulk of its revenue.

In its third quarter, Apple sold 634,000 desktops for revenue of $956 million, accounting for about 18 percent of total revenue.

"The iMac has been really successful for us and we'd like to make it even better," Jobs said. "We've managed to make it even thinner than before."

Apple laptop sales totaled $1.58 billion in its most recently reported quarter. The MacBook laptop line was not affected by Tuesday’s announcement.

Sales of Macintosh computers have grown faster than the overall PC market, but Apple's share of the market by unit sales is estimated to be less than 5 percent.

Apple has also used the iPod and, now, the iPhone as "halo" products to draw customers into stores and get them interested in its computers.

Jobs also said that the company was adding a software "button" to the iPhone that allows users to upload photos taken with the built-in camera on the iPhone to Apple's .Mac online data and Web-hosting service.

Apple shares rose $1.30 to $136.55 in afternoon trading on Nasdaq. The stock has risen 59 percent so far this year, largely on anticipation of strong demand for the iPhone and that enthusiasm for the device will translate into stronger sales of other Apple products.

Edit By: Adrian Flucuş

[Network Related]China hopes to cure Internet addicts at summer camp

2007-08-08T23:43:00.000-07:00

China is launching an experimental summer camp for 40 youngsters to try to wean them off their Internet addiction, state media said on Tuesday.

The 10-day program would accept youngsters aged between 14 and 22 once they had undergone a psychological test and evaluation, the China Daily said.

About 2.6 million — or 13 percent — of China’s 20 million Internet users under 18 are classed as addicts, state media have reported.

The youngsters at the summer camp would be treated for depression, fear, unwillingness to interact with others, panic and agitation.

It would appear to be offering a softer option than the Internet Addiction Treatment Centre near Beijing which uses a blend of therapy and military drills to treat children addicted to online games, Internet pornography and cybersex.

Concerned by a number of high-profile Internet-related deaths and juvenile crime, the government is now taking steps to stem Internet addictions by banning new Internet cafes and mulling restrictions on violent computer games.

According to government figures, there are currently 113,000 Internet cafes and bars in China.

The newspaper cited the case of one student accepted to East China University of Science and Technology with high marks.

“He could not adjust to Shanghai campus life without burying himself in computer games,” the China Daily said. “He would play day and night, skipping classes and avoiding friends, until he was pulled out of the Internet cafe by a supervisor.”

In a joint effort with the camp, Shanghai’s education commission has organized a volunteer group to patrol the city streets and stop minors entering Internet cafes.

Edit By: Adrian Flucuş

[Network]Novell Certifies AMD Validated Server Platforms

2007-08-08T23:35:00.000-07:00

AMD announced the availability of AMD Validated Server platforms certified for SUSE Linux Enterprise Server from Novell.

AMD will deliver solution providers a validated server platform with Novell “YES Certified” designation that is compatible with SUSE Linux Enterprise Server and will be fully supported by both AMD and Novell.

Together, AMD and Novell are providing solution providers with more choice through an easier, faster and less expensive process by which to obtain certified and pre-configured Linux-based server platforms. Having completed the Novell YES Certified testing on AMD Validated Server barebones platforms, Supermicro Computer, Tyan Computer Corporation and Uniwide Technologies are the first original design manufacturers to offer these platforms. Solution providers will now have the ability to leverage this testing and offer configured Novell YES Certified SKUs, expediting the certification process dramatically.

AMD Validated Server platforms for SUSE Linux Enterprise Server represent another milestone in the relationship between AMD and Novell. AMD’s alignment with the Novell YES Certified program will help broaden the AMD Validated Server program’s reach into the Linux community, enabling solution providers to offer their customers the choice of high-quality, reliable, and stable open-standard server solutions based on state-of-the-art technology.

“The combination of two powerful channel programs like AMD’s Validated Server program and the Novell YES Certified program offers solution providers the ability to sell customized server platforms with the highest degree of confidence,” said Justin Steinman, director of marketing for Linux and Open Platform Solutions at Novell.

The AMD Validated Server program enables tested and validated solutions based on AMD Opteron processors to help solution providers build high-quality, reliable commercial solutions. By leveraging the program, solution providers have the opportunity to lower development costs, streamline development cycles and accelerate overall time to market.

Edit By: Horia Covaci

[Network Security]Black Hat: Mozilla says it can patch flaws in 10 days

2007-08-07T02:26:00.000-07:00

Sounds like a dare; observers attest to sobriety of exec making security vow

August 06, 2007 - A Mozilla Corp. executive has vowed that his company can patch any critical vulnerability in its software within 10 days, a sign that Mozilla may intend to step up its efforts to improve security.

Mozilla executive Mike Shaver backed up his claim by scrawling it on a business card at the Black Hat security conference in Las Vegas last week and handing it to Robert Hansen, CEO of SecTheory.com, who also runs the ha.ckers.org Web site. Hansen posted a photo (warning: linked URL and image contain expletive) of Shaver's business card, including the claim "Ten [expletive] days."

"I told him I would post his card -- and he didn’t flinch. No, he wasn’t drunk. He’s serious," Hansen wrote in his blog.

Web browser security has become increasingly important with the rise in use of Web-based applications, from Google Inc.'s Gmail to social networking sites such as Facebook.com and enterprise software-as-a-service programs such as Salesforce.com. A security vulnerability within a Web browser can put a user's data at risk and make a PC vulnerable to hackers.

Shaver's 10-day pledge applies to "critical" vulnerabilities, although there is no standard for such a rating, and different companies evaluate levels of risk in different ways. Another condition is that the vulnerability is disclosed responsibly, meaning Mozilla is notified of the issue before it is publicized.

The pledge sparked some debate about whether Mozilla will be able to keep to it.

"I've always been a fan of Mozilla and Firefox, however, this is a pretty bold claim for a company of any shape or size," Hansen wrote.

Other commentators said keeping the 10-day promise might not be easy. Patches need to be of high quality and tested properly, which could take more time depending on how severe the vulnerability is, said Graham Cluley, senior technology consultant for Sophos PLC.

"If that's what they're saying, then it is an audacious claim," Cluley said. "Some critical security vulnerabilities can reside deep in the bones of a complicated software product like Firefox and may require extensive testing to ensure that the highest-quality fix is being made available to the users."

Others had more confidence in Shaver's claim.

"Rome wasn’t built in one day, but heck, Firefox isn’t Rome," said a commentator on Hansen's blog. "And Mozilla has 10 whole days. I don’t know, put 20 geeks in front of a computer for 10 days and just watch them go."

Mozilla security chief Window Snyder said via email late Sunday night from the U.S. that Mozilla would comment further on the matter later Monday.

Mozilla updated Firefox twice in July. The last update, which came out July 30, fixed two problems that Mozilla labeled "critical," although it took about two weeks from when security researchers first posted exploit code for that update to be released.

Microsoft Corp. patches its operating system and applications on the second Tuesday of each month. The company sticks to the schedule, but has released off-schedule patches for particularly dangerous vulnerabilities.

Faster patching could help Mozilla gain a broader share of the browser market over Microsoft's Internet Explorer if administrators and users feel it's a safer option for cruising the Web. Firefox had a 27.8% share of the European market but just 18.7% in North America, according to recent statistics from XiTiMonitor, a French company that tracks browser market share.

Edit By: Jeremy Kirk

[Network Comment]Baidu may be worst copyright violator, says Wikipedia

2007-08-07T02:12:00.000-07:00

Chinese search engine scarfing up entries without honoring GNU license

August 06, 2007 - Baidu.com Inc., which operates China's most popular Internet search engine, may be the worst violator of Wikipedia copyrights, the chair of the foundation behind popular online encyclopedia Wikipedia said Sunday, as she asked the company again to give credit where credit is due.

The Wikimedia Foundation, Inc. has no plans to take Baidu to court -- the group has never sued a copyright violator -- but it is asking more publicly for the Chinese search company to respect its copyright license by simply attributing Wikipedia entries that have been copied on Baidu Baike, the company's Chinese-language Web encyclopedia.

"They do not respect the license at all," said Florence Nibart-Devouard, chairman of the board of trustees of the Wikimedia Foundation, during an interview at the Wikimania 2007 conference in Taipei. "That might be the biggest copyright violation we have. We have others," she added.

Baidu Baike's rivals in China have also requested the company comply on the copyright issue. Hoodong.com, which develops Chinese-language wiki collaboration software and operates its own online encyclopedia in China, has been monitoring Baidu Baike for some time, said founder Pan Haidong, and has started capturing screen shots of violations as proof.

Baidu could not immediately be reached for comment.

Wikipedia editors have asked several times for Baidu to cite it when using Wikipedia content, but have received no replies nor seen any improvement from the Chinese company. Usually, an e-mail explaining Wikipedia's copyright license is enough to prompt most companies to respect it, but not in this case.

That's a problem for Wikipedia because not only is Baidu Baike the largest online Chinese-language encyclopedia, it also contains more articles than any Wikipedia except the English-language Wikipedia. Baidu Baike boasted 809,237 entries as of Sunday, edging out the German edition of Wikipedia, which has 619,612 entries, for second place. The Chinese version of Wikipedia hosts 139,131 articles.

Wikipedia also finds it difficult to compete against Baidu Baike due to strict censorship laws in China. The Chinese- and English-language versions of Wikipedia face being blocked in China without notification or explanation. Currently, the English site is available to users in China, although the Chinese-language site remains inaccessible.

"Since we are blocked in China, Wikipedia exists only on one other Web site there, and it is not ours," said Nibart-Devouard.

Baidu Baike faces the same restrictions on content, but operates in such a way as to avoid problems with Chinese authorities. Anyone wishing to publish entries on Baidu Baike must register first, giving the site people's real names, and site administrators review all entries before posting, a way to ensure compliance with Chinese censorship laws.

All entries published on Wikipedia fall under the GNU Free Documentation License, which allows other organizations a wide range of uses of the material, including for-profit publishing, with a few stipulations. Anyone using the material, particularly word-for-word copies and mirror Web sites, need to say the material came from Wikipedia.

By contrast, Baidu said all content generated on Baike becomes the property of Baidu. But the encyclopedia, which like Wikipedia relies on users for entries, also expressly warns users not to cut and paste other people's work, insists that all copyright laws be respected, and asks that sources used in all entries be properly cited. It expressly tells users that any contributions which quote works held under the GNU Free Documentation License, which Wikipedia uses, must follow the restrictions on that license.

Going forward, the Wikimedia Foundation plans to continue to try to communicate its issues with Baidu. A Chinese-language chapter of the foundation was created in August, which could more closely monitor Baidu Baike, point out and document any violations of Wikipedia's copyright policies. But beyond that, the foundation has no plans to use legal means to resolve the issue, mainly because legal issues are technically difficult.

"The foundation does not hold a copyright on the articles, the editors or the authors do, so there is very little we can do," said Nibart-Devouard, although she said that if pushed, the foundation could try some kind of class-action. In the meantime, the foundation will continue trying to nicely ask for its content on Baidu Baike to be properly cited as having come from Wikipedia, and will seek other peaceful methods to resolve the issue.

Edit By: Dan Nystedt

[Security News]$10 hack can unlock nearly any office door

2007-08-07T02:07:00.000-07:00

More hardware fun from Defcon; biometric devices affected too

August 06, 2007 - Cut a couple of wires, insert a small, easy-to-make device between them, and you can walk right through all those supposedly card-protected locked office doors.

At the Defcon security conference over the weekend, a hacker and Defcon staffer who goes by the name Zac Franken showed off how a small homemade device he calls Gecko can perform a classic man-in-the-middle attack on the type of access card readers used on office doors around the country. Gecko is simply a small, programmable PIC chip with a wire connector on either side. Once it's connected to the wires behind the card reader, it's not only trivial to use a 'Replay' card to get through the door, but you can also disable the system so that nobody else can come in behind you.

What's more, making a Gecko is easy and cheap. Franken says the hardware costs about $10.

According to Franken, the hack subverts the Wiegand protocol, commonly used for communication between the card reader and the back-end access control system, and doesn't take direct advantage of any problems with any of the hardware involved. When you swipe your card at the office, the reader very likely sends a signal using the Wiegand protocol to the control system, when then opens the doors.

"The problem is, this is what we call a plain-text protocol," Franken says. "There's nothing secure about it."

For many card readers, getting Gecko in place is just a matter of popping off the reader's cover with a knife or screwdriver and undoing two screws, he says. That provides access to the wires that carry the signal from the reader to the control system.

In a real-world situation you'd quickly cut the wires and insert one cut end into one side of the Gecko, and the other cut end into the Gecko's other side. In Franken's demonstration he used pre-made connectors so he could easily disconnect and reconnect the device. When you put the reader's cover back, the Gecko would be hidden behind it.

The card reader also continues to work fine with the Gecko attached. It passes along the signal from the reader to the control system as it's supposed to. But when someone swipes an authorized card that unlocks the door, Gecko saves that signal.

With that saved unlock signal, the attacker can swipe a 'replay' card that tells Gecko to re-send that saved signal, and the doors unlock. What's more, any saved access logs would only show that the same person who originally swiped the saved signal swiped his card again.

August 06, 2007 (PC World) -- Cut a couple of wires, insert a small, easy-to-make device between them, and you can walk right through all those supposedly card-protected locked office doors.

At the Defcon security conference over the weekend, a hacker and Defcon staffer who goes by the name Zac Franken showed off how a small homemade device he calls Gecko can perform a classic man-in-the-middle attack on the type of access card readers used on office doors around the country. Gecko is simply a small, programmable PIC chip with a wire connector on either side. Once it's connected to the wires behind the card reader, it's not only trivial to use a 'Replay' card to get through the door, but you can also disable the system so that nobody else can come in behind you.

What's more, making a Gecko is easy and cheap. Franken says the hardware costs about $10.

According to Franken, the hack subverts the Wiegand protocol, commonly used for communication between the card reader and the back-end access control system, and doesn't take direct advantage of any problems with any of the hardware involved. When you swipe your card at the office, the reader very likely sends a signal using the Wiegand protocol to the control system, when then opens the doors.

"The problem is, this is what we call a plain-text protocol," Franken says. "There's nothing secure about it."

For many card readers, getting Gecko in place is just a matter of popping off the reader's cover with a knife or screwdriver and undoing two screws, he says. That provides access to the wires that carry the signal from the reader to the control system.

In a real-world situation you'd quickly cut the wires and insert one cut end into one side of the Gecko, and the other cut end into the Gecko's other side. In Franken's demonstration he used pre-made connectors so he could easily disconnect and reconnect the device. When you put the reader's cover back, the Gecko would be hidden behind it.

The card reader also continues to work fine with the Gecko attached. It passes along the signal from the reader to the control system as it's supposed to. But when someone swipes an authorized card that unlocks the door, Gecko saves that signal.

With that saved unlock signal, the attacker can swipe a 'replay' card that tells Gecko to re-send that saved signal, and the doors unlock. What's more, any saved access logs would only show that the same person who originally swiped the saved signal swiped his card again.

Edit By: Robert McMillan

[Network Security]Black Hat 2007 sees Web 2.0 repeating Web 1.0 mistakes

2007-08-07T01:52:00.000-07:00

LAS VEGAS--This year's Black Hat was pretty much summed up in a prescient keynote by Richard Clarke, the nation's former cyber security czar who is now a novelist and chairman of Good Harbor Consulting. Clarke said "we're building more and more of our economy on cyberspace 1.0, yet we have secured very little of cyberspace 1.0." The apparent speed gained in Ajax (Asynchronous JavaScript and XML), which is technology that divides processing tasks between the Web server (Web site) and the Web client (browser), has opened Web 2.0 to some old-school attacks.

Nothing more clearly demonstrated this than a live hijack of a Gmail account. In a talk originally to have been presented alongside his colleague David Maynor, Errata Security CEO Robert Graham demonstrated for a standing-room-only crowd how he was able to use a tool called Hamster and Ferret to sniff the wireless airwaves for the URLs of Web 2.0 sites. While talking about another matter entirely, Graham ran the tools in the background, sniffing the wireless packets in the conference room, looking for Web 2.0 sessions cookies used by those in the audience for his talk (if, as a speaker, you ever wanted to thwart those who would be checking e-mail during your presentation, this is the tool to use). Grabbing cookies is not new. What is new is that Graham was able to grab these Web 2.0 clear text session cookies out of the thin air and then plunk the captured URL into a new browser. No password is needed; the cookie itself is enough. Toward the end, Graham opened his Hamster tool and found several likely candidates. He chose one Gmail account that had been opened during his talk. The presentation screen lit up with some poor guy's active Gmail account briefly displayed. Everyone applauded before Graham quickly wiped the information from the screen.

Should you avoid Gmail? No. If you simply change the URL in your Gmail bookmark (or any other Google-related bookmark) from http:// to https://, the Errata Security hack is no longer valid. That's not true, however, for Facebook, Hotmail, and several other Web 2.0 accounts. Graham says that while traditional Web 1.0 sites long ago learned to terminate session cookies, the cookies used on Web 2.0 sites don't expire for several years, so you could sniff accounts out of the air at your local Starbucks and months later still have access to that person's account. That's what's really scary about this new kind of man-in-the-middle attack: the victim has no idea that this is happening, and even changing the account password will have no effect. While you as an attacker can send messages, read existing messages, and even alter the look and feel of the Web mail service itself, you can't, however, lock the owner out of the account.

In a separate talk, Billy Hoffman and Brian Sullivan, both of SPI Dynamics, talked about the rush to Web 2.0, how even some established sites are "Ajaxify-ing" themselves at the expense of good security practices. To prove their point, the pair built an Ajax-enabled travel Web site, HackerTravel.com. They did so by following the current best practices for Ajax. In their talk, however, Sullivan and Hoffman showed how they could take advantage of known weaknesses within Ajax. For example, they could rearrange the JavaScript on the client to either book every seat on the plane (staging a denial-of-service attack) or purchase a round-trip ticket for $1.

Last year, Hoffman talked about the many problems within Web 2.0 Ajax technology, and this year he more or less put the subject to bed by addressing developers and insisting that they not put business logic on the client side of the transaction; that they keep all of that on the Web server. You can hear more about this topic from Hoffman and Sullivan on a recent Security Bites podcast.

Later in the conference Billy Hoffman returned with John Terrill, executive vice president and co-founder of Enterprise Management Technology, to talk about a prototype Web 2.0 worm they've built written in JavaScript and Perl. Hoffman explained that if there's a cross-site scripting vulnerability on a Web site, the worm can inject itself into that Web site in JavaScript form. Inside the worm is a Perl form so that when a user visits that Web site, the JavaScript version gets downloaded to their Web browser and the Perl form can inject itself into the Web server, so it can move from client to server with ease.

While we've seen computer worms before, they claim their new creation can pull vulnerability data off security sites such as Secunia and then exploit those new vulnerabilities, rendering current desktop security protection ineffective. Currently such a worm does not exist in the wild, but Terrill and Hoffman insist it's possible for others to do what they've done. You can hear Hoffman talk more about his creation in this recent Security Bites podcast.

There is hope. In addition to better coding practices on the Web server, another way to prevent runaway Web 2.0 vulnerabilities is to lock down the JavaScript in the client's browser. At Black Hat, Mozilla released new tools allowing anyone to test their Firefox (or any browser) against JavaScript errors. What's significant is that you can also use this tool against Apple Safari, Microsoft Internet Explorer, and Opera.

In an interview before her presentation, Window Snyder told me there are about 10,000 Firefox users worldwide who regularly download what are called nightly builds. Whenever the Mozilla security team puts out new fixes within the nightly builds, it's these 10,000 users who test the fixes on a wide variety of machines and under a wide variety of circumstances. Thus, Mozilla is able to roll out its security patches faster and with fewer headaches than its competitors. By tapping into their millions of users worldwide, Mozilla hopes more of these avid users will identify future Firefox flaws before they can be exploited.

Edit By: Robert Vamosi

[OS Related]LinuxWorld: Open-source software being treated same as any other

2007-08-04T21:45:00.000-07:00

August 03, 2007 - As more than 11,000 attendees prepare to converge on San Francisco for the LinuxWorld Conference & Expo next week, one industry analyst says customers are evaluating open-source software the same way they evaluate proprietary software: It has to be priced right and work well.
Enterprises are judging open source on its upfront cost, total cost of ownership, reliability and features, just as they would a commercial product, said Matt Lawton, an analyst at IDC. Criteria unique to open source, such as issues of potential liability for patent infringement and the level of technical support, are way down the list of worries, he said.
"Software is software, and things like functionality and reliability are the most important attributes, regardless of whether the software is open source or not," Lawton said. "But having said that, to the extent that open source can save end users money, then they are all ears."
If open source is increasingly being considered on par with proprietary software, that opens more opportunities for it in the enterprise market for use in servers, desktop computers and mobile devices.
Worldwide revenue for open-source software, which reached $1.8 billion in 2006, is expected to grow at a compound annual growth rate of 26%, reaching $5.8 billion by 2011, IDC research shows.
Attendance at LinuxWorld, scheduled for Monday through Thursday, is expected to be higher than last year's 10,000 because LinuxWorld is running concurrently with the first-ever Next-Generation Data Center (NGDC) conference. The latter is devoted to energy efficiency and the use of virtualization. Both conferences are produced by IDG World Expo, which, like IDG News Service and Computerworld, is owned by International Data Group.
For its part, virtualization is also becoming more widely accepted and deployed in enterprises. Virtualization is software that divides one server into multiple logical servers, enabling IT professionals to run multiple software applications efficiently on one machine, increasing utilization rates.
A few years ago, companies used virtualization primarily in software test and development environments. But as they become more confident, companies are using it in production environments, said Andreas Antonopoulos of Nemertes Research. Virtualization can be an energy-saver because if server utilization increases to 70% or 80% from the average 20%, fewer power-hungry servers will be needed.
Antonopoulos calls virtualization the "sardine can" strategy.
The idea is to cram as many applications into one server as possible, like squeezing the tiny fish into a container. "That strategy has allowed IT departments to use more software applications ... for the same amount of capital budget," he said.
But data center operators may be reaching a point of diminishing returns using virtualization for server consolidation, Antonopoulos said. Companies that have used virtualization for consolidation for some time may have already reduced the number of servers to as few as they need. For them, other business drivers for virtualization include easier software development, disaster recovery, business agility and operational efficiency.
LinuxWorld/NGDC will feature keynote addresses from several tech executives, including Ann Livermore, executive vice president of Hewlett-Packard Co.; Diane Green, president of VMware Inc., Kevin Kettler, chief technology officer of Dell Inc., and others.
Oracle Corp. is expected to reveal more about the results of its efforts to undercut Red Hat Inc. on the cost of support for Red Hat Enterprise Linux. Oracle identified a number of companies a few months ago that it claimed switched to Oracle from Red Hat for support, but Red Hat disputed those claims.
Also expected is more information on Microsoft Corp.'s deals with Novell Inc. and a few other Linux distributors, in which Microsoft says it is working to improve the interoperability of Linux with Windows. Microsoft also caused a stir in the open-source community when it warned in May that Linux violates 235 of its patents, although many in the open-source community dismissed the claim as sabre-rattling.
This is also the first LinuxWorld since the adoption of the revised General Public License for use of open-source software, known as GPL v3.

Edit By: Robert Mullins

[PC News]Microsoft delays Mac Office 2008

2007-08-04T21:41:00.000-07:00

Don't look for it until January

August 02, 2007 - Microsoft Corp. today pushed back the release date of Office 2008 for Mac until January, a delay from an earlier promise to deliver the new suite this year.
"It was clear from our June and July quality checkpoints that no matter how hard we tried, we couldn't release our product in time for the Christmas season with the kind of quality we wanted," said Craig Eisler, the development group's general manager, on the team's blog.
The new mid-January debut to retail would correspond with Macworld Expo, Apple's big conference and trade show, which is slated for Jan. 14-18 in San Francisco.
Previously scheduled to ship in the second half of this year -- Microsoft has never been more specific than that six-month window -- Office 2008 will move into release to manufacturing status in December, launch at Macworld and be available to volume license customers in the first quarter of 2008, said Eisler. Microsoft had given no indication that the original 2007 ship date for the suite might slip, although the first Open XML file converters for Office 2004 and Office v. X made a late appearance in May, a month or more past an earlier deadline.
Eisler, who just came on board Microsoft's Mac business unit in June, did not give an explanation for the schedule slip. Elsewhere, however, he was quoted as saying Apple's 2006 switch to Intel processors and the ensuing need to move to different development tools, as well as the ongoing struggle with the new Open XML file formats, played parts.
Some Mac users didn't take kindly to the announcement. One, dubbed "p0intblank" on MacRumors's message forums, offered a tart observation: "Microsoft delaying a product? I wish I could've seen this coming." Others on the same thread said this was the last straw and that they wouldn't be coming back to Microsoft. Instead, they would turn to, or continue using, the open-source OpenOffice and NeoOffice suites, or Google Docs.
Other development will be shoved aside for now, Eisler added, to focus on Office 2008. "We're in an 'all hands on deck' mode right now to ensure Office 2008 gets finished on time, and so you will not see final versions of our RDC client or file format converters until sometime after we ship Office." A beta of Remote Desktop Connection Client -- a program that lets Mac users connect to Windows systems to access files and run applications on those PCs -- was released earlier this week; an update to the Office 2007 file converter popped up Tuesday.
An invite-only Office 2008 for Mac beta test is currently under way, but Microsoft has no intention of opening that to the general public. Instead, said Eisler, his group will offer what he called "sneak peaks" to users, although he didn't spell out exactly what that might entail.
Prices for Office 2008 have not been set. Current prices for Office 2004 for Mac range from $149 to $499.

Edit By: Gregg Keizer

[Virus Security]Russian malware storm brewing?

2007-08-04T21:36:00.000-07:00

Trend Micro spots hack-packed server in Russia

August 02, 2007 - Security researchers at Trend Micro Inc. have spotted a Russian server loaded with more than 400 different pieces of malware that may be poised to launch a large-scale attack through malicious Web sites hosted in Italy.
Chenghuai Lu, a senior threat analyst at the Tokyo-based antivirus vendor, recently uncovered a site with several hundred malicious programs and traced the site's server to a Russian IP address. Among the harbored malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult Web sites.
Meanwhile, another Trend Micro researcher, senior software engineer Feike Hacquebord, discovered a large number of Italian-language Web sites that at first glance appeared to be compromised with malicious IFRAMEs, inserts in the HTML coding of a page, often JavaScript, that can hijack a PC whose browser visits the site. On second look, however, the Italian-style sites do not appear to have been hacked but instead were created with the IFRAMEs in mind. According to Trend Micro, the IFRAMES point to the malware-packed Russian site found by Lu.
"Looking at these massive samples of malware, we can't help to think that there's something brewing in Russia," said Carolyn Guevarra, a third researcher at Trend Micro, on the team's blog yesterday. "We have just seen these cybercriminals pull the 'Italian Job' recently," she added. "Are we now seeing a 'Russian Uprising' coming our way?"
Guevarra's Italian comment refers to a large-scale attack about six weeks ago that involved more than 10,000 hacked sites hosted in that country. Those attacks were guided by Mpack, a multistrike exploit tool kit that hackers had deployed on one or more servers; the compromised sites secretly directed users to an Mpack-equipped server, which then tried a number of exploits on the PC.
Trend Micro has blocked the malicious Web sites for its customers and is working to develop more information on the possible attack plot. "More details soon," Guevarra promised.

Edit By: Gregg Keizer

[Network News]Web 2.0: Big app on campus

2007-08-04T21:20:00.000-07:00

When I was in college, there was this one classmate everyone found especially annoying. Quite the little joiner, she would post opinions of dubious intellectual worth on the class message board just to show that she did the reading and to puff herself up with some tangentially related story.

Gen X cynicism has given way to millennial self-absorption as a new generation's lust for celebrity spreads to college classrooms, say educators. Now, universities are hoping to tap into that urge with new technologies to recruit prospective students and entice current students to stretch their intellect.
"A lot of students...like showing off their work. They like being published. They like being on display," said Barbara Knauff, senior instructional technologist at Dartmouth College.
Other educators, echoing Knauff's comments, see the enticement of notoriety through Web 2.0-style social tools--blogs, wikis and the like--as a way to engage students in their education and maybe even get them to choose one school over another.
Seton Hall University uses social tools as a way to hook students even before they have officially started. A log-in is mailed to new students along with the acceptance materials, according to Jan Day, senior director of client engagement at Blackboard, an educational software company that worked with the university to implement the site.
"One of the pain points in higher education is that they said "no" to a whole bunch of people and are counting on kids to accept. They know they need X percent," said Day.
A social-networking environment gets students comfortable with a school well before freshman orientation, said Day. Prospective students can e-mail roommates, make friends and find out the best campus hangouts even before they accept admission.
Some universities use video downloads to introduce professors.
Apple's iTunes U--though met with skepticism among professors wary of freely distributing their valuable content--is a useful public relations tool, according to Rhonda Blackburn, assistant director at Texas A&M University. Professors have used it to post videos introducing themselves, their research and their classes.
Once students get to universities, the tools continue. Classes in which content is pushed out one way to students are becoming passe. Instead, instructors are beginning to distribute lecture content to encourage intellectual debate and research online--away from the classroom--and are using class time for more in-depth discussion.
Knauff said self-publishing tools are an enticing way to get college students to develop original thoughts as opposed to simply repeating what they think professors want to hear. Students are collectively creating glossaries and repositories for academic articles, audio files and videos.
"They write for their peers as well and it creates a different motivation. They want to do well, don't want to look phony and get excited about the projects with the media aspect," said Knauff.
The multimedia or personal stuff that professors may think of as flashy filler is getting students to make an emotional investment in their education. "Sure, the content they offer is not as good as if a faculty member produced it. The content expert is always going to be better at creating the content, but that's not the point," said Knauff.
And it goes beyond blogs replacing reading journals for undergrad American lit classes. Dartmouth's medical school students use wikis to author, share and critique case studies.
Michael Barrett, a doctor and clinical associate professor at the Temple University School of Medicine, found that listening to heartbeat audio files drastically improved stethoscope skills.
In a study Barrett presented in March to the American College of Cardiology, 149 doctors correctly identified heartbeats 80 percent of the time, compared with the usual 40 percent. Barrett initially distributed his files on CD, until his students suggested he make the files available to iPods.
Kenneth Hartman, academic director of Drexel University's eLearning program and teacher of graduate education classes, uses TVEyes.com, a search site for major TV and radio content, to automatically feed students relevant video content.
Some Texas A&M professors use Camtasia, a software program that enables users to create videos of screen captures with voice-overs and an aid for figuring out complicated math problems.
"The theory is that lecturing is not an effective way for everyone to learn, but if you make a student create, they learn an incredible amount. That's the whole idea with changing this paradigm," said Knauff.
Old school meets new school
Some see the advent of Web 2.0-style tools in the classroom heralding a shift in everything from education theory to how schools are built. The bottom line: traditional lecturing may be on its way out, said Claire Schooley, an analyst at Forrester Research who follows learning trends at universities and corporations.
"That interaction between student and professor is going to become more prominent where you have already read about or watched the lecture online. The days of the large university with a 300-person lecture hall are over," said Schooley. "Universities will be built very differently, with the concentration on workshop life."
New tools could also help keep students honest. Some tools require log-ins that can also provide a way of tracking participation in group projects, according to Hartman.
"Every term I would get someone coming up and saying 'Dr. Hartman, here's the paper from the five of us, but I did most of the work.' Short of rolling out the Spanish Inquisition, there's not much you can do about it at that point," said Hartman. "With wikis, I can see who pulled the load and who didn't do anything."
User-friendly multimedia communication servers are also being used for more efficient uploading and distribution of educational multimedia to specific people without the need for IT help, according to Blackburn.
With permission from copyright holders, professors are posting things like films and language lessons to university servers. They can be accessed in streaming format by a specific set of students as designated by the professor. The files are automatically deleted from the server at the end of the semester, said Blackburn.
While undergrads do still have to get up in front of the class for Texas A&M's required public speaking class, technology has made the process a little less traumatic. Instead of critiquing a student in front of the class, a video of his or her speech, accessible only to the speaker and his or her professor, is uploaded to a server. The student then watches the video and submits a self-critique, while the professor sends a private critique to the student.
Universities are not just limiting tools to professors and classrooms. Students are given server space to develop Web sites, RSS feeds, blogs, podcasts, videos, discussion boards and e-mail groups for clubs, groups and political campaigns.
And then there's Second Life. In the spring semester of 2007, Texas A&M's department of recreation, park and tourism sciences started using the virtual world to run scenarios of park ranger exercises.
Second Life is being evaluated by several instructors, 1,800 of whom met at an in-world conference in May to discuss educational best practices.
The popular virtual world is of particular interest to universities making substantial revenue from online degrees.
Walden University faculty member Kevin Jarrett, who teaches an online master's course in education, won a $10,000 grant to spend six months researching Second Life's educational potential.
"It's one thing to look at a discussion board, wikis and blogs. It's something else completely different to physically act in a 3D environment with others in your class. There is increased engagement and feelings of identity," said Jarrett.
Hartman, a member of Drexel's Second Life committee, says his school's presence is a marketing tool right now, but that in-world classes are probably only three years away.
"Just like with hybrids and the car industry a few years ago, I need to start building that car because if I wait three years, I'll miss that curve," Hartman said. "I'm building it now as a prototype, but I don't expect to take it out and race it."

Edit By: Candace Lombardi

[PC Technology]Accelerate Windows by Tweaking Virtual Memory

2007-08-04T21:09:00.000-07:00

These tricks can pep up your computer; plus, download a free Mac OS X skin.

If you poke around tip sites, you'll find a lot of myths and harebrained theories about optimizing virtual memory (the hard-disk space Windows uses to supplement your RAM)--a few of them even perpetuated by me. This time I went to the horse's mouth for the Microsoft-approved ways to set Windows' memory management to full steam ahead.
If you have only one hard drive, just leave well enough alone. But if you have two or more internal or external hard drives (not just disk partitions), your PC will be peppier if you keep the default paging file (what Microsoft calls the virtual memory disk space) on your boot drive (the one that holds Windows) and add a paging file to the second drive.
To do so, log in to Windows as an administrator and verify that you have more than one hard drive in your computer: Click Start, Run (just Start in Vista), type diskmgmt.msc, and press to open the Disk Management utility (click Continue in the User Account Control, if necessary). The bottom pane shows each disk on your system and the drive letter that corresponds with each partition. To have only one new paging file, choose the fastest drive you have. Remember that an internal drive will be faster than an external drive in most cases. Note the drive letter(s) you'll use.
Now right-click My Computer (Windows 2000 and XP) or Computer (Vista) and choose Properties. In Windows 2000 and XP, select the Advanced tab; in Vista, pick Advanced system settings in the task pane on the left.
Bonus tip: In Vista, you can open the System Properties dialog box directly to the Advanced tab by clicking Start, typing systempropertiesadvanced, and pressing . As with the preceding method, you may have to click Continue in the User Account Control dialog box.
In the Performance section, click Settings (Performance Options in Windows 2000) and then the Advanced tab (in XP and Vista). Under Virtual Memory, click Change. In Vista, uncheck Automatically manage paging file size for all drives. You'll see a paging file size already listed on your Windows drive; leave it alone, or Windows won't be able to create a memory dump file with debugging info in the event of a particular type of system error.
Next, in the drive list select a partition on a different drive where you want to add another paging file. Select Custom size if you want to set the size yourself and type in the initial and maximum size (Microsoft says making them the same amount is most efficient); Microsoft's rule of thumb is to make the file 1.5 times the amount of RAM in your system. Or select System managed size to let Windows determine the size (XP and Vista only). Click Set, then OK.
If the partition you selected contains another installation of Windows, you'll receive an error message warning that the file pagefile.sys already exists there. As long as the two operating systems are not running at the same time using virtualization software, it's safe for you to overwrite or delete pagefile.sys, since Windows will re-create the file automatically the next time you boot that partition's Windows installation.
You'll see a reminder that the changes will take effect the next time you restart your system. Windows will most often use the paging file on the least-busy drive, which means your new paging file will do most of the work.

Edit By: Scott Dunn

[Virus Security]Diebold voting machines vulnerable to virus attack

2007-08-03T23:27:00.000-07:00

Only limited access needed to wreak havoc on an election

August 03, 2007 - Diebold Election Systems Inc. electronic voting machines are not secure enough to guarantee a trustworthy election, and an attacker with access to a single machine could disrupt or change the outcome of an election using viruses, according to a review of Diebold's source code.
"The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes," read the University of California at Berkeley report, commissioned by the California secretary of State as part of a two-month "top-to-bottom" review of electronic voting systems certified for use in California.
The assessment of Diebold's source code revealed an attacker needs only limited access to compromise an election.
"An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive -- malicious code could spread to every voting machine in polling places and to county election servers," it said.
The report (PDF format), titled "Source Code Review of the Diebold Voting System," was apparently released Thursday, just one day before California Secretary of State Debra Bowen is to decide which machines are certified for use in California's 2008 presidential primary elections.
The source-code review identified four main weaknesses in Diebold's software, including: vulnerabilities that allow an attacker to install malware on the machines, a failure to guarantee the secrecy of ballots, a lack of controls to prevent election workers from tampering with ballots and results, and susceptibility to viruses that could allow attackers to an influence an election.
"A virus could allow an attacker who only had access to a few machines or memory cards, or possibly to only one, to spread malicious software to most, if not all, of a county's voting machines," the report said. "Thus, large-scale election fraud in the Diebold system does not necessarily require physical access to a large number of voting machines."
The report warned that a paper trail of votes cast is not sufficient to guarantee the integrity of an election using the machines. "Malicious code might be able to subtly influence close elections, and it could disrupt elections by causing widespread equipment failure on election day," it said.
The source-code review went on to warn that commercial antivirus scanners do not offer adequate protection for the voting machines. "They are not designed to detect virally propagating malicious code that targets voting equipment and voting software," it said.
In conclusion, the report said Diebold's voting machines had not been designed with security as a priority. "For this reason, the safest way to repair the Diebold system is to reengineer it so that it is secure by design," it said.
The Diebold source-code review and several other documents, including a review of source code used in other voting systems, had earlier been withheld from release by the Secretary of State, even as other reports related to the review of voting machines were released on July 27.
An explanation posted on the secretary of State's Web site on July 27 noted that the source-code review and other reports had been submitted on time. "Their reports will be posted as soon as the Secretary of State ensures the reports do not inadvertently disclose security-sensitive information," the Web site said.
The delayed release of the source-code review meant that David Wagner, an associate professor of computer science at the University of California, Berkeley, and an author of the report, was not able to present his findings at a public hearing held on July 30 to discuss the results of the voting system review.

Edit By: Sumner Lemon

[News]DefCon: Hacking meetup infiltrated by Dateline 'media mole'

2007-08-03T23:20:00.000-07:00

Chatterboxes beware: Tabloid-TV producer alleged to be in the house

August 03, 2007 - Trust nobody.
That's what organizers of the 15th annual DefCon hacking conference are telling attendees Friday, after being tipped off that the TV news program Dateline NBC has sent a producer with a hidden camera to investigate the show.
Cameras of any kind are a strict no-no at the show, which bills itself as a gathering for hackers, both legitimate, and not-so-legitimate, and takes special steps to ensure the privacy of its attendees. The show keeps no list of attendees, except for press and speakers, and there's only one way to get in the door: paying $100 cash.
DefCon organizer Dark Tangent (a.k.a Jeff Moss) said that he's concerned that the show's producers may sensationalize what they see and undermine the show's goal of fostering a free exchange of ideas. "We researched them online and we see [the show's producers] do hit-and-run pieces," he said. "It's not actually research and news. It's just sensationalistic nonsense. And that makes us nervous."
Moss says he's been told that Dateline Field Producer Michelle Madigan is at the show with a hidden camera. NBC did not immediately reply to a request for comment.
Media and bloggers have gone undercover at DefCon in the past, but nobody of the stature of NBC has ever tried this, Moss said.
"I'm concerned that some impressionable kid... is just going to get cornered and is going to start bragging about stuff," he said. "The next thing you know, he's on nightly news."
DefCon runs through Sunday at the Riviera Hotel and Casino in Las Vegas.

Edit By: Robert McMillan

[Virus Security]An antidote for the Blue Pill?

2007-08-03T23:11:00.000-07:00

At Black Hat, questions swirl around VM rootkit detection

August 03, 2007 - Can rootkit malware that hides by mimicking a software-based virtual machine ever be detected? That was the topic of debate as security researchers presented their latest findings to packed audiences at the Black Hat conference here.
Joanna Rutkowska, researcher at the firm Invisible Things, was the one who famously ignited the keen interest in virtualized rootkits after she described and demonstrated her rootkit creation, called Blue Pill, at last year's Black Hat.
Wednesday, Rutkowska returned to Black Hat to acknowledge that researcher Edgar Barbosa has come the closest to devising a method for detecting Blue Pill. "Congratulations to Edgar," she said, during the highly technical presentation she made with her colleague, researcher Alexander Tereshkin. Rutkowska said she and her colleague hadn't found a way yet to evade Barbosa's so-called counterbased detection method as detailed in a paper he made public in July at the SyScan conference.
Rutkowska also said she is posting the Blue Pill code publicly for download at the Blue Pill Project Web site. "You can freely upload Blue Pill right now," she said. Blue Pill has been developed in a number of variants since last year, including one based on nested hypervisors, where stealth, virtual-machine malware is nested inside other stealth, virtual-machine malware.
On a separate topic, she faulted Microsoft's code-signing security that requires a Microsoft-approved signed certificate for kernel-mode protection. Rutkowska last year had shown a way to break that security, which would let an attacker load malware on 64-bit Vista, but Microsoft fixed that problem a few months ago by changing an API. However, she asserted on Wednesday that she and Tereshkin had uncovered another route around Vista kernel protection: Faulty third-party drivers, which although digitally signed, are simply vulnerable.
She also noted that it was all too simple to obtain a Microsoft-approved code-signing certificate through a largely automated process that cost $250 for a certificate. Microsoft was not immediately available to comment on Rutkowska's findings.
At an earlier session at Black Hat titled "Don't Tell Joanna, the Virtualized Rootkit is Dead," researchers Thomas Ptacek from Matasano Security, Nate Lawson from Root Labs, and Peter Ferrie from Symantec, labored to describe how they are on the path to detecting virtual-machine malware through three technical approaches. They described these technical approaches as side-channel attack, vantage-point attack and performance event counters.
In the end, however, Ptacek said the research was focused on detecting the presence of virtualization malware called Vitriol, created by researcher Dino Dai Zovi, for VMware. That's because Vitriol is one of only a few known examples of virtualization malware, and Rutkowska had declined to supply any Blue Pill code before the conference.
The three researchers indicated they intend to release their published findings, as well as a software framework they call Samsara for detecting virtualization malware, within a few days.

Edit By: Ellen Messmer

[Wirelee Network]Comba Develops Remote Radio Unit for China 3G Market

2007-08-03T23:02:00.000-07:00

The RRU is a fiber fed radio that extends the coverage of base stations, yet maintains an extremely small footprint. With the Chinese telecoms market bracing itself for 3G licensing, Comba’s RRU solution will play a key role in helping the rapid roll out of TD-SCDMA networks.
The company also signed a supply contract with a launch customer and announced that it has received an initial order for the new TD-SCDMA RRU from a major TD-SCDMA base station manufacturer. With a total value in excess of USD 1 million, Comba’s RRU is being deployed in 3G network trials within China.
Typically deployed in combination with base stations, Comba's RRU enables operators to roll out TD-SCDMA networks effectively and rapidly whilst maximizing capacity and coverage. With up to 30 percent cost savings, the RRU deployment solution compares favorably to the traditional approach of a pure base station network buildout.
Featuring one of the market’s smaller remote units, the RRU can be deployed in difficult-to-reach sites in a variety of formations to suit different coverage requirements without signal degradation. For example, a series of RRU may be deployed in linear formation to enable TD-SCDMA networks along a highway, or in a matrix formation to cover a city block.
Developed in-house by Comba's R&D division in Guangzhou, the RRU complements Comba's portfolio of TD-SCDMA solutions that ranges from tower mounted solutions and repeaters to complete in-building coverage systems that have already been deployed in numerous 3G trials throughout China.

Edit By: Horia Covaci

[Security News]Siemens and Fujitsu to Collaborate in Biometric Authentication Area

2007-08-03T22:55:00.000-07:00

Siemens and Fujitsu announced a business collaboration designed to expand the market for the PalmSecure palm vein authentication system developed by Fujitsu in combination with Siemens’ biometric software “ID Center”.

Siemens IT Solutions and Services and Fujitsu have combined their technologies to develop a new biometric IT solution for personal recognition using palm vein scanning. The combination of the Siemens biometric software “ID Center” and the Fujitsu “PalmSecure” device recognizes the vein pattern under the skin on the palm of the hand that is unique to each individual. The palm is scanned without direct contact by an infrared scanner. During this process the captured hand vein pattern is verified against a preregistered pattern for the person being scanned. It is practically impossible to forge the identity since the veins are under the skin.
Fujitsu provides “PalmSecure” to authenticate individuals in banks, hospitals, universities and municipal authorities. The Siemens biometric software “ID Center” provides extremely secure administration of the data collected with this type of application and has already been installed worldwide by numerous customers in public sector, healthcare, and industry segments.
This biometrics partnership with Siemens allows Fujitsu to open up, in particular, the European market. For Siemens, this cooperation adds further new component to its offering of biometric authentication which previously included face, iris and fingerprint recognition.

Edit By: Horia Covaci

[Virus Security]Malware Hunts Down and Deletes MP3s

2007-08-02T21:35:00.000-07:00

Low-risk worm deletes MP3s on infected PCs, spreads via removable flash drives.

Security experts have discovered a worm that might just be the recording industry's dream application: it hunts down and deletes MP3s on infected PCs.
Security companies say the worm is only low risk, although its unusual payload could give a nasty surprise to an ardent music fan. The motivation of the hackers who created it are unclear.
"The authors of this worm are more likely to be teenage mischief makers than the organized criminal gangs we typically see authoring financially-motivated malware these days," said Graham Cluley, senior technology consultant for the security vendor Sophos PLC.
"As such, it's not something we would lose an awful lot of sleep over, but there are some lessons that computer users should learn to minimize the chances of infection," he said.
The worm spreads via removable flash drives, reminiscent of the way viruses spread via floppy disks decades ago. That may be an attempt by the authors of the worm to bypass e-mail filters and Web gateway filters that block malicious software, Cluley said.
Symantec Corp., which calls the worm W32.Deletemusic, said in an advisory that the worm copies itself to all drives on a PC. It also creates an autorun file to start itself whenever a user accesses a drive.
The worm affects PCs running Windows 2000, 95, 98, Me, NT, Server 2003, XP and Vista, Symantec said. Users could disable the autorun feature in Windows that automatically launches programs on CDs or USB drives, Cluley said.
It's not the first malicious software to go after music files. Two years ago, researchers saw the Nopir-B worm, which posed as a utility to make copies of DVDs. Once on a machine, it displayed an anti-piracy graphic and tried to delete MP3s and other files.
Last year, a Trojan horse program called Erazer took the destructive activity a step further, wiping out MP3s as well as movies, Cluley said.

Edit By: Jeremy Kirk

[Network Security]Mozilla Giving Away Security Testing Tools

2007-08-02T21:30:00.000-07:00

Mozilla is releasing some of its own security tools to the open-source community.

Mozilla Corp. will release some of its homegrown security tools to the open-source community, the company's head of security said Wednesday, starting with a "fuzzer" it uses to pin down JavaScript bugs in Firefox.
The JavaScript fuzzer, said Window Snyder, Mozilla's security chief since last September, will be handed over Thursday morning, following a presentation at Black Hat, a two-day security conference that opened Wednesday in Las Vegas.
"We're announcing that we'll be sharing our tools with the community, and releasing the JavaScript fuzzer then," said Snyder. Other tools will follow, including fuzzers that stress-test the HTTP and FTP protocols. Those two tools, however, are not ready to offer to outsiders, largely because Mozilla wants to wrap up talks with other browser vendors before they are shared.
Fuzzing, a technique used by both white- and black-hat researchers trolling for vulnerabilities, and by developers to finger flaws in their code before it goes public, drops data into applications or operating system components to see if -- and where -- breakdowns occur. Typically, the process is automated with a fuzzer, the term for software that hammers on application inputs. The JavaScript fuzzer, Snyder said, has identified "dozens" of vulnerabilities in Firefox code.
Snyder said Firefox developers have created many tools, and though a lot of them are small, special-purpose ones, all of them could be useful to others.
"We want to make the work we're already doing available to other people and to other products" in the hope that the tools might help developers outside Mozilla spot problems in their code, she said. Snyder sees a direct benefit to Mozilla, too. The more people who bang on the tool, tweak it and modify it, the better the tools should become, she said.
She seemed unconcerned that any tool Mozilla released would prove a significant danger to users. Although hackers also use fuzzers in their vulnerability-sniffing tool kits, "the tool isn't bad or good on its own," Snyder argued. "They use debuggers all the time. Debuggers aren't bad" because of that.
Mozilla might have wished it had fuzzed Firefox a bit more over the past three weeks, when it was caught in a name-calling contest between it and Microsoft Corp. supporters. Early last month, Danish researcher Thor Larholm found what he said was a critical input-validation bug in Internet Explorer that let the browser pass potentially malicious URLs to other programs, including Firefox. He laid blame on IE, while other security experts said it was Firefox's fault.
Shortly after that, Snyder hinted that she saw the whole mess as an IE problem, but within days acknowledged that Firefox was guilty of the same behavior. "We thought this was just a problem with IE," she said July 23. "It turns out, it is a problem with Firefox as well."
Wednesday, she said that the very public disagreements between security experts as to which browser was to blame had actually been a good thing. "Debate is healthy," she said. "And if we're wrong, we say we're wrong and move on."
Mozilla updated Firefox twice in July, first on July 17 with 2.0.0.5, and then Monday when it released Version 2.0.0.6. Both updates included fixes for the URL protocol handling bug that started the brouhaha. "We weren't twiddling our thumbs during all of this," said Snyder. "We were also on the back end moving forward with fixes."
At Black Hat, Snyder and fellow Mozilla executive Mike Shaver, the company's technology strategist, also plan to discuss the new security features of Firefox 3, the major update that currently is in preview testing. Firefox 3 is expected to ship sometime this year.

Edit By: Gregg Keizer

[Security News]Credit Cards Ranked on Security as Fraud Fears Grow

2007-08-02T21:22:00.000-07:00

What's in your wallet may not be the most secure, antifraud credit card available. The top safety scorecard honor went to Bank of America's Visa Platinum card.

What's in your wallet may not be the most secure, antifraud credit card available.
A new study of credit cards from 25 of the largest issuers found that many still fall short of protecting users from fraud.
The report, released by Javelin Strategy & Research, a Pleasanton, Calif.-based financial services research firm, found that while almost all card issuers do well in helping their customers after fraud or theft occurs, many need to upgrade their identity fraud detection tools.
Among the key deficiencies:
-- 56 percent of the 25 card issuers surveyed continue to require full Social Security numbers to help identify their customers, whether by phone, online or by mail. "This is a risky practice that unnecessarily increases the customer's exposure to identity fraud," the report states.
-- Consumers are not allowed to set transaction limits or block certain types of transactions using their credit cards, such as restricting card use to purchases only made with U.S. vendors, according to the study. In fact, only 24 percent of the surveyed card issuers allow consumers to set so-called user-defined limits and/or prohibitions (UDLAPs) on their accounts to help prevent unauthorized use, the study concluded.
-- While more card issuers now offer consumers e-mail or telephone "transaction alerts" to advise them of account activity, the number of participating card companies is still small -- about 8 percent.
Not all of the news is bad, however.
Customers do appear to be safer logging into their accounts online than they have been in the past, because of the widespread use of multifactor log-in processes, which require a username, password, identifying information such as photograph placed by the user and a correct answer for a challenge question, according to the study. More than 80 percent of the surveyed card issuers are now using authentication processes with a multifactor approach.
The Javelin report rated the card issuers using three criteria: prevention, detection and resolution. The top safety scorecard honor went to Bank of America's Visa Platinum card, which received 69 out of a possible 80 points, earning high marks for prevention techniques. The American Express Blue card finished second with 66 points, winning high ratings for detection protections for cardholders.
Two card issuers tied for third place with 64 points each -- the Discover Platinum Card and First National Bank Omaha's Platinum Edition Visa Card.
Rachel Kim, a Javelin risk and fraud analyst who wrote the study, said credit card security continues to evolve. "We're seeing that issuers are always going to be doing a great job in resolution," she said. "But detection is where they need to amp up their efforts."
The continued use of easy-to-steal and easy-to-obtain Social Security numbers as identification criteria by credit card issuers is "pretty scary," Kim said. "They don't have any need to use the entire Social Security number. They can just use the last four digits. It's just something they have been doing for so long. I am sure that over the next few years we will see a decrease in usage."
Another step that more card issuers need to take is to provide an alert system for customers to quickly determine if a credit card is being used without authorization or if personal information, including passwords or addresses, is being changed fraudulently. "We definitely see a need for more issuers to offer alerts for changes in personal information," Kim said. "You should definitely be sent an e-mail alert if your password is changed."
She also called on card issuers to provide additional UDLAP options for customers.
This was the third annual Javelin report on card security, but changes in methodology this year don't allow easy comparisons to past reports, Kim said.
The Javelin study was conducted anonymously using a "mystery shopper" approach between April 15 and June 15 of this year through interviews by Javelin researchers with card issuer customer service representatives and through reviews of card issuer Web sites.
The card issuers surveyed by Javelin for the report were: Advanta, American Express, Bank of America, BB&T, RBS National, Capital One, Citibank, Commerce Bank, Discover, Fifth Third Bank, FNB Omaha, GE, Washington Mutual, Wells Fargo HSBC, National City Bank, Navy Federal Credit Union, Nordstrom Bank, JPMorgan Chase, State Farm Bank, SunTrust Banks, Target, US Bancorp, USAA and Wachovia.
Although Barclays is a top 25 issuer, the researchers were unable to complete the interviews because of the absence of call centers. As a result, Barclays was removed from the list of surveyed issuers, with SunTrust Banks Inc. taking its place, according to Javelin.

Edit By: Todd R. Weiss

[Security News]Black Hat: NSA guru lauds security intelligence sharing

2007-08-02T21:05:00.000-07:00

Private and public concerns alike benefit from cooperation, says Tony Stager

August 02, 2007 - U.S. government initiatives aimed at fostering the sharing of security intelligence throughout the federal space are helping to establish the community atmosphere and best practices necessary to help those agencies -- and private enterprises -- improve their network and applications defenses, a National Security Agency leader told attendees of the Black Hat conference on Wednesday.
Stepping to the stage to deliver a keynote presentation at the annual hacker confab in Las Vegas, Tony Stager, chief of the Vulnerability Analysis and Operations Group at the NSA, said that data-sharing efforts led by his agency and others in the federal space are maturing rapidly.
Having served a little less than 30 years as a security expert at the NSA, Stager said that federal agencies are finally succeeding in their efforts to build standards for issues such as secure configuration of Microsoft's Windows operating systems, and that those guidelines are likewise being adopted by other security initiatives and moving into the public arena.
At the heart of the progress is the notion that government entities and private institutions cannot effectively tackle security problems on their own, a deduction that seems obvious, but one that has been hard to implement on a practical level, in particular among agencies such as the NSA and the Department of Defense, which closely guard all their IT policies.
"NSA has shifted the nature of its work over the last few years; the time has come when we are all living in this same chaotic network and need to come together to solve problems of this scale," Sager said.
"In the old days, the idea was that we could simply design away the risk, but this is a much more complex world today," he said. "We've gone from protecting [assets] to protecting not only data, but all the information around that and the infrastructure that supports it; it's a much more dynamic problem, and there's no way of escaping that this is a shared problem."
As part of its effort to help foster security data sharing, NSA has moved its focus from trying to build technologies aimed at solving major security issues to attempting to influence practices across the government space that can also be adopted by private-sector firms, he said.
A major element of the vision is pushing for standards that translate security intelligence into language that any organization can interpret, said Sager. He highlighted the Common Weakness Enumeration (CWE) project -- an effort aimed at creating a common language for identifying software vulnerabilities that is backed by the Department of Homeland Security and nonprofit Mitre -- as one example of the types of standards that are delivering on the NSA's goal.
"The time has come when folks in my business are thinking about how to transfer knowledge outwardly; we don't solve these problems one organization or one vulnerability at a time, so we're thinking of ways to leverage knowledge in light of the available economies of scale," Sager said. "We must be able to deliver expertise within the context of others' problems. In that way, this has become a business of influence [for the NSA]."
In a nod to the challenges of the past, Sager said that organizations such as the NSA traditionally developed their own practices for handling issues such as secure configuration of Windows, and that nearly every other government agency would do the same.
As government bodies finally began sharing their security information and establishing more unilateral best practices, the agencies realized that they could even drive technology vendors such as Microsoft to begin shipping their products in the state that the organizations demanded -- and that other organizations, such as private enterprises, could begin to adopt the same measures and benefit from the data as well.
Despite the progress that is being made, Sager said that the ongoing process of creating unilateral security frameworks such as the CWE and many other projects backed by Mitre - a quasi-governmental body -- remains a challenge.
Organizations are sharing information, but the underlying processes that support the efforts still need further refinement, he said.
"We can't just dump our inboxes on each other. It has to be about sharing all of our different outputs in the same language, and people still don't understand that in a lot of cases," said Sager. "But through a lot of these efforts, the understanding is growing, and people are getting onto the same page, which is crucial to improving security for everyone."
Other observers agreed that the process of creating standard security language and practices across the government and private sectors are moving forward quickly.
Robert Martin, head of Mitre's CVE (Common Vulnerability Exposures) compatibility effort and a contributor to the CWE initiative, said that momentum is building behind his organization's guidelines and helping many government and private entities to better understand and share their own practices.
"With all these different pieces that are coming together, we are standardizing the basic concepts of security themselves as well as methods for reviewing and improving computing and networking systems," said Martin. "I see a future where a tapestry of tools, procedures, and processes are built over time that recognize and address the common problems that exist among all these constituencies."
Martin said that Mitre's efforts to add new security policy frameworks will continue to improve as they mature and even more parties begin to contribute their intelligence to the initiatives.
Black Hat attendees seemed encouraged by the progress being made, at least in terms of getting all the necessary parties to come together and share their tools and processes.
This level of collaboration is what has been sorely lacking in the security community in the past, observed Ray Kaplan, an independent security consultant based out of St. Paul, Minn.
"At last there's a metaview of all these shared problems. Up until recently, it seemed that this process was a confusing morass where everyone had different tools and procedures," Kaplan said. "The complimentary nature of what is going on with NSA and other agencies, and with Mitre and private involvement, should help create the common infrastructure needed to address these issues."

Edit By: Matt Hines

[Virus Security]Black Hat: Estonia attacks an example of online rioting, says researcher

2007-08-02T20:59:00.000-07:00

There are lessons for companies that must deal with large-scale Web attacks

August 02, 2007 - LAS VEGAS - A series of online attacks that seriously disrupted Web sites belonging to several banking and government organizations in Estonia earlier this year may have been perpetrated by a loosely organized, politically motivated online mob, a security researcher suggested today at the Black Hat 2007 conference.
The attacks hold several lessons about how large-scale Internet attacks can unfold and the responses that may be needed to deal with them, said Gadi Evron, security evangelist for Israel-based Beyond Security. "The use of the Internet to create an online mob has proven itself and will likely receive more attention in the future," following the Estonia attacks, said Evron, who wrote a post-mortem report on the incident for the Estonian CERT.
The widely reported attacks in Estonia started in late April and crippled Web sites belonging to the Estonian government -- including that of the nation's prime minister as well as several banks and smaller sites run by schools. The online attacks are believed to have been triggered by the Estonian government's decision to relocate a Soviet-era war memorial in Tallin called the Bronze Soldier.
The decision sparked more than two days of rioting in Tallin by ethnic Russians as well as a siege of the Estonian embassy in Moscow. It also appears to have sparked an Internet riot aimed at the country's online infrastructure, Evron said.
Initial media reports suggested that the denial-of-service (DOS) attacks may have been organized by the Russian government in retaliation for Estonia's decision to move the statue. The reality, however, is that the attacks were carried on by an unknown number of Russian individuals with active support from security-savvy people in the Russian blogosphere. Evron said.
Many Russian language blogs offered simple and detailed instructions to their readers on how to overload Estonian Web sites using "ping" commands, for instance, Evron said. The bloggers also kept updating their advice as Estonian incident responders started defending against the initial attacks.
The attacks started with pings and quickly scaled up to more sophisticated attacks, including those enabled via botnets from outside Estonia. One attack was launched by a specially crafted botnet with targets hard-coded in their source, Evron said. Some bloggers attempted to collect money to hire botnets to launch attacks against targets in Estonia, Evron said.
The timing of the attacks, their scope and the sudden availability of botnets to aim at Estonian targets suggest that some level of organization was involved, Evron said. But there is no evidence to explain who was responsible.
Overall, none of the attack methods were new or sophisticated, Evron said. Neither were they particularly large as far as DOS attacks go, he said. But they were enough to seriously disrupt several services in what is a very Internet-dependent country. For instance, because bank sites were crippled, many citizens were unable to conduct ordinary transactions such as buying gas and groceries.
The attacks highlight several issues -- chief among them the importance of incident response, Evron said. When the attacks started, the Estonian responders first focused on the targets rather than sources. Filtering technology was used to throttle back on traffic aimed at target systems, which, at its peak, reached between 100 to 1,000 times the normal amount of traffic.
Quick decisions were made on which systems to protect first and all connections to those systems from outside the country were blocked. Efforts were also made to lure attackers to less critical systems and draw their attention way from the more important ones, Evron said.
The Estonian incident also showed how -- at least in that country's case -- "critical infrastructure" proved to be banking and private-sector companies, ISPs and media Web sites, not Estonia's transportation or energy sectors, Evron said.

Edit By: Jaikumar Vijayan

[PC Technology]Painless Backups to USB Drives

2007-08-02T00:54:00.000-07:00

Low-cost USB drives make it easier than ever to back up your data and take it with you.

USB thumb drives have declined in price recently, making now a great time to start using them for your daily backups. Unfortunately, not all USB drives support automatic backups.
Look for devices labeled 'USB Smart Drives'; these are enabled with U3 functions or with Lexar's PowerToGo, either of which offers a self-contained operating system that lets you access the files and programs on the drive from any USB-equipped PC, without leaving remnants of your session on the system when you remove the drive. Currently, 4GB U3 drives such as SanDisk's Cruzer cost about $55, and the Lexar 4GB JumpDrive Lightning costs from $70 to $100 online. Most of these drives come with trial or full versions of backup and syncing software, but you can download a free copy of SanDisk's CruzerSync for U3 follow the download instructions) or try Migo Software's $30 Migo Personal for U3 (free trial).
Each works the same way: You select the folders and files you want to backup by clicking the box next to the folder in the outline tree. Both CruzerSync and Migo back up and sync your Microsoft Outlook and Outlook Express messages and address books, so you can access them on any computer. The backup and restore apps create mirror copies on the USB drive. You can set any of these programs to back up and/or sync specified folders automatically when you insert the drive into a USB port. Some even do automatic backups at set times if the drive remains in the USB port.

Edit By: Michael S. Lasky

[PC Security]Warning: Laser Printers Could Be a Health Hazard

2007-08-02T00:40:00.000-07:00

Your laser printer could be spewing toner over your home or office, according to an Australian air quality researcher.

Some home and office laser printers pose serious health risks and may spew out as much particulate matter as a cigarette smoker inhales, an Australian air quality researcher said Tuesday.
The study, appeared today in the online edition of the American Chemical Society's Environmental Science & Technology (ES&T) journal, measured particulate output of 62 laser printers, including models from name brands such as Canon, Hewlett-Packard and Ricoh. Particle emissions, believed to be toner -- the finely-ground powder used to form images and characters on paper -- were measured in an open office floor plan, then ranked.
Specific printer results are listed in the published study.
What They Found
Lidia Morawska and colleagues at the Queensland University of Technology, classified 17 of the 62 printers, or 27 percent, as "high particle emitters"; one of the 17 pumped out particulates at a rate comparable with emissions from cigarette smoking, the study said.
Morawska called the emissions "a significant health threat" because of the particles' small size, which makes them easy to inhale and easily lodged in the deepest and smallest passageways of the lungs. The effects, she said, can range from simple irritation to much more serious illnesses, including cardiovascular problems or cancer. "Even very small concentrations can be related to health hazards," said Morawska. "Where the concentrations are significantly elevated means there is potentially a considerable hazard."
Two printers released medium levels of particulates, six issued low levels, and 37 -- or about 60 percent of those tested -- released no particles at all. HP, which is one of the world's leading printer sellers, dominated both the list of high-level emitting and non-emitting printers.
HP's Response
When contacted by PC World, the company issued this statement: "HP is currently reviewing the Queensland University of Technology research on particle emission characteristics of office printers. Vigorous tests under standardized operating conditions are an integral part of HP's research and development and its strict quality control procedures."
"As part of these quality controls, HP assesses its LaserJet printing systems, original HP print cartridges and papers for dust release and possible material emissions to ensure compliance with applicable international health and safety requirements."
More Study Results
The research also found that office particulate levels increased fivefold during work hours because of laser printers. Generally, more particles were emitted when the printer was using a new toner cartridge, and when printing graphics or photographs that require larger amounts of toner than, say, text.
Morawska recommended that people make sure rooms at work and home with laser printers are well ventilated.

Edit By: Gregg Keizer

[Security News]Seagate Wins NIST Certification for Encrypting Hard Drive

2007-08-02T00:31:00.000-07:00

The National Institute of Standards and Technology (NIST), the U.S. federal agency focused on promoting product innovation by establishing technical standards for government and business, has certified the Advanced Encryption Standard (AES) encryption chip built into Seagate’s Momentus 5400 FDE.2 disc drive.
The company stated Momentus 5400 FDE.2 is the world’s first laptop hard drive with native encryption to protect against unauthorized access to information stored on lost or stolen laptop computers.
With the certification, Seagate becomes the first hard drive maker to offer a disc drive with built-in encryption approved by NIST. AES, an encryption standard developed by the U.S. government and used worldwide, has an expected useful life of more than 50 years. The algorithm is integral to Momentus 5400 FDE.2, a 2.5-inch hard drive built with Seagate DriveTrust technology. DriveTrust is a security platform that combines automated hardware-based security with a programming foundation that makes it easy to add security-based software applications for organization-wide encryption key management, multi-factor user authentication and other capabilities that help lock down digital information at rest.
The Seagate Momentus 5400 FDE.2 (Full Disc Encryption) hard drive uses AES to encrypt all hard drive information transparently and automatically. The hard drive also gives organizations an easy, cost-effective way to repurpose or retire laptops without compromising sensitive information and to comply with the growing number of data privacy laws calling for the protection of consumer information using government-grade encryption.

Edit By: Horia Covaci

[Security News]Symantec to offer messaging, Web-filtering services

2007-07-31T23:55:00.000-07:00

It plans to release its first SaaS offering by the end of the year.

July 31, 2007 - Symantec Corp. will follow up the release of its Symantec Protection Network backup service with a range of new software-as-a-service (SaaS) offerings in 2008 and beyond, company executives said Monday.
The Cupertino, Calif.-based software vendor plans to release its first SaaS offering -- a backup service for small and midsize businesses called the Symantec Protection Network -- by year's end, said Greg Hughes, group president of global services, during a meeting with reporters. The backup service will allow Symantec's data centers to "take all the problems of backup and run it efficiently for small to medium-size businesses," he said.
After that, Symantec will introduce a variety of services to will give small businesses a way of doing things like filtering unsafe Web sites or e-mail messages, and even remotely accessing desktop PCs. "We're going to enter messaging, message hygiene [and] remote client operation," he said.
Symantec, like Google Inc. and Microsoft Corp., sees an opportunity to provide smaller companies with applications and IT services over the Web, Hughes said. "We see infrastructure as a big need for small-to-medium business," he said.
Google, in particular, may soon become a more important competitor following its acquisitions of security vendors Postini Inc. and Green Border Technologies Inc. and because of its rumored Gdrive backup service.
But with its sales channel relationships and years of experience doing business with small and midsize companies, Symantec feels that it can hold its own against the search juggernaut. "We really think when you look at Symantec, we have a number of advantages," said Hughes. "We're really trusted when it comes to protecting data."
Symantec CEO John Thompson said he is not particularly surprised by Google's entry into the security market, saying that the Postini acquisition was simply part of the "drive toward making Google apps more relevant to the enterprise buyer."
He added that he is not particularly concerned to have Google as a competitor. "I doubt that Google's intent is to be solely in the security business," he said.
As for Symantec's other SaaS competitors, Thompson seemed more worried about companies such as IBM or Oracle Corp. entering the space. "I don't think it's a foregone conclusion that Microsoft will be a player at all," he said.
"I think the market's going to get very frothy," Thompson added. "Microsoft can't be the only one who plays here."

Edit By: Robert McMillan

[Security News]Symantec's 'Dark Vision' mines carder sites

2007-07-31T23:47:00.000-07:00

A credit card number can be bought for as little as $6

July 31, 2007 - Researchers at Symantec Corp. have developed a system that mines underground Web sites and chat rooms for sensitive information that is being sold.Called Dark Vision, the system was first developed in mid-2006, and allows Symantec to "track the underground economy," said Oliver Friedrichs, director of emerging technologies with Symantec Security Response.Symantec hasn't decided yet when or if it will roll Dark Vision into its product line. "At this point, it's really an early prototype," Friedrichs said. "But we see a number of different opportunities, including the potential to warn consumers where we see their information being disclosed."Identity thieves meet with information-buying criminals on a variety of "carder" Web sites, and then meet up in chat rooms or on Internet Relay Chat (IRC) channels to buy and sell the data.A credit card number can be bought for as little as $6, Friedrichs said, but other information, such as Social Security numbers, addresses and telephone numbers, is also there for the taking. "You can actually buy a complete identity of someone for ... $14 to $18 on average," he said. "They're really dumping a variety of records."Dark Vision gives security researchers a graphical presentation of the data it has mined from these Web sites and IRC chats, showing exactly where the carder servers are located and what is being discussed.Because carders exchange the majority of their credit card information in secret -- and for a price -- Dark Vision captures only a small fraction of the data that has been stolen, generally recording only sample data that is posted in the forums to prove the seller is legitimate.In its first three months of testing, Dark Vision dug up about 800 stolen credit card numbers, Friedrichs said.Still, Friedrichs thinks the tool may be useful to credit card issuers or companies that are looking for early hints on the source of data breaches, and could be delivered as part of Symantec's global services organization.Symantec is not the first company to look into mining this type of information for profit. A small Malibu, Calif., company called CardCops Inc. has already gone into a similar line of business, trolling the Internet for compromised data and reporting it to merchants, authorities and consumers.Last year, the U.S. Department of Justice estimated that identity theft was affecting millions of households each year and costing about $6.4 billion in losses annually.

Edit By: Robert McMillan

[Network Technology]Import Your Contacts to Gmail

2007-07-31T05:44:00.000-07:00

Add Outlook, OE, and Windows Mail contacts to your Gmail address book in two steps.

Need to transfer contacts from your e-mail program into Gmail? Instead of retyping them, use the comma-separated values (CSV) format (which Gmail and just about every other e-mail program supports) to import them en masse as one file. In Outlook 2003 and 2007, select File, Import and Export, choose Export to a file, click Next, select Comma Separated Values (Windows) as your output format, and click Next again. The Export Wizard will then instruct you to choose a location for your CSV file.
To export contacts from Outlook Express, choose File, Export, Address Book, choose Text File (Comma Separated Values) as your output format, click the Export button, and save the file in a convenient place.
In Windows Mail (Vista's built-in e-mail program), select File, Export, Windows Contacts, choose CSV (Comma Separated Values), click the Export button, and choose a location to store the file in.
If you use Mozilla Thunderbird, open the address book, click Tools, Export, and select Comma Separated (*.csv) from the drop-down menu prior to choosing a folder to save the file in.
Next, import the .csv file into Gmail: Click the Contacts link on the left side of Gmail's main screen. The Contacts page lists your current Gmail contacts. Click Import at the top right, and then choose the Browse button in the Import Contacts dialog box. Navigate to and select the .csv file you just saved, choose Open, and click the Import Contacts button. Choose Close, and you'll see all of your contacts. If you're looking at your sublist of Frequently Mailed contacts, click the All Contacts link above your addresses to see the entire address book.

Edit By: Preston Gralla

[News]Sprint, Google to Offer WiMAX Mobile Internet Services

2007-07-29T23:36:00.000-07:00

Sprint and Google will bring WiMAX mobile Internet customers search, interactive communications and social networking tools though a new mobile portal.

The collaboration between Sprint and Google will help spur new mobility and location-assisted services as Sprint untethers Internet access for consumers, businesses and government customers.
Sprint is developing a nationwide advanced wireless broadband network that is being designed to mobilize the Internet, bring wireless innovation to devices and deliver new mobile multimedia applications to customers. The pact with Google is a milestone in Sprint’s mobile Internet strategy, and it builds upon current WiMAX ecosystem infrastructure and device agreements to establish an Internet destination for user-generated content and multimedia offerings.
“Google and Sprint will optimize the Internet experience for the digital lifestyle,” said Barry West, president, 4G Mobile Broadband for Sprint. “This collaboration brings what will be the best mobile Internet network together with the leading Internet search company. It allows us to capitalize on the powerful mobility and Internet trends, and create wireless services and applications that take advantage of each company’s history of product development innovation.”
Sprint network bandwidth, location detection and presence capabilities will be matched with Google’s communications suite - Google Apps - that combines the Gmail, Google Calendar and Google Talk services. Customers will be able to experience a new form of interactive communications, high speed Internet browsing, local and location-centric services, and multimedia services including music, video, TV and on-demand products.
Sprint will provide open standard APIs (application programming interfaces) to Sprint’s go-to-market partners and the Internet developer community to create customized products for browsable devices, facilitating the delivery of personalized and interactive services to consumer, business, public safety and government customers. These services will be available in a variety of WiMAX embedded devices, including connection cards, stand-alone modems, laptop computers and consumer electronic devices such as personal media players, mobile Internet devices, gaming devices and phones. Eventually, the WiMAX service will be available in vehicles for navigation information, news and entertainment.
Sprint plans WiMAX test service in the Chicago, Baltimore and Washington DC areas by year-end 2007. Commercial service is expected to be available in a number of markets starting April 2008 and cover 100 million people by year-end 2008 in conjunction with a planned partnership with Clearwire.

Edit By: Horia Covaci

[Security News]EU and US to Agree Satellite Networks Compatibility

2007-07-29T23:27:00.000-07:00

The United States and the European Union announced their agreement to jointly adopt and provide an improved design for their Global Navigation Satellite System (GNSS) signals. These will be implemented on the Galileo Open Service and the GPS IIIA new civil signal.

Building on the cooperative agreement on GPS and Galileo signed between the two parties in June 2004, a joint compatibility and interoperability working group overcame technical challenges to design interoperable optimized civil signals.
The resulting GPS L1C signal and Galileo L1F signal have been optimized to use a multiplexed binary offset carrier (MBOC) waveform. Future receivers using the MBOC signal should be able to track the GPS and/or Galileo signals with higher accuracy in challenging environments that include multipath, noise, and interference.
The agreement would allow GPS to be more precise, allowing it to locate an object to within 3.5 metres instead of 10 currently. Galileo, supposed to be operational in 2012, would be able to locate an object to within one metre.
Future civilian users will enjoy the benefits of multiple GNSS constellations providing greater signal availability and coverage around the world. Incorporating MBOC into both GPS and Galileo will enhance commercial opportunities for the development of new GNSS products and services. Manufacturers and product designers will have the benefit of adequate lead time to ensure products developed will meet the needs of users around the world.
EC Director General Matthias Ruete said, “Today’s announcement underscores Europe’s commitment to interoperability between Galileo and GPS and to managing the Galileo program in an innovative partnership with the United States. The international GNSS community, including the U.S., will have full and transparent access to information on how to access Galileo and GPS services. This should facilitate the rapid acceptance of Galileo in global markets side by side with GPS,” said Matthias Ruete, EC Director General.
U.S. State Department Principal Deputy Assistant Secretary Reno Harnish said, “We are pleased by the adoption of this key improvement to the common civil signal design. The U.S.-EU collaboration that produced this innovation and led to its joint adoption reflects the strong working relationships that we have developed on GPS and Galileo. This technical milestone represents the next step in our ongoing commitment to open standards and market-driven innovation that will benefit all users world wide. We look forward to continuing cooperation in our work with the European Union.”

Edit By: Horia Covaci

[Security News]Cisco to Acquire a Part of VMWare

2007-07-29T07:16:00.000-07:00

Cisco will purchase $150 million of VMware Class A common shares currently held by EMC Corporation, VMware’s parent company, subject to customary regulatory and other closing conditions including Hart-Scott-Rodino (HSR) review.

Upon closing of the investment, Cisco will own approximately 1.6 percent of VMware’s total outstanding common stock (less than one percent of the combined voting power of VMware’s outstanding common stock). VMware has agreed to consider the appointment of a Cisco executive to VMware’s board of directors at a future date.
Cisco’s purchase is intended to strengthen inter-company collaboration towards accelerating customer adoption of VMware virtualization products with Cisco networking infrastructure and the development of customer solutions that address the intersection of virtualization and networking technologies.
In addition, VMware and Cisco have entered into a routine and customary collaboration agreement that expresses their intent to expand cooperative efforts around joint development, marketing, customer and industry initiatives. Through improved coordination and integration of networking and virtualized infrastructure, the companies intend to foster solutions for enhanced datacenter optimization and extend the benefits of virtualization beyond the datacenter to remote offices and end-user desktops.

Edit By: Horia Covaci

[Security News]Database admin at Fidelity National stole more data than thought

2007-07-29T07:09:00.000-07:00

Information on as many as 8.5M consumers may have been exposed

July 26, 2007 - A senior database administrator at a subsidiary of Fidelity National Information Services who was responsible for defining and enforcing data access rights at the firm took data belonging to as many as 8.5 million consumers -- not 2.3 million, as originally disclosed by the company.
The new number was disclosed yesterday in filings by Fidelity National with the U.S. Securities and Exchange Commission (SEC). The company warned of the possibility that even more data may have been compromised in the breach. Jacksonville, Fla.-based Fidelity National, which is not connected with the more widely known mutual funds company Fidelity Investments, is a transaction processing and outsourcing services provider to the financial industry.
On July 3, Fidelity National disclosed that a database administrator, who is no longer with the company, had illegally downloaded and sold customer data to a data broker. The data broker, in turn, sold a subset of the data to other direct marketing companies. The stolen data included names, addresses, birth dates, and bank account and credit card information, the company said.
The database administrator worked for Certegy Check Services Inc., which provides a check-authorization service to help merchants decide whether to accept checks as payment for goods and service.
In its SEC filing, Fidelity National said that an investigation into the theft showed that 8.5 million records were stolen. Of that number, about 5.7 million records were checking account records and about 1.5 million records included credit card details. The remaining records contained only identifying information such as names, addresses, dates of birth and telephone numbers.
"This is an incremental increase of approximately 3.5 million checking account records and approximately 1.4 million credit card records over our announcement on July 3, 2007," Fidelity National said in its statement. Fidelity added that a portion of the stolen data was taken from the company's credit card issuance business.
Fidelity said it "continues to see no evidence of the stolen information being used for anything other than marketing purposes. Although the company does not anticipate significant liability to consumers or for financial fraud, there can be no assurance that this matter will not result in fines or other consequences that adversely impact the Company or its relationship with governing organizations, customers or regulators."

Edit By: Jaikumar Vijayan

[News]First American Corp. uses virtualization, quake technology to bolster business

2007-07-29T07:00:00.000-07:00

The Santa Ana, Calif., data center is built on 30 vulcanized rubber columns

July 26, 2007 - SANTA ANA, Calif. -- First American Corp. in Santa Ana, Calif., is relying on data center virtualization technologies to provide quick disaster recovery in the event of an earthquake.
The 22,000-square-foot data center, nearly two years old, is built on 30 columns with vulcanized rubber layers that work as seismic isolators designed to withstand an 8.5-magnitude earthquake. The isolators allow the entire structure to sway 24 inches in any direction horizontally, according to a company spokeswoman.
First American offered reporters a tour of its earthquake-hardened data center here yesterday, which will be matched soon by another near Dallas.
But even if the building were somehow destroyed, First American could depend on data center virtualization technologies to provide disaster recovery with the Dallas data center, officials said.
Virtualization for First American has resulted from a comprehensive $100 million IT upgrade first planned in 2004, which began with a data center consolidation and has led to voice-over-IP technology and other changes, said Evan Jafa, chief technology officer of First American. The company had $8.5 billion in revenues in 2006, and provides business information to mortgage bankers and consumers on a range of topics.
Jafa estimated that the $100 million spent for consolidation and related technologies will be paid off by 2008 because of greater efficiencies in server utilization, lower long-distance costs with the use of VoIP, and cost reductions in many other areas.
Distributed systems across 2,100 global offices and 75 business units were consolidated into the two data centers, meaning there are now 4,500 servers in both locations, he said. About 1,200 of those are virtualized, Jafa said, which means they can be used for a range of applications and functions, instead of being dedicated for one specific purpose, which was traditionally the case.
The data center being built outside of Dallas will replace one in the city of Dallas and will also be equipped with virtual servers. If either site went down, both would be backed up with generators and other safeguards, but data could be instantly shipped to virtualized servers.
The virtualization process also means First American can adapt processes faster. Jafa said most of the networking upgrades were provided by Cisco Systems Inc., which is holding its annual Networkers Conference in nearby Anaheim, Calif., this week.
He said server utilization rates of 10% to 25% can be raised to more than 50% with virtualization. As a result of the efficiencies, the company can begin to plan its data needs in the future according to average usage, not peak usage, because it could rely on an unused pool of virtual servers. In fact, Jafa said, First American would not rule out using a third party for added server capacity, as suggested by some grid computing advocates.
"We're really shooting for a utility [computing] model for our customers," he said.
Cisco announced a data center virtualization management product yesterday called VFrame Data Center, which Jafa said First American will look at carefully.
"Today, there's a major gap in managing virtualization environments," he said. But even if VFrame could help manage all the networking, storage and application provisioning functions in a data center, as proposed, companies using it must still get the IT workers in all disciplines to work together, he said.
"Are the storage guys OK with the networking guys setting up their servers?" he asked.
Rick McGouth, vice president of telecommunications services for First American, agreed that a cultural change is in store for any business working toward a virtual data center. "IT has to be like a business to break down the resistance," he said.
McGouth said the data center consolidation and adoption of VoIP technology have so far resulted in 8,000 VoIP phones being installed, while hundreds of T1 lines were replaced by broadband Ethernet connections, fully redundant and from redundant carriers.

Edit By:Matt Hamblen

[Network Security]Set a Hacker Alarm on Your Web Mail Box

2007-07-28T17:30:00.000-07:00

Use a clever trick and free tools to find out if someone has been snooping into your e-mail to steal information.

Your Web mail account is a treasure trove of private and potentially valuable information--and thieves know it. In an online interview, one phisher claimed to make thousands of dollars every day by breaking into people's E-mail accounts and searching for messages that contain financial details.
Normally you can't tell whether you've been hacked in this way. Even if you cannily leave a juicy-sounding e-mail unread, a thief or snoop may read it and then return its status to unread. But with a little bit of know-how, you can create an electronic trip wire that will trigger whenever someone reads a rigged e-mail.
I came across the idea, which takes advantage of a free Web hit counter, in a blog post by Jeremiah Grossman of WhiteHat Security. After I talked with him, we came up with a setup that's easier than the one he originally suggested.
The gist of it is to keep an e-mail message in your account that includes the code for the counter. Opening the attachment trips the counter, thereby alerting you that someone was snooping.
Here's how to set it up:
1. Head over to OneStatFree.com and register for a free Web counter account. You can list anything for the site URL, and use a disposable e-mail address to complete the registration process .
2. Look for an e-mail from OneStat sent to the address you used when you registered. It will come with an attached file named OneStatScript.txt. Save that file, and note your account number. Then delete the e-mail, which has your account details.
3. Give the .txt file a name that will catch a spy's eye, like "BankPasswords," and make it an .htm file so it opens automatically in a Web browser (and trips the counter).
4. Send the file as an e-mail attachment to the Web mail account that you want to monitor. Use a similarly baited subject line, like "Account log-ins," for the message. Just be sure not to open the file when you send it--you don't want to set off your own alarm.
5. Sit back and wait like the patient spy-catcher you are. If anyone opens your rigged attachment, the hit counter will reflect that fact and will record information about them, including the IP address of the accessing computer. To check the counter stats, just log back in to your account at OneStatFree.com.
Of course, the way to maximize your protection is to avoid keeping sensitive financial data in your Web mail in the first place. The excellent, free Stanford Password Hash browser add-on provides additional security by making it easy to use strong, unique passwords for all of your accounts.

Edit By:Erik Larkin

[Security News]Yahoo patches Widgets, fixes hijack bug on Windows

2007-07-28T17:27:00.000-07:00

July 27, 2007 - Security researchers today warned that Yahoo Widgets, a platform that runs small, Web-based, gadget-like applications on computer desktops, sports a critical flaw hackers can use to hijack Windows PCs.
A bug in an ActiveX control that ships with Yahoo Widgets can be exploited to create a buffer overflow and, after that, introduce rogue code to the compromised computer. The most likely attack scenario, said Yahoo, would find attackers feeding users' links to malicious Web sites.
Yahoo issued an update to Widgets' engine earlier this week, but it was just today that Danish vulnerability tracker Secunia, which reported the bug to Yahoo, announced the flaw. Secunia pegged the problem as "extremely critical," the second-highest threat rating in its five-step scoring system.
Users have reported, however, that although they have the Widgets' automatic update mechanism turned on, they've not received notice of the patch. Yahoo acknowledged this in a security advisory posted on the Widgets site. "Over the next several weeks, users worldwide will be prompted to update to a new version of Yahoo Widgets," the alert read.
Only the Windows version of Yahoo Widgets is at risk; the Mac OS X edition does not need to be updated.
Users can download Yahoo Widgets 4.0.5 rather than wait for the update notification, Yahoo said.
Yahoo Widgets, formerly known as Konfabulator before Yahoo's acquisition of the software in 2005, competes with Windows Vista's Sidebar and with the Mac OS X's Dashboard. The number of gadgets/widgets for each of those rivals, however, falls far short of the 4,000 or so available for Yahoo's engine.

Edit By:Gregg Keizer

[Virus Security]Ransomware Trojans likely work of single group

2007-07-28T17:23:00.000-07:00

Strong "family" resemblance between previously released malware and current version

July 27, 2007 - The two most prominent ransomware Trojans of recent times could be the work of the same or a closely-related Russian group, an analysis has suggested.
Last week, a new ransomware Trojan appeared on the radar of security researchers, and was quickly identified as a modified version of the GpCode malware that first hit the Internet as long ago as Spring 2005. As with its predecessors, the new Trojan, also named "Glamour," sets out to encrypt data files on any PC it infects, demanding a ransom of $300 in return for a key to unlock files.
Now an analysis from security research outfit Secure Science Corporation (SSC) has plotted the large number of similarities between the new GpCode and a version that appeared in 2006. Of the 168 functions identified in the code of the new variant, 63 were identical to the older 2006 version.
"The results indicate that these two Trojans, found in the wild nearly 6 months apart, originated from the same source tree. This could mean that the original authors are actively modifying the code themselves, or they sold/traded the source code to another group who is now in charge of the modifications," say the authors.
In other words, a single or allied group is cycling the same basic ransomware platform through a series of attacks, modifying it each time to evade detection for long enough to find victims. If true, that increases the likelihood of future attacks using the same code base.
The planned window of opportunity appears to have been a short one -- the compile date for the malware was July 5th and the deadline date mentioned it its threat message to victims states a payment deadline of July 15th.
SSC has also found frightening evidence of GPCode's effectiveness. "In the 8 months since November, we've recovered stolen data from 51 unique drop sites [...]. The 14.5 million records found within these files came from over 152,000 unique victims," says the report.
Fortunately, despite claiming to have encrypted files using RSA 4096-bit, the new version's apparent use of sophisticated encryption is a bluff. Unlike previous versions of GpCode, the new variant uses a much simpler but unnamed technique to create the appearance of having encrypted files, possibly just a long-strong passphrase. A number of companies have produced tools to reverse the work of the latest GpCode.
Ransomware Trojans have a fearsome reputation, but are still thankfully one of malware's rarer events. The long periods of silence could, indeed, be part of their design. Attacks have been recorded from early 2005, and several times in 2006.

Edit By:John E. Dunn

[Security News]RIM refutes security concerns over BlackBerry 8820

2007-07-28T17:17:00.000-07:00

July 27, 2007 - Research In Motion (RIM) shot back at criticism from industry analysts that Wi-Fi security concerns would mean limited enterprise use for its new dual-mode BlackBerry 8820.
RIM's 8820 model, released mid-July, offers Wi-Fi in addition to traditional cellular connectivity.
The company's director of product management for WLAN and VOIP, Kevin Oerton, said it should make no difference security-wise whether a user is accessing BlackBerry services from home, a hotspot or within the enterprise.
He said the BlackBerry Enterprise Server, a wireless platform which acts as the conduit through which all RIM enterprise services are delivered to mobile devices "offers security from the device all the way into the BlackBerry Enterprise Server."
In addition, Oerton said the company employs 256-bit AES encryption so transmission and data can't be read.
Upon the product release, analysts raised security concerns around the use of Wi-Fi for business, saying Wi-Fi security fears reduced this channel to harmless Web surfing, albeit at a higher throughput.
Jon Arnold, principal of Toronto, Ont.-based J. Arnold & Associates, acknowledged the security fears that enterprises would have with public, unlicensed spectrums, like Wi-Fi hotspots. "There's more vulnerability there," he said.
Companies likely wouldn't encourage employees to conduct business transactions on e-mail accessed via Wi-Fi, he said. "I don't think you're going to be doing your really sensitive secret stuff over Wi-Fi."
Another analyst, expressed concern that the growing number of mobile devices made data leakage easier should devices get lost or stolen. "There will be more things sitting on this device, what happens when it gets stolen?" asked Roberta Fox, senior partner with Mount Albert, Ont.-based Fox Group Telecom Consulting.
This increasing dependence on mobile devices to conduct business, she said, would likely mean secure-sensitive corporations, in particular, would likely not embrace the Wi-Fi functionality.
Companies should enforce policies around device usage for business, whether cellular or Wi-Fi, Fox suggested.
Oerton acknowledged "historical speed bumps" in Wi-Fi security upon which enterprises may be basing their concerns, but believes enterprises now feel very comfortable with the level of security enabled by various technologies out there.
In addition, he said, end users most often don't secure their Wi-Fi access points, which is what leads to problems. "That's why it's critical for the device all the way through to the BlackBerry Enterprise Server to provide triple AES encryption independent of whether the users set up Wi-Fi security at home."
To ease persistent security concerns, he recommends enterprise customers deploy a virtual private network (VPN) -- often used by organizations for remote access -- in tandem with Wi-Fi rollouts.
Although 8820 was designed for the enterprise, Oerton expects adoption to be highest among those industry verticals already known for ubiquitous Wi-Fi use, like health-care, retail, manufacturing and hospitality. "All of these have a need to bring the benefits of IT to a highly mobile workforce," he said.
However, he's not excluding an eventual wider adoption: "Benefits of 8820 should bring additional enterprise and industry verticals to the table because of the new benefits that are being made available through Wi-Fi."
Earlier Wi-Fi rollouts that initially focused solely on access in conference rooms and visitor lounges is now becoming more ubiquitous across the organizations, said Oerton.

Edit By:Kathleen Lau

[Network Security]IM attacks up nearly 80 percent, Akonix says -- and P2P is worse

2007-07-28T17:13:00.000-07:00

Loose lips sink ships, and flying fingers scuttle computers

July 28, 2007 - Malicious code attacks over instant messaging networks are up almost 80 percent over last year, according to a new study from vendor Akonix.
In July, the company, which develops IM hygiene and compliance appliances and services, said it uncovered 20 malicious code attacks over IM in July. The total number of threats for 2007 so far is 226, the company said. That number is a 78 percent increase over the last year.
The company also said attacks on peer-to-peer networks, such as Kazaa and eDonkey, increased 357 percent in July 2007 over July 2006, with 32 attacks.
That report comes on the heels of a report by peer-to-peer network monitoring vendor Tiversa, which found contractors and U.S. government employees are sharing hundreds of secret documents on peer-to-peer networks.
In many cases, those users were overriding the default security settings on their peer-to-peer software to do so, according to Tiversa. Robert Boback, Tiversa's CEO, and retired U.S. Army General Wesley Clark, a Tiversa board member, testified earlier this week before the House of Representatives Oversight and Government Reform Committee.
The IM attacks where tracked by the Akonix IM Security Center, which is a collaborative effort between Akonix, its customers and other security and messaging vendors.
The code used in the attacks was either brand new malware or a variant of earlier code detected by the IM Security Center.
The new worms included Exploit-YIMCAM, Hupigon-SJ, InsideChatSpy, SpyPal, StealthChatMon, Svich and YahooSpyMon.
Akonix officials also said the attacks are moving beyond the nuisance stage and getting more malicious.
"Beginning at the end of last year we started seeing multi stage attacks where IM will deliver a URL and when a person clicks on it they get code loaded that will pull down other code," says Don Montgomery, vice president of marketing at Akonix.
Montgomery says the IM Security Center also is seeing two stage attacks with the second stage being the downloading of a Trojan that waits for users to log into specific banking sites to activate a key-logging program.
In addition, there are multi-vector attacks where a malicious URL may be delivered by IM but propagated using e-mail or come in via e-mail and go out over IM. And attacks, focused on consumer services AOL, MSN and Yahoo, are beginning to span networks.

Edit By:John Fontana

[Security News]Google plans YouTube antipiracy tool for September

2007-07-28T17:07:00.000-07:00

Tool to be "very much compliant" with controversial DCMA takedown clauses

July 28, 2007 (IDG News Service) -- Google Inc. aims to deliver in September a long-awaited and much-promised technology to combat piracy in its YouTube video sharing site.
During a hearing Friday in the copyright-infringement lawsuit that Viacom Inc. filed against Google, a Google attorney told the judge Google was working "very intensely" on a video recognition technology, the Associated Press (AP) reported.
The technology will be as sophisticated as fingerprint technology used by the FBI and Google plans to roll it out in the fall, "hopefully in September," attorney Philip S. Beck of Barlit Beck Herman Palenchar & Scott LLP told U.S. District Judge Louis L. Stanton, according to the AP. Fall runs from late September to late December.
Viacom sued Google in March in the U.S. District Court for the Southern District of New York, alleging copyright infringement from YouTube and seeking $1 billion in damages.
The video recognition technology will allow copyright owners to provide a digital fingerprint that within a minute or two will trigger a block from YouTube whenever someone tries to upload a copyright video without permission, the AP reported.
However, contacted by IDG News Service, a YouTube spokesman put some caveats around the attorney's stated timeline for implementing the technology.
"We hope to have the testing completed and technology available by some time in the fall, but this is one of the most technologically complicated tasks that we have ever undertaken, and as always with cutting-edge technologies, it's difficult to forecast specific launch dates," he wrote.
Google is collaborating with "some of the major media companies" in experiments with video-identification tools and is "excited" about the progress so far, the YouTube spokesman wrote.
Google officials have acknowledged that the company is working on a system to deal with copyright videos uploaded to YouTube without permission, a nagging problem that has earned Google many enemies among TV and movie companies.
In April of this year, during Google's first-quarter earnings conference call, CEO Eric Schmidt said the system in development wasn't being designed to filter out and block pirated videos.
Instead, he said Google's upcoming "Claim your Content" tool would help to "somewhat automate" the process through which content owners flag illegally copied videos so Google can take them down from the site, he said.
"It's not a filtering system. The technology doesn't block uploads," Schmidt said in April. "It makes it much more effective and quicker to get us to remove inappropriately uploaded content. It's very much compliant with the DMCA."
It's not clear whether Google changed the design of the tool at some point after Schmidt made those comments, since the attorney's description on Friday seems to indicate that the system would indeed block offending videos automatically without content owners notifying Google. The YouTube spokesman didn't immediately respond to a request for clarification of this point.
Friday's hearing was a procedural one intended to set the schedule for the case, such as when the discovery period will begin and end and when the actual trial will begin, Viacom spokesman Jeremy Zweig told IDG News Service.
The comment from Google's attorney came at the start of the hearing, when the judge gave attorneys on both sides a few minutes to present a short outline of what the case is about, to set the stage and put things in context, Zweig said.
The scheduling wasn't completed, so another conference was set for Aug. 6, although that hearing could be canceled if the companies resolve the scheduling issues and notify the judge of their agreements, he said.
Google acquired YouTube in November of last year in a $1.65 billion deal.

Edit By:Juan Carlos Perez

[Security Related]Your boss is spying on you right now. What can you do about it?

2007-07-23T06:33:00.000-07:00

Workplaces increasingly track your digital footprints as you go about your normal computing workday life. Here's how to fight back.

From the moment you walk into work until the moment you leave, your boss or his minions may be spying on you.
Computerworld has noted before that surveillance cameras are becoming more common in the workplace ("Big Brother is watching you ... and he's a computer"). But what we are talking about here is the more insidious tracking of your digital footprints as you go about your computing workday. When you start thinking about all the ways that you can be digitally tracked, it can make even the least paranoid person sit up and take notice.
By now, most of us know that our Web browsing histories are stored on our own PCs, which comes in handy when we want to track down a cheating spouse or errant teenager, but is less useful when we are looking at, shall we say, recreational sites at the workplace. Granted, this history can be easily erased if someone knows the right command. But when you are connected to a corporate network, this information can easily be recorded by any number of network packet-capturing and forensic products that are typical these days (see the list at the bottom of this article).
There is even one product, called Locate from eTelemetry Inc., that will cross-correlate your IP address, network log-in name, machine location and other data, making it easier to track you down when you do something that you shouldn't be doing. (See the review here.)
The same is true for how easy it is to view most of your e-mail and instant messaging conversations. There are products from Symantec Corp. and others that can be used to audit these conversations and record everything that is transmitted across the enterprise network (see the list below). Because most of these conversations occur with plain text, they are very easy to record using these tools. The one exception has to do with encrypted messages, and we'll get to that in a moment under defensive measures. The old saying goes, "Don't put anything in e-mail that you wouldn't write on a postcard." E-mail is that public and that easy to track.
And if you have a business cell phone, chances are someone in your telecommunications department is reading your monthly call list and looking at your calls, too. Some of the cellular carriers can provide near-real-time calling data via their billing Web sites, so the watchers don't even have to wait for the printed bills.
If you have been issued an electronic corporate ID card that you use to gain entry to your building, your entries and possibly exits are being recorded somewhere for posterity. And finally, there are those security cameras to capture your image on videotape.
E-mail and IM defensive measures
So how can you defend yourself? There are several different types of tools available. First, at the most basic level, you can encrypt your e-mails and IMs with products such as PGP Desktop that are free or low-cost and can be installed with a minimum of bother. The one drawback is that your correspondents have to use the same product to encrypt their messages back to you. One nicety about PGP is that it can automatically encrypt all AOL Instant Messenger sessions, provided your correspondents are using it too.
Encryption can hide the text of your e-mail messages, but in some cases not necessarily the names of the participants, depending on how your correspondents have set up their software.
PGP Desktop runs on Windows, Linux and Mac OS X and comes in several versions and support packages. Most cost less than $100. There are also free chat software alternatives such as X-IM.net, PSST (which also does voice chats) and a free version of PGP, too. There is also the free Hushmail Communications Corp. service that hosts encrypted e-mail accounts and just needs a Web browser to operate.
Another chat alternative that automatically encrypts all sessions is that of Skype Ltd. There are two potential drawbacks to its use. First, many corporate IT shops have tried to block Skype for various reasons, so it may raise more red flags if you start using it for your communications.
Second, Skype can be set up to automatically record all chat sessions to your local drive: I had to fire one employee a few years ago, and he didn't realize that all of his sessions were nicely recorded on his machine that he returned to the company -- something to keep in mind. (The default settings on other IM chat clients is usually not to record all sessions, but it is worth taking a quick look to make sure.)
Web defensive measures
Probably the best advice is to stick to work-related Web browsing when you are at the office, but the Web is often too tempting, especially when those e-mails and IMs from colleagues arrive daily with "check this site out." There are a number of tools that you can use if you wish for your Web surfing to remain anonymous. The easiest way is to connect to one of any number of anonymous proxy servers, such as TheFreeCountry.com, that will hide your origins. There are also products from Anonymizer Inc. called Total Net Shield and Anonymous Surfing, which cost $100 and $30 per year, respectively, and can further hide your identity.
Any of these products won't get around the general packet-capturing programs that will record your originating IP address, but at least you won't be leaving any digital tracks on the sites themselves. The downside here is that some corporate IT departments specifically block access to these proxies or don't allow you to change from the corporate proxy server, so this might be a moot point anyway.
Protected desktop
Another solution is to use a "protected desktop" tool. For extreme measures, you could make use of Microsoft Virtual PC or something similar, but a much better and less expensive solution is from Mojopac.com. This is a product that is geared mainly towards people who use lots of Internet cafes or other public computers and want to protect themselves from infection or just carry all their standard tools with them in one easy place. Mojopac installs software to any USB thumb drive and will automatically launch a protected, virtual session from the drive. Once you are inside this session, you don't have access to your host's PC resources, but you don't leave any trace of your activities on it, either. You can install Mojopac on a variety of USB devices, including all iPods (other than the Shuffle). It costs $50 for a single installation.
As you can see, a few ounces of prevention may be worth the agony of detection. And while there isn't a single tool that can do everything, it is worth keeping in mind what activities can be detected for your own sanity.

[PC Technology]The Fast Track to Your Favorite Files and Folders

2007-07-23T06:28:00.000-07:00

Use Windows' Places Bar, My Recent Documents, or the 'File-name' dropdown menu to speed up your access to the file or folder you want.

There you are, rummaging in an 'Open' or 'Save As' dialog box, navigating furiously through a maze of files and folders in search of the one you need. Isn't there a better way? Glad you asked. These tips will get you where you're going faster.
Places Bar: Array the two or three folders that you access most often on the Places Bar on the left side of the dialog box. Lincoln Spector describes how at "Keep Your Secrets: A Safe, Easy Way to Encrypt Files." (Windows' Places Bar is separate from the Places Bar in Office apps, so changes to one won't affect the other.)
Another option: Put shortcuts to the folders and documents you frequently use in a separate folder, and then add a shortcut to this folder o' shortcuts on the Places Bar. You'll have to click at least once more to select the one you want, but it's still faster than digging through layers of folders.
In Vista, the Places Bar is called Favorite Links and is located both in Explorer and in most file dialog boxes (applications not designed for Vista being a notable exception). To customize this list, locate the folder you want in the Folders pane (below Favorite Links) on the left, or select a folder or file in the main file window in the center of the dialog box; then drag the item into Favorite Links until a line appears between two existing items (see ). Release the mouse button to create the new shortcut. For a bigger view, click the down arrow next to Folders to collapse the pane. Drag and drop to rearrange items. To eliminate or rename a link, right-click it and choose Remove Link or Rename Link (or simply Rename). Some links (including Desktop and Computer) aren't removable, but you can customize links in the file list by clicking Links in the Folders tree that appears below Favorite Links.
My Recent Documents: Most file dialog boxes have a History (Windows 2000), My Recent Documents (XP), or Recent Places (Vista) shortcut in the Places Bar. Click it to see a list of recently accessed files and folders. In Windows 2000 and XP, you can filter the types of files in this list via the 'Files of type' drop-down menu at the bottom. In Vista, you can remove the current batch of shortcuts in Recent Places by right-clicking the icon and choosing Clear Recent Items List.
'File name' drop-down: A shorter list of recently used files lies in the 'File name' drop-down menu near the bottom of the dialog box. Click the arrow to the right to see the path of recently accessed files. To filter this list by file type, select the type from the 'Files of type' drop-down list (2000 and XP) or from the pop-up menu located to the right of the 'File name' box (Vista).
To open a recently used folder rather than a file, in Windows 2000 and XP, use the 'File name' drop-down menu to select a file located in the folder you need, press the right arrow key once to deselect the text in the 'File name' box, and press as many times as necessary to delete the file name, leaving only the path. Finally, press . The file list above switches to the desired folder. In Vista, the drop-down list at the top of Explorer and most file dialog boxes displays the full path to recently used folders and Web addresses. To return to one of those locations, just select the desired path and away you go.
Vista lets you press the key, type a few letters until a match to your application of choice appears, and then press for a quick launch. If you aren't yet ready to move to Vista (or if you use Vista's Classic Start menu), try Launchy, a free, open-source tool from Josh Karlin. Press - (or another hot-key combination of your choice) to pop open a command-line window; type a few letters, and Launchy anticipates your target file, displaying it (and other alternatives). When the file that you want appears in the window, press . Launchy enables you to customize the directories it searches and the file types it shows, so you can use it to open picture or music files as well as to run applications.

Edit By: Scott Dunn

[Security Discussion]Is IT losing the battle against DNS attacks?

2007-07-21T04:44:00.000-07:00

C-level execs have rosier view of the problem than folks in the field

Few things can strike fear into the heart of the IT department like an attack on a company's Domain Name System servers. That may explain why companies are spending so much time to deploy myriad, complex security measures to keep their DNS protected from attackers.
A study released Wednesday of 465 IT and business professionals says despite the Sisyphean efforts, many companies remain vulnerable. More than half the respondents reported having fallen victim to some form of malware attack. More than one-third had been hit by a denial-of-service (DoS) attack, and more than 44% had experienced a pharming or cache-poisoning attack. External and internal DNS servers were equally vulnerable: Both types succumbed to attacks with roughly the same frequency, according to the study by Mazerov Research and Consulting.
A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites, and in some cases even could cause havoc with directory services and e-mail, said Paul Mockapetris, the father of the DNS technology, in a Network World story earlier this year. "Once you control the DNS server, you have license to do phishing and pharming attacks and mislead all the users of that DNS server," said Mockapetris, who in 1983 proposed the DNS architecture and is acknowledged, along with the late Jon Postel, as the technology's inventor.
According to the Mazerov study, DoS attacks are prevalent among the respondents, with only 16% never having experienced one, although more than 10% said they often or frequently receive DoS attacks to their network. What also is interesting is that, while a total of 59% of respondents rarely or never experience DoS attacks, a surprisingly high 41% experience them. The study found that the top forms of DNS attack are malware (worms, viruses, Trojans and so forth), 68%; denial of service, 48%; cache poisoning, 36%; and pharming, 23%.
The patching game seems to be the method of choice for protecting DNS. Three-quarters of all respondents devote valuable resources to patching their operating systems continuously. Others reported having to harden operating systems; invest in dedicated firewalls; and add DNS appliances, DoS mitigation services and other network security devices. On average, respondents typically used at least 3.5 overlapping methods simultaneously to shore up their DNS security.
The study also looked at how long respondents' companies could weather DNS being taken offline before significant problems occurred, IT personnel were more sensitive to the issue than those occupying C-suites. According to the study, C-level executives estimated they could withstand losing Internet connectivity for slightly more than two hours (126 minutes), whereas IT managers estimated significant problems would arise after 105 minutes. Other IT personnel -- who may be most directly responsible for maintaining Internet uptime -- estimated an even shorter time frame -- an average of 72 minutes.
Respondents also were asked to assess what the probable impact would be on the health of their company if they were to experience a loss of Internet connectivity for a significant period of time. Maybe most alarming was that 12% of participants claimed they would be extremely or somewhat likely to go out of business completely, the study said.

Edit By: Michael Cooney

[Security News]Mac worm author receives death threats

2007-07-21T04:40:00.000-07:00

Fracas over anonymous researcher, Mac malware gets personal (and psychotic)

The beef over news of a worm targeting Macs took an even stranger turn Wednesday as death threats were allegedly posted to the blog of the unidentified the researcher who claimed to have created the malware, and the blog was then reportedly hacked.
In return, the researcher leveled charges at a security expert known for taking on Apple Inc.
The hubbub started earlier this week, when a researcher responsible for the Information Security Sell Out (InfoSec) blog announced a proof-of-concept worm that exploited a Mac OS X vulnerability that Apple Inc. missed in a May round of patches. The vulnerability exploited by the worm was in mDNSResponder, a component of Apple's Bonjour automatic network configuring service, InfoSec said then.
Criticism from Mac users and other security researchers was almost immediate, with the former focusing on crude insults and the latter concentrating on InfoSec's refusal to identify himself or herself, or prove that the worm existed.
The latter group questioned InfoSec's motives and the veracity of his or her claims. "Let's see this worm deliver a destructive payload in the wild and then we can talk again," said a user identified as Ted Wood. "Until then, you're just hot air."
"If you are a legitimate researcher, you have an obligation to publish your findings so they can be tested," said Stephen, another user on the same comment list. "Any good researcher would do this."
According to InfoSec, some of the comments left earlier included death threats. In a posting -- which has since been deleted (more on that below) -- from Tuesday, InfoSec listed comments he refused to allow to be posted to the blog. Among them:
"You are lucky you are anonymous or I would put a bullet in your head for this!" -- Anonymous
"Nice try with the FUD [fear, uncertainty and doubt]. You are full of **** there is no such thing as an Apple Worm." -- Jeff
"I dare you to demonstrate this at Defcon you ***** Microsoftie. We will drag you out, put a bullet in you, and bury your body so deep it will take a nuclear blast to find your body." -- Anonymous
Tuesday night, the InfoSec blog's title changed to "Security Information..." and all former postings, which began in January, had been deleted.
When asked via e-mail today to explain the changes, InfoSec answered: "Blog was hijacked somehow. Also the blog stating I am associated with PHC on another Blog is false and a myth created by Dave Maynor who is involved in the hijacking of the Blog."
InfoSec was likely referring to a posting on a blog dubbed "Security Ripcord" at a site run by a Texas-based security consultancy called Cutaway. In a long entry posted this morning, Don Weber, a.k.a. Cutaway, said an informant had told him that that InfoSec is actually "LMH," a researcher best known for having co-authored January's Month of Apple Bugs (MoAB) campaign. The source also claimed, said Weber, that LMH was part of a group that calls itself Phrack High Council, or PHC, a self-described group of black-hat hackers.
No way, said InfoSec.
"The claim that we are LMH or MoAB or PHC are all wrong," InfoSec wrote in a second e-mail today. "These came from Maynor assuming that we are all one and the same because we have all attacked his creditability."
Dave Maynor, a researcher who last year was involved in a very public spat with Apple Inc. over a wireless hack demonstration he and a colleague gave at the Black Hat security conference, refused to be drawn into the argument with InfoSec. "I am not even going to comment on that stupidity," Maynor wrote in an e-mail responding to an offer to rebut or comment on InfoSec's allegations.
Prior to this, Maynor was most recently in the news as one of several researchers who found vulnerabilities in the Windows beta of Apple's Safari 3.0 within hours of the browser's release.
Kevin Finisterre, who partnered with LMH for MoAB, said he doubted that InfoSec and LMH were one and the same. "From what I am aware of it's not the same guy," Finisterre said in an e-mail.
"I can certainly say that the underground is always abuzz about mDNS bugs," Finisterre added. "If you have ever looked at the source code you would see it is clearly a large target surface. mDNS is a nasty beast."
Apple has been largely forgotten in the heated back-and-forth between InfoSec on one side and Mac users and other researchers on the other. The only response Apple has offered on the issue, and the alleged unpatched vulnerability, was made by spokesman Anuj Nayar on Tuesday. "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users," he said.

Edit By: Gregg Keizer

[Security News]FBI planted spyware on teen's PC to trace bomb threats

2007-07-21T04:32:00.000-07:00

The FBI planted spyware on the computer used by a Washington state teenager to finger him as the person behind a rash of bomb threats e-mailed to his high school, court documents revealed this week.
The 15-year-old, a former student at Timberline High School in Lacey, Wash., pleaded guilty Monday to making the bomb threats, as well as to identity theft charges, according to The Olympian. He was sentenced to 90 days in juvenile detention and must pay the school district $8,852 to cover expenses. The first e-mailed bomb threat was sent June 4.
In several of the messages, the student taunted school authorities and police for their inability to trace the e-mails to him. "Seeing as how you're too stupid to trace the e-mail back lets get serious," an e-mail on June 5 said, according to an unsealed search warrant application filed with a Seattle federal court in mid-June. "Stop pretending to be 'tracing it' because I already told you it's coming from Italy. That is where trace will stop, so just stop trying."
Within days, however, the FBI had obtained a warrant that allowed the agency to infect the student's computer with a program it called a Computer & Internet Protocol Address Verifier (CIPAV). "If a warrant is approved, a communication will be sent to the computer being used to administer [the MySpace] user account 'Timberlinebombinfo,'" said FBI Special Agent Norman Sanders in the June 12 filing.
The CIPAV, said Sanders, would "cause any computer -- wherever located -- to send network-level messages containing the activating computer's IP address and/or MAC address, other environmental variables and certain registry-type information to a computer controlled by the FBI."
"I'd call that spyware," said Roger Thompson, CTO at Exploit Prevention Labs. "Or it's pretty darn close."
The warrant did not spell out whether the CIPAV could, for instance, capture keystrokes or inject other code into the compromised system, as do commonplace Trojan downloaders. "The exact nature of [the CIPAV's] commands, processes, capabilities and their configuration is classified as a law enforcement sensitive investigative technique," said the warrant applications.
Sanders, however, did say that after making its initial data harvest, the CIPAV would shift into a silent "pen register" mode in which it only recorded the IP addresses, dates and times of each communication. The contents of those communications -- such as e-mail messages -- would not be captured and passed to the FBI, the affidavit said.
It was also unclear exactly how Sanders expected to get the CIPAV onto the suspect's computer, although the warrant application hinted that it would be delivered through MySpace's own messaging service. "The CIPAV will be deployed through an electronic messaging program from an account controlled by the FBI," the warrant application read. "The electronic message deploying the CIPAV will only be directed to the administrator(s) of the 'Timberlinebombinfo' account [on MySpace]."
The FBI may have used an exploit -- one already in circulation or one of its own -- to plant the CIPAV on the student's machine, said Thompson. Or it might have just gone the simple route, and counted on the suspect's curiosity to get him to launch an attached file or click on a link to a malicious site.
Even if his computer had security software installed and active, the CIPAV could have gotten through, Thompson argued. "In order to evade antivirus, all you've got to do is use a new version of [a piece of malware]. The bad guys do it all the time."
It's also possible, speculated Thompson, that the FBI asked security vendors to whitelist their CIPAV to let it through any defenses. "They've always talked about things like this, whether it was Magic Lantern or Carnivore. But the last time I saw anything from [the FBI] was three, four years ago, and it was pretty rudimentary stuff."
Magic Lantern was the name given to a 2001 FBI effort to develop a keystroke and encryption keylogger. Carnivore, meanwhile, is the label for e-mail tapping software from the same time frame.
When asked if he would agree to whitelist CIPAV, or had in the past when he was with PestPatrol, an antispyware developer acquired in 2004 by CA, Thompson said: "I don't know. We never had to face that decision, because we were never asked."

Edit By: Gregg Keizer, Computerworld

[Network Security]Hackers Use Brazilian Tragedy to Push Malware

2007-07-20T08:14:00.000-07:00

Spam exploiting the deadly airplane crash in Sao Paulo lures readers to a malicious Web site.

Hackers haven't wasted any time exploiting the airplane crash in Sao Paulo, Brazil that claimed nearly 190 deaths Tuesday, a U.S. security company said Wednesday.
An e-mail campaign is using the tragedy to lure readers to a malicious Web site, reported Websense Inc. inan alert. According to Websense, the e-mail, written in Portuguese, includes details of the TAM airlines flight that crashed after trying to land at the notoriously dangerous Congonhas Airport, which is located in the middle of Sao Paulo.
"As soon as their names are confirmed, we'll notify the families before any further information becomes public, as determined by existing law," the message read, as translated by Websense. "We remind you that TAM has started its Victims and Family Assistance Program and provided a collect number 0800-117900, designed to provide information to families and crew members from this flight."
The site linked to in the e-mail, which is hosted in South Korea, has hosted malicious Brazilian code in the past, Websense said.
"If users click on the link, they are prompted to run some code. The code, when launched, is a Trojan downloader that connects to another site to download and install an information-stealing Trojan horse," warned Websense.
TAM has already released a list of the passengers and crew on the flight, as well as seven company workers it said were killed on the ground. The airline said today that 186 people were aboard the Airbus 320, reported CNN. As of mid-day today, however, police said that only eight of the 158 bodies recovered had been identified.
Cybercriminals don't hesitate to take advantage of disasters large and small to dupe users into visiting sites or opening attachments. Major spikes in spam, phishing attacks, and malware infections, for example, quickly followed such events as the December 2004 tsunami in Southeast Asia and the August 2005 landfall of Hurricane Katrina in the U.S.

Edit By: Gregg Keizer, Computerworld

[Network Security]Next Menace: PDF Spam

2007-07-20T08:03:00.000-07:00

As image spam declines, a new type of pest takes its place.

Security vendors and users agree that image spam is finally on the decline, but at the same time a new kind of spam is emerging that uses an attached PDF file to trick recipients into buying stock in a company.
Image spam, which has plagued antispam filters for the past year, is finally on the decline as e-mail security vendors have tweaked their products to block it, says Paul Henry, vice president of technology evangelism with Secure Computing. Image spam has long fooled filters because the message's text is embedded in an image found in an e-mail's body, and filters until recently couldn't decipher images. At the beginning of July it comprised about 38 percent of all spam and is now down to about half that volume, says Henry.
Stats from Symantec also show the volume of image spam, which the company says began to decline in May, has continued to shrink from its all-time high of 52 percent of all spam sent in January.
"Image spam does seem to be decreasing ... Antispam software, RBLs [real-time black lists] and other filtering techniques have done a good job at decreasing the previous spammers' attempts; it is now time for them to find a new avenue to annoy us," says Jim DeSantis, enterprise messaging architect with Abhir Technical Consulting.
Beginning to take image spam's place is PDF spam, where the spammer sends an e-mail message with a PDF attached -- which most spam filters can't read -- that attempts to convince the recipient to purchase stocks. So far security vendors are reporting two types; a professional-looking PDF of a newsletter pumping a German company's stock that security company IronPort says was sent more than 5 billion times in its first few days, and a more rudimentary PDF attachment containing text that pumped a stock which Symantec says was sent to more than 30 million users over a 10-day period in late June.
So far, PDF spam isn't approaching the volumes that image spam has enjoyed -- Secure Computing's Henry says in early July it accounted for about 4 percent of all spam sent -- yet this new spam trick could prove to be significantly more malicious. Henry says proof-of-concept code exists that demonstrates security vulnerabilities in PDF files, which means PDF spam could carry malware that is secretly downloaded on the recipient's PC. Image spam was only dangerous to those recipients who bought the stock that messages were touting and likely lost money on it.
"I haven't seen any malware yet in PDF spam ...but I'm keeping my eye on it," Henry says.
PDF spam does hold some potential for spammers who are advanced enough to take advantage of the technology, some say.
"Simply attaching a PDF to an e-mail and randomizing the size and name of the title, to me, does not seem all that impressive, but it seems to be working," says Kyle Ohme, director of technology with W3i.com, an interactive marketing services provider.
"I'm interested to see how far this will go, as some may start to use some of the more advanced functions of Adobe to place beacons and other tracking mechanisms that have become limited in the past years," Ohme says.
Malware-laden or not, PDF spam is an example of how spammers will continue to innovate in order to get their messages across.
"The battle between spammers and spam-filter vendors will always be a game of cat and mouse. The tools are definitely getting smarter ... the better the tools the more creative spammers will be," says Sharon Finney, information security administrator with Dekalb Medical Center in Decatur, Ga. "I am seeing some increases in PDF spam, but no real volume yet. All spam is a nuisance regardless of the technology behind it. I don't think that any one type of spam is more of a nuisance than any other."

Edit By: Cara Garretson, NetworkWorld

[Network Security]How Do I Get Malware Off My PC Once and for All?

2007-07-19T00:29:00.000-07:00

Also: Print on both sides of your paper; pull up a report on all your drivers.

Q. My PC caught a spyware infection that replicates itself even after I've deleted it from the Windows Registry. I've tried all the spyware-removal tools I could find, but I am still unable to get rid of it.
Myron Oglesby, Rockaway, New Jersey
A. If scanning with multiple antispyware programs doesn't remove it, try using Windows' System Restore feature (note that Windows 2000 lacks System Restore). Select Start, Programs (or All Programs), Accessories, System Tools, System Restore. Choose Restore my computer to an earlier time, click Next, pick the earliest Restore Point available on the displayed calendar, and follow the prompts.
Should System Restore fail to solve the problem, your next steps are to reboot your PC and press before your monitor switches resolution as Windows loads. At the resulting menu, select Safe Mode with a Command Prompt, and then pick your operating system. At the command prompt, type C:\windows\system32\restore\rstrui.exe, press , and try running System Restore from there.
If your PC is still infected after this, I must make like Dear Abby and recommend that you seek the assistance of a professional. Contact the support desks of your various security software vendors, one of which may have the solution.
For the community approach to support, download the free HijackThis and run it to create a very technical report on your system's suspicious Windows behavior (see FIGURE 1). Post this report on one of the many Web forums frequented by people who may be able to make heads or tails of it. Both TechSoup and Spyware Warrior have excellent forums with helpful participants.
If all else fails, back up your data folders and get ready to reformat the PC's hard drive and restore your system from a full backup. If you don't have an image backup of your drive, you'll have to reinstall Windows, install and update your malware protection, and restore your data from the backup. See "Move All of Your Valuable Data to a New Partition" for a list of the folders that likely contain your data. Instead of moving the folders (as that tip suggests), copy them to CDs, DVDs, or an external hard drive.
Of course, reformatting and restoring your drive is easiest if you've been using a backup program with good disaster recovery features. Image backup programs such as Acronis's $50 True Image and Symantec's $70 Norton Save & Restore (which replaces the company's venerable Ghost utility) are particularly adept at drive restoration, allowing you to restore the entire drive from a preinfection backup.
If you don't have a good system backup, reinstall Windows using the restore disc or Windows CD that came with your system, selecting an option that will destroy everything on your hard drive (a good idea in this particular case). You'll also have to reset your Internet connection, and reinstall your hardware drivers and applications. You can view our video tip, on reinstalling Windows XP.
Once you have Windows and your programs back in place, you'll have to update all of your security utilities, and then scan the backup of your data folders with your antivirus program before moving the files back to your hard drive.

[Security Articles]The Simple Way to Keep Your Private Files Private

2007-07-19T00:26:00.000-07:00

Make encrypted files stand out, control access to secure files, and a freebie turns folders invisible.
There's only one way to keep your files truly confidential: Encrypt them. The Encrypting File System (EFS) in most versions of Windows Vista, XP, and 2000 scrambles the contents of files and folders, making it very difficult for snoops to read them. It's easy to make encryption a part of your security arsenal.
Get ready to encrypt: EFS is in Windows Vista Business, Enterprise, and Ultimate; XP Pro; and Windows 2000. XP Home lacks EFS, and Vista Starter, Home Basic, and Home Premium allow only decryption--so you can read encrypted files but not encrypt them. To use EFS on a partition, that partition must be formatted using the NTFS file system. Not using NTFS? The switch is easy. See "Go With the NTFS Flow" (the same steps work in Vista). Also, encryption requires that you use a password-protected account.
Stow your files: To encrypt a file or folder, right-click it in Explorer or any folder window and choose Properties (you can also right-click a group selection to encrypt several files or folders at once). In the General tab, click Advanced, check Encrypt contents to secure data, and click OK twice. If you're encrypting a folder, you'll be asked if you want to encrypt its files and subfolders, as well. Once encrypted, the files or folders will work like any others on your system; you don't have to use any special passwords to open or save them. Other user accounts on the PC, and other PCs on the network, can't view the file contents. Only someone who is logged in to your account with your password can access these files.
Streamline the steps: You can shorten the process by adding an Encrypt command to your right-click context menu (the command switches to Decrypt when you right-click encrypted files). You can do this in XP with a quick Registry edit, but you might find it easier and safer to use Tweak UI, a free PowerToy from Microsoft. If you already have Tweak UI on your system, you may need to upgrade to a more recent version. Once Tweak UI is downloaded, installed, and running, select Explorer in the left pane, scroll through the options on the right, and check Show "Encrypt" on context menu. Click OK. Now when you right-click an unencrypted file, you'll see a new command: Encrypt (or Decrypt if you've selected an encrypted item). Choose that option, and respond to any prompts. As of this writing, Tweak UI was incompatible with Windows Vista. However, Totalidea Software's free TweakVI Basic utility allows you to tweak many Vista settings, letting you add the Encrypt/Decrypt commands to the context menu.

Edit By: Scot Dunn and Scott Spanbauer

[PC Security]Protect Your PC on Zero Day

2007-07-16T00:40:00.000-07:00

1 Strategies to keep your PC safe when patches aren't available.

Zero-day exploits hit vulnerabilities in a program that the software's maker has not had time to patch yet. But even during this time of exposure, you have ways to help keep your computer safe.
1. Get rid of Internet Explorer 6. One of the best moves you can make to improve Internet safety is to ditch Microsoft's notoriously hole-infested browser. No program is completely safe, of course; but whether because it is inherently vulnerable or because its massive user base makes it an attractive target, IE 6 might as well have a giant bull's-eye painted on it. Upgrade to IE 7 or to an alternative browser such as Firefox or Opera.
2. Try alternatives to other programs that have been targeted by zero-day attacks. The free Foxit program displays PDFs, for instance, and OpenOffice works with many Office documents.
3. Enable automatic updates for Windows and other programs whenever possible. Patches won't help against zero-day incursions, but major vulnerabilities tend to remain targets even after the fixes are released, precisely because attackers know that many people don't bother patching. To check and change your Windows Update settings, click Automatic Updates in the Control Panel. To keep up with the changes to your system, we recommend choosing Download updates for me, but let me choose when to install them.
Other programs make it more or less easy to find automatic-update settings. For example, in Firefox, head to Tools, Options, Advanced, and select the Update tab (again, we recommend selecting Ask me what I want to do as the standard course of action when Firefox finds updates). To find the settings in Adobe Reader, you'll need to check manually for updates under the Help menu, and then click the Preferences button.
Additional Tips
4. Consider choosing antivirus programs or security suites that include heuristic and/or behavioral analysis to protect your PC against as-yet-unknown dangers. Apps that are designed to perform these types of analyses supplement the more traditional signature-based antivirus software, which by definition must be aware of a threat before it can protect against it.
5. Make sure that a firewall--either Windows XP's or a third party's--is running on your PC. Firewalls block malicious worms that could otherwise scan your computer for unpatched vulnerabilities and then try to break in at a weak point. To see whether your PC is running Windows XP's firewall already, go to the Control Panel, open the Security Center, and click the Windows Firewall link. Most broadband routers also act as a firewall.
6. Use a preventive-measure program such as DropMyRights to supplement your antivirus software or security suite. More and more utilities, both free and commercial, change the way vulnerable programs run to increase the likelihood that even a zero-day attack might not harm or even access the rest of your computer. We evaluate such programs in "Disarm Net Threats."
7. Stay informed. The PC World Spyware & Security Info Center carries the latest news on emerging threats, plus safety advice and security product reviews. Other good information sources include the Securitysofts Web site and a security blog.

Edit By:Erik Larkin

[PC Security]The Ten Commandments of PC Security

2007-07-15T23:59:00.000-07:00

- Fight off nasty viruses, worms, and Trojan horses by following these simple rules.
Contributing editor and award-winning journalist Daniel Tynan writes PC World's monthly Gadget Freak column.
And it was written (by Bill Gates, et al): Thou shalt use a Windows PC to do thy work and it will be good.
But Windows computers are vulnerable to plagues of biblical proportions: viruses that bring down entire networks, e-mail worms that replicate at lightning speed, Trojan horses that hide inside otherwise innocent programs, hackers that take over computers, and more.
Fortunately, archeologists have recently unearthed two stone tablets from a garage near Cupertino, California that can help deliver us from such evils. We present their guidelines here, along with interpretations from our brothers and sisters in the PC security choir.
I. Remember thy antivirus software and keep it updated. It's not enough to have the software installed (if you don't have an antivirus package, stop reading right now and get one); you also need to keep up with new viruses as they emerge. "Your antivirus software is only as good as your latest virus definitions set," says Kelly Martin, senior product manager for Symantec's Norton AntiVirus. Programs like Symantec's Norton AntiVirus ($39.99) and Network Associates' McAfee VirusScan ($35 to $60) can automatically update their virus signature databases, but it costs an additional $20 to $35 for ongoing annual subscriptions.
II. Thou shalt not covet thy neighbor's attachments. You get a message you think is from a friend with what looks like a cool file attached, so you click on it. Next thing you know, you're Typhoid Mary, spewing out infected e-mails to everyone in your address book. That's how the Sobig.F worm spread--and it happened so quickly that millions of copies got out before the antivirus companies could update their databases.
"Never trust an e-mail 'from' address," adds Chris Wysopal, director of research for security consultants @Stake. "And never open an attachment without verifying it was sent by a trusted person, and they meant to send it to you."
III. Avoideth bogus file downloads. Be wary of any Web site that requires you to download software to view a page, unless it's something familiar like a Flash plug-in or Acrobat Reader. The file may contain a virus, a Trojan horse, or some auto-dialer that calls pay-per-minute numbers via your modem and racks up huge charges.
"Do not install software via the Web unless you are absolutely sure what it is and that you trust the company you are downloading it from," warns @Stake's Wysopal.
IV. Smite spyware and pop-ups. Like Trojan horse programs, spyware secretly installs itself when you download software like file-swapping applications; it tracks your movements online and delivers ads based on where you surf. Pop-up ads can also exploit security flaws in Internet Explorer, like the recent Qhost Trojan that hijacked users' browsers after they viewed an ad on the Fortune City Web site. Fortunately, there are tools that can protect you: For example, Ad-aware ($39.95) blocks spyware and StopZilla ($29.95) takes care of pop-up ads. Some antivirus software and security suites also stop spyware and pop-ups in their tracks.
V. Thou shalt foil spammers. Unsolicited commercial e-mail is more than just a nuisance; it's also a major source of virus infections. In fact, some versions of Sobig are designed to turn infected PCs into zombie machines that can be used to send spam. A good filter like Symantec's Norton AntiSpam 2004 ($40), Network Associates' McAfee SpamKiller 5 ($40 to $50), or Sunbelt Software's IHateSpam ($20) help trap the nasties your antivirus software might miss.
VI. Keep thy operating system patched. E-mail-borne worms and other scourges like to exploit security holes in your software--namely Windows and other Microsoft programs. These days Microsoft issues so many critical updates to fix these flaws that many users ignore them. Don't. Last January, the Slammer worm exploited a vulnerability that Microsoft had fixed more than six months before. But thousands of infected computers--including some at Microsoft--didn't have the patch installed. Run the Windows Update program once a week and whenever Microsoft issues a warning.
"Until we see automated patch management software, users will simply have to stay up to date," says Thor Larholm, senior security researcher at PivX Solutions.
VII. Maketh a rescue disk and keep it handy. When things go bad, a boot or rescue disk is your first step to recovery. At minimum, you'll want to put the basic elements of your operating system on a floppy disk or Zip media, so you can bypass the hard disk at start-up. To find out how, read "Hardware Tips: Create Your Own Emergency Boot Disk." A better idea: Use your antivirus program to create a rescue disk you can use when your system gets infected. Label it with a date and store it near your system where you won't lose it.
VIII. Be not taken in by false claims. There are more hoaxers than hackers on the Internet, and more bogus "e-mail virus alerts" than actual viruses. Even real virus threats are typically blown out of proportion by the media. A phony warning could cause you to delete harmless files and then forward the message to others, clogging e-mail servers and causing virus-like damage in the process. When you get one of these e-mails (or see yet another breathless news story), check it out first. Type the name of the alleged virus into a search engine to see if any of the major security vendors have issued an alert, and visit the virus hoax pages at F-Secure and Hoaxbusters.
IX. Honor thy firewall. A firewall is like a bouncer for your computer--it checks every ID at the door and won't let anything in or out until you give the thumbs up. So a hacker can't access personal information on your hard drive, and a Trojan horse keystroke logger (a stealth program that monitors the characters you type) can't steal your passwords and transmit them over the Net. Symantec and Network Associates both offer personal firewall packages for $35 to $50, while Zone Labs offers a no-frills version of its ZoneAlarm software firewall for free. But a better deal is an Internet security suite that combines antivirus, firewall, ad blockers, spam fighting, and other useful apps; most cost between $60 to $80. For a review of suites from Symantec and Network Associates, read "Extra-Suite Virus and Spam Protection."
X. Maketh backups and keep them holy. Simply put: Back up your data files at least weekly (daily if you're running a business). Even if you fall victim to a virus or hacker attack, you'll escape with only minor damage. Fail to keep a recent backup though, and you'll go straight to hell--at least, that's how it will feel.

Edit By: Daniel Tynan

[Network security]E-Mail to Many Without Looking Like a Spammer

2007-07-15T02:24:00.000-07:00

- Your e-mail service may limit the addresses you can send to at once. Here's how to get around such restrictions. Plus, the etiquette of blind carbon copies.
E-mail is a terrific way to get an important message out to lots of people fast. But spam has made Internet service providers wary of mail addressed to a multitude of recipients. I recently tried to send a communication to several hundred members of a group I'm associated with. My ISP sent the message to a handful of the addressees, dumped the rest, and sent me an error message that listed, incorrectly, who had and who had not received my message. In short, it was a mess.
Most e-mail services limit the number of addresses you can stuff into your outgoing messages' To:, Cc:, and Bcc: fields (the last is the masked "blind carbon copy" option). You may be restricted to as few as 100, 50, or even 25 addresses in these three fields combined. Some companies also throttle your overall e-mail output: Generate more than 1000 messages a day through your Comcast account, for example, and the ISP will freeze it for 24 hours, on the assumption that your PC has been infected by spam-spewing malware.
Make a Distribution List
You can circumvent these limitations. If you communicate primarily with people in your e-mail program's contacts list or address book, split the entries into mailing-list groups whose numbers stay under your service's limits. In Outlook 2003 and 2007, for example, select Contacts, and choose Actions, New Distribution List to create such a list. To do the same thing in Outlook Express 6, click Addresses to open the Address Book, and select File, New Group. In Mozilla Thunderbird 1.5, choose Address Book, New List. One simple way to split up lists is to group them alphabetically--A to L and M to Z, for example.

[Other Security]Five Ways to Safeguard Your Digital Camera

2007-07-15T02:17:00.000-07:00

- Prevent lens scratches, protect the LCD, add protective skins, and more.
More Tips for Protecting Your Camera
Keep the water away: Digital cameras and water don't get along. If you're trekking outdoors and want to shoot in any weather, consider dressing your camera in a rain cape. Ewa-marine offers various capes for large and small cameras that protect the body but leave the lens exposed ($20 to $200).
A rain cape will deflect drizzle away, but it won't help you if your camera takes a plunge while you're kayaking or snorkeling. If you want your camera to survive short- or long-term submersion, get a watertight enclosure. Traditional watertight camera housings cost hundreds or even thousands of dollars, but Aquapac sells an inexpensive, flexible, plastic bag case ($30 to $120) that keeps your camera safe to a depth of about 10 feet.
Safeguard your photos: No matter how careful you are, accidents can happen. Though you might lose your camera at the end of a long trip, you can make sure that your photos aren't a casualty as well. For extended journeys where lots of photos are at risk, consider using a pocket-size external hard drive to back up your shots. One of my favorites is Digital Foci's Photo Safe ($149 with 40GB; also in 80GB and 120GB capacities). The device's multiformat USB 2.0 memory-card reader supports all common formats. And you can carry fewer memory cards, because you can transfer each day's images from a single card.

Edit By:Dave Johnson

[PC Technology]Vista Power Tips From a Microsoft Guru

2007-07-13T00:01:00.000-07:00

These hidden tools will help you get maximum performance from your Vista PC.
Want to know what's going on behind the surface of your Windows Vista PC--and how to make it run better? Beyond the eye candy of the Aero interface lie some new tools that will help you monitor and maximize the performance of your system.
We got a look at some of these tools from one of Microsoft's own übergeeks, Mark Russinovich, at the recent Windows Hardware Engineering Conference (WinHEC). If you've been serious about digging into the inner workings of Windows, there's a good chance you've used a tool created by Russinovich. He founded Sysinternals, a company that developed Process Explorer, a much more powerful version of Windows Task Manager, as well as a slew of other utilities. Sysinternals was bought by Microsoft last year.
Here are a few of Russinovich's favorite Vista tools:
Performance monitoring:Russinovich uses Vista's Resource Overview, a nicely upgraded utility that provides at-a-glance system performance charts for CPU, disk, network, and memory usage. Clicking any of the four charts provides detailed information on how much each resource is being used by currently running tasks. Preston Gralla has written about it for PC World, along with the companion Reliability monitor tool, which can quickly show all program, hardware, and OS failures, as well as software installs and uninstalls. The Reliability Monitor can show, for instance, how many times a particular program has crashed. You can reach both monitoring tools through the Reliability and Performance Monitor toolset by clicking Start and typing perfmon in the Start Search box.
CPU cycle usage:One thing you won't see in these built-in monitors is Vista's new ability to measure and report a program's processor usage based on CPU cycles over the entire time the program has been in use. Russinovich says such a report can provide a more accurate view of the drain on CPU resources than you can get in XP, whose Task Manager only shows how much of the CPU a process is using at that moment.
To see the new data, download and unzip the Process Explorer utility. Right-click one of the column headings (such as 'Process') and click Select Columns. Choose the Process Performance tab, and then CPU Cycles. You can sort the display by that column and see which programs have eaten up the most CPU resources.
SuperFetch RAM usage: If you do keep an eye on Vista's system performance stats, don't be surprised to see the reported amount of free RAM drop steadily over time, even if you're not opening new files or programs. This trend can sometimes indicate a memory-guzzling program bug, but Russinovich says you'll also see it as a result of the beneficial SuperFetch feature, which attempts to learn which tasks you'll perform at certain times and preload that task's data into available physical memory for faster performance.
Multimedia prioritization: If you use Windows Media Player in Vista, you won't need to worry as much about your music or videos skipping if you weigh down your computer with other, resource-intensive programs. Vista prioritizes Media Player to give it precedence over other tasks so that your tunes and movies play smoothly even when the PC is busy. Other apps should be able to take advantage of this functionality as well, but I haven't yet heard from Apple whether iTunes does. You can read my blog for more on this new feature.
Network open cancellation: In XP, if you tried to access files on servers on your work or home network that were temporarily unavailable, your system would seize up, and you'd have to twiddle your thumbs until Windows decided it wasn't going to hear back from the down server. Vista allows you to interrupt these network access attempts by clicking the Cancel button in file-open dialog boxes, or by pressing -C if you're a serious techie and can run things from the command line.
Rearranging the taskbar: This last tip isn't specific to Vista, but I noticed it on the Vista laptop Russinovich used for his second talk. You already know you can right-click the taskbar on XP or Vista, deselect Lock the Taskbar, and bump up its size to two rows. What I didn't know is that you can then set it so that your Quick Launch icons get a whole taskbar row to themselves. To do this, position your mouse cursor over the dotted Quick Launch border (the cursor will change to the resize arrow). Click and hold the left mouse button, and then drag the Quick Launch region below the task list. Getting it into the right position can be a bit tricky and may take a few tries, but it works best for me to pull it down and to the right.
For more tips on Vista and XP, check out "Windows Tips for Everyone." And if you really want to dig deep into Vista, Russinovich has a three-part article posted at Microsoft's TechNet site titled "Inside the Windows Vista Kernel."

Edit By: Erik Larkin

[PC Technology]How to Set Up RAID on Your PC

2007-07-12T23:54:00.000-07:00

Boost your hard-drive performance, add redundancy, or do both by converting your PC to use a RAID setup.
Configuring two or more hard drives in a RAID setup can speed up hard-drive performance and provide automatic protection against data loss from a drive failure. RAID used to be expensive, hard to implement, and limited to businesses with dedicated IT departments, but now even the motherboards on most budget PCs support it, making RAID easier to install and well within the price range of most tech-savvy PC users.
What level of RAID do I want?
RAID comes in a number of flavors--or levels--that offer data protection, enhanced hard-drive performance, or both. In addition to the seven core levels of RAID (RAID 0 through RAID 6), you'll encounter a slew of variants and combinations. Following are the RAID levels you'll find on affordable, consumer-level RAID adapters.
RAID 0: This setup increases hard-drive performance by spreading, or striping, data over two drives so that it can be read and written more quickly. Unfortunately, such an array provides no data protection--in fact, it actually increases the chances of data loss since the failure of any one drive in the array results in the loss of all data stored on both drives. RAID 0 setups are standard on high-end gaming and graphics PCs, and provide a measurable albeit modest performance boost for games, graphics applications, and other hard-disk-intensive programs.
RAID 1: A RAID 1 setup protects data from a drive failure by simultaneously writing data to two hard drives: a master drive and a backup (or mirror) drive. Since the second drive carries an exact copy of the first, it provides no usable storage capacity. RAID 1 offers no gain in drive performance.
RAID 5: Though you get both faster disk performance and data protection from this setup, it requires a minimum of three hard drives. Instead of using an entire hard drive as a backup, RAID 5 spreads redundancy information--called parity bits--across all of the array's drives, increasing the proportion of usable disk space. A three-drive RAID 5 setup presents two drives' worth of storage capacity, a four-drive array offers three drives for storage, and so on. If one of the drives fails, the data content of that failed drive can be recalculated from the parity bits on the surviving drives and written to a new, replacement drive.
RAID 1+0 or 0+1: Some adapters support combinations of RAID 0 and RAID 1, which provide both data redundancy and increased disk performance. Since these nested implementations are not standardized, names and functionality can vary from vendor to vendor. RAID 10, RAID 1+0, RAID 01, and RAID 0+1 are all common names for nested arrays. These RAID combinations require a minimum of four hard drives.
What hardware do I need to set up RAID?
RAID controller: You probably already have a RAID adapter in your PC; many midrange and high-end motherboards come with a built-in RAID controller. Check your PC or motherboard documentation to find out if your motherboard supports RAID (and if so, which levels it supports), and consult any specific installation instructions.
If your PC doesn't have RAID support built in, you'll need an adapter card. Adapters supporting RAID levels 0, 1, 10, and sometimes 5 can be found online for around $100 or less. Adaptec and Promise offer a wide selection of RAID adapters.
Two or more hard drives: In theory, most RAID 0 setups can be configured with hard drives of different sizes from different manufacturers. In practice, you'll save yourself a lot of time and grief by building your array with identical hard drives--meaning drives of the same make, model, and size. At the very least, use two drives from the same manufacturer.
Floppy drive: If you plan to install Windows XP on your new array, you will need a floppy disk with your RAID adapter's Windows drivers, and a floppy drive to read it--Windows' installation won't install the drivers from an optical drive. Thankfully, this incredibly annoying quirk of Windows XP goes away in Windows Vista.
Tools: You need a small, nonmagnetic Phillips screwdriver to remove and replace the fastener screw that secures the adapter card to the PC chassis, as well as to install any new hard drives. You'll also want a simple grounding strap that attaches to your wrist; look for one at your local computer store for less than $15.
How do I install and configure a RAID setup?
The exact procedure for installing any RAID adapter varies from manufacturer to manufacturer and even from model to model, so thoroughly read all of the documentation accompanying your adapter (or motherboard if the adapter is built in) before starting the installation process. Still, the overall procedure is generally the same for all RAID adapters:
1. Install the adapter card and hard drives in your PC.
2. Configure the adapter card and hard drives in the PC's or card's BIOS.
3. Install the controller's drivers in Windows.

[Network Security]Use Disposable E-Mail Addresses to Stop Spam

2007-07-12T23:45:00.000-07:00

When the junk mail starts to flow, you just zap that address.
Anyone who has ever had an inbox full of penny-stock tips, pharmaceutical offers, and phishing attempts has had two fantasies: To turn off the spigot, and to find out who gave the spammers their address. Throwaway e-mail addresses can make both fantasies come true, at least for some of your spam.
With the right e-mail service, you can set up unique, disposable e-mail addresses for any transaction in which you're worried about getting spammed. The e-mail arrives in your regular inbox, but if you start to receive spam from the disposable address, you can just turn it off. In addition, the address can help you pinpoint exactly which company sold you out.
I looked at three services: Yahoo AddressGuard (part of the $20 per year Mail Plus service), Gmail disposable addresses (free), and a relatively new one called Anonymizer Nyms ($20 per year). With Yahoo's feature you choose a single unique prefix for all of the addresses you create, such as "erik-," and then append a suffix for each new address. I tend to use a site's domain name for the suffix, so an e-mail address might look something like erik-sleazycompany@yahoo.com. You can add notes about when and why you did business with the company when you create the address.
With Nyms, you select a unique name for each address by visiting the Nyms Web site or by using software on your PC. All your Nyms addresses end in "nyms.net," and mail sent to any of them ends up at whichever e-mail address you list in your account. Of the three services, Nyms offers the most features, such as the ability to specify an address's expiration date.
If you respond to e-mail sent to the Nyms or Yahoo addresses, your responses show as coming from the temporary address. In addition, either service allows you to create a new address in roughly 30 seconds with a toolbar bookmark.
Gmail's feature is more convenient than Yahoo's or Nym's in that it requires no additional setup, but it carries some significant drawbacks. To use it, you add "+anyword" to your regular Gmail address, as in elarkin+sleazycompany@gmail.com. Any such e-mail will come to your regular account.
Because you don't specifically create an address, however, you can't simply delete it if spam starts flowing. You must create a mail filter to block or delete any mail sent to the address. Also, if you reply to a message, the reply shows as coming from your regular Gmail address. And finally, smart spammers can just strip out the "+sleazycompany" and use your true address. Still, it's better than directly handing out your actual e-mail address.
I regularly use Yahoo's service because I'm also a fan of the site's new Web mail interface. But if I didn't already have a Yahoo account, I'd probably fork over the $20 for Nyms, since it works smoothly with any other e-mail account.

Edit By: Erik Larkin

[News]Report: IT spending slump over

2007-07-11T18:27:00.000-07:00

Cisco among those leading the way, according to Forrester Research
IT buyers so far in 2007 have been putting more budget dollars down for software, network communications equipment and outsourced services than they did late last year, and industry watchers expect that trend to continue in the coming months.
A strong first quarter in certain sectors reveals a positive outlook for continued growth throughout 2007, a Forrester Research report released this week says. The firm compares data from the U.S. Department of Commerce with the U.S. revenues of 40 large IT vendors to forecast the potential for growth going forward. With companies such as Cisco reporting sales increases of some 19% for the first quarter 2007, Forrester says, the spending pace is expected to grow.
"The Q1 2007 IT investment and purchases data showed a distinct slowdown in growth from the first half of 2006. However, the weakness was not as pronounced as in the fourth quarter of 2006, indicating that the worst of the slump has already happened," writes Andrew Bartels, a vice president at Forrester and lead author of the " U.S. IT spending update: Q2 2007" report. "Growth in the second quarter of 2007 should show signs of improvement … and IT purchases should strengthen in the second half of the year."
Forrester says while the increases in the first quarter are up just 3% to 4% over the same quarter last year, it is a significant jump from the decline that occurred in the last quarter of 2006.
For instance, vendors EMC, Oracle and SAP reported U.S. software revenue growth of 25%, 24% and 15% for the first quarter 2007, respectively. Microsoft reported 6% year-over-year increases in its software sales to U.S. businesses, while IBM and CA reported software sales increases of about 4% and 5%, respectively. Software represents the area of biggest growth, Forrester reports, continuing to be "the bright spot in the U.S. tech market with 7% to 8% growth rates."
Network communications equipment makers had mixed reports, with the likes of Cisco seeing nearly 20% increases in the first quarter but others such as Alcatel-Lucent, Ericsson and Nokia seeing "double-digit rates of decline" from the year before in equipment sales. Nortel Networks also saw good numbers with a reported 7% increase in sales.
Another area that experienced some growth in the first quarter was IT services and outsourcing purchases. IT spending in this market increased about 6%, which is consistent with the last quarter in 2006. Companies such as Infosys, Tata Consultancy Services and Wipro reported growth of 31% or more from the same quarter in 2005 while Capgemini and Getronics reported 41% and 18% increases, respectively. Accenture saw U.S. revenue grow some 16% over last year and CGI Group reported 15% growth. Affiliated Computer Services and Unisys experienced single-digit growth of 9% and 7%, respectively, while EDS reported 3% growth. CSC, HP Services and IBM Global Services each reported flat growth, Forrester says.
Forrester attributes the IT spending increases to the improving U.S. economy, which is expected to continue improving.
"A slowing U.S. economy was the major cause of the slowdown in tech purchase growth that took place in Q4 2006 and Q1 2007," the report reads. "In short, the worst of the slowdown in U.S. economic growth has already taken place. The U.S. economy looks likely to improve slightly the rest of 2007.
Yet not all IT sectors experience growth in the first quarter of this year. Computer equipment revenues dropped another 1%, following a 6% decrease in the last quarter of 2006. Server sales continued to show little or no growth, increasing just 1%, but U.S. storage equipment sales went against the trend and increased 8% across all reporting vendors.
Despite declines in specific areas, Forrester maintains that IT spending will continue to increase as the economy further improves throughout 2007 and into 2008.
"With moderate tech investment slowdown mostly behind us, the tech sector should experience improving prospects in the second half of 2007. We still expect that the next wave of technology innovation and investment will start to kick in 2008," the report concludes. "The steady improvement of tech investment in the third and fourth quarters will set the stage for an even better 2008."

Edit By:Denise Dubie From:Network World

[Security Software]Check Point ZoneAlarm Internet Security Suite 7.0

2007-07-11T09:32:00.000-07:00

This suite performs well and is easy to use, but it lacks a targeted antiphishing component.
Check Point's new ZoneAlarm Internet Security Suite 7.0 significantly improves on the 6.0 version we reviewed almost a year ago in our security suite roundup, "All-in-One Security." Parent company Check Point has replaced the mediocre CA antivirus engine that it licensed from CA with a much better one from Kaspersky Labs, and the result is a high-performance suite whose only weakness is its antiphishing protection.
Core components includes antivirus, antispyware, and antiadware protection, courtesy of the Kaspersky engine, as well as the house-developed network firewall and the OSFirewall, a supplemental layer of protection that detects and blocks suspicious changes (caused by malware) to key areas of the system.
In performance tests conducted by AV-Test.org, the Kaspersky engine performed well, detecting 98.3 percent of backdoor programs, 97 percent of bots, and 99 percent of Trojan horses thrown at it. It also spotted a solid 74 percent of adware samples. For its part, the OSFirewall detected a similarly solid 80 percent of network and e-mail worms based on their behavior alone, without benefit of a signature file to identify each one. The suite detected all pieces of malware that AV-Test.org hid within common compressed file formats, and the firewall blocked all attacks from inside and outside the PC. Also, AV-Test.org found that this version of the Kaspersky engine, which is responsible for updating the software's virus signatures, responded in less than 2 hours, on average, to newly discovered threats--an extremely fast response time.
The suite's on-access scanner did fail to detect the PP97M/Tristate.C macro virus, which targets Microsoft Office 97 and all later versions of Office that support VBA (Visual Basic for Applications). AV-Test.org reports that Kaspersky's own version of its virus engine did identify this threat, which suggests that the problem relates to Check Point's implementation of it. While most security companies rate this virus as a low-risk threat, ZoneAlarm's overlooking of it came as a surprise.
The ZoneAlarm suite is easy to use, with clear explanations of each decision you have to make, a big one being the level of security you want to establish. This year, the suite offers an Auto-learn mode. Though this mode initially lowers security to invoke fewer pop-up alerts, once it understands the applications it should trust, it cranks the security level back up for any activity it doesn't recognize. The Auto-learn mode was pleasantly quiet to begin with, but then the suite started popping up repeated alerts for legitimate application activity (such as my Trillian and Lotus Notes programs) that it should have recognized.
ZoneAlarm offers most of the usual suite extras. Its Privacy section selectively blocks Web site cookies, advertisements, and embedded objects and scripts. Its instant messaging security protects users of AOL, ICQ, MSN, and Yahoo services from bad links and attachments, though it added so many warnings to my outgoing IM messages that I turned it off. Spam protection, provided through MailFrontier, adds a configurable toolbar to Outlook and Outlook Express. Parental controls block sites included on Check Point blacklists along with unknown sites identified via effective dynamic analysis. The Vista version of this product is expected to arrive in the second quarter of 2007, and ZoneAlarm customers within the one-year subscription window will be able to upgrade to it for free.
Noticeably missing from the suite is an antiphishing toolbar--the suite lacks anything capable of instantly blocking known phishing sites. (You can download free tools such as McAfee's SiteAdvisor to warn you against suspect Web sites.) However, ZoneAlarm does provide other, less effective Web protection. The myVault tool prevents information--such as social security, credit card, and password digits--from leaving your PC, but it requires you enter the information (encrypted if you want) first. If you sign up for the free year of fraud protection, available through Intersections' credit protection services, you'll be notified if the service finds your financial information elsewhere on the Internet.
At $50 per PC per year (with support calls billed at an additional $3 per minute), the ZoneAlarm suite is priced on a par with other major suites. It performs well and is easy to use, though it could use better phishing protection.

Edit By:Narasu Rebbapragada

[Security Articles]Who's to Blame for Browser Bug? IE or Firefox?

2007-07-11T09:20:00.000-07:00

Mozilla will patch a security bug in Firefox that could be attacked in Internet Explorer.
A security researcher has found a security bug that could be attacked in Internet Explorer. Mozilla Corp. said it plans to patch the problem in its next Firefox software update.
No, that's not a typo, just the strange fall-out from an unusual bug that had security researchers debating the question this week, "Who's to blame? Microsoft or Mozilla?"
Security researcher Thor Larholm [cq] kicked off the controversy on Tuesday, claiming that he had discovered a flaw that would let an attacker run commands on a victim's PC.
In his blog posting, Larholm said the bug was similar to a flaw he'd discovered last month in Apple Inc.'s Safari 3.0 beta software, and he called it an an "input validation flaw in Internet Explorer." The problem is with a URL protocol handler component of Internet Explorer, he said. This software allows Internet Explorer users to launch applications such as Excel or Firefox by clicking on specially written links on Web pages.
When Internet Explorer clicks on a link that launches the Firefox browser, however, the software does not properly check its syntax, and that, Larholm said, lets an attacker create a malicious link, that could be used in an attack. Security vendor Secunia ApS rates the flaw as "highly critical."
So while the flaw affects Internet Explorer users, it appears to be a risk only to those who already have Firefox installed. And to make matters more complicated, if a Firefox user were to click on one of the specially-written links, he would not be affected.
Still, Microsoft Corp. Security Program Manager Mark Griesi said that the bug was not his company's problem. "We don't feel that there's an issue in IE and therefore there's nothing to be fixed," he said Tuesday.
With Microsoft saying it won't fix the vulnerability, Mozilla Corp. said it would change the way its Firefox URL protocol handler worked in its next Firefox update. That will fix Larholm's bug, but Mozilla security strategist Window Snyder [cq] wouldn't say whether or not she considered the vulnerability to be an IE or Firefox problem. She did, however, point out that without Microsoft making changes to IE, other Windows programs may be at risk.
Noted browser bug-hunter Aviv Raff wrote in his blog that he thought both Microsoft and Mozilla were to blame.
But another security expert said that the responsibility to fix the problem lies with the open-source browser developers. "This is an oversight in how Mozilla decided to construct their protocol registration, and how they do input validation between this handler and their application," said Eric Schultze, chief security architect with Shavlik Technologies LLC, via email. "I think Mozilla needs to write and release a patch for this issue and Microsoft can take the week off."

Edit By:Robert McMillan

[Virus Security]General instruction of killing virus and worm manually

2007-07-10T08:54:00.000-07:00

Edit By:securitysofts (From:http://www.securitysofts.com/)
In this article, i will introduce you the general way to delete the virus and worms step by step.

Step 1, also the most important is to restart the computer under the Safe Mode to make all the files visible. Step2, enter into disk C:\ to check if any unfamiliar file at the root directory. Once the time is traced to virus infective date, delete it and clear out.
Step3, enter into C:\ Windows, to arrange the icons by modified time to check the latest files, if any new and strange file or folder built on the day, delete it.
Step4, enter into system32, to use the same way of Step3, then continue to check the Extended Name which is obviously tricky name like “msconfig.com”, no hesitate, delete it straight away.
Step5, exit to directory “program files” and use the same way as Step3 & 4 to check all the files, including IE files (strongly suggested as the virus and worm always found here) and “common files”.
Step6, check all the registered start items, if any extra strange one, delete it.
Step7, clear out the temporary files (suggest to use the tool like Super Magic Rabbit, ACDSee is also workable by manual deletion).
Step8, the last step is to restart the PC, if the system cannot find some file(s), the registered list should have something to be modified, go ahead according to the system instruction.

All above are the general steps to kill the virus and worm, of course, the virus and worm may also hide at the other disk to even disrupt .exe files. Therefore, further or overall detection and refreshment are strongly needed.

Edit By securitysofts, all right reserved.