iHateSpam Client: PC World's World Class 2003 Award
This is no small deal. It basically means the client edition
is the best anti-spam tool they could find. See the review at:
Oh yeah, remember to read the Product Of The Week section below,
as you can get your hands on the client copy via Amazon, gratis.
And if you want to check out the other "Gear of the Year", here
is your complete guide to 50+ hardware, software, and service
winners--including today's number one product:
Case Study: Cornell University deploys iHateSpam Server
The Cornell University Computer Science department consists of
300 professors, staff, and students, all receiving email via
Microsoft Exchange mail servers. Most of the department reads
their mail in Outlook, but incoming mail for some department
members is routed from Exchange to UNIX servers and read in Pine.
The amount of spam hitting the department servers gradually
mounted to the point where action was required. "Our users in
the department were being inundated, as everybody is, with
this garbage," said William Holmes, IT Area Manager for the
Computer Science department. "When you came into the office
in the morning and opened up Outlook, you were looking forward
to spending half an hour finding the mail you wanted and
tossing out the rest. It's such a horrific problem ? it's
wasting a huge amount of everyone's time." The full case study
is in PDF format over here:
BUG BEAR.B and Layered Security - Now More Than Ever
A Virus a Week. Fizzer, Palyh... and now Bug bear. version B,
a biggie. On Friday, Panda Software estimated that over 400K
computer workstations could be affected by this one.
As reported by Panda's labs in Spain, "23% of computers around
the world are currently infected, a percentage which is double
that normally registered... In less than 24 hours, Bug bear.B
has infected more computers than Klez did during the whole of
May." (More on this below.)
Virus manufacturers are having varying degrees of success with
this one, and this is my point: invest in Layered Security,
because any one brand is going to miss the occasional virus
or fail to update quickly enough.
So it makes prudent sense to interleave AV vendors in your stack.
Make sure you don't have an "artesian well" all the way from
your gateway to your desktops. Just add Perimeter Scan, Exchange
AV or an AV Appliance from someone like Panda. Drop it in - buy
some peace of mind.
Speaking of Panda, they're buying market share with some screaming
deals, call 1-888-303-4974 or email [email protected]
and tell them Stu said to... bend over backwards for you.
Especially EDU - did I hear your budgets were tight?
And, once again, they're giving away full licenses of their pro
Platinum AV + Firewall at no charge to W2Knews subscribers, for
your personal use. Don't delay, the deal won't last (US only).
You can even get multiple copies for your home office, if you ask:
The Bug Bear.B Story
Here's the Bug bear story as told by Patrick Hinojosa, CTO at Panda
USA (Panda has some good resources at http://www.pandasoftware.com.)
"In early Sep 2002 the original Bug bear was released. It was an
e-mail worm that took advantage of the Iframe Exploit vulnerability.
Mainly, it disabled some AV and firewall programs. AV programs
were able to control this one with standard signature based scanning.
"Fast forward to the present. Bug bear's author improved on the
original to make detection much more difficult. Version B uses
polymorphism (constant modification) so that only the most advanced
AV scanners can consistently detect this menace. It also includes
a key logging program with a trojan capability so that someone
can retrieve the data gathered. But mainly, polymorphism is
achieved through encryption. This technique causes the file to
change every time it is run or replicates, making it difficult for
standard AV programs to get a match using signature file based
scanning. Panda Software uses a special technology that allows its
antivirus engine to effectively detect polymorphic viruses. This
system, called Generic Decryption Engine or GDE, decrypts polymorphic
viruses, making it possible to detect them.
Polymorphic Virus Protection Backgrounder
Before a polymorphic virus can be decrypted, it must first be run,
and running a virus on a computer results in infection. Obviously
this isn't a viable approach to use while trying to protect a
system. To keep the system clean and at the same time reliably
detect this type of malware, Panda Software developed an emulator,
which simulates the virus being run, in a special secure zone
in the memory of the computer. As soon as the virus has been
decrypted, the antivirus engine will be able to find the sequence
of bytes that identifies the virus, or in other words, detect it.
For the sake of performance, this process must be completed in
real time without the user being aware of the extremely complex
task that the antivirus is carrying out in order to detect the