Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 13, #41 - Oct 6, 2008 - Issue #695
Trend Micro: "Don't Buy Antivirus Software"

This issue of WServerNews is sponsored by
  1. Editors Corner
    • Trend Micro: "Don't Buy Antivirus Software"
    • Quote of the Week from Oracle CEO Larry Ellison
  2. Webinars and Seminars
    • Protecting Against the New Wave of Malware: A New Approach to Endpoint Security
  3. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  4. Tech Briefing
    • Hackers Clone Elvis' Passport
    • The Data Center From Hell, Part 3: Lessons Learned
    • Toshiba Shows Prototype Fast-Charging Laptop Battery
    • Rookie Mistakes To Avoid During The Sharepoint Rollout
    • The Next Wave: Client Virtualization
    • Three Don'ts When Optimizing Exchange Server Performance
    • Tip: Managing Hyper-V's Security Permissions
  5. Windows Server News
    • Amazon and Redmond Will Soon Release "Windows Clouds"
    • Microsoft To Enhance App Server Features Of W2K8
    • Free Version Of Hyper-V Now Available
    • Tip: Easing Security Concerns With Server Core For W2K8
  6. WServer Third Party News
    • Process Monitor 2.0 Released
    • Sunbelt Announces New Automation Technology in Malware Fight
    • New Version Of SNSI
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - PRODUCT OF THE WEEK
    • Get a Free T-shirt and a Chance to Win a 50" Plasma
Get a Free T-shirt and a Chance to Win a 50" Plasma

  1. Register for an iPrism online demo


  2. Attend demo and see the #1 Web Filter in action


  3. You're entered to win! Plus, you'll get a cool t-shirt just for attending
iPrism protects you with real-time anonymizer and virus blocking, plus stops malware, spyware and inappropriate content.
http://www.wservernews.com/081006-iPrism-Demo1


Editors Corner

Trend Micro: "Don't Buy Antivirus Software"

Neil MacDonald, a Gartner Research VP, in a speech at their IT Security Summit in London said last Monday that organizations continue to overpay for security software -- and at the same time the software vendors are not spending enough in R&D to keep up with current fast-changing threats.

MacDonald said that security vendors are keeping their profit margins high on firewalls and antivirus products, while these tools are becoming more and more like commodities. His advice is to take advantage of the more competitive environment in the AV industry to negotiate better prices. This is of course music in our ears, as this is exactly what we have been saying for the last few years.

"I know it's hard to switch, but you have to seriously enter the negotiations," he said. "Let the vendors know that you are not afraid to switch." Personally I would go one step further and simply not even talk to your current vendor and stop renewing their bloatware.

You might get a better price but you are still stuck with endpoint stacks that can take a whopping 200Meg of RAM during scans. Think about the performance drain and the lost productivity because of that. You couldn't pay me to run any bloatware on my workstation! Which brings me to Trend.

Trend Micro's Security Product Manager David Peterson takes it one step further and claims people should not buy AV software at all. Huh? Well, the point he makes is that stand-alone AV software is no longer cutting it, and that you need integrated endpoint security, in the form of suites:
http://www.wservernews.com/081006-Dont-Buy-Antivirus

He is right about the integrated part, except that suites are an even more gruesome performance drain. But the issue he brings up is the perfect argument that should make you take a serious look at VIPRE Enterprise. I have had an independent performance benchmark lab do some tests and will lift the veil on one of these parameters: File Write, Open and Close Time (in Sec). Here is a comparison with a few popular stand-alone AV products that are used a lot in the enterprise, compared to our -combined- antivirus + antimalware application. The second line here should catch your attention, it's the industry average! This benchmark was derived from Oli Warner's File I/O test at thepcspy.com (site linked below). This metric measures the amount of time required for the system to write a file, then open and close that file. Here are the times measured in a fresh benchmark last week:
http://www.wservernews.com/081006-Slows-Windows

Norton Antivirus 2008286.56
Industry Average 261.4
ESET NOD32 Antivirus 3.0102.17
Kaspersky Antivirus 884.52
Trend Micro Antivirus 200884.46
Sunbelt VIPRE V3.151.92

I think David Peterson is right, don't buy Trend Micro antivirus software, or any other players, but have a look at VIPRE Enterprise instead, which is 5 times faster than the antivirus industry File I/O average. Sunbelt has a competitive upgrade program in place that will make you and your accountants really happy, so make sure you ask for a quote:
http://www.wservernews.com/081006-VIPRE-Enterprise


Quote of the Week from Oracle CEO Larry Ellison

"The interesting thing about cloud computing is that we've redefined cloud computing to include everything that we already do. I can't think of anything that isn't cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women's fashion. Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop? We'll make cloud computing announcements, I'm not going to fight this thing. But I don't understand what we would do differently in the light of cloud computing other than change the wording of some of our ads." -- CEO Larry Ellison at Oracle's annual financial analysts meeting.

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/081006-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

The End Of AV As You Know It

Finally, powerful endpoint security that ISN'T a resource hog. Sunbelt built VIPRE Enterprise; a completely new technology combining corporate antivirus plus an enterprise antispyware solution for total endpoint security designed by admins for admins. Save your IT budget and don't renew products from Symantec, McAfee and Trend Micro, Learn how VIPRE Enterprise takes much less resources than the competition! It's clearly time to ditch expensive, bloated, old-style AV products. "Wow, what an easy install, I am not used to being able to install such Major Software package in 10 minutes on our server, and then completed the install on our clients in the next hour, including restarts, in two different buildings." Get your 30-day eval here:
http://www.wservernews.com/081006-VIPREenterprise
<

Webinars and Seminars
We'd like to invite you to attend the following seminars:


Protecting Against the New Wave of Malware: A New Approach to Endpoint Security

Join Sunbelt and Mike Osterman, president and founder of Osterman Research, Inc., for an informative seminar that will examine why older, traditional antivirus approaches don't work and why a new approach to endpoint security is required to better protect your users, your data and your long-term viability as a company from malicious threats.

Hosted at Microsoft in San Francisco, CA on Thursday, November 13th. Register here:
http://www.wservernews.com/081006-Protecting-Against-Malware


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Process Monitor 2.0 is a major update and adds real-time TCP and UDP monitoring to its existing process, thread, DLL, file system and registry monitoring - free:
http://www.wservernews.com/081006-Sysinternals

Watch an online demo of iPrism Web Filter and get a cool t-shirt free! Plus, you'll be entered to win a 50" Plasma:
http://www.wservernews.com/081006-iPrism-Demo

Customers call rDirectory "The perfect system; it does everything we need & more!" Leverage your AD investment & explore the potential of all editions:
http://www.wservernews.com/081006-rDirectory

Make it easy to track user access to your Windows file servers. ScriptLogic's File System Auditor: Free Trial!:
http://www.wservernews.com/081006-File-System-Auditor

Learn more about the first Microsoft-based enterprise platform capable of solving your most complex Identity Management challenges!:
http://www.wservernews.com/081006-EmpowerID


Tech Briefing

Hackers Clone Elvis' Passport

This is a very interesting ePassport RFID Vulnerability Demo. The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. The government plans to use ePassports at Immigration and Border Control. The information is electronically read from the Passport and displayed to a Border Control Officer or used by an automated setup. THC has discovered a vulnerability in the system to bypass the security checks. The detection of fake passport chips is no longer working. Test setups do not raise alerts when a modified chip is used. This enabled an attacker to create a Passport with an altered Picture, Name, DoB, Nationality and other credentials. This is definitely food for thought for all the people who think electronic checks are 100% secure. Here is the video:
http://www.wservernews.com/081006-RFID


The Data Center From Hell, Part 3: Lessons Learned

In the previous two columns, security specialist Jan Buitron reported on a horribly non-secure facility at which she worked some years ago. Today she summarizes her conclusions about the state of facilities security at this dreadful site. Wow.
http://www.wservernews.com/081006-Lessons-Learned


Toshiba Shows Prototype Fast-Charging Laptop Battery

Toshiba's fast-charging SCiB battery will last longer and endure more recharge cycles than current lithium-ion cell; it's also safer and won't explode when crushed. They showed off a prototype but said the technology is still a ways off from making its way into computers. SCiB, or Super Charge Ion Batteries, are designed to recharge to 90 percent capacity within 10 minutes! Imagine what that means for electric cars... More at InfoWorld:
http://www.wservernews.com/081006-Fast-Charging-Battery


Rookie Mistakes To Avoid During The Sharepoint Rollout

Microsoft SharePoint is easy to install, configure and use. This tip from SearchWinIT.com lists four possible implementation blunders, including choosing the wrong installation and ignoring disaster recovery. (Requires Registration)
http://www.wservernews.com/081006-Rookie-Mistakes


The Next Wave: Client Virtualization

Client -- or desktop -- virtualization is not a new concept. There's also virtual desktop infrastructure, which creates virtual machines or virtual desktops that are sent down over the network to a client via a hypervisor that resides on the server. But these models have limits, and the technology does not meet the diversified and personalized requirements of corporate end users. This exclusive article on SearchEnterpriseDesktop.com previews the future of client virtualization:
http://www.wservernews.com/081006-Client-Virtualization


Three Don'ts When Optimizing Exchange Server Performance

There are many tips and best practices you can follow to improve MS Exchange Server's performance. This checklist on SearchExchange.com outlines three things you should never do at the hardware level.
http://www.wservernews.com/081006-Optimizing-Exchange-Server


Tip: Managing Hyper-V's Security Permissions

The burdens of managing security permissions are rarely seen as exciting, but they're an essential duty to which systems admins are given the task to carry out. In this tip, learn how you can configure and manage permissions for your Hyper-V host servers and get an introduction and tutorial on the Hyper-V permissions tool, Authorization Manager (AzMan). (Registration Required)
http://www.wservernews.com/081006-Hyper-V



Windows Server News

Amazon and Redmond Will Soon Release "Windows Clouds"

Steve Ballmer this week talked in London about a new "operating system" that will help developers write Internet-based applications. Within 4 weeks, Redmond will release what Ballmer called code name "Windows Cloud." The "OS" is meant for developers writing cloud-computing applications.

The term Cloud computing is used these days to describe apps that run in a browser, where the actual computing is done in a distant data center. IBM 30 years ago used to call it time-sharing, via dumb terminals. Redmond's 'WinCloud' (or whatever the final name is) will include geo-replication, management modeling and an SOA model.

Amazon announced this Wednesday that its Elastic Compute Cloud (EC2), which at the moment only runs a few Unix and Linux flavors, will start supporting SQL- and WinServer later this fall. It's currently in beta. A lot of their customer were asking for it they claimed. Amazon also said that its MS-cloud will let you deploy things like ASP.NET web sites and high-performance clusters, of course with the benefits of EC2's scalability, reliability and utility pricing which will be a bit higher for Windows than Linux because of the licenses.

Microsoft To Enhance App Server Features Of W2K8

Microsoft Corp. said it will boost the application server capabilities of Windows Server 2008 with more SOA-friendly features to aid developers working with the company's upcoming .Net 4.0 framework. The company announced it will release a preview of new app server features, formerly code-named Dublin, at Microsoft's Professional Developers Conference (PDC) later this month in Los Angeles. Dublin's features include pre-built developer services, greater scalability and easier manageability, and support for Microsoft's Oslo modeling platform, according to a Press Pass interview posted on Microsoft's Web site. Details at ComputerWorld:
http://www.wservernews.com/081006-Features


Free Version Of Hyper-V Now Available

Following VMWare's move in August, Redmond this week released their free, low-footprint version of its Hyper-V. Microsoft has now started its chase for virtualization market share for real. Hyper-V Server 2008, which includes only the Hypervisor, WinServer driver model and virtualization components, is now available online:
http://www.wservernews.com/081006-Hyper-V-Server
Also this week, they announced new ways for IT pros to get training and certification on virtualization for desktop, server and management environments. More details about the programs are available on the Microsoft Learning Community Blog:
http://www.wservernews.com/081006-Virtualization


Tip: Easing Security Concerns With Server Core For W2K8

While the Server Core option for Windows 2008 comes secure out of the box, an improper configuration can leave your system vulnerable. Follow these steps to ensure peak security when running Server Core:
http://www.wservernews.com/081006-Core-Concerns


WServer Third Party News

Process Monitor 2.0 Released

Russinovich said in his blog, "this major update to Process Monitor adds real-time TCP and UDP monitoring to its existing process, thread, DLL, file system and registry monitoring. You can now see the TCP and UDP activity processes performed, including the operation, local and remote IP addresses and DNS names, and operation transfer lengths. On Windows Vista, Process Monitor also collects thread stacks for network operations."

Now that Microsoft has acquired the Russinovich franchise, the downside is that they no longer publish the source code for their sysinternals tools, and 'winternals' tools are gone, but you can subscribe to their updates RSS feed, and there are TONS of updates to the tools. Also, I have mentioned it before, but they are available 'live' as well.

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/toolname or \\live.sysinternals.com\tools\toolname.

You can view the entire Sysinternals Live tools directory in a browser: http://live.sysinternals.com.

Here is the new Process Monitor V2.0:
http://www.wservernews.com/081006-Sysinternals


Sunbelt Announces New Automation Technology in Malware Fight

We announced a new version of our market-leading automated behavioral analysis tool, Sunbelt CWSandbox version 2.1. The new version represents a significant leap forward in automated malware analysis by incorporating sophisticated technology that automates and simulates user interaction within malicious applications or content. The user interaction feature enables security vendors and malware research teams to more effectively analyze malicious applications that rely on social engineering.

In the ongoing arms race with cyber-criminals, new attack vectors are continuously sought out by hackers. One of the most effective methods is to use social engineering to bypass or override security software already in place. By presenting the malware or compromised website in such a way that the user feels that they are interacting with a legitimate application or content, the malware author can rely on the user to get past the security measures used.

"Malware is becoming far more sophisticated with multi-pronged attacks and new techniques being unleashed on consumers and enterprises daily," said Chad Loeven, vice-president of business development of Sunbelt Software. "Collectively in the security community we face a common challenge of keeping abreast of new threats and being able to effectively analyze and counteract them."

By successfully simulating how a user would interact when presented with a fake or rogue application, Sunbelt CWSandbox automates what up until now has been a manual process where a researcher needed to manually analyze each threat on a case-by-case basis. The automation facility of CWSandbox engages with the application, infected file or compromised website exactly as the malware expects a user to do and logs and analyzes all the resulting activity without any manual intervention by the researcher. This end-to-end process automation enables security companies and enterprises concerned with targeted and/or socially engineered attacks to filter through potential threats in a consistent, automated manner without tying up valuable resources.

"We believe we are providing a level of automation and granular analysis with CWSandbox that is far ahead of any other solution on the market," continued Loeven, "and it's for that reason so many of the largest global enterprises, security and telecom vendors and government and defense agencies trust Sunbelt and our malware analysis tools for proactive defense."
http://www.wservernews.com/081006-Sunbelt-CWSandbox


New Version Of SNSI

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.
New Checks
L1069 Bzip2 bzlib.c overread error - RHE  
L1071 Firefox malformed web content errors - RHE  
L1074 RealPlayer SWF frame handling flaw - RHE  
L1083 ClamAV multiple DoS vulnerabilities - SuSE  
L1084 Emacs Python script importation flaw - SuSE  
L1088 Devhelp malformed web content errors - RHE  
L1092 Yelp malformed web content errors - RHE  
L1093 ViewVC HTTP response interpretation flaw - FC  
L1094 InitScripts sysinit arbitrary file deletion error - FC  
L1095 Root Kit Hunter rkhunter-debug weakness - FC  
N93 Fix Bundle (Sept 24th 2008) - IOS  
N94 IOSFW AIC HTTP packet handling - IOS  
N95 IOSIPS SERVICE.DNS signature engine may hang - IOS  
N96 L2TP mgmt process may crash handling certain L2TP packets - IOS  
N97 IPC over UDP source validation - IOS  
N98 MPLS Forwarding Infrastructure MFI vulnerability  
N99 SNMP write community vulnerability in uBR devices - IOS  
N100 uBR device PIM packet handling vulnerabilities - IOS  
N101 MPLS VPN Incorrect Route Target use data leakage - IOS  
N102 Skinny Call Control Protocol Vulnerabilities - IOS  
N103 SSL session termination vulnerability - IOS  
N104 SIP call handling vulnerabilities - IOS 

Updated Checks H14 Rpcbind mishandling of malformed requests - HP-UX 10/11 H178 Xserver vulnerabilities L17 Epiphany-extensions related Mozilla vulnerabilities - FC L307 Kazehakase Mozilla based vulnerabilities - FC L309 Gnome-web-photo Mozilla based vulnerabilities - FC L310 Miro Mozilla based vulnerabilities - FC L1512 Mozilla Firefox multiple vulnerabilities - FC L1514 Epiphany Mozilla based package vulnerabilities - FC L1516 Mozilla Devhelp package vulnerabilities - FC L1613 Mozilla Galeon package vulnerabilities - FC L1679 BLAM multiple Mozilla based flaws - FC L1681 Liferea Mozilla flaws - FC W1142 Anti-virus Signature Outdated - McAfee W1986 Anti-virus Signature Outdated - Symantec W1999 Anti-virus Signature Outdated - Trend Micro W2067 Anti-virus Signature Outdated - F-Secure W2070 Anti-virus Signature Outdated - CA eTrust
Sunbelt Network Security Inspector version 1.6.117.0 was released October 3, 2008. Sunbelt Software recommends you download the new SNSI version 1.6.117.0, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/081006-SNSI


WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff.




WServerNews - PRODUCT OF THE WEEK

Get a Free T-shirt and a Chance to Win a 50" Plasma

  1. Register for an iPrism online demo
  2. Attend demo and see the #1 Web Filter in action
  3. You're entered to win! Plus, you'll get a cool t-shirt just for attending
iPrism protects you with real-time anonymizer and virus blocking, plus stops malware, spyware and inappropriate content.
http://www.wservernews.com/081006-iPrism-Demo2