|
Vol. 13, #41 - Oct 6, 2008 - Issue #695
|
|
Trend Micro: "Don't Buy Antivirus Software"
|
| This issue of WServerNews is sponsored by |
|---|
 |
|---|
- Editors Corner
- Trend Micro: "Don't Buy Antivirus Software"
- Quote of the Week from Oracle CEO Larry Ellison
- Webinars and Seminars
- Protecting Against the New Wave of Malware: A New Approach to Endpoint
Security
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- Hackers Clone Elvis' Passport
- The Data Center From Hell, Part 3: Lessons Learned
- Toshiba Shows Prototype Fast-Charging Laptop Battery
- Rookie Mistakes To Avoid During The Sharepoint Rollout
- The Next Wave: Client Virtualization
- Three Don'ts When Optimizing Exchange Server Performance
- Tip: Managing Hyper-V's Security Permissions
- Windows Server News
- Amazon and Redmond Will Soon Release "Windows Clouds"
- Microsoft To Enhance App Server Features Of W2K8
- Free Version Of Hyper-V Now Available
- Tip: Easing Security Concerns With Server Core For W2K8
- WServer Third Party News
- Process Monitor 2.0 Released
- Sunbelt Announces New Automation Technology in Malware Fight
- New Version Of SNSI
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - PRODUCT OF THE WEEK
- Get a Free T-shirt and a Chance to Win a 50" Plasma
|
Get a Free T-shirt and a Chance to Win a 50" Plasma
|
- Register for an iPrism online demo
- Attend demo and see the #1 Web Filter in action
- You're entered to win! Plus, you'll get a cool t-shirt just for attending
iPrism protects you with real-time anonymizer and virus blocking, plus stops
malware, spyware and inappropriate content.
http://www.wservernews.com/081006-iPrism-Demo1
|
|
 |
Editors Corner |
|
Trend Micro: "Don't Buy Antivirus Software"
Neil MacDonald, a Gartner Research VP, in a speech at their IT Security
Summit in London said last Monday that organizations continue to overpay
for security software -- and at the same time the software vendors are not
spending enough in R&D to keep up with current fast-changing threats.
MacDonald said that security vendors are keeping their profit margins high
on firewalls and antivirus products, while these tools are becoming more
and more like commodities. His advice is to take advantage of the more
competitive environment in the AV industry to negotiate better prices.
This is of course music in our ears, as this is exactly what we have
been saying for the last few years.
"I know it's hard to switch, but you have to seriously enter the
negotiations," he said. "Let the vendors know that you are not afraid
to switch." Personally I would go one step further and simply not
even talk to your current vendor and stop renewing their bloatware.
You might get a better price but you are still stuck with endpoint stacks
that can take a whopping 200Meg of RAM during scans. Think about the
performance drain and the lost productivity because of that. You couldn't
pay me to run any bloatware on my workstation! Which brings me to Trend.
Trend Micro's Security Product Manager David Peterson takes it one step
further and claims people should not buy AV software at all. Huh? Well,
the point he makes is that stand-alone AV software is no longer cutting
it, and that you need integrated endpoint security, in the form of suites:
http://www.wservernews.com/081006-Dont-Buy-Antivirus
He is right about the integrated part, except that suites are an even
more gruesome performance drain. But the issue he brings up is the
perfect argument that should make you take a serious look at VIPRE
Enterprise. I have had an independent performance benchmark lab do
some tests and will lift the veil on one of these parameters: File Write,
Open and Close Time (in Sec). Here is a comparison with a few popular
stand-alone AV products that are used a lot in the enterprise, compared
to our -combined- antivirus + antimalware application. The second line
here should catch your attention, it's the industry average! This
benchmark was derived from Oli Warner's File I/O test at thepcspy.com
(site linked below). This metric measures the amount of time required
for the system to write a file, then open and close that file. Here are
the times measured in a fresh benchmark last week:
http://www.wservernews.com/081006-Slows-Windows
| Norton Antivirus 2008 | 286.56 |
| Industry Average | 261.4 |
| ESET NOD32 Antivirus 3.0 | 102.17 |
| Kaspersky Antivirus 8 | 84.52 |
| Trend Micro Antivirus 2008 | 84.46 |
| Sunbelt VIPRE V3.1 | 51.92 |
I think David Peterson is right, don't buy Trend Micro antivirus software,
or any other players, but have a look at VIPRE Enterprise instead,
which is 5 times faster than the antivirus industry File I/O average.
Sunbelt has a competitive upgrade program in place that will make you and
your accountants really happy, so make sure you ask for a quote:
http://www.wservernews.com/081006-VIPRE-Enterprise
Quote of the Week from Oracle CEO Larry Ellison
"The interesting thing about cloud computing is that we've redefined cloud
computing to include everything that we already do. I can't think of anything
that isn't cloud computing with all of these announcements. The computer
industry is the only industry that is more fashion-driven than women's
fashion. Maybe I'm an idiot, but I have no idea what anyone is talking
about. What is it? It's complete gibberish. It's insane. When is this idiocy
going to stop? We'll make cloud computing announcements, I'm not going to
fight this thing. But I don't understand what we would do differently in
the light of cloud computing other than change the wording of some of our
ads." -- CEO Larry Ellison at Oracle's annual financial analysts meeting.
Warm regards, and thank you for being a WServerNews subscriber. No trees
were killed in the sending of this message, but a large number of electrons
were terribly inconvenienced. Please tell your friends about us.
They can subscribe here:
http://www.wservernews.com/081006-Subscribe
|
|
The End Of AV As You Know It
Finally, powerful endpoint security that ISN'T a resource hog. Sunbelt built
VIPRE Enterprise; a completely new technology combining corporate antivirus
plus an enterprise antispyware solution for total endpoint security designed
by admins for admins. Save your IT budget and don't renew products from
Symantec, McAfee and Trend Micro, Learn how VIPRE Enterprise takes much
less resources than the competition! It's clearly time to ditch expensive,
bloated, old-style AV products. "Wow, what an easy install, I am not used to
being able to install such Major Software package in 10 minutes on our server,
and then completed the install on our clients in the next hour, including
restarts, in two different buildings." Get your 30-day eval here:
http://www.wservernews.com/081006-VIPREenterprise
|
|
<
|
Webinars and Seminars |
|
We'd like to invite you to attend the following seminars:
Protecting Against the New Wave of Malware: A New Approach to Endpoint
Security
Join Sunbelt and Mike Osterman, president and founder of
Osterman Research, Inc., for an informative seminar that will examine
why older, traditional antivirus approaches don't work and why a new
approach to endpoint security is required to better protect your users,
your data and your long-term viability as a company from malicious threats.
Hosted at Microsoft in San Francisco, CA on Thursday, November 13th.
Register here:
http://www.wservernews.com/081006-Protecting-Against-Malware
|
|
Tech Briefing |
|
Hackers Clone Elvis' Passport
This is a very interesting ePassport RFID Vulnerability Demo. The Hacker's
Choice, a non-commercial group of computer security experts, has released a
video showing a cloned passport being approved by a security scanner at a
Dutch airport. The government plans to use ePassports at Immigration and
Border Control. The information is electronically read from the Passport
and displayed to a Border Control Officer or used by an automated setup.
THC has discovered a vulnerability in the system to bypass the security
checks. The detection of fake passport chips is no longer working. Test
setups do not raise alerts when a modified chip is used. This enabled an
attacker to create a Passport with an altered Picture, Name, DoB, Nationality
and other credentials. This is definitely food for thought for all the
people who think electronic checks are 100% secure. Here is the video:
http://www.wservernews.com/081006-RFID
The Data Center From Hell, Part 3: Lessons Learned
In the previous two columns, security specialist Jan Buitron reported on
a horribly non-secure facility at which she worked some years ago. Today
she summarizes her conclusions about the state of facilities security at
this dreadful site. Wow.
http://www.wservernews.com/081006-Lessons-Learned
Toshiba Shows Prototype Fast-Charging Laptop Battery
Toshiba's fast-charging SCiB battery will last longer and endure more
recharge cycles than current lithium-ion cell; it's also safer and won't
explode when crushed. They showed off a prototype but said the technology
is still a ways off from making its way into computers. SCiB, or Super
Charge Ion Batteries, are designed to recharge to 90 percent capacity
within 10 minutes! Imagine what that means for electric cars...
More at InfoWorld:
http://www.wservernews.com/081006-Fast-Charging-Battery
Rookie Mistakes To Avoid During The Sharepoint Rollout
Microsoft SharePoint is easy to install, configure and use. This tip
from SearchWinIT.com lists four possible implementation blunders,
including choosing the wrong installation and ignoring disaster
recovery. (Requires Registration)
http://www.wservernews.com/081006-Rookie-Mistakes
The Next Wave: Client Virtualization
Client -- or desktop -- virtualization is not a new concept. There's
also virtual desktop infrastructure, which creates virtual machines
or virtual desktops that are sent down over the network to a client
via a hypervisor that resides on the server. But these models have
limits, and the technology does not meet the diversified and
personalized requirements of corporate end users. This exclusive
article on SearchEnterpriseDesktop.com previews the future of
client virtualization:
http://www.wservernews.com/081006-Client-Virtualization
Three Don'ts When Optimizing Exchange Server Performance
There are many tips and best practices you can follow to improve MS
Exchange Server's performance. This checklist on SearchExchange.com
outlines three things you should never do at the hardware level.
http://www.wservernews.com/081006-Optimizing-Exchange-Server
Tip: Managing Hyper-V's Security Permissions
The burdens of managing security permissions are rarely seen as
exciting, but they're an essential duty to which systems admins
are given the task to carry out. In this tip, learn how you can
configure and manage permissions for your Hyper-V host servers and
get an introduction and tutorial on the Hyper-V permissions tool,
Authorization Manager (AzMan). (Registration Required)
http://www.wservernews.com/081006-Hyper-V
|
|
Windows Server News |
|
Amazon and Redmond Will Soon Release "Windows Clouds"
Steve Ballmer this week talked in London about a new "operating system" that
will help developers write Internet-based applications. Within 4 weeks,
Redmond will release what Ballmer called code name "Windows Cloud." The
"OS" is meant for developers writing cloud-computing applications.
The term Cloud computing is used these days to describe apps that run in
a browser, where the actual computing is done in a distant data center. IBM
30 years ago used to call it time-sharing, via dumb terminals. Redmond's
'WinCloud' (or whatever the final name is) will include geo-replication,
management modeling and an SOA model.
Amazon announced this Wednesday that its Elastic Compute Cloud (EC2), which
at the moment only runs a few Unix and Linux flavors, will start supporting
SQL- and WinServer later this fall. It's currently in beta. A lot of their
customer were asking for it they claimed. Amazon also said that its MS-cloud
will let you deploy things like ASP.NET web sites and high-performance
clusters, of course with the benefits of EC2's scalability, reliability
and utility pricing which will be a bit higher for Windows than Linux
because of the licenses.
Microsoft To Enhance App Server Features Of W2K8
Microsoft Corp. said it will boost the application server capabilities
of Windows Server 2008 with more SOA-friendly features to aid developers
working with the company's upcoming .Net 4.0 framework. The company
announced it will release a preview of new app server features, formerly
code-named Dublin, at Microsoft's Professional Developers Conference
(PDC) later this month in Los Angeles. Dublin's features include pre-built
developer services, greater scalability and easier manageability, and
support for Microsoft's Oslo modeling platform, according to a Press
Pass interview posted on Microsoft's Web site. Details at ComputerWorld:
http://www.wservernews.com/081006-Features
Free Version Of Hyper-V Now Available
Following VMWare's move in August, Redmond this week released their free,
low-footprint version of its Hyper-V. Microsoft has now started its chase
for virtualization market share for real. Hyper-V Server 2008, which
includes only the Hypervisor, WinServer driver model and virtualization
components, is now available online:
http://www.wservernews.com/081006-Hyper-V-Server
Also this week, they announced new ways for IT pros to get training and
certification on virtualization for desktop, server and management
environments. More details about the programs are available on the
Microsoft Learning Community Blog:
http://www.wservernews.com/081006-Virtualization
Tip: Easing Security Concerns With Server Core For W2K8
While the Server Core option for Windows 2008 comes secure out of the
box, an improper configuration can leave your system vulnerable. Follow
these steps to ensure peak security when running Server Core:
http://www.wservernews.com/081006-Core-Concerns
|
|
WServer Third Party News |
|
Process Monitor 2.0 Released
Russinovich said in his blog, "this major update to Process Monitor
adds real-time TCP and UDP monitoring to its existing process, thread, DLL,
file system and registry monitoring. You can now see the TCP and UDP activity
processes performed, including the operation, local and remote IP addresses
and DNS names, and operation transfer lengths. On Windows Vista, Process
Monitor also collects thread stacks for network operations."
Now that Microsoft has acquired the Russinovich franchise, the downside is
that they no longer publish the source code for their sysinternals tools,
and 'winternals' tools are gone, but you can subscribe to their updates
RSS feed, and there are TONS of updates to the tools. Also, I have
mentioned it before, but they are available 'live' as well.
Sysinternals Live is a service that enables you to execute Sysinternals
tools directly from the Web without hunting for and manually downloading
them. Simply enter a tool's Sysinternals Live path into Windows Explorer
or a command prompt as
http://live.sysinternals.com/toolname
or
\\live.sysinternals.com\tools\toolname.
You can view the entire Sysinternals Live tools directory in a browser:
http://live.sysinternals.com.
Here is the new Process Monitor V2.0:
http://www.wservernews.com/081006-Sysinternals
Sunbelt Announces New Automation Technology in Malware Fight
We announced a new version of our market-leading automated behavioral
analysis tool, Sunbelt CWSandbox version 2.1. The new version represents a
significant leap forward in automated malware analysis by incorporating
sophisticated technology that automates and simulates user interaction
within malicious applications or content. The user interaction feature
enables security vendors and malware research teams to more effectively
analyze malicious applications that rely on social engineering.
In the ongoing arms race with cyber-criminals, new attack vectors are
continuously sought out by hackers. One of the most effective methods is to
use social engineering to bypass or override security software already in
place. By presenting the malware or compromised website in such a way that
the user feels that they are interacting with a legitimate application or
content, the malware author can rely on the user to get past the security
measures used.
"Malware is becoming far more sophisticated with multi-pronged attacks and
new techniques being unleashed on consumers and enterprises daily," said
Chad Loeven, vice-president of business development of Sunbelt Software.
"Collectively in the security community we face a common challenge of
keeping abreast of new threats and being able to effectively analyze and
counteract them."
By successfully simulating how a user would interact when presented with
a fake or rogue application, Sunbelt CWSandbox automates what up until now
has been a manual process where a researcher needed to manually analyze
each threat on a case-by-case basis. The automation facility of CWSandbox
engages with the application, infected file or compromised website exactly
as the malware expects a user to do and logs and analyzes all the resulting
activity without any manual intervention by the researcher. This end-to-end
process automation enables security companies and enterprises concerned with
targeted and/or socially engineered attacks to filter through potential
threats in a consistent, automated manner without tying up valuable resources.
"We believe we are providing a level of automation and granular analysis
with CWSandbox that is far ahead of any other solution on the market,"
continued Loeven, "and it's for that reason so many of the largest global
enterprises, security and telecom vendors and government and defense agencies
trust Sunbelt and our malware analysis tools for proactive defense."
http://www.wservernews.com/081006-Sunbelt-CWSandbox
New Version Of SNSI
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of
computer incidents. It also contains the latest SANS/FBI top 20 vulnerability
list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department
of Homeland Security) advisories.New Checks
L1069 Bzip2 bzlib.c overread error - RHE
L1071 Firefox malformed web content errors - RHE
L1074 RealPlayer SWF frame handling flaw - RHE
L1083 ClamAV multiple DoS vulnerabilities - SuSE
L1084 Emacs Python script importation flaw - SuSE
L1088 Devhelp malformed web content errors - RHE
L1092 Yelp malformed web content errors - RHE
L1093 ViewVC HTTP response interpretation flaw - FC
L1094 InitScripts sysinit arbitrary file deletion error - FC
L1095 Root Kit Hunter rkhunter-debug weakness - FC
N93 Fix Bundle (Sept 24th 2008) - IOS
N94 IOSFW AIC HTTP packet handling - IOS
N95 IOSIPS SERVICE.DNS signature engine may hang - IOS
N96 L2TP mgmt process may crash handling certain L2TP packets - IOS
N97 IPC over UDP source validation - IOS
N98 MPLS Forwarding Infrastructure MFI vulnerability
N99 SNMP write community vulnerability in uBR devices - IOS
N100 uBR device PIM packet handling vulnerabilities - IOS
N101 MPLS VPN Incorrect Route Target use data leakage - IOS
N102 Skinny Call Control Protocol Vulnerabilities - IOS
N103 SSL session termination vulnerability - IOS
N104 SIP call handling vulnerabilities - IOS
Updated Checks
H14 Rpcbind mishandling of malformed requests - HP-UX 10/11
H178 Xserver vulnerabilities
L17 Epiphany-extensions related Mozilla vulnerabilities - FC
L307 Kazehakase Mozilla based vulnerabilities - FC
L309 Gnome-web-photo Mozilla based vulnerabilities - FC
L310 Miro Mozilla based vulnerabilities - FC
L1512 Mozilla Firefox multiple vulnerabilities - FC
L1514 Epiphany Mozilla based package vulnerabilities - FC
L1516 Mozilla Devhelp package vulnerabilities - FC
L1613 Mozilla Galeon package vulnerabilities - FC
L1679 BLAM multiple Mozilla based flaws - FC
L1681 Liferea Mozilla flaws - FC
W1142 Anti-virus Signature Outdated - McAfee
W1986 Anti-virus Signature Outdated - Symantec
W1999 Anti-virus Signature Outdated - Trend Micro
W2067 Anti-virus Signature Outdated - F-Secure
W2070 Anti-virus Signature Outdated - CA eTrust
Sunbelt Network Security Inspector version 1.6.117.0 was released October
3, 2008. Sunbelt Software recommends you download the new SNSI version
1.6.117.0, scan, and patch your machines today. To get the latest SNSI
version, visit:
http://www.wservernews.com/081006-SNSI
|
|
WServerNews FAVE Links |
|
This Week's Links We Like. Tips, Hints And Fun Stuff.
|
|
WServerNews - PRODUCT OF THE WEEK |
|
Get a Free T-shirt and a Chance to Win a 50" Plasma
- Register for an iPrism online demo
- Attend demo and see the #1 Web Filter in action
- You're entered to win! Plus, you'll get a cool t-shirt just for attending
iPrism protects you with real-time anonymizer and virus blocking, plus stops
malware, spyware and inappropriate content.
http://www.wservernews.com/081006-iPrism-Demo2
|
|
|
|
|
Email me: 