==================== This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE. Map, Scan and Audit Your Network for Security Compliance http://list.windowsitpro.com/t?ctl=ED1D:4FB69 Using Security Compliance Software to Improve Business Efficiency and Reduce Costs http://list.windowsitpro.com/t?ctl=ED05:4FB69 ==================== 1. In Focus: Spyware Detection and Classification 2. Security News and Features - Recent Security Vulnerabilities - VeriSign Buys iDEFENSE - Firefox 1.0.5 Fixes a Dozen Security Problems - IIS Application Isolation 3. Instant Poll 4. Security Toolkit - Security Matters Blog - FAQ - Security Forum Featured Thread 5. New and Improved - PC Protection ==================== ==== Sponsor: Qualys ==== Map, Scan and Audit Your Network for Security Compliance Testing and improving your network security has never been easier. Requiring NO software, QualysGuard will safely and accurately audit your network and provide you with the necessary fixes to proactively guard your network. Qualys delivers the most vulnerability checks in the industry (4,000+), the highest scan engine accuracy - certified 99.997% accuracy based on more than a million scans per month and timely, up-to-date security checks and network intelligence. QualysGuard also delivers complete risk management functionality including: asset prioritization, business risk assessment, trend analysis, compliance reporting, remediation workflow, and more. Try the Free Scan today and make sure your network perimeter can withstand an attack: http://list.windowsitpro.com/t?ctl=ED1D:4FB69 ==================== ==== 1. In Focus: Spyware Detection and Classification ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net You've probably heard by now that Microsoft is, or was, interested in making a deal to acquire Claria--a company known for its personal- information-tracking software. Formerly known as Gator, Claria is for the most part considered to be a propagator (no pun intended) of spyware that's bundled with many popular software packages such as the Kazaa peer-to-peer file-sharing application. Last I heard, Microsoft scrapped its plans to acquire the company, although I'm not sure if that's true. Nevertheless, Microsoft caught some additional heat last week because it downgraded the severity rating of Claria's software in Windows AntiSpyware. The severity rating of similar software from other companies, such as WhenU and 180solutions, was reported to have also been downgraded. In an open letter published at its Web site (see the URL below), Microsoft said it made no exceptions for Claria and that the company "decided that adjustments should be made to the classification of Claria software in order to be fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors." http://list.windowsitpro.com/t?ctl=ED0D:4FB69 The letter goes on to say that "Today, anti-spyware vendors use different approaches, definitions, and types of criteria for identifying and categorizing spyware and other potentially unwanted software. This has limited the industry's ability to have a broad, coordinated impact in addressing the problem. That is a key reason Microsoft is a founding member of the Anti-Spyware Coalition, a group of technology companies and anti- spyware companies working alongside public interest groups to address key spyware issues." The Anti-Spyware Coalition (first URL below) was actually convened by the Center for Democracy and Technology earlier this year. Microsoft was one of over a dozen entities that took part in the initial meeting. The coalition recently published the first draft of its "Anti-Spyware Coalition Definitions and Supporting Documents" (second URL below), which is now open for a 30-day public comment period. http://list.windowsitpro.com/t?ctl=ED1E:4FB69 http://list.windowsitpro.com/t?ctl=ED13:4FB69 The definitions outline a number of different types of spyware and describe the underlying technology and why it might or might not be useful. Microsoft and numerous other companies undoubtedly use these definitions as part of their guidelines for classifying software in their respective antispyware solutions. So reading the documents might help you get a better understanding of what spyware is from the perspective of various vendors. Another interesting part of the documents is the outline for vendor dispute and false positive resolution. I'd guess that Claria and other vendors have used that, or a similar process, to have Microsoft review its software more closely, resulting in changes in software's severity rating in Windows AntiSpyware. If you're interested in learning more and helping shape the way coalition members handle spyware detection and classification, be sure to read the first draft and send any comments you might have to the coalition before the end of the public comment period, August 12. After that time, the coalition will work to publish a final release sometime in the fall. ==================== ==== Sponsor: BindView ==== Using Security Compliance Software to Improve Business Efficiency and Reduce Costs Learn To Sort Through Sarbanes-Oxley, HIPAA And More Legislation Quicker And Easier! In this free white paper, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance-related tasks that reduce IT efficiency. Turn these mandates into automated and cost effective solutions - Download your copy today! http://list.windowsitpro.com/t?ctl=ED05:4FB69 ==================== ==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=ED0F:4FB69 VeriSign Buys iDEFENSE VeriSign announced that it acquired security research firm iDEFENSE for $40 million in cash. iDEFENSE provides security-related information to companies around the world. http://list.windowsitpro.com/t?ctl=ED16:4FB69 Firefox 1.0.5 Fixes a Dozen Security Problems Mozilla Foundation released Firefox 1.0.5, which fixes a dozen security problems and improves stability. While Firefox 1.0.5 does represent an improvement over previous versions, it has some known issues, so be sure to read about those for any caveats that might apply to your particular systems. http://list.windowsitpro.com/t?ctl=ED17:4FB69 IIS Application Isolation From time to time, you're probably called on to deploy a Web application that traffics sensitive information. That application might also reside on an IIS server that hosts other applications. What questions and considerations do you think about as you devise your plan for implementing the highest degree of application isolation you can manage? Brett Hill helps you think things through in this article on our Web site. http://list.windowsitpro.com/t?ctl=ED14:4FB69 ==================== ==== Resources and Events ==== Sort Through Sarbanes-Oxley, HIPAA, and More Legislation Quicker and Easier! In this free Web seminar, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance-related tasks that reduce IT efficiency. Turn these mandates into automated and cost-effective solutions. Register now! http://list.windowsitpro.com/t?ctl=ED08:4FB69 Recover Your Active Directory Get answers to all your Active Directory recovery questions here! Join industry guru Darren Mar-Elia in this free, on-demand Web seminar and discover how to use native recovery tools and methods, how to implement a lag site to delay replication, limitations to native recovery approaches, and more. Learn how you can develop an effective AD backup strategy. Register today! http://list.windowsitpro.com/t?ctl=ED06:4FB69 All High-Availability Solutions Are not Created Equal--How Does Yours Measure Up? In this free Web seminar, you'll get the tools you need to ensure your systems aren't going down. You'll discover the various categories of high-availability and disaster-recovery solutions available and the pros and cons of each. You'll learn what solutions help you take preemptive, corrective action without resorting to a full system failover, or in extreme cases, that perform a non-disruptive, automatic switchover to a secondary server. http://list.windowsitpro.com/t?ctl=ED09:4FB69 Antispam product not working? Many email administrators are experiencing increased frustration with their current antispam products as they battle new and more dangerous email threats. In-house software, appliances, and even some services may no longer work effectively, require too much IT staff time to update and maintain or satisfy the needs of different users. In this free Web seminar, learn how you can search for a better way to protect your email systems and users. http://list.windowsitpro.com/t?ctl=ED0A:4FB69 Integrate Fax Services with Business Applications for Big ROI In this free eBook, you'll discover all you need to know about fax technology! You'll learn how to improve business processes by minimizing manual faxing and integrating faxing into your business workflow for improved ROI. The eBook will also look at the how-to of the desktop fax client, fax automation, faxing hardware and software technologies, and the future of faxing. Let this important guide help you stay on top of fax server technology within your business environment. http://list.windowsitpro.com/t?ctl=ED0C:4FB69 Influencers 2005: Thriving In The Face Of Regulation: How to Accommodate the New Corporate Governance Regime and Achieve Optimum Financial Performance Join Arthur Levitt, former chairman of the SEC, Arnold Hanish, and Scott Mitchell as they discuss the most important management challenge facing businesses today--Wednesday, July 20 at 11:00 a.m. EDT. Register here: http://list.windowsitpro.com/t?ctl=ED07:4FB69 ==================== ==== 3. Instant Poll ==== Results of Previous Poll: Does your network firewall provide stateful application-layer inspection in addition to the traditional stateful packet inspection? The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 10 votes. - 50% Yes - 50% No New Instant Poll: Do you regularly scan your external network IP addresses for open ports on your network and compare the results against a known good baseline? Go to the Security Hot Topic and submit your vote for - Yes, I regularly scan my network and compare against a baseline. - Yes, I periodically scan but merely review the results. - No, I don't scan, but I think I should. - No, I don't think scanning is useful. http://list.windowsitpro.com/t?ctl=ED18:4FB69 ==== Featured White Paper ==== Do You Know If Your Network Is At Risk Of A Trojan Attack? Discover the various methods available for controlled Internet access and how to use them to increase security and decrease legal exposure. Download your free white paper now! http://list.windowsitpro.com/t?ctl=ED0E:4FB69 ==================== ==== 4. Security Toolkit ==== Security Matters Blog: Endian Firewall--Check It Out by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=ED1B:4FB69 Endian Firewall easily turns a computer into a firewall appliance. The open-source project is based on IPCop, sports a Web-based configuration, and has OpenVPN built in for quick setup of a VPN. http://list.windowsitpro.com/t?ctl=ED12:4FB69 FAQ by John Savill, http://list.windowsitpro.com/t?ctl=ED19:4FB69 Q: How can I determine whether a Dfs root is a standalone root or a fault- tolerant root stored in Active Directory (AD)? Find the answer at http://list.windowsitpro.com/t?ctl=ED15:4FB69 Security Forum Featured Thread: Changing a Password Without Logging In A forum participant wants to know whether there is a way for users to change their passwords themselves without logging on to the domain. Join the discussion at http://list.windowsitpro.com/t?ctl=ED0B:4FB69 ==================== ==== Announcements ==== (from Windows IT Pro and its partners) Check Out the New Windows IT Security Newsletter! Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database (over 1900 security articles)! Order now: http://list.windowsitpro.com/t?ctl=ED11:4FB69 Vote for the Next MCP Hall of Famer Help decide who the most valuable member of the MCP community is. Take the time to reward excellence to those that deserve it and to make yourself a part of the first ever MCP Hall of Fame. Voting only takes a few seconds, so cast your vote now for Round 5. Click here: http://list.windowsitpro.com/t?ctl=ED1C:4FB69 ==================== ==== 5. New and Improved ==== by Renee Munshi, products@private PC Protection Privacyware offers the Total Endpoint Protection Suite, which combines the company's Privatefirewall 4.0 and SafeEnd's USB Port Protector in a package that's currently priced at $39.99 per seat (with a 50-seat minimum). Privatefirewall is a firewall and Intrusion Detection System (IDS). You can select from versions of Privatefirewall that add Computer Associates' eTrust PestPatrol Anti-Spyware software only or that add both CA's PestPatrol and eTrust EZ Antivirus software. USB Port Protector lets only pre- authorized devices connect through a USB port. For more information, go to http://list.windowsitpro.com/t?ctl=ED20:4FB69 Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@private Editor's note: Share Your Security Discoveries and Get $100 Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to r2rwinitsec@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. ==================== ==== Sponsored Links ==== Argent versus MOM 2005 Experts Pick the Best Windows Monitoring Solution http://list.windowsitpro.com/t?ctl=ED04:4FB69 ==================== ==== Contact Us ==== About the newsletter -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=ED1F:4FB69 About product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- emedia_opps@private ==================== This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today. http://list.windowsitpro.com/t?ctl=ED10:4FB69 View the Windows IT Pro privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2005, Penton Media, Inc. All rights reserved. _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 21 2005 - 00:38:05 PDT