[ISN] IE 7.0 and Attractive Alternatives

From: InfoSec News (isn@private)
Date: Thu May 04 2006 - 01:16:18 PDT


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 





1. In Focus: IE 7.0 and Attractive Alternatives

2. Security News and Features
   - Recent Security Vulnerabilities
   - Oracle Database Vault and Secure Backup Lock Down Access to Data
   - AttachmateWRQ To Acquire NetIQ
   - Name That Computer!

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Instant Poll
   - Share Your Security Tips

4. New and Improved
   - Put Endpoints to the Security Test


==== Sponsor: Thawte ====

Learn all you need to know about code signing technology, including the 
goals and benefits of code signing, how code signing works and the 
underlying cryptographic and security concepts and building blocks.


==== 1. In Focus: IE 7.0 and Attractive Alternatives ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Microsoft recently released Internet Explorer (IE) 7.0 Beta 2 for 
public download (first URL below). Even with the security and other 
improvements in IE 7.0, some people still think IE is substandard or 
that using IE is the equivalent of painting a target on your forehead. 
Still others have more scathing comments about IE: Industry luminary 
John Dvorak recently called IE a "dead albatross" in a column published 
on PC Magazine's Web site (second URL below). 

Dvorak thinks that trying to integrate the browser tightly with the OS 
was one of Microsoft's worst moves ever. That argument makes some sense 
given the number of security vulnerabilities that continue to be 
discovered in the browser. Dvorak thinks Microsoft should ditch IE and 
instead invest in Opera Software and make a large donation to Mozilla 
Foundation to help boost development of their respective browsers.

Such a move by Microsoft isn't likely. In fact, Microsoft is driving 
forward with IE tool proliferation. If you have a copy of IE 7.0, head 
over to Microsoft's "Add-Ons for Internet Explorer Web site at the URL 
below, where you'll find at least 63 third-party security-related tools 
arranged in four categories: Online Protection tools help guard against 
spyware and malware; Pop-Up Blockers are probably self-explanatory; 
Privacy tools help protect against exposure of your private information 
and guard against spyware and malware; and Parental Controls control 
online activity and help protect your children against a range of 
risks. Although the site claims to be for IE add-ons, you'll find many 
standalone tools, such as Microsoft Windows Defender and Lavasoft's Ad-

If IE 7.0 won't run on your particular platforms, then undoubtedly you 
know about Firefox ( http://list.windowsitpro.com/t?ctl=28F17:4FB69 ) and Opera 
( http://list.windowsitpro.com/t?ctl=28F1C:4FB69 ), and might opt to use those browsers instead. 
But do you know about Maxthon Browser, Tablane, and Avant Browser? 

Maxthon Browser, by Maxthon International, is designed on top of the IE 
engine and introduces a ton of new functionality not available in 
Microsoft's versions of IE. For example, Maxthon offers tabbed 
browsing, enhanced pop-up blocking, a quick way to delete private 
information that might be stored by the browser, enhanced drag-and-drop 
features, support for extensions and plug-ins, support for skins, 
support for many languages, and a whole lot more. In short, Maxthon (at 
the URL below) is what IE should have been years ago. 

Two other browsers, which are also based on the IE engine and which, 
you might look into further are Tablane by Tablane Technology (at the 
first URL below) and Avant Browser, by Avant Force (at the second URL 
below). Tablane has some nice features, such as "lanes," which are a 
way of displaying multiple Web pages in a single view. Other features 
include support for Really Simple Syndication (RSS) feeds and a unique 
function that lets you use multiple search engines at once. 

Avant Browser claims to be "the fastest browser on Earth" and has many 
interesting features, some of which are similar to those found in 
Maxthon, such as enhanced pop-up blocking and privacy controls. 
However, Avant doesn't use the common tabbed interface--instead it 
displays many resizable windows inside the browser's single window 
interface. Look at the screen capture on the browser's home page to see 
what I mean. Avant Force also says that Avant has "no security holes," 
which is an extraordinary claim. I'm sure security researchers will 
eventually put that claim to many tests.

So even if you can't use the new IE 7.0 for some reason, several 
alternatives can enhance the functionality and security of your current 
installation of IE. Do some research and testing to see if any of the 
alternatives might fit your needs. 


==== Sponsor: Symantec ====

A multi-tier approach to email security prevents unauthorized access 
and can stop spam, viruses, and phishing attacks. Learn to implement 
one today, and protect your network security and business systems!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

Oracle Database Vault and Secure Backup Lock Down Access to Data
   Oracle's new Database Vault provides more granular control over 
access privileges in Oracle Database. Oracle also announced the 
availability of its new Secure Backup, which encrypts data written to 
tape and works with Oracle Database and various file systems on various 

AttachmateWRQ To Acquire NetIQ
   AttachmateWRQ announced that it will acquire security solutions 
provider NetIQ for approximately $495 million in cash, which equates to 
about $12.20 per share of stock. NetIQ, founded in 1995, will no longer 
be publicly traded. Instead the company will become a business unit of 
AttachmateWRQ. The transaction is expected to close within 90 days. 

Name That Computer!
   Jeff Fellinge takes a look at how naming conventions and IP 
standards can help you quickly identify systems and compares the 
approaches that two everyday Windows tools take to resolve IP addresses 
to names. 


==== Resources and Events ====

Learn the essentials about how consolidation and selected technology 
updates build an infrastructure that can handle change effectively.

Use virtual server technology to consolidate your production 
environment using only a fraction of the server hardware in the data 
center. Live Event: Thursday, May 18

Design effective policies to protect your company's assets and data. 
Don't accidentally damage what you mean to protect! View this on-demand 
seminar today.

Learn to differentiate alternative solutions to disaster recovery for 
your Windows-based applications to determine what works for you and 
ensure seamless recovery of your key systems--whether a disaster 
strikes just one server or the whole site. Live event: Thursday, May 11

Increase administration efficiency, build flexible yet inexpensive 
file-server environments, and maximize potential through consolidation 
of your SQL Server environment. Make the most of your resources today!


==== Featured White Paper ====

Learn how to address challenges such as making email truly available 
24x7x365, securing against viruses, comprehensively backing up email 
data, and more.


==== Hot Spot: IronPort ====

Learn the best ways to manage your email security (and fight spam) 
using a variety of solutions and tips.


==== 3. Security Toolkit ==== 

Security Matters Blog: Use the Command Line, Luke
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=28F12:4FB69

   If Luke Skywalker were a security administrator, his most powerful 
tools might be command-line tools. If you think you can figure out how 
to terminate a bunch of processes, some of which spawn new processes 
when they're terminated, you might want to take the hacking challenge 
"Star Hacks, Episode V: The Empire Hacks Back" described in this blog 

   by John Savill, http://list.windowsitpro.com/t?ctl=28F10:4FB69 

Q: How can I verify whether a domain controller (DC) is in a certain 

Find the answer at http://list.windowsitpro.com/t?ctl=28F0F:4FB69

Instant Poll
   What are your vacation plans for this summer?
   - Taking 1 week
   - Taking 2 weeks
   - Taking 3 weeks
   - Not taking any time off
   - Taking my work to the beach
   Go to the Windows IT Pro home page and submit your vote

Share Your Security Tips and Get $100
   Share your security-related tips, comments, or problems and 
solutions in the Windows IT Security print newsletter's 
Reader to Reader column. Email your contributions to 
r2rwinitsec@private If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


==== Announcements ====
   (from Windows IT Pro and its partners)

Windows IT Pro Master CD--SAVE 50%!
   Subscribe today and get portable, high-speed access to the entire 
Windows IT Pro article database on CD: a searchable library that 
includes every Windows IT Pro issue ever published. The newest issue 
also includes BONUS Windows IT Tips. Order now and save:

May Exclusive--Save $100 off the Exchange & Outlook Newsletter
   For a limited time, order the Exchange & Outlook Administrator 
newsletter and SAVE up to $100! You'll get 12 helpful issues loaded 
with solutions you won't find anywhere else and FREE access to the 
entire Exchange & Outlook online article database. Subscribe now:


==== 4. New and Improved ====
   by Renee Munshi, products@private

Put Endpoints to the Security Test 
   Senforce Technologies launched Senforce intelligent Network Access 
Control. iNAC compares the security state of an endpoint device that's 
attempting to connect to a network to a policy that defines security 
conditions that must be met to allow network access. IT administrators 
can create access policies that define which applications and services 
are permitted and that specify actions to take when endpoints don't 
comply. Pricing starts at $65 per user and quantity discounts are 
available. For more information, visit

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 


==== Contact Us ==== 

About the newsletter -- letters@private
About technical questions -- http://list.windowsitpro.com/t?ctl=28F14:4FB69
About product news -- products@private
About your subscription -- windowsitproupdate@private
About sponsoring Security UPDATE -- salesopps@private


This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu May 04 2006 - 01:30:27 PDT