[ISN] Which Antiphishing Solution Is Best?

From: InfoSec News (alerts@private)
Date: Wed Nov 29 2006 - 22:56:29 PST


Forwarded from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com>

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Win the Fight Against Image Spam With IronPort
   http://list.windowsitpro.com/t?ctl=41863:7EB890

Protect Your Network - Threats Brought in By Remote Laptops
   http://list.windowsitpro.com/t?ctl=4187F:7EB890

The Starter PKI Program
   http://list.windowsitpro.com/t?ctl=4186A:7EB890


=== CONTENTS ===================================================

IN FOCUS: Which Antiphishing Solution Is Best?

NEWS AND FEATURES
   - Malware Could Become Its Own Worst Enemy
   - GRISOFT Expands Offerings to Linux and FreeBSD
   - Check Point Slated to Acquire Protect Data
   - Recent Security Vulnerabilities

GIVE AND TAKE
   - Security Matters Blog: New Tool from Sysinternals: Procmon
   - FAQ: Hiding the List of Domains at Logon 
   - From the Forum: Shared Mobile Laptops
   - Know Your IT Security Contest
   - IT Pro of the Month--October 2006 Winner

PRODUCTS
   - Audit Your Web Site
   - Wanted: Your Reviews of Products 

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: IronPort ==========================================

Win the Fight Against Image Spam With IronPort
   End-users around the world are reporting an increase in spam, 
causing a new email epidemic. Much of this increase is attributed to 
the emergence of new, more sophisticated forms of image spam. IronPort 
Systems has taken a fundamentally different approach to the problem. 
IronPort is the leading email and Web security products provider for 
organizations ranging from small businesses to the Global 2000. With 
newly acquired encryption technology, IronPort is driving new standards 
and providing innovative products for those faced with the monumental 
task of managing, protecting, and growing these mission-critical 
systems. 
   Learn more about the email epidemic. Download your free Image Spam 
Trends Report today.
   http://list.windowsitpro.com/t?ctl=41863:7EB890


=== IN FOCUS: Which Antiphishing Solution Is Best? =============
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

The best antiphishing defense you could hope to build is based firmly 
upon end-user education. If people could be freed from their naivete, 
scammers wouldn't stand a chance of fooling anyone except themselves. 

But many companies don't see the value in ongoing user education, and 
some people simply can't be educated to a reasonable degree. Thus, we 
need antiphishing software, which has become a major feature of Web 
browsers and of various third-party security solutions.

In October, a Microsoft-commissioned report on various antiphishing 
solutions was released. The testers found that Microsoft Internet 
Explorer (IE) 7.0 has better antiphishing technology than competing 
solutions. The products tested included IE 7.0 Beta 3, EarthLink 
ScamBlocker, eBay Toolbar with Account Guard, GeoTrust TrustWatch, 
Google Toolbar for Firefox with Safe Browsing, McAfee SiteAdvisor Plus, 
Netcraft Toolbar, and Netscape Browser with built-in antiphishing 
technology. In "IE 7.0 and Firefox 2.0 Both Have New Antiphishing 
Technologies" (at the URL below), I reported that the test results were 
weighted toward rewarding tools that completely blocked access to 
suspected phishing sites (rather than just warning users) and to tools 
that didn't produce false positives. 
   http://list.windowsitpro.com/t?ctl=41873:7EB890

The Mozilla Foundation commissioned its own study to gauge the 
effectiveness of Mozilla Firefox 2.0's antiphishing technology as 
compared with IE 7.0's. This study found that Firefox's antiphishing 
technology was better than IE's by a considerable margin (see the 
results at the URL below).
   http://list.windowsitpro.com/t?ctl=41878:7EB890

One difference between the two studies is that Mozilla used a much 
larger sample of known phishing sites, all of which appear on the 
PhishTank Web site, at the URL below. The larger sample undoubtedly had 
an effect on the overall outcome. Another difference is the weighting 
in the Microsoft-sponsored test. If you don't place the same value on 
certain features as the test did, you might not give the tools the same 
ranking they received in the test results.
   http://list.windowsitpro.com/t?ctl=41882:7EB890

I think the most interesting result is that some of the third-party 
products performed exceptionally well in the test commissioned by 
Microsoft. But neither report seems conclusive to me. One report 
provides test results for many products but used a small sample of 
known phishing sites. The other report used a large sample of sites but 
tested only two products out of the many available. 

It would be interesting to see a new report that uses a very large 
sample of phishing sites and performs tests on all (or most) of the 
available antiphishing solutions, including third-party solutions that 
offer both browser-based protection and gateway-level protection. 

It's especially important to know how gateway-level solutions perform, 
because browsers and browser toolbars are updated frequently. Thus, 
keeping up on all workstations is a big chore, especially in large 
organizations. It seems to me that using a gateway-based solution would 
be much more cost effective if at all possible. However, a gateway-
based solution might not work for you, depending on the way you handle 
connectivity and security for your mobile users.


=== SPONSOR: 8e6 Technologies ==================================

Protect Your Network - Threats Brought in By Remote Laptops
   Learn how employee laptops indiscriminately harm company networks, 
despite standard security gear, and gain valuable information on how to 
protect your company against these threats--without throwing out the 
laptops. Get the FREE white paper from 8e6 Technologies. Qualify Now!
   http://list.windowsitpro.com/t?ctl=4187F:7EB890


=== SECURITY NEWS AND FEATURES =================================

Malware Could Become Its Own Worst Enemy
   An emulator that poses as a virtual machine (VM) could protect a 
system against certain types of malware that detect VMs and refuse to 
run in them.
   http://list.windowsitpro.com/t?ctl=41877:7EB890

GRISOFT Expands Offerings to Linux and FreeBSD
   Antivirus maker GRISOFT has expanded its line of antivirus and 
antispam security products to include support for Linux and FreeBSD.
   http://list.windowsitpro.com/t?ctl=41875:7EB890

Check Point Slated to Acquire Protect Data
   Check Point Software Technologies said it has made an offer to 
acquire Sweden-based Protect Data, owner of Pointsec Mobile 
Technologies.
   http://list.windowsitpro.com/t?ctl=41876:7EB890

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=4186B:7EB890


=== SPONSOR: Thawte ============================================

The Starter PKI Program
   Securing multiple domains or host names? Learn how the Starter PKI 
program can save time and reduce costs, and provide you with a multiple 
digital certificate account.
   http://list.windowsitpro.com/t?ctl=4186A:7EB890


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: New Tool from Sysinternals: Procmon 
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=4187D:7EB890

Process Monitor (Procmon) is Filemon and Regmon combined, and then 
some. Microsoft says the capabilities will make Procmon "a core utility 
in your system troubleshooting and malware hunting toolkit." Learn more 
about it in this blog article.
   http://list.windowsitpro.com/t?ctl=41874:7EB890

FAQ: Hiding the List of Domains at Logon
   by John Savill, http://list.windowsitpro.com/t?ctl=4187B:7EB890 

Q: How can I use Group Policy to hide the domain drop-down list in the 
Windows Logon dialog box? 

Find the answer at
   http://list.windowsitpro.com/t?ctl=41872:7EB890

FROM THE FORUM: Shared Mobile Laptops
   A forum participant has several laptops that are used by multiple 
employees for presentations or meetings in the office and for working 
at home. In the office, laptop users can connect to the Internet via 
wireless access points (APs). Home users access the Internet via their 
own private broadband connection (they don't have VPN access into the 
company network). Should the laptops be part of the domain, which will 
force users to log on using their individual accounts, or should they 
be standalone systems, which means users sharing local accounts? Join 
the discussion at
   http://list.windowsitpro.com/t?ctl=41864:7EB890

KNOW YOUR IT SECURITY Contest
   Share your security-related tips, comments, or solutions in 1000 
words or less, and you could be one of 13 lucky winners of a Zune media 
player. Tell us how you do patch management, share a security script, 
or write about a security article you've read or a Webcast you've 
viewed. Submit your entry between now and December 13. We'll select the 
13 best entries, and the winners will receive a Zune media player. 
Email your contributions to tipswinitsec@private
   Prizes are courtesy of Microsoft Learning Paths for Security: 
   http://list.windowsitpro.com/t?ctl=41879:7EB890

IT PRO OF THE MONTH--October 2006 Winner
   Congratulations to Chris Stanley, who was voted the October 2006 "IT 
Pro of the Month." Chris built an Apache Web server (using MySQL and 
FileZilla) and designed an intranet on which he posted manuals and 
protocols used in a 911 center. Vital information is now centralized 
and can be accessed quickly when time matters most. To learn more about 
Chris's solution and find out how you can become the next "IT Pro of 
the Month," please visit
   http://list.windowsitpro.com/t?ctl=4187E:7EB890


=== PRODUCTS ===================================================
   by Renee Munshi, products@private

Audit Your Web Site
   Acunetix launched Acunetix SiteAudit, a Web site security auditing 
service. Audits are performed by Acunetix's Web security experts using 
Acunetix Web Vulnerability Scanner. An audit checks for SQL injection, 
cross-site scripting, and other vulnerabilities. It examines shopping 
carts, forms, and dynamic content, including JavaScript and 
Asynchronous JavaScript and XML (Ajax) applications, for security 
vulnerabilities. The $395 price includes a detailed audit report on Web 
site and Web application security and recommendations for fixing any 
problems. Through December 31, the price also includes an audit report 
on the Web server and database engine. More information about Acunetix 
SiteAudit is available at 
   http://list.windowsitpro.com/t?ctl=41881:7EB890

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to 
whatshot@private and get a Best Buy gift certificate.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
   http://list.windowsitpro.com/t?ctl=4187A:7EB890

How will compliance regulations affect your IT infrastructure? Help 
design your retention and retrieval, privacy and security policies to 
make sure that your organization is compliant. Download the free eBook 
today! 
   http://list.windowsitpro.com/t?ctl=41868:7EB890

Now that Microsoft and Novell have announced their alliance, you can't 
miss an opportunity to learn about new ways to manage Windows and 
UNIX/Linux networks efficiently. Register now for TechX World--free 
online December 14--and learn how to manage your heterogeneous 
environment, including task automation and scripting, data access and 
application management, file and print sharing, and security and access 
considerations. Register today!  
   http://list.windowsitpro.com/t?ctl=41871:7EB890

After disaster strikes, does recovering your data feel like digging for 
buried treasure? Test your disaster recovery skills, and you could win! 
Each week we'll give away a USB flash drive to one lucky treasure 
hunter. You'll also be entered to win the full treasure chest, 
including Bose headphones! Test your skills now! 
   http://list.windowsitpro.com/t?ctl=4186C:7EB890

Learn about the advantages for each alternative to traditional file 
servers and tape storage solutions, and make the best choice for your 
enterprise needs. On-demand Web seminar 
   http://list.windowsitpro.com/t?ctl=41865:7EB890
 
BONUS: Register for any Web seminar--live or on-demand--during the 
month of November, and you could win a PS3! View a full list of 
eligible seminars at
   http://list.windowsitpro.com/t?ctl=41869:7EB890

Learn to differentiate between alternative solutions to disaster 
recovery for your Windows-based applications and to ensure seamless 
recovery of your key systems--whether a disaster strikes just one 
server or the whole site. On-demand Web seminar 
   http://list.windowsitpro.com/t?ctl=41866:7EB890


=== FEATURED WHITE PAPER =======================================

What is the true cost of an in-house email archiving solution, and how 
does it compare to the cost of an outsourced solution? Find out from 
independent researchers what the TCO of both solutions really is, and 
how the management of an in-house solution can strain IT budgets and 
staff. Download your copy of this white paper today! 
   http://list.windowsitpro.com/t?ctl=41867:7EB890


=== ANNOUNCEMENTS ==============================================

Save $40 off Windows IT Pro  
   Subscribe to Windows IT Pro today and SAVE $40! Along with your 12 
issues, you'll get FREE access to the entire Windows IT Pro online 
article archive, which houses more than 9,000 helpful IT articles. This 
offer expires November 30, so order now:  
   http://list.windowsitpro.com/t?ctl=4186D:7EB890

Make Your Mark on the IT Community!  
   Nominate yourself or a peer to become IT Pro of the Month. This is 
your chance to get the recognition you deserve and be acknowledged in 
the IT community. Winners will receive over $600 in IT resources and be 
featured in Windows IT Pro and the TechNet Flash email newsletter. 
Entering is easy--we're accepting December nominations now for a 
limited time! Submit your nomination today: 
   http://list.windowsitpro.com/t?ctl=4187E:7EB890


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below).
   http://list.windowsitpro.com/t?ctl=4187C:7EB890
   http://list.windowsitpro.com/t?ctl=4186E:7EB890

Subscribe to Security UPDATE at
   http://list.windowsitpro.com/t?ctl=41870:7EB890

Be sure to add Security_UPDATE@private 
to your antispam software's list of allowed senders.

To contact us: 
   About Security UPDATE content -- letters@private
   About technical questions -- http://list.windowsitpro.com/t?ctl=41880:7EB890
   About your product news -- products@private
   About your subscription -- windowsitproupdate@private
   About sponsoring Security UPDATE -- salesopps@private

View the Windows IT Pro privacy policy at
   http://list.windowsitpro.com/t?ctl=4186F:7EB890

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Wed Nov 29 2006 - 23:06:45 PST