[ISN] Untangle Security Suite Is Free for All

From: InfoSec News (alerts@private)
Date: Thu Jul 12 2007 - 02:59:05 PDT

Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com>

=== CONTENTS ===================================================

IN FOCUS: Untangle Security Suite Is Free for All

   - BSA's New Million Dollar Reward?
   - New Trojan Heckles While It Works
   - MySpace Profiles Propagate Flux Bot
   - Recent Security Vulnerabilities

   - Security Matters Blog: Trojan.Srizbi in the Kernel
   - FAQ: Finding Vista's DLL Cache
   - Free Black Hat Briefings Show Passes!
   - Innovators Contests Reward Ingenious IT Solutions!
   - Share Your Security Tips

   - Disk Eraser Supports Vista
   - Wanted: Your Reviews of Products 




=== SPONSOR: Qualys ============================================

Unify Operational Security and Policy Compliance
   Different business units focus on different aspects of the total 
problem. Learn how an organization can centralize compliance management 
throughout the organization and in effect eliminate one-off inefficient 
solutions for each individual area of compliance.

=== IN FOCUS: Untangle Security Suite Is Free for All =============
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Late last year, Metavize changed its name to Untangle and launched a 
new strategy for marketing its products, offering its unified threat 
management (UTM) solutions free of charge to companies with 10 or fewer 
employees. Untangle offered its solutions to larger companies for $75 
per month. But the company will now give the software to anyone for 

The company will base its revenue on support packages along with "a set 
of premium products like additional applications, and additional 
functionality that extends the platform under a commercial license. So 
while the platform and most applications are free, we're selling 
applications like Remote Access Portal (an SSL VPN) or additional 
platform functionality like Active Directory integration and policy 
management," wrote Dirk Morris, founder and CTO at Untangle. 

This means that you have absolutely no excuse not to have a decent 
gateway security platform protecting your network. You can now get your 
hands on a unified platform of 12 vital security tools with no software 
acquisition cost. The platform filters email for spam, spyware, 
phishing scams, viruses, and other attacks and filters Web content. It 
also includes a firewall, intrusion prevention system (IPS), protocol 
controls, VPN, routing, and reporting. The tools are based on tried and 
tested open source solutions, such as Snort, SpamAssassin, Vipul's 
Razor, Clam AntiVirus (ClamAV), and OpenVPN. Although you can easily 
get any of those tools and more on your own, Untangle makes them 
available in a customized unified platform, which is definitely an 

If you want to buy Untangle's support and other tools such as Active 
Directory (AD) integration, prices are based on the number of users you 
need to support. The company maintains a forum, mailing list, and wiki 
to help you network with other users of the tools. Untangle also offers 
preinstalled server appliances if you want to go that route. Overall, I 
think Untangle's offer is affordable and attractive. 

If you're interested, take a look at the demos and screen shots at the 
first URL below. The GUI demo is especially helpful. It requires Java 
to run, and it lets you log on to a live demo server running on 
Untangle's network, so you can go through every aspect of the 
management interface and get a feel for using the platform. If you'd 
rather watch a Flash video demo of the interface, see the second URL 

To get a more thorough overview of the applications, visit the first 
URL below. If you want to try the platform, go to the second URL below, 
where you can download an ISO image that lets you make an installation 
CD-ROM, or you can order a CD-ROM and Untangle will ship it to you for 
free. You can also get the source code in an installable ISO format, as 
a tarball, or via Subversion. Go to the third URL below and look for 
the Get the Code section in the Developers box on the left. 

=== SPONSOR: BeyondTrust =======================================

Eliminate the Achilles Heel of the Desktop - Admin Rights
   BeyondTrust enables users without administrative privileges to run 
all required applications, processes and ActiveX controls. By removing 
the need to grant end users administrative rights, IT departments can 
eliminate what is otherwise the Achilles heel of the desktop - end 
users with administrative power that can be exploited by malware and 
malicious users to change security settings, disable other security 
solutions such as anti-virus and more. Free Download!

=== SECURITY NEWS AND FEATURES =================================

BSA's New Million Dollar Reward?
   Business Software Alliance--an organization that goes after 
companies that violate software licenses--said it will offer up to $1 
million for qualified piracy reports. But don't start planning your 
earlier retirement just yet.

New Trojan Heckles While It Works
   PandaLabs reported the discovery of a new Trojan that talks as it 
destroys your system. 

MySpace Profiles Propagate Flux Bot
   MySpace profile pages are once again being used to launch malicious 
code. This time the code turns a computer into a member of a botnet by 
installing FluxBot, also known as Fast Flux.

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

=== SPONSOR: Double-Take Software ==============================

Recovery Made Easy.
   On-Demand Webinar: Tying Together Virtualization, Replication and 
WAN Acceleration for Better Business Continuity
   In this discussion, industry experts from VMware, Double-Take 
Software, and Silver Peak discuss how virtualization, data replication 
and WAN acceleration technologies can be easily combined to form a 
complementary solution for an effective end-to-end disaster recovery 

=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Trojan.Srizbi in the Kernel
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5D91C:57B62BBB09A692791642447F9ECE4A4A

Have you read about the Srizbi Trojan? It runs in kernel mode and is 
supposedly a bit difficult to remove.

FAQ: Finding Vista's DLL Cache
   by John Savill, http://list.windowsitpro.com/t?ctl=5D91A:57B62BBB09A692791642447F9ECE4A4A 

Q: Where is the Windows File Protection dllcache folder in Vista?

Find the answer at

   Includes all Black Hat Briefings sessions August 1-2 at Caesar's 
Palace in Las Vegas, materials, meals, receptions, and exhibits. Does 
not include travel and lodging, Training sessions July 28-31, or DEFCON 
admission. Two tickets available. $1495 value--first come, first 
served. E-mail mevans@private

   If you've developed a creative IT solution to a tough business 
problem, you deserve recognition for your achievement! Enter your 
solution in either the Windows IT Pro or SQL Server Magazine Innovators 
contests, and if you win, your solution will be showcased in one of the 
Windows IT Pro publications--plus you could win a trip to Windows or 
SQL Server Connections in Las Vegas this November. Contest runs through 
August 1, 2007--so enter today by clicking one of the links below.

Click here for the Windows IT Pro Innovators contest:

Click here for the SQL Server Magazine Innovators contest:

Click these links to read about past winners of Innovators awards:
"2006: A Great Year for Windows IT Innovation"

"SQL Server Pros Keep On Innovating"

   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to r2r@private If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS ===================================================
   by Renee Munshi, products@private

Disk Eraser Supports Vista
   Paragon Software Group announced the release of Disk Wiper 8.5, 
which erases confidential personal or corporate information from hard 
disks when you need to retire or upgrade them. Version 8.5 works with 
Windows Vista and supports virtual operations and file system 
integrity-checking. A script generator stores the sequence of virtual 
operations to be performed, thereby letting you automate disk wiping. 
Disk Wiper 8.5 supports 10 disk sanitization methods, including the US 
Department of Defense DoD 5220.22-M and US Navy NAVSO P-5239-26 
standards. For more information, go to

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to 
whatshot@private and get a Best Buy gift certificate.

=== RESOURCES AND EVENTS =======================================
   For more security-related resources, visit

Storage demands are continuing to grow throughout the IT landscape. For 
an effective solution, IT is turning to Windows file server and storage 
consolidation. Explore how to save money by using existing hardware, 
how to implement a scalable NAS cluster based on a shared data 
framework, and how to leverage your existing network infrastructure and 
management processes using a shared date architecture.  

Migrating to a new OS? Make sure you don't overlook any of the 
necessary steps, from converting applications to MSI packages to 
customizing them to fit corporate standards. Join us for this free on-
demand Web seminar.  

More and more companies are deploying storage area networks (SANs) as 
storage needs continue to proliferate. SANs offer many unique 
capabilities that improve data protection, performance, and scaling and 
reduce storage management time. This Web seminar reviews best practices 
for deploying SQL Server in an intelligent iSCSI SAN and shows how an 
iSCSI SAN provides dramatic improvements in deploying, optimizing, 
backing up, and recovering SQL databases. 

=== FEATURED WHITE PAPER =======================================

File fragmentation is a serious problem. As a disk becomes fragmented, 
the workload on the OS and hardware increases. It becomes more 
difficult for applications to read and write data, file corruption 
becomes a distinct possibility, the computer's performance degrades, 
and its reliability is endangered. In this white paper we look at the 
effect of disk defragmentation on your users.  

=== ANNOUNCEMENTS ==============================================

Windows IT Pro--Buy 1, Get 1 
   With Windows IT Pro's real-life solutions, news, tips, tricks, AND 
access to over 10,000 articles online, subscribing is like hiring your 
very own team of Windows consultants. Subscribe now, and get 2 years 
for the price of 1! 

Got a Tough Exchange or Outlook Question? 
   Exchange & Outlook Pro VIP is the new online resource with in-depth 
articles on administration, migration, security, and performance. 
Subscribers get direct access to our top-flight editors, so subscribe 
and receive personalized solutions to your toughest technical 
questions. Beats a support call to Microsoft, so subscribe now!   


Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 

Subscribe to Security UPDATE at

Be sure to add Security_UPDATE@private 
to your antispam software's list of allowed senders.

To contact us: 
   About Security UPDATE content -- letters@private
   About technical questions -- http://list.windowsitpro.com/t?ctl=5D91E:57B62BBB09A692791642447F9ECE4A4A
   About your product news -- products@private
   About your subscription -- windowsitproupdate@private
   About sponsoring Security UPDATE -- salesopps@private

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Thu Jul 12 2007 - 03:09:47 PDT