Three of the six bulletins were marked as ‘Critical’, with vulnerabilities in Microsoft Project and Internet Authentication Services fixed alongside the now customary cumulative patch covering a selection of problems recently spotted with IE. All could lead to remote execution of code.

Less serious, but still labelled ‘Important’, were fixes for the Local Security Authority Subsystem Service (LSASS), Active Directory and text conversion features in WordPad and Office applications.

Once again Adobe has followed Micorosoft‘s lead by releasing its own set of updates on the same date – a serious flaw in the Flash player software, again described as ‘critical’, has been patched, and further alerts have been issued about Illustrator products.

The official Microsoft bulletins are available here, with a summary from SANS here and some commentary in The Register here. Adobe‘s alerts are here. As always, VB advises readers to ensure all systems are fully patched and up-to-date as soon as possible.

Testing will run throughout November, with the results due for publication in the December issue of Virus Bulletin. The deadline set for product submissions is October 28th, with test sets and test platforms to be frozen on October 24th – the latest WildList available from the WildList Organization on this date will be used for the test. Those products which prove capable of detecting the full contents of the WildList, both on access and on demand, without raising any false positives on a set of known-clean files, will be awarded VB100 certification.

An overview of the VB100 testing process can be found here, with more in-depth details of the testing procedures here. Submission is free of charge, and any software vendors interested in submitting a product for the test should contact John Hawes for further information. The schedule for future comparatives is here.

The latest test features a total of 16 products, which were measured for detection performance against a massive collection of malicious samples, split into two sets with one containing sample representing the last 7 months, and the other the twelve months before that. Detection rates are balanced against false positives to produce an overall grading on a four stage scale. Of the 16 included, 7 achieved the highest ranking of ‘Advanced+’.

The top achievers were Alwil’s avast!, BitDefender, ESET’s NOD32, F-Secure, G DATA, MicroWorld’s eScan and Symantec’s Norton. Also doing well at the ‘Advanced’ level were products from AVG, Avira, Kaspersky, McAfee and Trustport, with Avira, McAfee and Trustport marked down thanks to false alarms despite high detection rates. McAfee’s product was tested with their Artemis in-the-cloud technology active.

Lower down the table came Microsoft’s solution, rated ‘Standard’, while offerings from Kingsoft, Norman and Sophos ranked only ‘Tested’ – with Sophos’ score again counterbalanced by a relatively high false positive rate.

Most products were tested with ‘best possible’ detection settings. The test will be completed with a round of retrospective testing of the same products, due out in a few months’ time. Full details of the test and the methodology used can be found on the AV-Comparatives website, here.

The new release is designed as a pared-down, free-for-all replacement for the now defunct OneCare, and is intended to mitigate the global malware epidemic by providing protection to those least likely to have a solution in place. Users on lower incomes and in developing nations are hoped to be among those taking advantage of the free product, and its introduction should, its makers claim, reduce the number of infected systems pumping out spam and malicious attacks around the world. It is also hoped that the release will reduce the danger of ‘rogue AV’ scareware, which targets unprotected users in its attempts to con victims into installing its paid-for software, a threat currently rife on the internet.

While many have suggested that the appearance of Security Essentials on the scene may herald the demise of existing free-for-home-use solutions from the likes of AVG, Alwil (avast!), and Avira (AntiVir), and indeed the rest of the AV industry, others have pointed out the likelihood of healthy competition in the free AV market bringing increasing sophistication to these free products, while also encouraging those who have tried out free solutions to move up to more complete, full-featured products.

The suggestion that it will provide protection for the downtrodden masses has been countered with the argument that those with the urge to install free security have had plenty of options for some time, while those in less developed states, who are likely to be a major part of the botnet problem, are also likely to be running unofficial, unvalidated copies of Windows, which are not supported by the new Microsoft protection offering.

Initial reviews of the product have been generally favourable, with praise for its simple, pared-down design and usability, unobtrusive system impact and decent detection levels. The fact that the product shares a core engine and detection with Microsoft’s corporate Forefront product – which has shown steady improvement in independent tests in recent years as Microsoft continues to invest in its security lines – bodes well for the product’s static detection abilities.

However, some commentators have criticised the apparent absence of advanced features such as dynamic detection, with one Symantec representative describing the solution as ‘behind the times’ after a set of test results showed Norton providing superior protection. Microsoft responded by insisting the product does include some sophisticated behavioural monitoring and reputation-based technology, and suggested that the solution is only intended as a component in an in-depth, multi-layer security regime.

“It seems unlikely that this release will revolutionise the security world the way some people have been suggesting,” said John Hawes, Technical Consultant at Virus Bulletin. “People aren’t going to stop investing in quality security suites with firewalls, intrusion prevention, spam filters and parental controls just because there’s another free bare-bones product available. However, with Microsoft’s marketing weight behind it, it should hopefully find its way onto some of those untold millions of unprotected systems out there – it should provide decent protection for them and stop their systems spamming and attacking the rest of us. If Microsoft change their mind about not letting it run on pirated copies of Windows, it would make an even bigger difference.”

VB will be providing an in-depth review of Microsoft Security Essentials in the November issue. Those interested in trying it out for themselves can find out more and download it from a Microsoft microsite here. Initial views and screenshots can be found in The Register here, with summaries of an early test by AV-Test.org here at The Register, at ComputerWorld here and in the Washington Post here.

More coverage is at ZDNet here. Symantec‘s blog entry attacking MSE, including a link to the full test report from Dennis Labs, is here, with news coverage here and a response from Microsoft here.

Steven Thomas reportedly vanished from his hotel room in Waikiki on 30 June. Family and authorities fear that Thomas, who is bipolar, may have been delusional or suicidal at the time of his disappearance.

Thomas co-founded WebRoot in 1997 in Boulder, Colorado. The company became famous for its SpySweeper anti-spyware tools and was most recently credited with a 26.8 per cent share of the retail security market.

Thomas sold the company to a group of investors for $108m in 2004.

According to the Honolulu Star Bulletin, the 36 year-old was diagnosed with bi-polar disorder earlier this year, but had refused medication.

Family members told the paper that, in the days leading up to his disappearance, Thomas appeared to be suicidal and in a state of extremely fearful delusion.

Anyone on the island with information is being asked to contact the authorities.

Source: vnunet.com

The company has posted updated versions of its ZoneAlarm Internet Security Suite, Pro, Antivirus, Anti-Spyware and Basic Firewall offerings.

The updates correct an error caused by the latest Microsoft security update. One of the four bulletins addressed a flaw in the Windows DNS component, but also resulted in an error which prevented ZoneAlarm users from accessing the internet.

Many ZoneAlarm customers, were left unable to connect to the internet and were forced to either uninstall the security update or temporarily lower the security level on their ZoneAlarm applications.

By Thursday UK time, the company promised that a patch would be in the works, advising users to keep an eye on the site for the updates. By Thursday evening, updated versions of all five applications had been posted, along with a list of recommended actions for those who do not wish to install the updates.

All five of the updated applications can be downloaded directly from Check Point’s support site.

Source: vnunet.com

As customer requirements evolve, Trend Micro medium business security solutions can be implemented in new environments or installed along with existing security, virus scan, spyware protection, or storage products for an added layer of security.

Messaging Security

* InterScan(tm) Hosted Messaging Security – A hosted service integrating
powerful anti spam and anti phishing block threats before they
touch the network, saving bandwidth, storage, and other resources.
* ScanMail(tm) for Microsoft Exchange – Virus scan, spyware protection,
anti spam, anti phishing solution that stops inappropriate content
from entering your mail server.
* Client/Server/Messaging Suite – Multi-layered defense including
new in-the-cloud Web Reputation. It also protects against online
malware and data theft.

Client and Server Security

* NeatSuite(tm) Advanced – A centrally managed security suite protecting
your Internet gateway, mail and file servers, storage systems,
desktops and laptops.
* OfficeScan(tm) Client/Server Edition – Protects your desktops, laptops,
and network servers against today’s complex, blended threats and
Web-based attacks.

Information Security

* Trend Micro Message Archiver – Provides email archiving with fast,
easy search capability and reduced storage cost; helps support
e-discovery and compliance with data retention regulations.
* Trend Micro LeakProof(tm) – Prevents data leaks by combining
endpoint-based policy enforcement with highly accurate
fingerprinting and content-matching technology.

By working with the Trend Micro team of 1,000+ research, service and support engineers in 10 sites around the world, medium business companies can accomplish much more than simply on their own. For more information on medium business security solutions, such as spyware protection, visit: http://biggerteam.trendmicro.com.

About Trend Micro:

Trend Micro Incorporated, a global leader in Internet content security, spyware protection and virus scan solutions, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Visit TrendWatch at www.trendmicro.com/go/trendwatch to learn more about the threats. Trend Micro’s flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. A transnational company, with headquarters in Tokyo, Trend Micro’s trusted security solutions are sold through its business partners worldwide. Please visit www.trendmicro.com.

The Trend Micro logo is available at http://www.primenewswire.com/newsroom/prs/?pkgid=5242

CONTACT: Trend Micro Incorporated
Andrea Mueller
(408) 863-6583
Andrea_Mueller@trendmicro.com

“Users of legacy networks need to be brought up to speed as far as protection from risks associated with data leakage, the spread of malicious content and unproductive, time wasting web downloads through web-based proxy sites and applications,” he says.

“With SSL encrypted traffic comprising a significant percentage of all traffic still going through corporate network gateways, it can result in sizable security holes in the network fabric as it opens users to SSL-based proxies that bypass most existing content filtering solutions.

“With Cyberoam’s new firmware installed, users will now be able to update their security by increasing their web database categories to reflect – and counter – emerging surfing trends.”

Hamilton says web usage studies reflect a significant rise in traffic to HTTP (Hypertext Transfer Protocol)-based online radio, TV and video content in addition to downloads of software and other utilities for mobile phones.

“In addition to its existing ability to block uploads of files and feeds over HTTP, Cyberoam’s content filtering system has added a host of new URL categories, giving it one of the most comprehensive databases with which to thwart those who gain access to unproductive, time-wasting and often dangerous web sites in corporate time.”

“Cyberoam now offers greater granular control and provides detailed information about HTTP uploads along with user names, enabling audit controls to support corporate compliance requirements,” he adds.

Complementing this new offering, Channel Data has introduced Cyberoam IPS, designed to prevent any possible spyware on the network from sending out sensitive data. It also gives details of the infected PC (or PCs) with user and spyware application names, helping network managers to take immediate corrective action.

Source: itnewsafrica.com

However, at the dawn of the 21st century the venerable institution was inundated with spam, which accounted for some 90pc of its inbound email.

As part of the deal, Calyx deployed a system from IronPort. Operating as a part of Cisco’s Security Technology Group, IronPort is a leading provider of anti-spam, anti-virus and anti-spyware appliances for organisations ranging from small businesses to the Global 2000.

The ISE required a new spam solution that was capable of being self-managed and easy to administer compared to the existing solutions that were in place.

“Following a number of very successful installations on sites in Ireland, we were confident IronPort would be the best solution to resolve the Irish Stock Exchange’s spam problem,” said Tim Quan of Calyx Security.

“IronPort C100 devices stop the spam messages at the gateway, even before they enter the network.”

Accurate Reputation Filtering was a key aspect of the IronPort deployment. The IronPort devices can accurately determine which messages are not good by reputation and can confidently drop the connections having used over 100 parameters to assure the email is legitimate.

The initial deployment was an instant success with spam email reduced dramatically within days. Users were able to review spam quarantines and release valid messages when appropriate, reducing the reliance on IT staff.

Following the successful implementation of the IronPort email security devices, the ISE engaged with Calyx to look into the deployment of new web security devices to replace its existing solutions.

A key requirement was reverse proxy look-ups for web traffic. The ISE also required a reputation filter on a web proxy which would be able to cache and also deal with viruses, phishing and spyware attack.

“We now have two single devices which have replaced multiple devices in previous solutions,” explained David Garrett, IT operations manager at the ISE. “This has provided savings both from a cost and time perspective.”

Kaynak: siliconrepublic.com

Trend Micro’s latest Threat Roundup and Forecast 1H 2008 found an upswing in web threats, but a steady decrease in adware and spyware generated by outdated methods which can no longer compete with high-level security.

Social engineering tactics such as the Nigerian phishing scam have been around for decades, and cyber-criminals continue to refresh and modernise this form of trickery based on the latest trends.

For example, the tools and technologies used to create the interactive nature of popular social networking sites have become a landmine for cybercrime.

In March, Trend Micro discovered that over 400 kits designed to generate phishing sites were targeting top web 2.0 sites, free email service providers, banks and popular e-commerce sites.

Malware variants have generally been treated as separate individual threats. But today, profit-motivated web threats blend various malicious software components into a single web threat business model.

For example, a cyber-criminal sends a message (spam) with an embedded link in the email (malicious URL) or contained in an instant message.

The user clicks on the link and is redirected to a site where a file (Trojan) automatically downloads onto the user’s computer.

The Trojan then downloads an additional file (spyware) that captures sensitive information, such as bank account numbers (spy-phishing).

Although seemingly one incident, blended threats are much more difficult to combat and much more dangerous for the user, Trend Micro warned.

Meanwhile, the ‘fast-flux’ technique is an additional example of criminals abusing technology developments.

Fast-flux is a domain name server switching mechanism that combines peer-to-peer networking, distributed command and control, web-based load-balancing and proxy redirection to hide phishing delivery sites.

Fast-flux helps phishing sites stay up for longer periods to lure more victims. For example, researchers are challenged to identify malicious Storm domains because developers are using fast-flux techniques to evade detection.

Trend Micro witnessed a dramatic increase in web threat activity during the first half of 2008, with web threats peaking in March at 50 million from approximately 15 million in December 2007.

On the decline are adware, trackware, keyloggers and freeloaders. In March 2007, Trend Micro found that approximately 45 per cent of PCs were infected by adware; by April 2008, only 35 per cent were reportedly infected.

In May 2007, approximately 20 per cent of PCs were infected by trackware, but that number had dropped to less than five per cent in April 2008.

Keyloggers also showed a small but steady decline with less than five per cent of PCs being infected.