http://channels.lockergnome.com/news/archives/20060524_free_antivirus_software_for_vista.phtml
Month: May 2006
Desktop defenses: Host-based intrusion prevention may be last best defense
A year ago, network-based IPS was all the rage, whereas HIPS had an estimated 1% market-penetration rate, according to Gartner Inc. in Stamford, Conn. But new attack routes into the enterprise — such as the recent Windows Metafile (WMF) vulnerability — have forced IT organizations to rethink their tactics. In a recent Forrester survey of 150 enterprise technology decision-makers, 28% of respondents said they plan to purchase desktop HIPS during the course of the year, says Lambert.
Alaska, however, is ahead of the game. It is most of the way through an implementation of Cisco Security Agent (CSA) from Cisco Systems Inc. Along with the 19,000 desktops — primarily Windows-based ones, with a few Linux and Macintosh systems — CSA also protects about 2,000 servers across dozens of data centers. Software like CSA watches for behavior that would indicate spyware activity, such as a program opening a file in a temporary folder.
Software like CSA watches for behavior that would indicate spyware activity, but that is by no means the only way such tools operate. Most include several functions: In addition to host intrusion prevention, they can incorporate adware protection, protection against buffer-overflow attacks, firewalling, various forms of system hardening, malicious mobile-code protection and even signature-based modules.
Proventia Desktop from Internet Security Systems Inc. (ISS) in Atlanta is used on about 2,500 seats campuswide, most of which are student laptops — 95% run Microsoft Windows XP and the rest are Macintoshes.
“Some colleges have attempted to dictate to their students, but you really can’t control what they put on their laptops,” says Hammon.
Unlike virus signatures, though, they need to be delivered only about once a month. Instead of constantly scanning and analyzing every system call and application as CSA does, its SpyWall software zeroes in on the primary avenue of attack – via Web browser. For example, SpyWall blocked the latest Internet Explorer createText-Range zero-day exploit without using any signatures. “After we put in SpyWall, we didn’t get any more infections for six months,” says Robert Wong, network administrator.
First came enterprise-class anti-virus tools and then firewalls, IDS and spyware protection. But with each advance, attackers managed to outwit the defenses. Antivirus and spyware technology now appear to be morphing into back-line defenses, which are used to mop up employee goofs and safeguard against known threats.
That’s why the likes of Symantec Corp., CA Inc. and Cisco are gobbling up desktop HIPS vendors: Symantec bought ManHunt, ISS acquired BlackICE, Cisco bought Okena, and CA now owns Tiny Software Inc.
The next major release of CA Integrated Threat Management will include a firewall and HIPS.
Researchers: spend to protect against one attack, not many
The paper, called “Economics of Information Security Investment in the Case of Simultaneous Attacks” breaks threats into two categories: distributed attacks, which come in the form of virus, spyware and spam, and targeted attacks from a hacker, said professor Qing Hu.
“No matter how much they spend on security, the budget is always low relative to the potential loss,” Huang said.
Targeted attacks have generally been shown to cause more financial damage than distributed attacks.
For enterprises, “we’ve gone past the time when people just attacked us as a game,” Behara said.
Huang and Hu will present the paper at the University of Cambridge during the Workshop on the Economics of Information Security, which runs from June 26 to June 28.
http://infoworld.com/article/06/05/19/78509_HNholesinapproach_1.html
Ballmer Talks Linux, Security, SaaS
Microsoft is late to the SaaS party, unveiling it’s hosted-services game plan last fall. Over time, observers expect the company to roll out an array of hosted business applications as well.
Last week, Ballmer and a phalanx of other Microsoft executives took on the whole notion of ad-based revenue and defended their decision to pour money into MSN.
http://www.crn.com/sections/breakingnews/dailyarchives.jhtml;jsessionid=H4CUSKSRGZYCEQSNDBOCKICCJUMEKJVN?articleId=187202395
Do Not Intrude Registry gives up
Blue Security, while working on getting back on-line, started posting on a TypePad blog.
http://www.xatrix.org/article.php?s=4383
Research Says Cisco, Microsoft Lead Security Spending
While Cisco has been marketing firewall technologies and other network-oriented security tools for almost a decade, Microsoft has only entered the applications market in the last year with several stand-alone products. The software giant is further expected to have an effect on the anti-virus market with the launch of its next-generation Windows operating system, known as Vista, scheduled to arrive sometime in 2007.
Rival Juniper Networks ranked second for such investments, far behind Cisco, with only four of the CSOs mentioning the company.
In a surprisingly good showing among applications vendors, Microsoft dwarfed other providers including anti-virus market leader Symantec in the report. Some 68 percent of those involved in the research said they currently use security software from Microsoft, while only 26 percent said they are using Symantec’s tools. Of those interviewed, 36 percent said they would prefer to work with one primary security software vendor, versus the 34 percent that indicated they would not want to consolidate security relationships, with 44 percent of those favoring the integrated approach listing Microsoft as their preferred provider.
Some 40 percent of the executives interviewed for the study said that they are currently evaluating applications-specific security measures. Of those executives, 62 percent said that they are somewhat likely to deploy applications-level security this year, with another 36 percent saying that they are either very likely or certain to do so.
http://www.eweek.com/article2/0,1759,1963992,00.asp?kc=EWRSS03119TX1K0000594