Category: Product

http://www.securityfocus.com/brief/354?ref=rss

The guide can be found at: http://www.microsoft.com/technet/windowsvista/security/guide.mspx

Microsoft adopted the Security Development Lifecycle as part of its Trustworthy Computing Initiative, adopted in January 2002 after the massive Code Red and Nimda worm epidemics. The SDL aims to drum out security flaws from the company products and train development, quality-control and support staff to keep flaws from reoccurring. Windows 2003, Visual Studio 2005, Internet Explorer 7 and Microsoft Office 2007 have all been developed under the SDL process.

http://www.securityfocus.com/brief/351

Corporate boards and executive management teams are focusing on reducing operational risk to ensure resilient business operations, trusted brands, and compliance with evolving regulations.

With data centers now managing petabytes of data, Symantec is increasingly asked by clients for assistance architecting and running these complex IT infrastructures in a way that reduces operational risks.

“Symantec’s Global Services strategy around managing IT risk makes them a trusted advisor for addressing critical data center challenges,” said Mark Pennycook, CEO, Company-i.

http://www.symantec.com/about/news/release/article.jsp?prid=20061106_02&WT.svl=bestoftheweb4

While viruses attacking mobile devices remain rare, an increasing number of enterprises are handing out smart phones that store larger amounts of data, such as in mobile e-mail programs, driving the need for companies to adopt tools to protect sensitive corporate information traveling on the machines, according to Symantec.

In a recent survey completed by the Cupertino, Calif.-based company, some 80 percent of enterprises indicated that they have begun distributing smart phones, with 75 percent of those companies admitting they have yet to employ any form of mobile security software.

Despite the disparity, enterprises are beginning to shop for handheld anti-virus and security tools to avoid future security issues related to viruses and handhelds that go missing, said Paul Miller, managing director of mobile security at Symantec.

With Windows Mobile device adoption predicted to rise significantly over the next several years as smart phones become cheaper and more useful, the number of threats targeting the handhelds will likely increase as well, the executive said.

Along with the remote wipe-and-kill feature for what Miller refers to as “loss mitigation” in Mobile AntiVirus 4.0 for Windows Mobile, which allows users to delete information when they lose their device, the package boasts Symantec’s LiveUpdate Wireless service, which automatically updates phones’ threat protection signatures to combat emerging threats. The product also promises a centralized management feature that allows administrators to configure, lock, and enforce security policies on handsets from a single console interface.

http://www.smartdevicecentral.com/article/Symantec+Intros+Antivirus+Software+for+Windows+Mobile/192925_1.aspx

The first products to bear the technology will be the firm’s latest network security filtering applications, Websense Web Security Suite version 6.3 and Web Security Suite—Lockdown Edition version 6.3, which are expected to become available sometime before the end of Nov. 2006.

Sometime in 2007, Websense also plans to launch a data leakage prevention software package featuring the ThreatSeeker technology.

The company said that ThreatSeeker has already aided in the identification of several major attacks, including the recently reported WMF and VML zero-day exploits that targeted flaws in popular Microsoft products. Since Websense’s products are already used by a number of Internet service providers, the company is using the technology to get an eagle’s eye view into emerging attacks as they propagate on those companies’ own massive networks, said John McCormack, senior vice president of product development for the software maker.

While anti-virus and intrusion protection software makers, namely market leader Symantec, have been battling with Microsoft over the PatchGuard technology being added in the 64-bit version of the company’s upcoming Vista operating system, technologies such as ThreatSeeker eliminate most of the need for technologies that access an OS kernel, McCormack said.

http://www.eweek.com/article2/0,1759,2048199,00.asp?kc=EWWHNEMNL110206EOAD

“Oracle introduced these changes as the result of feedback we received from many of our customers,” Eric Maurice, manager for security in the company’s Global Technology Business Unit, stated in the blog.

“We hope that these changes will help our customers assess the criticality of the vulnerabilities resolved with each CPU and help them obtain patching decisions from their senior management more quickly.”

http://www.securityfocus.com/brief/326