Category: Product

The software giant plans to deliver encryption features and integrity checks to insure that computers, such as notebooks, that are disconnected from a network are not affected by malicious programs.

Called Secure Startup, the feature will appear in Microsoft’s forthcoming version of its operating system, known as Longhorn, and represents a much smaller subset of the security features that the software giant had originally intended to build into the system software.

“We remain fully committed to the vision of creating new security technology for the Microsoft Windows platform that uses a unique hardware and software design to give users new kinds of security and privacy protections in an interconnected world,” Selena Wilson, director of product marketing for Microsoft’s Security Business and Technology Unit, said in statement.

While the technologies, once known as Palladium and now called the next-generation secure computing base (NGSCB), will help companies and consumers lock down their computers and networks, concerns remain that the hardware security measures could also be used to lock-in consumers to a single platform and restrict fair uses of content. Innovation could suffer if reverse engineers are locked out from tinkering with devices, said Dan Lockton, a graduate student at the University of Cambridge whose thesis focuses on the effects of technologies created for controlling information. The fear is that “we’re moving to a stage where the customer no longer has control over the product he or she has bought or the products (created) using that device,” Lockton said.

http://www.theregister.co.uk/2005/04/26/microsoft_hardware_security_plans/

The two companies will collaborate to create a Wi-Fi security architecture based on Microsoft’s NAP (Network Access Protection) and VeriSign’s Unified Authentication platforms.

The new architecture will help system administrators crack down on Wi-Fi-enabled computers that do not adhere to corporate security policies and facilitate use of multifactor authentication for accessing Wi-Fi networks, according to a statement.

“Evil Twin” and other wireless spoofing attacks provide a rich set of tools for identity thieves and corporate espionage agents.

Microsoft’s NAP combines client/server technology with a new set of policy validation and enforcement APIs that allow administrators to quarantine client machines if they fail basic “health” tests, such as having up-to-date anti-virus definitions or operating system patches.

VeriSign Unified Authentication is a technology platform for deploying and provisioning multifactor authentication technology such as smart cards, secure USB (Universal Serial Bus) tokens and one-time passwords.

VeriSign said it will work with Microsoft so that networks using VeriSign Unified Authentication can issue health certificates to Windows desktop clients so that they can access NAP-protected networks, the companies said. VeriSign will also integrate its Unified Authentication platform with Microsoft’s Active Directory user directory technology and Internet Authentication Servers.

Better integration will make management of user and device authentication credentials for Windows clients easier on Wi-Fi networks, the companies said.

http://www.eweek.com/article2/0,1759,1788375,00.asp?kc=EWRSS03119TX1K0000594

Norton Internet Security 2005 Anti-Spyware Edition is, as the name implies, a version of Symantec’s all-in-one consumer and small business security suite. “Customers want an all-in-one solution,” said Kraig Lane, the group product manager for the suite line.

The anti-spyware technology included in Norton Internet Security (NIS) uses Symantec’s already-announced Risk Impact Model, a system the company will use to analyze adware and spyware, score it against a set of predefined criteria, then toss it in a “delete” bin or ask the user what he/she wants to do with it. The new model, which Symantec has said moves away from the black-and-white malicious code approach of detecting and deleting viruses and worms to a more flexible technique that lets users make some decisions about what to keep and what to throw away, is also a way to fend off spyware and adware makers’ threats.

Other advantages of Symantec’s anti-spyware addition to NIS, said Lane, is that it uses the same scanning engine as Norton Anti-Virus, which is also part of the suite’s bundle.

http://www.techweb.com/wire/security/160902145

It supports clustering environments up to 10 nodes, allowing up to 20,000 concurrent users—1,000 concurrent users per node—and secure Web-based remote access to corporate applications and desktops. The FirePass 4100 includes four 10/100/1000 copper Ethernet ports and three PCI slots for optional SSL acceleration as well as an 80-Gbyte hard drive. It’s Federal Information Processing Standards (FIPS) 140-compliant, an important selling point for solution providers serving the health-care, government and military verticals. The FirePass 4100 is an enterprise-class appliance engineered to provide remote access as well as create SSL VPNs with greater ease and manageability than any products previously available.

To evaluate the appliance, they used a test network running Windows Server 2003 Active Directory and using Cisco and AdTran access routers and switches at Clover Park Technical College, Lakewood, Wash. This article publishes the results of their revew.

http://www.crn.com/showArticle.jhtml?articleID=160900298&flatPage=true

It is the first time Redmond has added rootkit detection capabilities to the free Malicious Software Removal Tool, a move that underscores the increased prevalence of stealth rootkits on Windows machines.

Stephen Toulouse, program manager at the Microsoft Security Response Center, told eWEEK.com that the decision to add Hacker Defender to the worm zapper was the result of feedback from users. In all, Toulouse said four child variants of the stealth rootkit will be detected.

Hacker Defender (Win32/Hackdef) is a family of backdoor Trojans capable of creating, changing and hiding Windows system resources on a computer that it has infected. The program works on Windows NT 4.0, Windows 2000 and Windows XP machines. According to definitions posted by Computer Associates, Hacker Defender is a Trojan creation tool that can also be used to wrap existing Trojans to make them harder to detect. It can also hide proxy services and back-door functionality and conceal use of TCP and UDP (User Datagram Protocol) ports for receiving commands from attackers.

Microsoft isn’t the only software vendor flagging rootkits as a growing threat. Finnish anti-virus specialist F-Secure Corp. recently released the BlackLight Rootkit Elimination Technology as a free beta tool through Apr. 30.

Sysinternals Freeware, a site that offers Windows utilities, also offers RootkitReveal, a tool capable of finding registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.

The availability of rootkit detection tools has triggered a cat-and-mouse game between security researchers and spyware writers.

The latest iteration of Microsoft’s worm cleanser also adds detections for the Mimail family of mass-mailing and network worms and the Rbot backdoor Trojan family. New new variants from the Berbew, Bropia Gaobot, MyDoom and Sober worms can also be detected.

http://www.eweek.com/article2/0,1759,1785621,00.asp

Check Point will debut its VPN-1 Edge W series, which consists of versions of its existing virtual private network-firewall security devices tailored to wireless connections.

The move comes as corporate demand grows for such features and as competitors deliver their own wireless security lines. “This is a natural extension of our firewall and VPN business,” said Dave Burton, product marketing director at Check Point. Burton noted that customers want wireless connectivity for their remote offices and also a secure and central means to handle data and information across a variety of devices.

Check Point’s wireless VPN-firewall appliance will support 802.11b/g/Super G wireless standards at speeds of up to 108Mbps and wireless coverage of up to 300m indoors. “With 300m, a customer needs to deploy fewer access points in their environment, and so that’s a cost saving,” Burton said.

Industry analysts said that a number of providers, such as Juniper Networks’ NetScreen Technologies and Symantec, are selling wireless firewall-VPN devices.

“What Check Point is doing is not revolutionary… They’re just trying to remain competitive in their space,” said Steven Hunt, president of 4H International, a strategic consulting firm for physical and IT security.

Check Point’s Burton, however, said that while it is not the first to sell wireless security appliances, the company’s devices, unlike others, offer customers the ability to manage and set policy for thousands of devices from one central location.

The VPN-1 Edge W series will come in four different configurations. It has a starting price of $799 (£426) per eight concurrent users, rising to $2,199 for unlimited concurrent users.

http://news.zdnet.co.uk/communications/0,39020336,39194553,00.htm