AOH :: ISN-3065.HTM

Two More Portable Anonymous Web Browsers




Two More Portable Anonymous Web Browsers
Two More Portable Anonymous Web Browsers



PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Patch and Spyware Management: An Integrated Approach to Network 
Security
http://list.windowsitpro.com/t?ctl=39EE5:7EB890 

How to Build a Real Time Enterprise. Free White Paper!
http://list.windowsitpro.com/t?ctl=39EFB:7EB890 

Reducing the Cost of IT Compliance: Streamlining the IT Compliance 
Life Cycle
http://list.windowsitpro.com/t?ctl=39EE8:7EB890 


=== CONTENTS ==================================================
IN FOCUS: Two More Portable Anonymous Web Browsers

NEWS AND FEATURES
   - Two IE Vulnerabilities Allow Unwanted Code Execution 
   - EMC Forms New Security Division
   - Recent Security Vulnerabilities

GIVE AND TAKE
   - Security Matters Blog: New Tool: WindowsZones
   - FAQ: Join Vista to a Domain
   - Microsoft Learning Paths for Security: Identity and Access 
Management 
   - KNOW YOUR IT SECURITY Contest

PRODUCTS
   - Keep an Eye on Your Files
   - Wanted: Your Reviews of Products 

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Shavlik ==========================================
Patch and Spyware Management: An Integrated Approach to Network 
Security
   Manage threats and vulnerabilities from adware and spyware in one 
console as a comprehensive approach to maximizing network security.
http://list.windowsitpro.com/t?ctl=39EEA:7EB890 
SECTop0927


=== IN FOCUS: Two More Portable Anonymous Web Browsers ========   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

A few weeks ago after I wrote about Browzar (see the article at the URL 
below), a few people wrote to criticize the tool. That's to be 
expected, and I do respect their opinions even though they differ from 
mine. Since then, I've been looking around for other browsers that can 
help protect privacy above and beyond the typical browser features of 
being able to manually clear history and cache data. So far I've found 
two tools that fit the bill.
http://list.windowsitpro.com/t?ctl=39EEC:7EB890 

The first tool, PortableApps.com's Mozilla Firefox - Portable Edition 
(at the URL below) is based on Mozilla Foundation's Firefox code but 
was independently developed by John T. Haller. First released in June 
2004, Firefox Portable seems to be kept up to date, including the 
addition of any necessary security fixes soon after vulnerabilities are 
found. 
http://list.windowsitpro.com/t?ctl=39EF7:7EB890 

Firefox Portable is designed specifically to be copied onto portable 
media. You can install it on a small USB flash drive (or CD-ROM) and 
use it on nearly any PC that doesn't have its USB ports or CD-ROM drive 
locked down. Like regular Firefox, the portable version lets you 
install extensions and themes, but unlike Firefox, Firefox Portable 
helps prevent storage of usage information. Your download history is 
deleted when you shut the browser down cleanly (but not, for example, 
when you terminate the FirefoxPortable.exe process manually), URL 
history and form data storage are disabled by default, and no disk 
cache is used by default. However, you can configure Firefox Portable 
to write such data to the portable media (if the media is writeable) 
and use cache if you like.

I tested Firefox Portable, and it works just fine. The self-extracting 
executable dumps all the required files into one directory tree that 
you select. The installed size is about 16.5MB. Note that Firefox 
Portable won't run if another instance of Firefox is already running. 

The second tool I found is Torpark (at the URL below). Developed by 
Hacktivismo, which "[operates] under the aegis of the [infamous] Cult 
of the Dead Cow (cDc)," Torpark is relatively new and based on the 
Firefox Portable code. It includes a very interesting added benefit in 
that it uses the The Onion Router (Tor) network. 
http://list.windowsitpro.com/t?ctl=39EFD:7EB890 

In case you aren't aware of it, Tor (at the URL below) is software that 
builds a network of relatively anonymous servers by chaining them 
together automatically to encrypt and route traffic to and from its 
destination. At its core, a Tor client acts as a Sockets (Socks) proxy. 
http://list.windowsitpro.com/t?ctl=39EFE:7EB890 

According to the developers, "Torpark comes pre-configured, requires no 
installation, can run off a USB memory stick, and leaves no tracks 
behind in the browser or computer." Sounds pretty good, right? There is 
however one drawback: Tor can be very slow at times. Tor volunteer 
server operators can regulate how much bandwidth they devote to their 
Tor server, and it seems that many Tor server operators allocate only a 
small amount. But if you really need anonymous Web surfing ability, 
some lag time is probably worth it. 

I tested Torpark and it's really easy to use. The installation process 
is the same as for Portable Firefox except that Torpark also installs 
the Tor client. The installed size is about 27MB. The custom Web 
interface includes all the regular Firefox controls along with two 
additional buttons: one to enable or disable use of the Tor network (so 
you can use Torpark without Tor to just browse without encryption) and 
another to flush the Tor circuit. The latter feature causes Tor to 
chain together a new set of Tor servers to use as your path out to the 
Internet. Flushing the circuit doesn't always result in a faster 
circuit, but at times it might, so the feature is helpful.

I'll also point out for the Browzar detractors that neither Firefox 
Portable nor Torpark include any spyware or adware. Both let you 
customize the search tool just like Firefox does. 


=== SPONSOR: NetSuite =========================================
How to Build a Real Time Enterprise. Free White Paper!
   The vast majority of businesses have information scattered 
throughout the enterprise on paper, in siloed databases and in emails, 
making real-time operations difficult to achieve. Learn the benefits 
and explore the challenges mid-sized businesses face in their real-time 
enterprise efforts.
http://list.windowsitpro.com/t?ctl=39EFB:7EB890 


=== SECURITY NEWS AND FEATURES ================================
Two IE Vulnerabilities Allow Unwanted Code Execution
   Two new vulnerabilities were recently discovered in Microsoft 
Internet Explorer (IE). One allows intruders to install shell code and 
take subsequent actions, including installing malware.
http://list.windowsitpro.com/t?ctl=39EF1:7EB890 
   The other, located in the DirectAnimation ActiveX control, also lets 
unwanted code be run on an affected system.
http://list.windowsitpro.com/t?ctl=39EEF:7EB890 

EMC Forms New Security Division
   EMC has completed the acquisition of RSA Security and has acquired 
Network Intelligence. EMC will form a new security division based on 
the RSA brand. Former chief executive officer at RSA, Art Coviello, 
will lead the division as president and will serve as an executive vice 
president at EMC. Network Intelligence will become a business unit of 
the new division.
http://list.windowsitpro.com/t?ctl=39EF2:7EB890 

Other Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
http://list.windowsitpro.com/t?ctl=39EEB:7EB890 


=== SPONSOR: Scalable Software ================================
Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life 
Cycle
   The average enterprise spends nearly $10 million annually on IT 
compliance. Download this free whitepaper today to streamline the 
compliance lifecycle, and dramatically reduce your company's costs!
http://list.windowsitpro.com/t?ctl=39EE8:7EB890 


=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: New Tool: WindowsZones
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=39EFA:7EB890 

   WindowsZones is a new tool that claims to be able to protect 
Internet applications against zero-day exploits and to move those 
applications between security zones on the fly. 
http://list.windowsitpro.com/t?ctl=39EF0:7EB890 

FAQ: Join Vista to a Domain
by John Savill, http://list.windowsitpro.com/t?ctl=39EF5:7EB890 

Q: How do I join my Windows Vista machine to a domain?

Find the answer at
http://list.windowsitpro.com/t?ctl=39EEE:7EB890 

MICROSOFT LEARNING PATHS FOR SECURITY: Identity and Access Management 
   Use the resources listed on the Microsoft Learning Paths Web page to 
get in-depth information about identity and access management. Find out 
how to provide a secure environment for managing user identities, 
authentication methods, and access rights across an organization's 
internal and external users. 
http://list.windowsitpro.com/t?ctl=39EF3:7EB890 

KNOW YOUR IT SECURITY Contest
   Sponsored by Microsoft Learning Paths for Security 
Share your security-related tips, comments, or solutions in 500 words 
or less, and you could be one of 13 lucky winners of a Windows Mobile 
phone. Tell us how you do patch management, share a security script, 
write about a security article you've read or a Web cast you've viewed. 
Submit your entry between now and December 13. We'll select the 13 best 
entries, and the winners will receive a Windows Mobile phone--plus, 
we'll publish the winning entries in the Windows IT Security 
newsletter. Email your contributions to tipswinitsec@windowsitpro.com. 
   Prizes are courtesy of Microsoft Learning Paths for Security: 
http://list.windowsitpro.com/t?ctl=39EF3:7EB890 


=== PRODUCTS ================================================== by Renee Munshi, products@windowsitpro.com 

Keep an Eye on Your Files
   IS Decisions announces FileAudit 3.0, which lets you track accesses 
of and changes to Windows files. New features in FileAudit 3.0 include 
a redesigned GUI, which you can use from the FileAudit console or from 
Windows Explorer; the ability to display access history in printable 
reports that you can schedule to run automatically, the ability to 
schedule archiving of access events occurring on one or more systems to 
a database; and the ability to filter events (e.g., by type, user, 
timeframe). Pricing starts at $125 per audited system. For more 
information, go to 
http://list.windowsitpro.com/t?ctl=39EF6:7EB890 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to 
whatshot@windowsitpro.com and get a Best Buy gift certificate. 


=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=39EF4:7EB890 

Exchange & Office 2007 Roadshow Coming to EMEA! 
   Get the facts about deploying Exchange and Office 2007! You'll come 
away with a clear understanding of how to implement a best-practices 
migration to Exchange Server 2007 and how you and your end users can 
get the most out of Office 2007, and you'll learn more about Windows 
Vista. 
http://list.windowsitpro.com/t?ctl=39EE9:7EB890 

Enterprises on average store identity information in 63 places. Learn 
about provisioning, synchronization, single sign-on, identity and 
access management, LDAP, and directory interop solutions from 
independent expert Gil Kirkpatrick at TechX World in Washington DC, 
Chicago, Dallas, and San Francisco next month. Three other content 
tracks cover OS interoperability, data integration/interoperability, 
and virtualization. 
http://list.windowsitpro.com/t?ctl=39EF8:7EB890 

Whether you're an outsourced-IT provider, part of an in-house IT 
service staff, or simply provide remote support, this can't-miss Web 
seminar will help you discover how the right technologies can expand 
your services. You'll learn how to tap into a $30 billion market for IT 
services and expand your geographic reach. Live Web seminar: Tuesday, 
October 17 
http://list.windowsitpro.com/t?ctl=39EE7:7EB890 

Dramatically simplify Exchange troubleshooting with an in-depth look at 
built-in troubleshooting tools and third-party applications. Join us as 
we analyze a typical troubleshooting process, address the problems 
faced while using standard tools, and learn how automated 
troubleshooting can address these challenges. View this free Web 
seminar now!  
http://list.windowsitpro.com/t?ctl=39EE3:7EB890 

Mark Joseph Edwards discusses emerging spyware threats, including 
rootkits, keyloggers, and distribution methods. On-demand Web seminar 
http://list.windowsitpro.com/t?ctl=39EE6:7EB890 


=== FEATURED WHITE PAPER ======================================
Branch offices need flexibility and autonomy in implementing IT 
solutions; corporate requirements require centralized management, 
security, and compliance initiatives. Learn to resolve these conflicts 
and reduce your operational costs for branch offices with limited IT 
resources. Download the free white paper today! 
http://list.windowsitpro.com/t?ctl=39EE4:7EB890 


=== ANNOUNCEMENTS =============================================
Special Invitation for VIP Access 
   Become a VIP subscriber and get continuous, inside access to ALL the 
content published in Windows IT Pro, SQL Server Magazine, and the 
Exchange and Outlook Administrator, Windows Scripting Solutions, and 
Windows IT Security newsletters. Subscribe now and SAVE $100: 
   https://store.pentontech.com/index.cfm?s=1&promocode=eu2769uv

Get the Windows IT Pro Utility Kit FREE 
   SAVE up to $30 on Windows IT Pro and get an exclusive Windows IT Pro 
Utility Kit CD FREE with your paid order! You'll also get unlimited 
access to the entire online article archive, which houses more than 
9000 helpful Windows IT articles. This is a limited-time offer, so 
order now:  
   https://store.pentontech.com/index.cfm?s=1&promocode=eu2069uw


===============================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below).
http://list.windowsitpro.com/t?ctl=39EF9:7EB890 
   https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb

Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=39EED:7EB890 

Be sure to add Security_UPDATE@list.windowsitpro.com 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- letters@windowsitpro.com 
About technical questions -- http://list.windowsitpro.com/t?ctl=39EFC:7EB890 
About your product news -- products@windowsitpro.com 
About your subscription -- windowsitproupdate@windowsitpro.com 
About sponsoring Security UPDATE -- salesopps@windowsitpro.com 

View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods