AOH :: ISN-3274.HTM

Will PatchGuard Stifle Security Innovation?




Will PatchGuard Stifle Security Innovation?
Will PatchGuard Stifle Security Innovation?



Forwarded from: Security UPDATE 

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

How Effective is Your Antivirus?
http://list.windowsitpro.com/t?ctl=40266:7EB890 

Automated Patch Management: High ROI. Free WP
http://list.windowsitpro.com/t?ctl=4027F:7EB890 

Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life 
Cycle
http://list.windowsitpro.com/t?ctl=40267:7EB890 


=== CONTENTS ==================================================
IN FOCUS: Will PatchGuard Stifle Security Innovation?

NEWS AND FEATURES
   - End of Life Near for Firefox 1.5.x
   - Webroot Launches New Product, Gains New CEO
   - Reader-to-Reader: Use Cmdlets to Monitor Your Security Event Logs
   - Recent Security Vulnerabilities

GIVE AND TAKE
   - Security Matters Blog: File Recovery Caveats
   - FAQ: Getting the Username, Computer Name, and Domain
   - From the Forum: Copying Log File Data
   - Know Your IT Security Contest

PRODUCTS
   - Record RDP Traffic
   - Wanted: Your Reviews of Products 

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Sunbelt Software =================================
How Effective is Your Antivirus?
   Just anti-virus or patching software isn't enough to protect your 
valuable systems from spyware. Learn how an enterprise antispyware 
solution gives you an affordable - and most importantly, effective, 
solution to spyware. Download the free whitepaper today!
http://list.windowsitpro.com/t?ctl=40266:7EB890 


=== IN FOCUS: Will PatchGuard Stifle Security Innovation? =====   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You've probably heard of PatchGuard, Microsoft's new kernel technology 
for 64-bit systems that will make its debut in Windows Vista. 
PatchGuard works to help protect access to the kernel, or rather, as 
Microsoft states it, PatchGuard makes the kernel completely off-limits 
to any modifications. The limitation includes third-party modifications 
designed to better protect Windows. 

While the new technology will be welcomed by some people, others 
(particularly a few companies that make security solutions) think it 
goes too far. Symantec and McAfee have both complained loudly about 
PatchGuard. These companies say they're worried that Microsoft will 
systematically shut them out of certain sectors of the security 
software market. Some of the companies' products rely on the ability to 
patch the kernel, which doesn't provide the level of functionality 
needed by their products. 

Other companies, such as Authentium, have worked diligently to find 
ways of interacting with PatchGuard that have resulted not only in 
security solutions but have introduced a new level of functionality. 
For example, the company's VirtualATM SDK can change Windows from a 
multiprocessing platform into a single-processing platform. That sounds 
completely counter to the purpose of a multithreaded OS, right? Well it 
is, and for good reason. 

If you can force Windows to only run one process at a time, all sorts 
of malware (such as key loggers, sniffers, and Trojan horses) have 
absolutely no way to do their work. If their process won't execute, 
they're rendered completely ineffective. So VirtualATM becomes 
immensely attractive as a tool to use for applications such as those 
related to financial transactions or sensitive information input of any 
type. VirtualATM, as obvious as the approach is, is truly innovative 
and appears to hold incredible value. For more information, go to:
http://list.windowsitpro.com/t?ctl=40273:7EB890 

Authentium is a Microsoft partner, so Microsoft is well aware of what 
Authentium is doing with VirtualATM. Whether Microsoft changes 
PatchGuard to prevent SDKs such as VirtualATM from working remains to 
be seen. 

Does PatchGuard go too far, stifling security-industry competition and 
innovation? PatchGuard does seem to give Microsoft an advantage in the 
security market space. Hopefully, Microsoft won't wield PatchGuard as a 
sword against competition. This would thwart innovation, and typically 
the best approach to security is a multivendor solution rather than a 
single-vendor solution. If Microsoft were to take too much control over 
the security market, it might find itself rapidly giving up ground to 
other platforms, such as Solaris, Linux, and BSD, that have a healthy 
variety of security solution choices. 


=== SPONSOR: PatchLink ========================================
Automated Patch Management: High ROI. Free WP
   Discover why and how an Automated Patch Management solution can 
reduce the annual cost of patching from $222 to $40 per computer; 
resulting in an expected savings of over $180,000 per year for an 
organization with 1000 computers. Exclusive Free White Paper addresses 
the cost savings and benefits.
http://list.windowsitpro.com/t?ctl=4027F:7EB890 


=== SECURITY NEWS AND FEATURES ================================
End of Life Near for Firefox 1.5.x
   Now that Firefox 2.0 is available, Mozilla said it will cease 
updates of Firefox 1.5.x as of April 24, 2007.
http://list.windowsitpro.com/t?ctl=40274:7EB890 

Webroot Launches New Product, Gains New CEO
   Webroot Software launched Spy Sweeper with AntiVirus for consumers 
and announced that board member Peter Watkins will become the company's 
CEO.
http://list.windowsitpro.com/t?ctl=40275:7EB890 

Reader-to-Reader: Use Cmdlets to Monitor Your Security Event Logs
   Many people use a command-line utility named LogParser to 
investigate logs produced by Windows products. An alternative exists 
for interrogating Windows event logs: the Get-Event-Log cmdlet in 
Windows PowerShell. Learn about this solution in this reader-written 
article on our Web site.
http://list.windowsitpro.com/t?ctl=40278:7EB890 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
http://list.windowsitpro.com/t?ctl=4026C:7EB890 


=== SPONSOR: Scalable Software ================================
Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life Cycle
   The average enterprise spends nearly $10 million annually on IT 
compliance. Download this free whitepaper today to streamline the 
compliance lifecycle, and dramatically reduce your company's costs!
http://list.windowsitpro.com/t?ctl=40267:7EB890 


=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: File Recovery Caveats 
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=4027D:7EB890 

Once in a blue moon, someone will delete a file that shouldn't be 
deleted. Even if you don't have a backup of that file, you might think 
you can "undelete" the file by using specialized tools. Some files 
can't be undeleted though. Learn more in this blog article. 
http://list.windowsitpro.com/t?ctl=40276:7EB890 

FAQ: Getting the Username, Computer Name, and Domain
by John Savill, http://list.windowsitpro.com/t?ctl=4027B:7EB890 

Q: How can I use a script to quickly get the current username, computer 
name, and domain? 

Find the answer at
http://list.windowsitpro.com/t?ctl=40277:7EB890 

FROM THE FORUM: Copying Log File Data
   A forum participant formerly used xp_cmdshell to copy data from a 
log file but turned that off for security reasons. Is there another, 
more secure way to accomplish the task? 
http://list.windowsitpro.com/t?ctl=40264:7EB890 

KNOW YOUR IT SECURITY Contest
   Share your security-related tips, comments, or solutions in 1000 
words or less, and you could be one of 13 lucky winners of a Zune media 
player. Tell us how you do patch management, share a security script, 
or write about a security article you've read or a Webcast you've 
viewed. Submit your entry between now and December 13. We'll select the 
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security 
newsletter. Email your contributions to tipswinitsec@windowsitpro.com. 
   Prizes are courtesy of Microsoft Learning Paths for Security: 
http://list.windowsitpro.com/t?ctl=40279:7EB890 


=== PRODUCTS ================================================== by Renee Munshi, products@windowsitpro.com 

Record RDP Traffic
   According to TSFactory, its RecordTS product is the first RDP 
recording solution for Windows platforms. It can capture all Remote 
Desktop or Terminal Services traffic, record certain users at specific 
times, monitor access to sensitive information such as financial data, 
and save the data to digitally signed files. The two versions of 
RecordTS, Remote Desktop Edition and Terminal Services Edition, are 
available for a 30-day trial. For more information, go to 
http://list.windowsitpro.com/t?ctl=40282:7EB890 or go to the Web site of 
TSFactory's manufacturing and marketing partner, CNS Software, at
http://list.windowsitpro.com/t?ctl=40281:7EB890 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to 
whatshot@windowsitpro.com and get a Best Buy gift certificate. 


=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=4027A:7EB890 

The Event log (for Windows systems) and Syslog (for UNIX/Linux systems) 
contain a wealth of information. In this free Web seminar, you'll learn 
about the processes, challenges, and benefits of consolidating events 
on a centralized server and will identify the 50 critical events that 
should be monitored in your enterprise. Live Web seminar: Wednesday, 
December 13 
http://list.windowsitpro.com/t?ctl=40269:7EB890 

Learn the basics of Linux and Windows interoperability, and find out 
more about how to use Linux and open-source tools such as Samba and 
pam_ldap with Microsoft tools such as IdMU, MSNFS, and SUA. Register 
today for this free seminar with industry expert Dustin Puryear, and 
get access to three additional seminars discussing virtualization, 
single sign-on, and database replication. Find out more today! Live 
event: Thursday, December 14 
http://list.windowsitpro.com/t?ctl=40272:7EB890 

Incorporate Virtual Machines into Your Disaster Recovery Plan
   Join us for a free Web seminar to learn how incorporating virtual 
machines into your disaster recovery plan can reduce your TCO by 50 
percent or more, reduce hardware cost, and simplify management. Find 
out more from industry leaders at VMware and CA XOsoft. Available now! 
http://list.windowsitpro.com/t?ctl=40265:7EB890 

BONUS: Register for any Web seminar--live or on-demand--during the 
month of November, and you could win a PS3! View a full list of 
eligible seminars at 
http://list.windowsitpro.com/t?ctl=4026B:7EB890 

You know you need to manage your email data, but how to do it? What 
steps should you take? What additional measures should you enact? What 
shouldn't you do? Get answers to these questions and get control of 
your vital messaging data. Download the free eBook today! 
http://list.windowsitpro.com/t?ctl=4026A:7EB890 

When disaster strikes, do you feel like you're digging for buried 
treasure to recover your data? Test your disaster recovery skills, and 
you could win! Each week we'll give away a USB flash drive to one lucky 
treasure hunter. You'll also be entered to win the full treasure chest, 
including Bose headphones! Test your skills now! 
http://list.windowsitpro.com/t?ctl=4026D:7EB890 


=== FEATURED WHITE PAPER ======================================
Disaster recovery isn't just a theory for most businesses--it's a harsh 
business reality. Improve your own disaster recovery efforts today and 
learn from real-life disaster survivors. Make sure that your plan is 
ready before a disaster strikes--download this free white paper today!  
http://list.windowsitpro.com/t?ctl=40268:7EB890 


=== ANNOUNCEMENTS =============================================
Save $40 off Windows IT Pro  
   Subscribe to Windows IT Pro today and SAVE $40! Along with your 12 
issues, you'll get FREE access to the entire Windows IT Pro online 
article archive, which houses more than 9,000 helpful IT articles. This 
offer expires on November 30, 2006, so order now:  
http://list.windowsitpro.com/t?ctl=4026E:7EB890 

Make Your Mark on the IT Community!  
   Nominate yourself or a peer to become IT Pro of the Month. This is 
your chance to get the recognition you deserve and be acknowledged in 
the IT community. Winners will receive over $600 in IT resources and be 
featured in Windows IT Pro and the TechNet Flash email newsletter. 
Entering is easy--we're accepting December nominations now for a 
limited time! Submit your nomination today: 
http://list.windowsitpro.com/t?ctl=4027E:7EB890 


===============================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below).
http://list.windowsitpro.com/t?ctl=4027C:7EB890 
http://list.windowsitpro.com/t?ctl=4026F:7EB890 

Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=40271:7EB890 

Be sure to add Security_UPDATE@list.windowsitpro.com 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- letters@windowsitpro.com 
About technical questions -- http://list.windowsitpro.com/t?ctl=40280:7EB890 
About your product news -- products@windowsitpro.com 
About your subscription -- windowsitproupdate@windowsitpro.com 
About sponsoring Security UPDATE -- salesopps@windowsitpro.com 

View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=40270:7EB890 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.


_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 
 

Site design & layout copyright © 1986-2014 CodeGods