Security UPDATE--Symantec's New Internet Security Threat Report--March 28, 2007

IN FOCUS: Symantec's New Internet Security Threat Report

NEWS AND FEATURES

- New Firefox Versions Released to Fix FTP Vulnerability

- War Driving Goes Commercial

- Microsoft Admits to Xbox Support Slip-Ups

- Recent Security Vulnerabilities

GIVE AND TAKE

- Security Matters Blog: David LeBlanc Starts Blogging

- FAQ: Accessing Drives After Renaming Servers

- From the Forum: Vista's Security Features

- From the Forum: Vote for Your Favorite Host IPS

- Tell Us About the Products You Love!

- Share Your Security Tips

PRODUCTS

- Detect System Object and Registry Changes

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS

=== SPONSOR: Symantec

Messaging Security for Small and Mid-sized Businesses

Did you know that 75% of corporate intellectual property resides in email? The challenges facing this vital business application range from spam to the costly impact of downtime and the need for effective, centralized email storage systems. Join us for a free Web seminar and learn the key features of a holistic approach to managing email security, availability, and control. On-Demand Web Seminar.

http://www.windowsitpro.com/go/seminars/symantec/messagingsecurity/?partnerref=SECTop0328

=== IN FOCUS: Symantec's New Internet Security Threat Report ===

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Security vendors often release reports based on their perspective of current and future Internet-related security threats. The reports are useful in learning what the vendor sees, which in turn can lead you to your own widened perspective on potential problems.

Symantec recently released "Internet Security Threat Report, Trends for July-December 2006." While the report is based on historical data, it does lend some insight into the future.

According to the report, the latest trend for intruders is to use medium-risk vulnerabilities as launch points to conduct future attacks. Symantec said that intruders are more frequently using combined vulnerabilities and that financial gain is often the motive.

The company said it bases its findings on a network of more than 40,000 sensors in more than 180 countries, more than 2 million decoy email accounts, and information collected from its BugTraq mailing list.

Some interesting highlights from the report include the discovery that of all the attacks that affected Web browsers, approximately 77 percent were aimed at Microsoft Internet Explorer (IE). Ninety-three percent of all attacks were aimed at home users.

Another interesting data point is that Symantec tracked over 5,200 Denial of Service (DoS) attacks per day. That's a lot! Interestingly enough, the company said that figure dropped from last year when it tracked more than 6,100 DoS attacks per day.

The company also documented more than 2,500 vulnerabilities; 66 percent of them were related to Web applications, and 79 percent were "easily exploitable."

Another interesting set of points are patch turnaround times for OSs. Symantec measured five vendors: Microsoft, Sun Microsystems, Apple, HP, and Red Hat. Of those five companies, Symantec found that Microsoft had the fastest average turnaround time overall, Red Hat was second, HP was third, Apple was fourth, and Sun was fifth.

The number of vulnerabilities measured for each vendor varied as did the response time, when comparing the second half of 2006 with the first half. For example, HP's average response time in the first half of 2006 was 53 days for the seven vulnerabilities the company disclosed. In the second half of 2006, HP's number of disclosed vulnerabilities increased to 98 and the company's average response time increased to 101 days.

Even though we'll most likely see fewer vulnerabilities in Vista than we do in previous Windows platforms, I expect Microsoft's average vulnerability response time will remain steady since it uses a monthly patch release schedule.

Vista will no doubt affect the future reports of most any Windows-based security vendor--Symantec certainly included. The report predicts that third-party software developers could become the source of a significant percentage of attacks against the OS.

That's just the tip of the iceberg of the information in Symantec's 104-page report. Other information includes trends regarding specific types of attacks, what future trends might be, and a lot of detail about some of the topics I covered briefly here. If you're interested in reading the entire report, you can get a copy in PDF format at the URL below:

http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-whitepaper_internet_security_threat_report_xi_03_2007.en-us.pdf

===

Vote in the Windows IT Pro 2007 Community Choice Awards!

Vote for your favorite products from the Buyer's Guides published in Windows IT Pro during the past 12 months. The first three categories--Host-Based Intrusion Prevention Systems, KVM over IP Switches, and Ultra-Portable Laptops--are now open for voting on the Windows IT Pro forums. We'll open three new categories each week for the next three weeks, and voting will remain open for three weeks per category. To see the list of products in each category and vote, follow these links:

Host-Based Intrusion Prevention Systems

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=84647

KVM over IP Switches

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=47&threadid=84644

Ultra-Portable Laptops

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=47&threadid=84643

=== SPONSOR: NetIQ

Free White Paper: What's Missing from SEM?

"What's Missing from SEM" examines what is required for a comprehensive and integrated solution to meet all your security management needs. This paper reveals the 12 critical questions to ask of your security management system, and explains why it's time to move beyond simple event management.

http://findtechinfo.com/penton/nl/246

=== SECURITY NEWS AND FEATURES

New Firefox Versions Released to Fix FTP Vulnerability

Mozilla Foundation released Firefox 2.0.0.3 and 1.5.0.11 to fix a vulnerability in the FTP protocol that could allow an intruder to perform a basic port scan of a user's internal network.

http://www.windowsitpro.com/Article/ArticleID/95553

War Driving Goes Commercial

Skyhook Wireless operates trucks that locate wireless APs in more than 2,500 cities. The company can then locate people through their connections to an AP and provide them various location-related services.

http://www.windowsitpro.com/Article/ArticleID/95552

Microsoft Admits to Xbox Support Slip-Ups

While Microsoft was originally quick to dismiss recent rumors of a security problem with its Xbox Live online service, the company now says that though the service is technically sound, it appears that staffers at Xbox support have been giving up users' personal information to callers without properly verifying their identities. Thus, some malicious users have indeed been able to subvert Xbox Live accounts by using old-fashioned social engineering schemes.

http://www.windowsitpro.com/Article/ArticleID/95572

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

=== SPONSOR: LinkTek

Automatically fix links when you move files!

Patented LinkFixerPlus is the first application that automatically fixes broken links in Excel, Word, Access, PowerPoint, Acrobat, InDesign, PageMaker, AutoCAD and other files when performing data migrations due to: server consolidations, server name changes, path name changes or folder reorganizations! Detailed broken link reporting too!

Download the FREE trial version NOW at

http://list.windowsitpro.com/t?ctl=44A7B:21AD1

=== GIVE AND TAKE

SECURITY MATTERS BLOG: David LeBlanc Starts Blogging

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

David LeBlanc--one of the first programmers at Internet Security Systems (ISS) and now a security expert at Microsoft--is now blogging on MSDN.

http://www.windowsitpro.com/Article/ArticleID/95549

FAQ: Accessing Drives After Renaming Servers

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: I've renamed servers using a special script but am now having problems accessing disks via the Microsoft Management Console (MMC) Disk Management snap-in. What's the problem?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/95474

FROM THE FORUM: Vista's Security Features

It seems like companies aren't in a rush to migrate to Windows Vista. But what about all the new security features Vista offers? Aren't they a draw to the new OS version? Which new security features make you want to move right away, and which aren't so compelling?

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=84671&enterthread=y

FROM THE FORUM: Vote for Your Favorite Host IPS

Help us pick the most popular products to win Windows IT Pro's 2007 Community Choice awards. Choose the best host-based IPS and tell us why it gets your vote. You could win a $100 Amazon.com gift card. Join the discussion at

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=84647&enterthread=y

TELL US ABOUT THE PRODUCTS YOU LOVE!

What products are you using that save you time or make your workload a little lighter? What hot product discoveries have you made that other IT pros need to know about? Let the world know about your experiences in Windows IT Pro's monthly What's Hot department. If we publish your story in What's Hot, we'll send you a Best Buy gift card! Send information about your favorite product and how it has helped you to [email protected].

SHARE YOUR SECURITY TIPS AND GET $100

Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS

by Renee Munshi, [email protected]

Detect System Object and Registry Changes

Imperva announced the ADC Change Management Module for its SecureSphere appliances. The module performs an initial assessment and subsequently detects objects that are added to, changed on, or removed from the system. It also detects changes in the registry and monitors for files necessary for system operation. The ADC Change Management Module complements SecureSphere's existing abilities, which are to automate the complex processes required to produce compliance reports, perform change control audits, and maintain secure database configurations. The ADC Change Management Module is available immediately for free for SecureSphere customers that subscribe to the ADC security update service. For more information, go to

http://www.imperva.com

=== RESOURCES AND EVENTS

For more security-related resources, visit

http://www.windowsitpro.com/go/securityresources

Deploy Exchange Server 2007 Without a Hitch!

This one-day technical training event teaches you how to preempt pitfalls and avoid corrupting your infrastructure. Learn how to effectively install, manage, and secure Exchange Server 2007 in a 64-bit environment. You'll also get a peek into the integration of Outlook, SharePoint Server 2007, and Exchange Server 2007. Register today!

http://www.windowsitpro.com/roadshows/exchange2007usa/?code=epromo

Windows + UNIX/Linux = You Need TechX World!

If you work in an environment that includes Windows plus UNIX or Linux, TechX World is the place to go for practical strategies and resources to add to your toolkit. This one-day technical training event will teach you how to make the most of open-source tools on Windows and how to manage and sync multiple directories. Register today!

http://www.techxworld.com/registration/?code=epromo

Get Ready for the Windows Server Longhorn Roadshow!

Seize control of your Windows infrastructure with Microsoft's biggest server release since Windows 2003. Get a live, under-the-hood look at Longhorn virtualization, deployment, Web services, and breakthroughs in core reliability. This one-day event is filled with demonstrations and in-depth discussions designed for IT pros who want a deep understanding of Windows Server Longhorn. http://www.windowsitpro.com/roadshows/longhorn/?code=epromo

=== FEATURED WHITE PAPER

Devote your time, energy, and resources to serving your customers, not your servers. Want to focus on high-value activities instead of applying OS patches and updates, dealing with security vulnerabilities, and managing disk drives? Download this free white paper now and find out how you can have a business-class Web hosting solution with secure application pooling to protect your data.

http://www.windowsitpro.com/go/whitepaper/verio/apppool/?code=0326updatesfeatwp

=== ANNOUNCEMENTS

Introducing a Unique Security Resource

Security Pro VIP is an online information center that delivers new articles every week on topics such as perimeter security, authentication, and system patches. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50!

https://store.pentontech.com/index.cfm?s=1&promocode=eu2574us

Grab Your Share of the Spotlight!

Nominate yourself or a peer to become IT Pro of the Month. This is your chance to get the recognition you deserve! Winners will receive over $600 in IT resources and be featured in Windows IT Pro. It's easy to enter--we're accepting May nominations now, but only for a limited time! Submit your nomination today:

http://www.windowsitpro.com/go/itpromonth