Security UPDATE--Which Antiphishing Solution Is Best?--November 29, 2006


Win the Fight Against Image Spam With IronPort

Protect Your Network - Threats Brought in By Remote Laptops

The Starter PKI Program



IN FOCUS: Which Antiphishing Solution Is Best?


- Malware Could Become Its Own Worst Enemy

- GRISOFT Expands Offerings to Linux and FreeBSD

- Check Point Slated to Acquire Protect Data

- Recent Security Vulnerabilities


- Security Matters Blog: New Tool from Sysinternals: Procmon

- FAQ: Hiding the List of Domains at Logon

- From the Forum: Shared Mobile Laptops

- Know Your IT Security Contest

- IT Pro of the Month--October 2006 Winner


- Audit Your Web Site

- Wanted: Your Reviews of Products




=== SPONSOR: IronPort


Win the Fight Against Image Spam With IronPort

End-users around the world are reporting an increase in spam, causing a new email epidemic. Much of this increase is attributed to the emergence of new, more sophisticated forms of image spam. IronPort Systems has taken a fundamentally different approach to the problem. IronPort is the leading email and Web security products provider for organizations ranging from small businesses to the Global 2000. With newly acquired encryption technology, IronPort is driving new standards and providing innovative products for those faced with the monumental task of managing, protecting, and growing these mission-critical systems.

Learn more about the email epidemic. Download your free Image Spam Trends Report today.

=== IN FOCUS: Which Antiphishing Solution Is Best?


by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

The best antiphishing defense you could hope to build is based firmly upon end-user education. If people could be freed from their naivete, scammers wouldn't stand a chance of fooling anyone except themselves.

But many companies don't see the value in ongoing user education, and some people simply can't be educated to a reasonable degree. Thus, we need antiphishing software, which has become a major feature of Web browsers and of various third-party security solutions.

In October, a Microsoft-commissioned report on various antiphishing solutions was released. The testers found that Microsoft Internet Explorer (IE) 7.0 has better antiphishing technology than competing solutions. The products tested included IE 7.0 Beta 3, EarthLink ScamBlocker, eBay Toolbar with Account Guard, GeoTrust TrustWatch, Google Toolbar for Firefox with Safe Browsing, McAfee SiteAdvisor Plus, Netcraft Toolbar, and Netscape Browser with built-in antiphishing technology. In "IE 7.0 and Firefox 2.0 Both Have New Antiphishing Technologies" (at the URL below), I reported that the test results were weighted toward rewarding tools that completely blocked access to suspected phishing sites (rather than just warning users) and to tools that didn't produce false positives.

The Mozilla Foundation commissioned its own study to gauge the effectiveness of Mozilla Firefox 2.0's antiphishing technology as compared with IE 7.0's. This study found that Firefox's antiphishing technology was better than IE's by a considerable margin (see the results at the URL below).

One difference between the two studies is that Mozilla used a much larger sample of known phishing sites, all of which appear on the PhishTank Web site, at the URL below. The larger sample undoubtedly had an effect on the overall outcome. Another difference is the weighting in the Microsoft-sponsored test. If you don't place the same value on certain features as the test did, you might not give the tools the same ranking they received in the test results.

I think the most interesting result is that some of the third-party products performed exceptionally well in the test commissioned by Microsoft. But neither report seems conclusive to me. One report provides test results for many products but used a small sample of known phishing sites. The other report used a large sample of sites but tested only two products out of the many available.

It would be interesting to see a new report that uses a very large sample of phishing sites and performs tests on all (or most) of the available antiphishing solutions, including third-party solutions that offer both browser-based protection and gateway-level protection.

It's especially important to know how gateway-level solutions perform, because browsers and browser toolbars are updated frequently. Thus, keeping up on all workstations is a big chore, especially in large organizations. It seems to me that using a gateway-based solution would be much more cost effective if at all possible. However, a gateway-based solution might not work for you, depending on the way you handle connectivity and security for your mobile users.

=== SPONSOR: 8e6 Technologies


Protect Your Network - Threats Brought in By Remote Laptops

Learn how employee laptops indiscriminately harm company networks, despite standard security gear, and gain valuable information on how to protect your company against these threats--without throwing out the laptops. Get the FREE white paper from 8e6 Technologies. Qualify Now!



Malware Could Become Its Own Worst Enemy

An emulator that poses as a virtual machine (VM) could protect a system against certain types of malware that detect VMs and refuse to run in them.

GRISOFT Expands Offerings to Linux and FreeBSD

Antivirus maker GRISOFT has expanded its line of antivirus and antispam security products to include support for Linux and FreeBSD.

Check Point Slated to Acquire Protect Data

Check Point Software Technologies said it has made an offer to acquire Sweden-based Protect Data, owner of Pointsec Mobile Technologies.

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

=== SPONSOR: Thawte


The Starter PKI Program

Securing multiple domains or host names? Learn how the Starter PKI program can save time and reduce costs, and provide you with a multiple digital certificate account.



SECURITY MATTERS BLOG: New Tool from Sysinternals: Procmon

by Mark Joseph Edwards,

Process Monitor (Procmon) is Filemon and Regmon combined, and then some. Microsoft says the capabilities will make Procmon "a core utility in your system troubleshooting and malware hunting toolkit." Learn more about it in this blog article.

FAQ: Hiding the List of Domains at Logon

by John Savill,

Q: How can I use Group Policy to hide the domain drop-down list in the Windows Logon dialog box?

Find the answer at

FROM THE FORUM: Shared Mobile Laptops

A forum participant has several laptops that are used by multiple employees for presentations or meetings in the office and for working at home. In the office, laptop users can connect to the Internet via wireless access points (APs). Home users access the Internet via their own private broadband connection (they don't have VPN access into the company network). Should the laptops be part of the domain, which will force users to log on using their individual accounts, or should they be standalone systems, which means users sharing local accounts? Join the discussion at


Share your security-related tips, comments, or solutions in 1000 words or less, and you could be one of 13 lucky winners of a Zune media player. Tell us how you do patch management, share a security script, or write about a security article you've read or a Webcast you've viewed. Submit your entry between now and December 13. We'll select the 13 best entries, and the winners will receive a Zune media player. Email your contributions to [email protected]

Prizes are courtesy of Microsoft Learning Paths for Security:

IT PRO OF THE MONTH--October 2006 Winner

Congratulations to Chris Stanley, who was voted the October 2006 "IT Pro of the Month." Chris built an Apache Web server (using MySQL and FileZilla) and designed an intranet on which he posted manuals and protocols used in a 911 center. Vital information is now centralized and can be accessed quickly when time matters most. To learn more about Chris's solution and find out how you can become the next "IT Pro of the Month," please visit



by Renee Munshi, [email protected]

Audit Your Web Site

Acunetix launched Acunetix SiteAudit, a Web site security auditing service. Audits are performed by Acunetix's Web security experts using Acunetix Web Vulnerability Scanner. An audit checks for SQL injection, cross-site scripting, and other vulnerabilities. It examines shopping carts, forms, and dynamic content, including JavaScript and Asynchronous JavaScript and XML (Ajax) applications, for security vulnerabilities. The $395 price includes a detailed audit report on Web site and Web application security and recommendations for fixing any problems. Through December 31, the price also includes an audit report on the Web server and database engine. More information about Acunetix SiteAudit is available at

WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate.



For more security-related resources, visit

How will compliance regulations affect your IT infrastructure? Help design your retention and retrieval, privacy and security policies to make sure that your organization is compliant. Download the free eBook today!

Now that Microsoft and Novell have announced their alliance, you can't miss an opportunity to learn about new ways to manage Windows and UNIX/Linux networks efficiently. Register now for TechX World--free online December 14--and learn how to manage your heterogeneous environment, including task automation and scripting, data access and application management, file and print sharing, and security and access considerations. Register today!

After disaster strikes, does recovering your data feel like digging for buried treasure? Test your disaster recovery skills, and you could win! Each week we'll give away a USB flash drive to one lucky treasure hunter. You'll also be entered to win the full treasure chest, including Bose headphones! Test your skills now!

Learn about the advantages for each alternative to traditional file servers and tape storage solutions, and make the best choice for your enterprise needs. On-demand Web seminar

BONUS: Register for any Web seminar--live or on-demand--during the month of November, and you could win a PS3! View a full list of eligible seminars at

Learn to differentiate between alternative solutions to disaster recovery for your Windows-based applications and to ensure seamless recovery of your key systems--whether a disaster strikes just one server or the whole site. On-demand Web seminar



What is the true cost of an in-house email archiving solution, and how does it compare to the cost of an outsourced solution? Find out from independent researchers what the TCO of both solutions really is, and how the management of an in-house solution can strain IT budgets and staff. Download your copy of this white paper today!



Save $40 off Windows IT Pro

Subscribe to Windows IT Pro today and SAVE $40! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful IT articles. This offer expires November 30, so order now:

Make Your Mark on the IT Community!

Nominate yourself or a peer to become IT Pro of the Month. This is your chance to get the recognition you deserve and be acknowledged in the IT community. Winners will receive over $600 in IT resources and be featured in Windows IT Pro and the TechNet Flash email newsletter. Entering is easy--we're accepting December nominations now for a limited time! Submit your nomination today:


Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

Subscribe to Security UPDATE at

Unsubscribe by clicking

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions --

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.