Security UPDATE--Will Malware Prompt Broad Shift to VMs?--April 12, 2006

1. In Focus: Will Malware Prompt Broad Shift to VMs?

2. Security News and Features

- Recent Security Vulnerabilities

- SAP to Strengthen Its Compliance Offerings

- McAfee Snaps Up SiteAdvisor

- 3 Ways to Rein in Your Wireless Signals

3. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

- Share Your Security Tips

4. New and Improved

- Enforce Policies for IM

==== Sponsor: St. Bernard Software ====

#1 Ranked Web Filtering Appliance

As a true appliance solution with exclusive kernel-level technology, iPrism delivers the speed of pass-by with the accuracy of pass-through filtering. And because it's a completely self-contained solution, there is never additional hardware or software to purchase and iPrism is virtually maintenance-free. iPrism is the only dedicated Internet filtering appliance ranked #1 in revenue by IDC. Request a Quick Quote today and see how much you'll save!

http://www.stbernard.com/forms/quickquote/quote_ip.asp?oc=441

==== 1. In Focus: Will Malware Prompt Broad Shift to VMs? ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Recently, Mike Danseglio, a program manager in Microsoft's Security Solutions group, made news by saying that after a system becomes infected with some types of rootkits and other malware, sometimes the only solution is to rebuild the system from scratch. Security administrators have long known this, but Danseglio's statements point out that malware is becoming so quick to exploit new problems, so advanced in new capabilities, and so viciously insidious that sometimes even the best antispyware, antivirus, content filtering, firewall, and intrusion prevention tools can't protect a system adequately.

This situation could completely change our standards for building servers, desktops in enterprises, and probably even desktops in homes. Rebuilding a desktop can be a painful and time-consuming process. If you use some sort of disk-imaging technology and keep adequate backups, you can make recovery far less stressful, but even so, with today's technology this particular route to recovery is the long road. However, if you have virtual machine (VM) technology in place, you can recover from an intrusion of nearly any type in only a few seconds because all you need to do is shut down the VM and relaunch it.

Microsoft, Red Hat, and other vendors are touting VM technology with increasing frequency. Microsoft recently announced that it will offer its VM technology for free and it will begin to support Linux VMs running under a Windows environment. The announcement comes on the heels of VMware's recent shift to offering some of its VM technology for free.

While the primary focus of most VM technology vendors has been on servers, expanding the focus from servers to desktops is just a short step away. Because of the need for the best security possible and because desktops are a major inroad for intruders of all types, installing desktop-based VMs instead of standalone OSs makes sense. It's quite possible that VMs could become the solution of choice sooner rather than later for a large number of enterprises and possibly even for home computer users.

If you haven't already looked into VM technology, head over to the first URL below, where you'll find out how to download or order Microsoft Virtual Server 2005 R2. Also, check out VMware's site (at the second URL below), where you can download a copy of VMware Server. And be sure to click the third URL below where you'll find a long list of ready-made VM "appliances" that run under VMware Server, including several that you as security administrators will probably find useful.

http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx

http://www.vmware.com/products/server

http://www.vmware.com/vmtn/appliances/index.html

Last but not least, if you're the proud owner of some of that slick new Intel-based Mac hardware, then check out the Parallels Web site, where you'll find the new Parallels Workstation 2.1 beta, VM technology that lets you run Windows XP, Linux, FreeBSD, Solaris, OS/2, and even MS-DOS under Mac OS X.

http://www.parallels.com/en/products/workstation/mac/

==== Sponsor: Klocwork ====

IMPROVE SOFTWARE QUALITY AND REDUCE COSTS

New White Paper from Klocwork: Improve software quality and reduce life-cycle costs by incorporating Static Analysis tools into your routine development processes. Results: More maintainable code, more secure, reliable software and a more predictable development process. Download White Paper:

http://a.gklmedia.com/pnsecurity/nl/109

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

SAP to Strengthen Its Compliance Offerings

German-based SAP announced that it will acquire California-based Virsa Systems for an undisclosed sum. The deal is expected to close by the end of May.

http://www.windowsitpro.com/Article/ArticleID/49884

McAfee Snaps Up SiteAdvisor

Only a few months after its initial launch, SiteAdvisor (which helps people identify malicious Web sites) has been acquired by McAfee. Terms of the acquisition weren't disclosed.

http://www.windowsitpro.com/Article/ArticleID/49912

3 Ways to Rein In Your Wireless Signals

Wireless networks have an inherent security threat: They transmit radio signals nonstop. By limiting the direction and range of the signals, you can improve the security of your network. Find out how to get the job done in this article on our Web site.

http://www.windowsitpro.com/Article/ArticleID/49501

==== Resources and Events ====

Infosecurity Europe is Europe's number one dedicated Information Security event. Now in its 11th year, the event continues to provide an unrivalled education programme, new products & services, and exhibitors and visitors from every segment of the industry.

25th - 27th April 2006, Grand Hall, Olympia

http://www.infosec.co.uk/windowsitpro

Get all you need to know about today's most popular security protocols, including SSL-TLS, for Web-based communications.

http://www.windowsitlibrary.com/ebooks/leveragingssl/index.cfm?code=0412emailannc

DevConnections Europe: Buy 1 Get 1 Free!

Time is running out to register for DevConnections Europe, 24-27 April 2006 in Nice, France, at the Nice-Acropolis Convention Center. Register today and get another registration free! Enter discount code 0410emailannc.

http://www.devconnectionseurope.com/?refer=0410emailannc

Learn the essentials of high availability for SQL Server 2005--including cluster services, replication, and log shipping.

http://www.windowsitpro.com/go/essential/xosoft/sqlserverha/?code=0412emailannc

Learn to identify the top 5 IM security risks and protect your networks and users.

http://www.windowsitpro.com/go/whitepapers/symantec/topimrisks/?code=0412emailannc

==== Featured White Paper ====

A multi-tier approach to email security prevents unauthorized access and can stop spam, viruses, and phishing attacks. Learn to implement this approach today, and protect your network security and business systems!

http://www.windowsitpro.com/go/whitepapers/Symantec/multitier/?code=0412featwp

==== Hot Spot ====

Learn to secure your IM traffic--don't let your critical business information be intercepted!

http://www.windowsitpro.com/toolkits/symantec/index.cfm?code=0405emailannc

==== 3. Security Toolkit ====

Security Matters Blog: Evolution of Malware

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Kaspersky Lab posted the "Malware Evolution: 2005" report on its Viruslist.com Web site in February. The company recently posted "Malware Evolution: 2005, part two," and it makes for some very interesting reading.

http://www.windowsitpro.com/Article/ArticleID/49915

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: What is SubInACL?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/49598

Security Forum Featured Thread

Forum participant p2chang wonders whether anyone knows of a program that, like ShareWatch (http://stevemiller.net/sharewatch), lets you see who's on your computer and kick them off, but that also lets you specify guidelines for banning people (e.g., certain IP addresses, for idling too long, for streaming a file instead of downloading). Join the discussion at

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=46951&enterthread=y

Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Announcements ====

(from Windows IT Pro and its partners)

Exclusive Spring Savings

Subscribe to Windows IT Pro and SAVE 58%! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful articles. This is a limited-time offer, so order now:

https://store.pentontech.com/index.cfm?s=1&promocode=eu2064uw

Save 44% off Exchange & Outlook Administrator Newsletter

For a limited time, order the Exchange & Outlook Administrator newsletter and SAVE up to $80! You'll get 12 helpful issues loaded with endless tools and solutions you won't find anywhere else to help you migrate, optimize, administer, backup, recover, and secure your messaging system. Subscribe now:

https://store.pentontech.com/index.cfm?s=1&promocode=eu2364us

==== 4. New and Improved ====

by Renee Munshi, [email protected]

Enforce Policies for IM

Akonix Systems announced a new series of IM security appliances for businesses of all sizes. The appliances, which are designed to protect corporate networks from viruses, worms, and other IM threats, control access and enforce policies for public and enterprise IM clients and ensure regulatory compliance by logging and archiving all IM communications. The Akonix A6000 is an enterprise-class solution optimized for up to tens of thousands of users; the A1000 is optimized for 25 to 1000 users. The A-Series appliances are available now, and Akonix offers units for a free 30-day evaluation. For more information, go to

http://www.akonix.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]