Enterprise Security Today

Windows 7 Tops Vista's Rollout as Patch Tuesday Looms

Fri, 06 Nov 2009 07:59:02 -0500

Score one for Windows 7. The initial sales of the latest version of Microsoft's flagship operating system surpassed Vista's performance during its first few days on the U.S. market, according to the NPD Group.

Windows 7 unit sales in the U.S. were 234 percent higher than Vista's first few days of sales. A combination of early discounts on pre-sales and a lack of promotional activity for the Ultimate version resulted in dollar sales that were 82 percent higher than Vista.

"Microsoft's program of early low-cost pre-sales, high-visibility marketing, and aggressive deals helped make the Windows 7 software launch successful," said Stephen Baker, vice president of industry analysis at NPD. "In a slow environment for packaged software, Windows 7 brought a large number of customers into the software aisles."

PC Hardware Sales Measured

While boxed software sales were up compared to the Vista launch, PC hardware sales had more of an uphill battle. PC sales growth was higher than any week during the high-volume back-to-school third quarter, but not as strong as growth during the Vista launch, NPD said.

Total Windows PC sales were up 49 percent year-over-year and 95 percent over the week before launch. However, PC sales growth during the Vista launch was stronger, soaring 68 percent over the previous year and 170 percent over the week preceding the launch. Windows PC sales were down six percent compared to PC sales during the Vista launch week.

"A combination of factors impacted Windows 7 PC sales at the outset, but the trajectory of overall PC sales is very strong leading into the holiday season," said Baker. "Vista had a slight advantage at launch, as January traditionally has a bigger sales footprint than October. The other hurdle Windows 7 faced was that sales of PCs with older operating systems (XP and Vista) were high, making up...

NetWitness Unveils NextGen Version 9.0

Wed, 04 Nov 2009 11:12:33 -0500

NetWitness Annual User Conference, Washington, D.C., November 4, 2009 -- NetWitness Corporation announced today the availability of version 9.0 of its award-winning NextGen� enterprise network forensics and advanced threat intelligence platform at its Annual User Conference in Washington, D.C. The NetWitness user population includes over 15,000 security experts in more than 5,000 enterprises located in 126 countries around the world.

NextGen version 9.0 is not a simple evolution of a packet-sniffing technology, but a true revolution in automating network intelligence at the application layer and real-time network forensics.

"In 2009, we continued to see an alarming increase in the number of serious data breaches in public and private organizations due to advanced threats and the inability of security teams to detect complex application-based attacks using current tools and techniques," said Richard Stiennon, Chief Research Analyst, IT-Harvest. "With NextGen version 9.0, NetWitness has taken the nascent market of network forensics and real-time threat intelligence to a whole new level, providing deeper analytics and broader platform extensibility, and giving security teams the capabilities they need to reduce the risk exposure window."

The new features offered in version 9.0 include:

� NetWitness Identity - provides the ability to easily correlate IP addresses in network sessions to end-user directory credentials � fusing an organization's Active Directory to offer a real-time 4-1-1 lookup capability. As a result, security staff can link compromised machines and inappropriate network behavior to a user's actual identity.

� Support for 802.11 Wireless Capture - initially supported under the portable NextGen Eagle platform, this capability will be available on all NextGen 9.0 capture platforms. This new capability supports WEP in-line decryption and will support WPA decryption under an upcoming service pack.

� 10Gbps Network Support - building off of real-world experiences with massive government, commercial and service provider networks, unlike other products...

Net Security Stocks: A Solid Corner of Tech

Wed, 04 Nov 2009 07:06:38 -0500

With more and more people using the Web for business transactions and routinely typing in their credit-card digits on various sites, rising concerns about identity theft and other cybercrimes have put companies that provide Internet security products in the catbird seat.

While Symantec and McAfee have hitched their wagons to Microsoft, on hopes that the new Windows 7.0 operating system will drive sales of their security software, other companies' business models aren't tied to the fortunes of Redmond & Co.

Like VeriSign, for example. The Mountain View [Calif.] company collects $6.87 for every new dot-com Web site it registers and $4.24 for every dot-net address it assigns under an exclusive seven-year contract with the Internet Corporation for Assigned Names & Numbers, known as ICANN, a nonprofit oversight body that coordinates domain names for the U.S. Commerce Dept.

SSL Profitability Concerns

Analysts estimate the Web infrastructure and security outfit added about 1.4 million domain names in the third quarter, which would be a 27 percent increase over the preceding quarter and ahead of the company's forecast of 900,000 to 1.2 million additional registrations, according to Oppenheimer analyst Shaul Eyal in an Oct. 22 research note. That bodes well for third-quarter earnings, which the company is scheduled to report on Nov. 5. As the global economy continues to recover, "international growth could again crank up and provide a kick-start to recovery" in domain name additions, Eyal said.

While the company enjoys a virtual monopoly in the domain name business, there are still concerns about the profitability of one of its key businesses: security socket layer, or SSL, certificates, which merchants buy from the company in order to enable the encryption of sensitive information during online transactions and authenticate information about the certificate owner. While VeriSign has a 75 percent market share in these certificates, its average...

Agencies: Glitch with Foreign SS Numbers Is Fixed

Wed, 04 Nov 2009 07:05:48 -0500

Two federal agencies that put Americans at risk for identity-theft-like problems have fixed a glitch that linked U.S. Social Security numbers to those issued by three foreign countries, officials said.

The problem, which mostly affects Maine and New Hampshire, involves three Pacific Island nations that receive disaster loans, grants and other aid from the United States in exchange for military privileges in the region.

The U.S. Department of Agriculture, one of the agencies that issues the aid, has replaced all the Social Security numbers of affected borrowers in its loan processing system with new characters that don't match any U.S. numbers, an agency spokesman told The Associated Press, which first reported the problem in August.

The Federated States of Micronesia, the Republic of the Marshall Islands and the Republic of Palau all have their own Social Security systems, but the USDA and several other agencies have treated numbers issued by the three nations as if they were U.S. numbers, regardless of whether they were already in use.

That can create headaches similar to identity theft when identities become linked in the eyes of lenders or creditors. In one case, when a Micronesian man defaulted on a $7,306 loan from the U.S. Small Business Administration, collection agencies sought out this Associated Press reporter.

Though the man's Social Security number had only eight digits, the Business Administration computer automatically added a zero to the front, turning it into a nine-digit number that matched the reporter's.

Though the USDA has known for years that numbers were getting mixed up, it made no changes to its software or procedures until recently.

The Small Business Administration also has taken steps to protect Americans whose numbers may match aid recipients from the three nations and will consider writing letters to credit bureaus on behalf of those who have been affected, a spokeswoman said...

Windows Vista Rated More Secure Than Windows XP

Mon, 02 Nov 2009 14:27:20 -0500

A Microsoft report released Monday indicates that Windows Vista significantly outperforms Windows XP when it comes to enhanced security. Infection rates for Vista were significantly lower than XP during the first half of 2009, the Security Intelligence Report said.

But whether the user is running Vista or XP, Microsoft said the most current service pack available is always the least susceptible to security attacks. That's hardly a surprise given that service packs include previously released security updates, together with changes to default settings and additional security features. However, Microsoft Vista SP releases consistently beat those for Windows XP in all service-pack configurations.

The infection rate of Windows Vista SP1 was 61.9 percent less than Windows XP SP3 during the first half of this year, according to the report. Moreover, comparing release to manufacturer (RTM) versions, the infection rate of Windows Vista was a staggering 85.3 percent less than Windows XP, the software giant added.

Browser Vulnerabilities

On the downside, web browsers continue to represent one of Microsoft's vulnerability hot spots. Microsoft software accounted for six of the top 10 browser-based vulnerabilities that were attacked on PCs running Windows XP, but only one out of the top 10 on Vista machines, the report said.

For browser-based attacks on PCs running Windows XP, Microsoft vulnerabilities accounted for 56.4 percent of the total. By contrast, Microsoft vulnerabilities accounted for just 15.5 percent on Windows Vista-based machines, the report said.

Still, browser-based vulnerabilities should continue to be a top concern for businesses, whether they are using Vista or still running XP. The good news is that Windows security can be immediately improved without having to upgrade to Windows 7, noted Gartner Vice President Neil MacDonald, who is urging businesses to "get off" Internet Explorer 6.

"I don't care if you go to IE7, IE8, Firefox, Chrome...

Beta Versions: Approach with Caution

Tue, 03 Nov 2009 07:07:19 -0500

There's a sense of exclusivity in being able to download a beta version of a new computer program and become one of the first people to test it before its official release.

And, in many ways, it is important work. Users report problems to software designers, making them vital to the creation of multiple programs, operating systems and web browsers. But there are risks. In a worst case scenario, beta testers risk crashing their whole system.

"In business jargon, we refer to them as banana products -- the software has to ripen with the customer," says Frank Felzmann of the German Federal Office for Information Security (BSI).

That means there are risks, including that "the software doesn't yet work properly. It can also lead to security problems if the software accesses the system." Beta versions have also been known to affect the stability of a system.

That's why experts recommend unskilled users avoid offering themselves and their computers up as test subjects. "In general, I would only recommend beta versions to experienced users. Everyday users, who put a lot of stock in having a stable system, should wait for the final product," recommends Martin Michl of the German computer magazine Chip.

Hajo Schluz, who writes for another German computer magazine, c't, agrees.

Nonetheless, he understands why some computer users want to test programs before their official release. Microsoft recently released an advance version of its Windows 7 operating system to registered users. Google did the same with the beta version of its Chrome browser.

Whether you're an old hand or a beginner, anyone who installs a beta version on their computer should take certain precautions.

"Our recommendation is to install a beta version, if you do it at all, on a computer where there's nothing else running," says Felzmann. That at least minimizes the fallout from any damage.

If...

Windows 7's Hidden Gems and Noteworthy Features

Tue, 03 Nov 2009 07:07:53 -0500

Windows 7's headline features naturally get all the attention. If you've read anything about Microsoft's latest operating system, you probably already know that Windows 7 is faster, more compatible, and less annoying than Windows Vista. But Microsoft has also sneaked quite a few less visible but still noteworthy features into Windows 7. Here are a few.

Shake

Let's say you have dozens of applications open on your Windows 7 desktop -- so many, in fact, that that you have a difficult time sorting through them all, or you have difficulty concentrating on the foreground application because of everything else that's open. Sound familiar?

In previous versions of Windows, you'd typically have to close all of those applications in order to get some sanity back into your desktop. Not anymore -- thanks to the new feature dubbed "shake." True to its name, the feature is activated by grabbing the title bar of an open application with your mouse cursor and then "shaking" the program back and forth a few times. When you do, everything else that's open on your desktop is minimized automatically.

Perform the shake operation again, and the clutter returns to your desktop, exactly as it was before.

Problem Recorder

How often have you had to try to describe a problem you're having with your Windows computer, and the person you're describing the problem to acts like you're talking in a foreign language? Or how often have you, as the local computer expert, had to rely on someone's fuzzy description of a problem?

In Windows 7, there's help for both scenarios in the form of the new Problem Steps Recorder. In a nutshell, the Problem Steps Recorder, or PRS for short, will record exactly what you're doing on your PC that results in a problem. Optionally, you can use the tool's Add Comment feature to add...

Security Report Finds Enterprise Infections Up 100 Percent

Mon, 02 Nov 2009 10:01:20 -0500

Microsoft released its latest security intelligence report on Monday -- and the picture looks grim for enterprises. Enterprise worm infections rose nearly 100 percent in the first half of 2009 from the previous six months. In the same period, consumers continued to struggle with rogue software.

According to the Microsoft Security Intelligence Report (SIRv7), rogue security software remained the single largest threat category for the first half of 2009. Despite progress combating rogues, this is still a major issue for computer users. Also known as "scareware," rogue security software takes advantage of customers' desire to protect their computer from threats.

But there is good news for enterprises and consumers. The report highlights a significant decrease in Zlob Trojan infections, from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009. Microsoft is offering some security best practices to help PC users ward off threats.

"It's been said that knowledge is power -- and when it comes to security intelligence, a lack of accurate information can be detrimental to separating real threats from hype," said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. "Microsoft is committed to providing not only security intelligence for our customers and the community, but also the most accurate and comprehensive view of the realities of the threat landscape."

Conficker Revisited

Ten years after the Melissa worm appeared and defined mass-mailing worms as a class of malicious threats, Microsoft reports Conficker is the top worm threat detected for the enterprise. Conficker is not in the top 10 for consumers because home computers are more likely to have automatic updating enabled. Microsoft said these findings stress the need for enterprises to have a robust security-update management program in place.

With detections up 156 percent since the second half of 2008, the Taterf worm is an emerging...

U.S. Cyber Center Opens To Battle Computer Attacks

Wed, 04 Nov 2009 07:06:58 -0500

The United States is well behind the curve in the fight against computer criminals, Sen. Joe Lieberman [said], as Homeland Security officials opened a $9 million operations center to better coordinate the government's response to cyberattacks.

Lieberman, chairman of the Senate Homeland Security and Government Affairs Committee, said legislation being drafted by his committee will require federal agencies and private companies to set up a system to share information on cyber threats.

And Lieberman, a Connecticut independent, said the Homeland Security Department must identify weaknesses in the systems that run power plants and other critical infrastructure.

As Lieberman laid out his proposal to Chamber of Commerce executives, Homeland Security Secretary Janet Napolitano unveiled the new National Cybersecurity and Communications Integration Center in northern Virginia.

Standing in front of a wall of broad video screens, that displayed vivid charts and maps of possible cyber threats and suspicious Internet traffic, Napolitano said the watch center will allow the high-tech teams that monitor government networks to work better together.

With 61 computer stations spread across the room, the center will merge the U.S. Computer Emergency Readiness Team and the National Coordinating Center for Telecommunications.

U.S. officials have said that government computer systems are probed or scanned millions of times a day, and face an increasing threat from hackers, cyber criminals looking to steal money or information, and nation-states aimed at espionage or the destruction of networks that run vital services.

Officials have called for a more coordinated effort by the federal government to monitor and protect U.S. systems and work with the private sector to insure that transportation systems, energy plants and other sensitive networks are equally protected.

Sen. Susan Collins of Maine, the ranking Republican on the homeland security panel, said it will take more than a White House coordinator to secure the country's networks. And she pointed to the...

Lieberman Software's User Manager Pro Turns 10

Mon, 02 Nov 2009 09:38:02 -0500

Lieberman Software today announced the 10th anniversary of User Manager Pro and a newly awarded patent for the innovative Cratering functionality in its current release.

User Manager Pro is the flagship product in the company's User Manager Pro Suite, a powerful and comprehensive security management solution for Windows servers and workstations. This product suite can modify groups, users, passwords, registry settings, policies, audit settings, and rights on all systems simultaneously, while also providing real-time, interactive reports for the system data it collects.

The recently patented Access Control List (ACL) management technology in User Manager Pro, called Cratering, identifies and blocks malicious software from executing on client systems to render it harmless and prevent propagation throughout the enterprise. Cratering removes the existing permissions on the malicious file and replaces them with a single ACL "Deny" entry that locks out all access, including the operating system. With Cratering, the virus is unable to start and a new infection does not take hold since the disabled virus file cannot be overwritten.

"Customers and prospects from the IT administrator up to the CTO level tell us they are looking for ways to improve system reliability and reduce the time spent on tedious, error-prone systems management tasks," said Philip Lieberman, founder and CEO of Lieberman Software. "For ten years now, our enterprise customers have relied on User Manager Pro to efficiently manage the daily operations of the IT infrastructure, minimize the threat of security breaches in the network and rapidly resolve system problems as they arise."

User Manager Pro customers use the product to perform essential security management tasks in the Windows enterprise. User Manager Pro helps organization in all major vertical markets locate and remove rogue users, groups, and group memberships, change administrator passwords, discover and remove unauthorized shares, determine who is in the administrator group, find stale...