Monday, September 21, 2009

Network Security Software

Sunbelt Software's VIPRE - Redefining security software


Adrian Kingsley-Hughes from zdnet.com

Sunbelt Software’s VIPRE - I’ve finally found an antivirus package that delivers the goods.

Over the years I’ve become truly disillusioned by security software. A good antivirus package used to be the first thing that I installed on a system after installing the OS, but now that’s become one of those tasks that I know I should do (not just to protect myself, and the network, but others that I communicate with) but that I put off until the last minute. Why? Because I know I’ll start hating the system shortly afterwards and resenting the security software for consuming so much of my precious system resources.
VIPRE setup and interface gallery

There have been times when seeing the performance hit that a system takes after installing a security package has actually made me put my head in my hands and wonder whether all these strides we have made in processor power and RAM capacities are all undone thanks to security firms unleashing their bloated wares upon us. I’m not going to name any names - I’m pretty sure that most of you will be able to rattle off a list of them without any prompting from me.

Time for a short story …

OK, story time. Last night my wife and I were at my mother-in-laws and the subject of her slow notebook came up. The notebook is question is an aging IBM ThinkPad R51e that runs Windows XP and which hasn’t really been all that fast from the start. It suffers from not enough RAM and too many drivers and specific apps (which are tricky to remove without losing features) kludging up the system. But what makes matters worse is that any security software that you install onto the system amplifies these problems greatly.

The antivirus package that was installed on the system was Kaspersky AntiVirus 2009 2008. I have a love/hate relationship with this product and use if mostly because it’s the best of a bad bunch (a statement that says a lot about the current line up of security software). We uninstalled this application and immediately there was a performance gain. I didn’t benchmark the system under controlled conditions but I’d say that boot times were cut by about 33% and loading times for applications by 25%. However, I knew that I couldn’t leave the system unprotected and that I’d have to install something in place of Kaspersky. Then I remembered that I’d received an email earlier in the week from Sunbelt Software informing me that the new VIPRE antivirus and antispyware app was out (an enterprise version has also been released). One of the features that the email bragged about what how this software wasn’t a resource hog.

I decided to pull up the website and take a look. The copy for VIPRE (which stands for “Virus Intrusion Protection Remediation Engine”) was full of performance-related claims:

  • “VIPRE Antivirus + Antispyware is high-performance security software that doesn’t slow down your PC like older, traditional antivirus products.”

  • “Tired of old antivirus software that makes your PC slow down to a crawl? Interrupting what you are doing with slow scan times, causing problems and nagging you? Time for a change to next-generation antivirus + antispyware that IS NOT a resource hog!”

  • “Does not slow down your PC”


Bold claims, but that said, almost all antivirus vendors nowadays makes similar claims.

OK, I clicked the download link and the 12.6MB packaged came down swiftly. I started the install process which seemed much like every other install process and the program installed without fuss. After a reboot the setup wizard picked up again and guided us through the initial setting up of the software. VIPRE downloaded the risk definitions and the program was ready to roll.

Then I noticed something. The system was just as responsive with VIPRE installed as without. Wow! I wasn’t expecting that. We rebooted the system just in case it wasn’t running, and then downloaded the EICAR test file to make sure that it was running and sure enough, it was, and it was having almost no effect on the performance of the system. To say I was impressed would be an understatement.

Back at the PC Doc HQ …

Today I’ve had a chance to take a closer look at VIPRE, and it has to be said that I like what I see.

  • First off, the performance claims do seem to be real. today I’ve uninstalled a number of different antivirus packages from a selection of systems and replaced them with VIPRE and on every system I’m seeing and feeling a performance boost. Not only is the real time monitoring far lighter and and less of a resource hog than any other antivirus package I’ve come across, the system scanner is also fast and light-weight (I’ve been typing this, taking screenshots and running a couple of virtual machines while VIPRE has been scanning my system). My testing backs up the claims made by Sunbelt Software and goes to prove the benefits of adopting a clean slate, building a product from the ground up approach.

  • VIPRE offers all-round protection - antivirus, antispyware, protection from email-borne threats, rootkit detections and other goodies such as a secure file eraser and history cleaner.

  • VIPRE is easy to use. In fact, the interface is a pleasure to use.

  • The product is honest and gives you clear feedback relating to what it finds on your system - no scan and scare tactics here.

  • Then there’s the aspect of fair pricing. A single license for VIPRE costs $29.95 and gives you a year’s worth of updates, while a 3-user annual subscription is $39.95, while for $49.95 you can protect all PCs in a single household with a single site license. That’s the fairest deal I’ve come across.
    “Typical ‘household’ licenses offered for security software products limit the number of PCs protected to anywhere from three to five per household,” said Alex Eckelberry, president of Sunbelt Software. “With our unlimited home site license, customers pay one low annual subscription price for the product of their
    choice for all the PCs in their home. We don’t care if it’s five, ten, or 200 computers. One price covers all the computers located in that residence.”


Now I’ve rolled VIPRE onto a number of systems, I’ll let you know how things go in a follow-up post.

System Requirements

  • Microsoft Internet Explorer 5.5 or higher

  • At least an IBM Compatible 400MHZ computer with minimum 256MB RAM

  • At least 150MB of available free space on your hard drive

  • 2x CDROM

  • Internet access with at least 56Kbps connection

  • Supported Operating Systems:
    - Windows 2000 SP4 RollUp 1
    - Windows Server 2008
    - Windows XP SP1, SP2, SP3 (Home, Pro, Media Center, Tablet) 32 and 64-bit
    - Windows Vista+ (All flavors) 32 and 64-bit

  • Supported Email Applications: Outlook 2000+, Outlook Express 5.0+, Windows Mail on Vista, and SMTP and

  • POP3 (Thunderbird, IncrediMail, Eudora, etc.)

  • Installation of VIPRE is not supported on Windows 95, 98, or ME, Macintosh or Linux
A completely fully functioning trial version of Colasoft Capsa R2 is available.

Can peer-to-peer coexist with network security?

Network security experts have long cautioned about the risk posed by the use of peer-to-peer file sharing by individuals working in corporations, warning that the practice creates holes that let malware in and sensitive data out. Their message may be having an impact in the P2P development community.

A trade group representing peer-to-peer file sharing providers next week will publish a report that finds P2P software companies are modifying their programs in an effort to make it harder for users to inadvertently share sensitive information.

Elinor Mills(Cnet news editor) said:

For corporate IT administrators, that shift can't come soon enough. The problem was highlighted by the recent news that avionics blueprints of President Obama's helicopter had leaked through a peer-to-peer network used by a defense contractor to an IP (Internet Protocol) address in Iran.

This isn't the first time sensitive data has trickled out via popular file sharing networks. Last summer, personal information of some 1,000 former patients of the Walter Reed Army Medical Center was believed to have been leaked via a peer-to-peer network. Sensitive health care and financial data has also been found on file sharing networks, according to studies from Dartmouth College and P2P network monitoring service provider Tiversa, which also uncovered the leaked presidential helicopter data.

Peer-to-peer use at ABN Amro and Pfizer led to the exposure of personally identifiable information of more than 20,000 consumers in 2007. And then there was the symbolic slap in the face when politicians called P2P networks a potential "national security threat" at a congressional hearing that summer.
tiversagraphic

Minimizing the risk

IT administrators need to have a written policy that specifies whether or not employees are allowed to use file sharing. And they need to use perimeter security software, including firewall and intrusion detection, "to lock down the ports used by P2P or to look for specific P2P network traffic," said Tony Bradley, director of security at Evangelyze Communications, a unified communications software and service provider.

Corporations also might consider encrypting sensitive information and using data loss prevention tools to block data leakage, experts said. And if they want to see if any of their data has found its way onto a P2P network, they can hire Tiversa to probe Gnutella, eDonkey and FastTrack file-sharing networks.

Tiversa probes the networks, searching for specific terms and lets customers know when it finds any data out there specific to that firm and helps pinpoint the source of the leak and stop it.

After lawmakers accused them of being part of the problem nearly two years ago, P2P providers and their trade group--the Distributed Computing Industry Association (DCIA)--formed a working group to figure out ways to minimize the risk for P2P users and their networks. The DCIA prepared a report dated Thursday on the Inadvertent Sharing Protection Compliance that lists guidelines for better protecting P2P users and percentages of its members who are following them.

The latest version of popular file sharing software, released earlier this year, LimeWire 5, includes a number of the suggested changes and served as a "poster child for compliance," said Marty Lafferty, chief executive of the DCIA.

The report shows 100 percent compliance with the guideline that recommends that default settings prohibit the sharing of user-originated files, while 57 percent of the respondents said they were complying with the guideline to offer a simple way for the user to disable the file-sharing functionality.

Other guidelines, with compliance percentages ranging from 29 percent to 71 percent, included requiring users to select individual files within a folder to share rather than sharing the entire folder, requiring the user to take affirmative steps to share sensitive folders and preventing the sharing of a complete network or external drive or user-specific system folder, such as "Documents and Settings." Among the guidelines are requirements for warnings to the user when particular settings might jeopardize security.

we(Colasoft) are focus on providing all-in-one and easy-to-use software solutions for users to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems.

Norton Internet Security 2010 Review

Take a quick glance at the just-released Norton Internet Security 2010, and you won't notice much of a difference from previous incarnations -- the interface and feature set are so similar that it appears that only very minimal changes have been made to the suite. But under the hood is a new reputation-based security technology that the company claims is better positioned to protect against quickly evolving threats than traditional signature-based and behavior-based detection.

As with previous versions, Symantec's suite offers protection against viruses, Trojans, rootkits, spyware and malware of all kinds. Also, like previous versions, it has a firewall, intrusion protection, e-mail protection and Web protection. It integrates with your browser and search engine to warn you away from visiting sites that might be malicious.

The suite, despite its hefty feature set, does not take up a good deal of RAM or system resources. It's unlikely that you'll even notice it's running, a welcome change compared to several versions ago when it bogged down your system.

New reputation-based Quorum


Traditionally, security software detects threats by searching for signatures -- distinct code patterns that identify malware -- or by examining the behavior of a piece of software. Symantec claims that these solutions can't keep up with the massive amounts of new malware released every year.

The company has named its new reputation-based technology Quorum. It was designed for a world in which malware threats evolve exceedingly quickly and may be built to last only for a day, because malware writers know that signatures can be released to detect the threat in only 24 hours. Symantec claims that it is these kinds of threats -- those intended to do their damage quickly, before they are caught -- that are the primary dangers today.

Quorum creates a "reputation" for every piece of software it encounters, basing that reputation on a number of factors, including download source, age, prevalence and digital signature. So, for example, a new file downloaded from a not-well-known Web site that very few people have ever used will be regarded as suspect by Quorum, even if it is not known as a piece of malware and exhibits no suspicious behavior. As a result, one of malware writers' greatest weapons -- their ability to quickly turn out new pieces of malware -- makes it more likely that the new malware will be deemed suspicious by Quorum.

NIS 2010

According to Symantec, Quorum relies on data that Symantec has been capturing for years through millions of people who use Norton products and opt in to the Norton Community, sending information anonymously about the applications running on their systems. Quorum uses this information to help calculate its "reputation score" for applications.

Symantec stresses that it hasn't abandoned other means of catching malware; the reputation score is used in concert with signature-based and behavior-based protection.

Will the addition of Quorum actually help protect you more than traditional forms of protection? We'll only know when labs weigh in with their results.

Welcome to the familiar interface


As I mentioned before, Norton Internet Security 2010 looks very much like the 2009 version, so there will be very little learning curve for those who have already used the product.

The main screen is now divided into three sections entitled Computer, Network and Web (rather than the previous Computer, Web and Identity). It tells you at a glance the state of your security, notes whether any actions need to be taken, and lets you turn features on and off. As with the previous version, there are monitors on the left-hand side of the screen that show your CPU's current usage and how much of that Norton is taking up.

If you want a quick glimpse of the state of your security, you'll just use the main screen. But if you're the kind of person who likes to dig deep, you'll find plenty of links here that will lead you to additional data. For example, click the Performance link on the left-hand side, and you'll see a new feature: a page that offers in-depth detail about CPU and RAM use over the last ten minutes, the last half hour, hour-and-a-half, day, week, and month.

Better yet, another new link on the main page gives you access to detailed information from the suite's System Insight feature. This display shows, over time, any events related to your PC's security, such as virus scans and their results, and new software that you've installed. Using this info, you may be able to track down PC problems yourself -- for example, if you notice unusual behavior, you can check this screen to see if that behavior started after you installed a particular piece of software.

Another useful feature accessible from the main screen is the Network Security Map. It shows you all of the devices attached to your network, and includes information such as the IP address, MAC address, whether they're online, and so on.

NIS 2010

Another feature, the Vulnerability Protection link, is less than useful. It lists programs that Norton has found to have vulnerabilities -- but not necessarily those you have on your PC. The list is generic and lists all software against which Norton offers protection. There's no need ever to check it.

What's new?


Quorum's reputation-based strategy represents the biggest change compared to previous versions, but there have been other changes as well. The suite's anti-spam component features a new engine from enterprise anti-spam vendor Brightmail. Symantec claims that it is 20 percent more effective than the suite's previous anti-spam protection.

Also included is Norton Safe Web; this service is new to Norton Internet Security but was previously introduced in Norton 360 version 3.0. It works with Google, Yahoo and Bing, and shows whether any sites that turn up in search results are potentially dangerous or untrustworthy.

In addition, Norton Internet Security 2010 users get a free subscription to OnlineFamily.Norton, a Web-based service that lets parents control what their kids do on the Web.

The bottom line


If you're a user of Norton Internet Security 2009, it's certainly worth going to the newer version, because Quorum will most likely make you safer, and the new features are worthy additions. Not only that, but the upgrade is free.

As for whether to switch to NIS 2010 -- which costs $69.99 for a three-PC license -- from a different Internet protection program, that's a tougher call. The interface is certainly simple and straightforward, and also lets you dig into security details. There's no way to evaluate yet whether the new tools will be more effective than the old ones; only widespread use and exposure to many malware threats will tell.

More information about Internet Security, please go to colasoft.blog.com

Computer Security

A What is computer security?

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

B Why should I care about computer security?

We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).

C Who would want to break into my computer at home?

Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.

Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.

Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.

D How easy is it to break into my computer?

Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems.

When holes are discovered, computer vendors will usually develop patches to address the problem(s). However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely. Most of the incident reports of computer break-ins received at the CERT/CC could have been prevented if system administrators and users kept their computers up-to-date with patches and security fixes.

Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.

From cert.org

Computer security is a branch of technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.

The technologies of computer security are based on logic. As security is not necessarily the primary goal of most computer applications, designing a program with security in mind often imposes restrictions on that program's behavior.

There are several approaches to security in computing, sometimes a combination of approaches is valid:

1. Trust all the software to abide by a security policy but the software is not trustworthy (this is computer insecurity).
2. Trust all the software to abide by a security policy and the software is validated as trustworthy (by tedious branch and path analysis for example).
3. Trust no software but enforce a security policy with mechanisms that are not trustworthy (again this is computer insecurity).
4. Trust no software but enforce a security policy with trustworthy mechanisms.

Many systems have unintentionally resulted in the first possibility. Since approach two is expensive and non-deterministic, its use is very limited. Approaches one and three lead to failure. Because approach number four is often based on hardware mechanisms and avoids abstractions and a multiplicity of degrees of freedom, it is more practical. Combinations of approaches two and four are often used in a layered architecture with thin layers of two and thick layers of four.

There are various strategies and techniques used to design security systems. However there are few, if any, effective strategies to enhance security after design. One technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function. That way even if an attacker gains access to one part of the system, fine-grained security ensures that it is just as difficult for them to access the rest.

Furthermore, by breaking the system up into smaller components, the complexity of individual components is reduced, opening up the possibility of using techniques such as automated theorem proving to prove the correctness of crucial software subsystems. This enables a closed form solution to security that works well when only a single well-characterized property can be isolated as critical, and that property is also assessable to math. Not surprisingly, it is impractical for generalized correctness, which probably cannot even be defined, much less proven. Where formal correctness proofs are not possible, rigorous use of code review and unit testing represent a best-effort approach to make modules secure.

The design should use "defense in depth", where more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds. Defense in depth works when the breaching of one security measure does not provide a platform to facilitate subverting another. Also, the cascading principle acknowledges that several low hurdles does not make a high hurdle. So cascading several weak mechanisms does not provide the safety of a single stronger mechanism.

Subsystems should default to secure settings, and wherever possible should be designed to "fail secure" rather than "fail insecure" (see fail safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.

In addition, security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks. Finally, full disclosure helps to ensure that when bugs are found the "window of vulnerability" is kept as short as possible.

Early history of security by design

The early Multics operating system was notable for its early emphasis on computer security by design, and Multics was possibly the very first operating system to be designed as a secure system from the ground up. In spite of this, Multics' security was broken, not once, but repeatedly. The strategy was known as 'penetrate and test' and has become widely known as a non-terminating process that fails to produce computer security.[citation needed] This led to further work on computer security that prefigured modern security engineering techniques producing closed form processes that terminate.

From WikiPedia
Free counter and web stats