View
214
Download
1
Category
Preview:
Citation preview
Microsoft chairman Bill Gates delivered
his first keynote to security experts in
San Francisco at RSA Security's thirteenth
annual conference in February. He chose the
conference to confirm the contents of Service
Pack 2 for Windows XP and to reveal Windows
Security Center, a new site for checking
security settings.
Looking nervous, Gates first launched details
of the security measures in SP2. Microsoft is
increasing the functions and features of its
firewall and its anti-spam controls in Outlook.
Gates also showed how malware could be
controlled using behaviour blocking.
Active Protection Technology (APT) will be
an addition to the Internet Security and
Acceleration Server and is designed to prevent
malicious activity arising from malware. APT
will examine the Windows environment to find
traces of unusual activity and use behaviour
blocking to stop it happening. For example, an
emailing virus or worm that spews out a slew
of messages will be shut down, or a Windows
service trying to open a back door will be
prevented from doing so.
The main revelation was a detailed
presentation of the Windows Security Center,
where security settings for Windows features,
such as the new firewall, can be checked. This
was announced by Microsoft marketing
manager, Zachary Gutt who joined Gates on
stage to demonstrate the SP2 features.
Gutt ran the Windows Firewall through its
paces, showing how calls to external sites and
services will be queried through a dialog box.
He also showed how an enterprise can centrally
manage the desktop firewalls and set different
profiles for mobile computers: one for
corporate network protection and one for when
the laptop is disconnected from the LAN.
To turn up the heat on spammers, Gates
plans to form a cross-industry alliance with
Internet Service Providers (ISPs) to make email
more trackable. Microsoft's Caller ID will use
the Internet's domain name system (DNS) to
verify the originating domain for any email.
This will require email messages to include the
IP address of their mail server, this will allow
the receiver to verify that the address is real.
Unverified email will be treated as spam and
either quarantined or deleted according to the
administrator's settings.
Microsoft is starting to test Caller ID on its
Hotmail service and has already implemented
the inclusion of IP addresses in outbound
emails. Inbound addresses will start to be
checked around the middle of this year. The
measures will help to reduce spam but relies on
help from the ISP community. Rogue ISPs will
still allow spamming and may find ways to
circumnavigate Caller ID.
Gates concluded, "We think this [SP2] will be
a very important release and we will ask people
to install broadly."
At the end of his keynote Gates was greeted
with polite applause. Bruce Schneier, founder
and chief technology officer of Counterpane
Internet Security, echoed the feelings of many
delegates. "Was it just me or was he just not
excited? I expected more excitement," he said.
"When he talks about [Windows] features and
cool things, he gets animated. He had an
opportunity to wow us. I wanted to be
wowed. I didn't want to hear about cool
dialog boxes."
ne
ws
4In
fosecu
rity Tod
ayM
arch/April 2004
Bill Gates centres on Windows security at RSAEric Doyle, reporting on RSA in San Francisco
Anti-virus software fails to protect UK businessBrian McKenna
Network worms like Blaster significantly
damaged UK companies in 2003, despite
near-complete anti-virus software protection
and the easy availability of patches.
The Department of Trade and Industry's
seventh biennial information security breaches
survey, which a Pricewaterhouse Coopers-led
consortium carried out from October 2003 to
January 2004, has revealed that malware is
bigger threat to business than it was in 2002.
Around half of UK businesses suffered from
virus infection or denial of services attacks
during the last year, the survey shows.
This has risen from 41% in 2002 and just
16% in 2000. These are among the initial
findings from the survey; the full results will be
launched at InfoSecurity Europe in London,
April 27-29.
The Belfast-based research team interviewed
the main infosec owner in 1000 companies. They
discovered that 93% of those surveyed, and 99%
of large companies, deploy antivirus software.
Despite this, 50% of UK businesses, and 68% of
large companies, suffered from virus infection or
denial of services attacks in 2003.
MS Blaster was by far the biggest culprit,
causing a third of all infections — and over
half of those in large companies.
Damage from virus incidents varied from
less than a day's disruption and no cost to
major disruption to services for a month or
more.
Chris Potter, the partner at Pricewaterhouse
Coopers who spearheaded the research, said
that "anti-virus software is not useless. The
problem is that while businesses do have AV,
it's not necessarily up to date. We found that
41% of companies don't update
automatically. Also the nature of the threat is
evolving; viruses are becoming more
sophisticated, with blended threats evading
AV scanning.
"Large companies were caught out more by
Blaster than they were by viruses like Klez. In
the Blaster case you had a known network
security vulnerability for which the patch
wasn't installed quickly enough".
"Large businesses have sorted out the
perimeter, but it's things like infected laptops
coming into the network are the problem".
He reported that there are signs of more
proactive approaches being adopted — such as
heuristics — “especially in companies where
there are lots of transactions or a lot of
connectivity, like telcos and ISPs”.
And the big picture is that "five years ago
accidental damage was the biggest problem but
now it's malicious and premeditated activity".
Potter concluded that we "need to be
cautious about extrapolations from this kind
of survey, but we are talking about a big
number in terms of commercial damage from
malware — bigger than two years ago".
Gerhard Eschelbeck, chief technology officer
of Qualys, who were drafted in to analyse the
AV and malcode piece of the survey's final
data, said that "the most telling thing was that
while 93% of small companies and 99% of
large companies have AV technology, they are
still getting hit. It is clear that one-dimensional
AV will not cut it anymore".
He added that companies need "to do a
better job in prioritising their efforts and the
current average patching period of 30-60 days
is just too large a window of exposure”.
Recommended