I’m seeing more email with disclaimers at the bottom.
This e-mail and any files transmitted with it are the property of $companyname, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender at xxx-xxx-xxxx and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited.
Lawyers gone wild. As Information Security Professionals we are supposed to yield to the domain experts. The problem is often the legal guys are in their own world.
This seems like an example of doing SOMETHING in the name of security, but not being sure of actually accomplishing anything. I feel like I should immediately delete the email, scrub my exchange server, reboot the routers to remove any possible remnants, call my lawyer and my company contracts office, and just in case stop accepting any new mail.
Do disclaimers at the bottom carry any legal weight? Its kind of doubtful. I mean to have a contract dont both sides need to have consideration? I have heard of one case where it was important for the disclaimer footer to warn that email traffic is monitored at company X. that way if Joe@companyX sends email to Jane@companyY she knows not to be sending illegal material back to Joe@companyX.
Archive for June 2005
When Disclaimers Attack
Security Myths
I watched a Webcast yesterday by Jesper Johansson and Steve Riley on security myths. They haven’t posted the on demand version yet, if they do it should be available here. If not you can get some of the same material via their articles from March and April.
Article Part 1
Part 2
The Myths:
1. Security guides make your system secure
2. If we hide, the bad guys wont find us.
3. The more tweaks the better
4. All environments should follow the advice in
5. High security is an end goal for all environments
6. Security tweaks can fix physical security problems
7. The lemming security model: Always follow expert recommendations.
8. We need to audit everything
9. Password cracking is our biggest problem
10. Security Tweaks will stop worms and viruses
11. Technology can fix user problems
12. Friends will always be by your side
13. Encrypted attack traffic is better than clear text attack traffic.
Grokster case NOT comparable to Gun Laws
The latest issue of SANS Newsbites has some editorial comments from Steven Northcutt that could use some examining. Northcutt comments on the MGM Studios INC vs Grokster by saying ” So a gun company can produce a “Saturday Night Special” under the law but Grokster has “unlawful intent”".
First of all so-called Saturday Night Specials are a fiction. They are misnomer used by any anti-gun advocate for cheap guns. Anti-gun advocates want to make it so cheap guns are unavailable. That will make it impossible for people with lower incomes to protect themselves. If they reduce the overall gun owner population it will be easier to remove the right to bear arms.
Second of all, anti-gun advocates have largely been successfully in that campaign. Saturday night specials dont exist.
Third, gun rights are protected by the Bill of Rights. Stealing other people’s work is not.
Fourth, the primary purpose of a gun is legal. IE. hunting, target shooting, and self-protection. The primary purpose of Grokster was not legal.
Fifth, look at the caselaw. In the Betamax case, Betamax VCRs were allowed because the primary purpose is legal.
You cant look at these cases without consideration of the primary purpose of the device.
The court unanimously held that peer-to-peer file sharing services will be held liable for the copyright infringement of their customers if the file sharing services affirmatively promote infringement. Since you cant make the claim that gun makers affirmatively promote murder, the comparison is not valid at all.
Rats!
Telephone and Internet service to 100k NewZealand customers was knocked offline on Monday and the KiWi stock market had to close early. All because some ditch diggers took out one service pipeline and some rats took out the other.
There is no word on whether or not Richard Clarke has called this a Digital Pearl Harbor.
Windows Server 2003 SP1 to be mandatory
http://www.microsoft.com/windowsserver2003/evaluation/news/bulletins/ws03sp1blockertoolfaq.mspxWindows Server 2003 SP1 will be automatically delivered through Automatic Updates starting July 26, 2005. Like with XP SP2 a tool will be available to block this installation until March 2006 (one year after initial release).
SAV 10- What’s New
The SAV Installation Guide (savinst.pdf in the docs directory or check the support site) lists what is new in this release.
Security Risk Detection and Removal
This is Symantec’s code for spyware, adware and assorted security risks. In this version Symantec can now detect spyware via autoprotect. This is an important improvement from SAV 9 which could only scan for this stuff during manual and scheduled scans.
We also now have the ability to have exception lists. Unfortunately rather than being able to add an EXE to ignore, we must ignore the entire spyware detection. Usually this is ok. For example with SAV 9, I have users who are constantly getting a virus detection for aports or Radmin. If I determine that is ok, then I would just whitelist it and never be bothered again.
Quickscan
Taking a page from the anti-spyware vendors, Symantec now has a quickscan that checks common hooks in the operating systems using by viruses and crap ware to autostart.
By default, the quickscan runs at every boot. Some people are finding this uses a lot of resources at logon. You can disable this behavior with a .reg file you can find at the Symantec support site.
You can run a quickscan at the beginning of a full system scan also if so desired.
Kill Kill Kill
No, that’s not the voices in your head. Symantec now has the ability to kill processes or stop services. So all those times, Symantec couldn’t remove a file because it was a currently running process…that’s in the past. This sounds like a huge improvement.
Tamper Protection
We’ve all seen it. When a virus slips by an antivirus product, the first thing it does is disable the antivirus. Or perhaps it wasn’t a virus, just a user deciding they didn’t need to conform to company policy so they figure out how to disable it. Tamper Protection watch for this sort of thing.
The problem with Tamper Protection is that it cannot be used if you have any other real time security software. There are also reports of SMS causing many alerts.
I think the manual also says that Tamper Protection will remove the ability of non-administrative users to run liveupdate (assuming you allow anyone to manually run live update in your environment).
Test it in your environment, but it sounds to me like this is not ready for prime time.
Role Based Accounts
Instead of having one password giving access to the SSC, you can now create role based accounts to provide read only, administrator, Central Quarantine and gateway security accounts.
These are separate accounts and cannot use Active Directory accounts.
SSL
SSL is now used to secure the communications between management consoles (SSC), the parent server, and the clients.
This adds some complexity for disaster recovery and server migration. Make sure you read the manual on this area.
Alternative Data Streams
Now supports scanning for viruses in alternate data streams. I dont know of any viruses using this. But the virus researchers have been agitating for vendors to add support for this.
64 bit amd support
We’ve been waiting for this. I dont think we’ve installed it yet so I cant comment. I did see in the readme that updates are through liveupdate only, no VDTM.
IPXSPX Support is gone
Other
I notice that under server tuning, you need to check a bot to support downlevel clients.
I have only installed the server. Not having installed it on the clients yet, I cannot review the product. Just passing on a few notes from what I’ve seen and read thus far. Looks l like a solid step forward. McAfee still seems to be better about stopping web exploits and I dont see anything in this release that will change that.
Finally I get SAV 10
Not sure why Symantec felt the need to mail out a new download code to allow me to download Symantec Antivirus version 10. It would seem to me to be better to just allow my current download code to access it. Both codes are valid through our current license period.
Looks like I’ve got some testing to do. Just happy to finally have SAV 10 in hand.
Google Toolbar for Enterprise
I just noticed that the Google Toolbar has an Enterprise version. Google’s always coming up with these new things and hiding them.
I guess the slogan should be ‘Google Toolbar, now with 30% less evil’. With this new version, you can encrypt the local index (using efs), restrict file types from being indexed, disable autoupdates, and disable the anonymous reporting back. All this can be done using a provided adm file and tattooing the registry via Group Policy.
It sounds pretty neat. It can also integrate with the Google Enterprise appliance if you have one of those. I wonder if it could be made to submit queries to the Sharepoint search as well.
Makes me want to check on what Microsoft is up to with their MSN Search tool. They bought Lookout a while back. As far as I know that tool is still geared toward end users.
Bing, It is now safe to use your computer
I couldn’t help but think of the Southwest Airlines commercial which has the tagline “it is now safe to move around the country” when I saw a Cisco commercial titled “The Hypochondriac.” One guy is cleaning his computer with a spray as another guy walks up and asks “did you get my email attachment. The hypochondriac says that he did, but he didn’t open it out of fear for viruses. The first guy says its ok because the message was sent on our network and our network is self-defending.
I can imagine the response to this commercial. A lot of security effort is spent convincing users not to click on every random thing that comes along. And here Cisco is ruining that education with their marketing.
Part of me agrees with that, but the other part of me says, about time someone restored usability to the network.
Schneier on Ice Cream lock
Bruce Schneier writes today about a Ben and Jerry’s Pint Ice Cream lock.
Brilliant. Does anyone know of a Pepsi lock? At work we have a bit of a problem with people stealing soda out of the fridge.
ps. If anyone is going to do a fake security bulletin about how to defeat the ice cream lock dont make it look like a mi2g release. They’ll start chimping. If you haven’t read the Wendy’s drive through order vulnerability notice go read it now if you’re a security geek. (it is not finger related)
