How about that, my entry discussing my LC4 and LC5 search is the number one result at Google if you search for lc5 and Symantec..
I did some more searching last night and found a experts-exchange thread indicating that Symantec is not selling LC5 anymore because they plan to incorporate that in some form into their own security product line. I have no idea where that leaves those of us who need to get a new license file every time a we get a new computer and need to reinstall LC4.
I also found an entry at GovernmentSecurity.org (a
Archive for November 2005
SAMInside
On the rumored death of blackberry
The Microsoft hype machine was in full force with the release of Exchange 2003 Service Pack 2. They would have you belief that that along with Windows Mobile is the death knell for Blackberry. Microsoft was pushing it hard, and you could see the MVPs repeating the charge faithfully. When I was out at Microsoft in Herndon, VA they were pushing this, so I asked them how they would architect a solution which required push technology yet the clients must use SecurID for any inbound initiated connection. They couldn’t do it. I had to figure out on my own that I needed a Good Technologies server to make this work. Replacing the Blackberry server with a Good server is hardly a huge benefit of Exch2k3sp2.
The thing is the Blackberry fanatics (and I’m still one), dont even know they are already dead. Company after company is moving to Windows Media phones or the Treo. Some want more features than Blackberry can provide. Other companies just dont want to be caught with their pants down if Blackberry has an adverse court ruling. This lawsuit uncertainty is having a chilling effect on Blackberries market share and it could not come at a worse time.
The Blackberry head says that they already have alternate technology in place if they lose this patent lawsuit. Is he merely trying to keep the stock from tanking or do they have solid plans in place to prevent the Blackberry network from going dark? Will people who have been enamored with Blackberry choose to leave after they’ve been prompted by these events to examine the Good Technology solution.
Webroot Spysweeper 2.51
I finally have Webroot Spysweeper 2.5 in my hands. I’ve been waiting for this since August. The admin console now has some good reports available. I’m happy about that.
What is the deal with LC5?
Since Symantec purchased @stake it has been difficult to find information on LC5. In my good searches I can see where people are sharing eval copies. I am a licensed customer of LC4 and would like to upgrade to LC5. I called Symantec Sales and they took a message “for the LC sales person” who has yet to call me back. LC uses a form of DRM to force you to get an updated license file if you install it on a new machine. In December, I’ll be getting a new computer and will need help from Symantec just to keep using LC4.
Patching Patching Patching Patching
Another week another patch. I was just noticing that Flash really needs to get patched. That one has some potential. You recall some instances of ad servers getting hacked. And banner ads like to use flash. So you could hack the ad server and upload a specially crafted flash file. that way you go to any garden variety trusted website that happens to use that banner ad server, you get infected with the virus spread through the Flash exploit.
We’ve decided this needs to be addressed soon. Fortunately Macromedia does reportedly supply a msi version of the install if you license it for use on your intranet. So it should be simple to push the newer version out with sms. You can use sms to get a count of clients wiith each version of flash by doing a query for getflash.exe.
Microsoft only has one patch out this month. But its for GDI. I’d recommend patching the clients this month on your normal patching cycle. Servers shouldn’t be used to surf, so I’m thinking its safe skipping the server patches this month.
IM Security
Lots of IM Security noise this week. From technews “Your Next IM could be Your network’s last by Gregg Keizer:
Facetime is issuing a “Worm Free Guarantee” on tuesday as it released Facetime Auditor 6.5. AFAIK they rely on thresholding to watching clients sending too many messages in a short period of time. When I evaluated an earlier version of Facetime’s product in October, I was plagued by problems.
IMLogic pointed out theyuse RTTPS technology to detect odd behavior and block the transmission. RTTPS is an add-on piece for their IMLogic product. It was not available when I tested IMLogic in September. I asked about getting a new beta and was told they don’t do that because evals are limited to 50 users and RTTPS doesn’t eval well with that number of users. When I evaled IMLogic file transfer did not work with AIM and MSN Messenger.
The article says that it is possible to create an IM exploit that automatically runs exploit code using keystroke macros found in MSN and AOLs product. (I haven’t heard of this before)
I had Akonix on site today and will be beginning an eval of them next week. They have been doing IM Security for a while now. They are still using updating block lists. Its a better defense than what IMLogic and Facetime gave me to demo. However, I find myself wondering if these two vendors haven’t jumped right back into the game with their new releases.
Being dependent on updates as Akonix is, is not a good place to be. Think of it like email. When there were a low number of email virues and they spread slowly, it was rare for a virus to get by. But as the volume of email viruses increased, their speed increased and more got by. Today viruses target specific companies and industries. The update model of security is not good enough for that. But based on my poor experience in evaluating IMLogic and Facetime, I really dont trust their press releases. Hopefully my eval of Akonix will fare better than these previous two.
F-Secure Not Giving Credit?
Yesterday, Mark over at SysInternals posted about Sony Digital Rights Management (DRM) using rootkit like practices to hide their files. This got picked up by the SANS Internet Storm Center blog giving it wider exposure.
Now today, F-Secure has a similar article. Do I think that the F-Secure Blacklight (rootkit detector) would have found the same things the SysInternals rootkit scanner did? Sure. But Sysinternals did post about it first, so I think F-Secure should give credit where credit is due. At the present time they do not mention the SysInternals writeup at all. Since that article clearly sparked their own, I find this to be poor blogging on the part of F-Secure. Give credit where it is due.
