The 451 Group has a blog entry on the Barracuda’s purchase of Purewire. I am currently evaluating Purewire. This article had some tidbits I hadn’t seen in other analysis.
I had noted that the Security as a Service webspace was getting a bit crowded. ScanSafe as this article notes is the granddaddy of them all. Anyone who uses MessageLabs for email should be checking them out. Webroot has an offering. ZScaler and Purewire are two names I’d come across this year. While it appeared a bit like Purewire latched onto the first warm body they could find, selling early does make sure you aren’t left standing alone at the end of the night.
The 451 Group makes an interesting comment that perhaps BlueCoat would have been a better fit. That would have been very interesting to me. I’m not such a big fan of Barracuda. Venders with radio ads are not targeting infosec people like me. That didn’t turn me off on them so much as the Backscatter they’ve caused with their (previous) default settings.
451 says Purewire has 200 customers. That is beyond small. Larger companies see a lot of web traffic. Even if something were going to escape detection, odds are good that they would be reported by another company first and protection added. Hopefully Barracuda will add more viability than Purewire has currently
451 stated “bake-offs are the exception rather than the rule” in web security. I find that kind of hard to believe. As critical as web traffic is people dont look at multiple venders? Its so easy to set up an eval.
Ultimately my evalutaion of this purchase is “at least its not CA.”
Posts tagged ‘Webroot’
Symantec Endpoint Security 11
Yesterday, I attended a webinar on Symantec Endpoint Security 11. It should be available for ondemand replay at some point on at symantec.com.
A lot of people including myself have been very negative about the Symantec product, virus detection rates, and product support. I’m actually starting to believe that Symantec is turning things around. Yes, I know this brief ray of hope will soon be crushed by more Symantec nonsense. But for now, for this blog entry, I’ll focus on the positive.
Symantec Endpoint Security, formerly code named Hamlet, is a single agent, single console solution. In the past people have implemented piecemeal solutions. So the clients have anti-virus products, antispyware products, and a personal firewall. Each of these products require a separate management point. They each require upgrades and management. There is a incredible cost to the old “best-of-breed” approach. Back then “kitchen-sink” solutions like Symantec Client Security were bloated beasts that weren’t the best at anything. McAfee Total Protection was the first vendor to grab my attention with a consolidated approach. Lets see what Symantec brings to the table.
- Antivirus – as I’ve blogged about before, Symantec is doing much better on the AV tests.
- Antispyware – Includes Veritas technology VxMS to detect rootkits. They feel this is superior to rootkit detection in other products. I’m not convinced though that the product is overall better in spyware detection than Webroot or Sunbelt. But it may be worth it to preserve resources.
- Intrusion Prevention (Network and Host)
Generic exploit blocking (currently in SCS)
Proactive Threat Scan (from Whole Security)
Deep Packet Inspection - Device Control – restrict data leakage (not a lot of info on this that I noted)
- Symantec NAC
This is all with a single agent. According to the presenter McAfee is using multiple agents in its product.
They had some interesting memory baseline numbers:
Symantec Antivirus Corporate Edition – 62 MB
Symantec Client Security – 129 MB
McAfee Total Protection – 71 MB
Symantec Endpoint Protection 21 MB
That is a very significant number. We have been very concerned about each security solution adding a burden to the computer.
There is a public beta. To sign up for that, or for additional information, check out www.symantec.com/endpointsecurity.
This sounds interesting. Of course I would never install a dotZero release from Symantec. But about 6 months after release this could be of interest.
Here’s why I wont by buying anythign from Sunbelt Software
At first I just found their advertizing really annoying. More recently, as I’ve followed the Sunbelt Blog, I realize, I just can’t stand Alex.
Here’s his latest whine. “Oh no sales people are reading the case studies on our public website and then calling the customer offering them a competitive upgrade. Waaaa.”
“Oh no, Webroot people are saying mean things on my blog waaaaaa.” (actually the comment was by the Webroot guy was pretty funny.)
“Waaaa, Webroot PR is mean like Karl Rove.” I guess we now know the politics of Alex Eckelberry. Whatever dude.
Webroot State of Internet Security
Webroot has posted the Q107 State of Internet Security.
Eschelbeck Slams Windows Defender
I was a fan of Gerhard Eschelbeck when he was with Qualys. He’s been pretty much off my radar sense he took the CTO position at Webroot. Today he comes out swinging against Windows Defender as reported in Information Week.
“If you look at the [Defender] data points, they speak for themselves,” says Eschelbeck. “Defender didn’t block 84% of the tested malware. That’s not the kind of performance users are hoping for.” Eschelbeck says that his firm’s research team tested Defender against a suite of Trojan horses, adware, key loggers, system monitors, and other unwanted programs, all of which were gathered from in-the-wild threats. Webroot’s own Spy Sweeper blocked 100% of the threats.
Hmm, so in tests where they gathered the malware, their own antispyware program detected everything and the competitors didn’t do so well. That’s quite a shock.
Take a look at Sunbelt Software’s response when Webroot and Veritest released results last spring.
Eschelbeck also slammed Windows Defender, and by connection, Vista’s security, for infrequent updates. Microsoft currently issues spyware definition updates every seven to 10 days, he says. Webroot, meanwhile, identifies approximately 3,000 new traces of spyware every month. “Users can’t wait for a week or so to have their anti-spyware signatures updated,” says Eschelbeck.
So Eshelbeck is comparing frequency of updates to number of detections added. Apples/Oranges anyone? Hopefully that is the writer’s mistake.
I know nothing about Windows Defender frequency of updates. I do like that it uses an established update channel like Windows Update. However, I prefer my anti-malware apps on the desktop to check for updates hourly.
Practicing Safe Surf
In other news the sky is blue. Porn sites are sleazy. and everything isn’t as it seems on myspace.
http://sourcewire.com/releases/rel_display.php?relid=27686&hilite=
A survey of over 600 UK respondents showed that young men are significantly more likely to be infected with spyware than their female counterparts. The likelihood of infection was increased by the risky online behaviour of young males, such as opening instant messages (66%), downloading files (65%) and visiting adult entertainment sites (56%).
“The chances of becoming infected with spyware rapidly increase when performing certain online behaviour, such as visiting adult entertainment sites or social networking sites such as MySpace.com”, said David Moll, CEO of Webroot. “These sites have become a breeding ground for spyware.”
Should antispyware detect cookies?
Suzi Turner asks, “should antispyware products detect cookies” in her latest blog entry at ZDNet.
Here is some test results from Ben Edelman on how various antispyware programs treat cookies.
I’m coming at this from the perspective of a corporate information security guy. Several years ago, I started an initiative to purchase enterprise ready antispyware. It was readily apparent that spyware was a problem. Users were installing unlicensed copies of software like adaware and spybot s&d. After reviewing the “free” license, it was apparent that the company could be liable to software piracy charges, particularly since the corporate helpdesk was often the party installing this software. We purchased Webroot Spysweeper Enterprise to resolve this issue.
When we rolled out Webroot, one of the common complaints I heard was that it wasn’t detecting as much. The “free” antispyware products were deleting all the cookies and including that in the detected spyware count. I find that disingenuous.
I debated turning on the cookie detection in Webroot, but it seemed like I was losing cookies that were remembering my login information on various sites. My Techtarget cookie was a regular target.
I continued the rollout without enabling cookie detection. There have been many versions of Webroot Spysweeper since then. I wonder if its time to take another look at detecting cookies.
Full Disclosure of Symantec Product Updates?
It seems like someone decided that Symantec is no longer a favored company. I think it started last year when support hold times were up over an hour. Whatever the cause, SAV admins are looking for any opportunity to complain. SAV updates the product, complain. SAV doesn’t update the product, complain. SAV doesn’t provide updates in the method you’d like, complain.
Which leads us into today’s item. An admin from the University of Richmond would like the ability to push out SAV updates via the Symantec System Center. Does he enter a feature request? No! He posts to the Full Disclosure mailing list as if this were some sort of discovered exploit.
Symantec does need to take a look at distribution systems such as those used by McAfee ePolicy Orchestrator or Webroot SpySweeper Enterprise. But ultimately, this is an enterprise product, and enterprises invest in products such as SMS to perform software rollouts.
Webroot Spysweeper Enterprise 3.0 Released
The server update contains the following changes:
- Improved navigation tree structure and UI
- Additional controls for new client functionality (see client changes below)
- Support for Informational definitions
- Support for Incremental definitions
- Numerous stability enhancements
- SQL Server 2005 Express Database Support
The client update contains the following changes:
- Completely new Kernel level driver engine
- Rootkit detection and removal capabilities
- 4 New Smart Shields
- ActiveX Shield
- Browser Helper Object Shield
- Spy Communication Shield
- IE Trusted Sites Shield - New Client Homepage
- Command-line access to client
- Support for Incremental Definitions
- Support for Informational Definitions
It now operates in a Kernel mode to offer protection much earlier in the boot process.
I think I’m kind of excited that development continues one what has always been a highly rated product. The activeX shield sounds like it will be a replacement for Spywareblaster. So that is less work for me monthly.
Webroot to Offer Antivirus
At the end of this article defending the need for Spysweeper even after Vista is released Webroot CEO David Moll says that Webroot will soon offer antivirus in addition to antispyware. Its not clear if they are going to bundle with a competitor, if they are developing from scratch, or if they are going to buy someone.
Other interesting notes:
-Webroot has a half million dollar “usability” center where they observe normal people using the product.
- They take time to play offense against their product, trying to be the bad guy and look for ways to circumvent the product, so they can close those holes.
- If you get a patent while working for the company you only get a 2k bonus.
