One Virus Engine Is Not Enough (Nov 5)
Research shows using multiple anti-virus engines yields the most effective protection. Analysis of the results from five independent testing organizations shows no single anti-virus engine is effective across the spectrum of email threats.
The data from the research paper, “One Virus Engine is Not Enough”, shows that no single product catches a comprehensive range of email viruses and malware within a variety of compressed and uncompressed file formats. A more secure approach must employ multiple anti-virus engines to cover a broader spectrum of threats.
The professional anti-virus testing laboratories (ICSA Labs, West Coast Labs, Virus Bulletin, AV-Test.org, and Virus TestCenter) looked at the leading anti-virus engines – namely, those developed by Trend Micro, Symantec (Norton), McAfee, Norman, and SOFTWIN – for their overall virus detection rate, their ability to scan through compressed and embedded files, and their coverage of non-virus malware. Each product showed strengths in different areas, meaning that combining the capabilities of two or more products would enable organizations to make up for deficiencies in any single product.
Microsoft to offer bounty on hackers (Nov 5)
Microsoft will announce on Wednesday that it will offer two $250,000 bounties for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus, CNET News.com has learned.
The two programs attacked computers that run Microsoft’s Windows operating system, causing havoc among companies and home users in August and September. The reward, confirmed by sources in both the security industry and in law enforcement, will be announced in a joint press conference with the FBI, the U.S. Secret Service and Interpol that’s scheduled for 10 a.m. EST Wednesday.
The rewards are the first time a company has offered money for information about the identity of the cybercriminals.
Protect Your PC (Nov 4)
In this presentation learn how to protect your PC by taking three simple steps.
Download: Protect Your PC (57MB video)
It’s a fact; Office 2003 first official critical update! (Nov 4)
Office 2003 Critical Update: KB828041 offers the highest levels of reliability available for Microsoft Office 2003. This update fixes an issue in Microsoft Word 2003, Microsoft Excel 2003 and Microsoft PowerPoint 2003 that occurs when opening a file last edited and saved in Office 2000. Under this specific scenario it is possible for graphic content to be inadvertently lost on save. The Office 2003 Critical Update: KB828041 is part of Microsoft’s continued effort to provide the latest product updates to customers.
Microsoft recommends that you use the Office Update site to determine if your computer requires this update before installing it.
A full-file administrative update for use by IT Administrators is available on the Microsoft Office 2003 Editions Resource Kit Web site.
Download: Office2003-KB828041 client (English)
Download: Office2003-KB828041 client (different language)
Download: Office2003-KB828041 administrative (English)
Download: Office2003-KB828041 administrative (different language)
Ex-hackers ‘rubbish at security’ (Nov 4)
Don’t employ former hackers to safeguard systems, warn experts.
Companies should stop hiring hackers to beef up security – not for ethical reasons but because they are no good at it, according to experts.
Delegates at the RSA Security Conference in Amsterdam heard a panel of reformed hackers, police officers, members of the legal profession and corporate security experts launch scathing attacks on the abilities of most hackers.
The skills that make a good hacker are not the same as those required by an IT security officer, delegates were told. “Everyone thinks that if you know how to break into a system then you must know how to protect one. It’s rubbish. I could teach a monkey to break into a system in four hours,” claimed Ira Winkler, chief security strategist at Hewlett Packard. “While there are highly skilled technical hackers out there, they are the ones you never know about because they don’t get caught.”
But most hackers are IT professionals in their 20s and 30s, suggesting that companies may be late in their realisation that cyber-poachers do not make good cyber-gamekeepers. “Why would you want to employ a hacker with a criminal record, i.e. someone so bad they’d been caught?” asked Tony Neate, industry liaison officer at the National High Tech Crime Unit. “After all, if a bank is looking to employ a security guard they don’t try and find a former bank robber to guard their safe. Companies must be sure that they know their staff’s backgrounds.”
Checking employees was highlighted as essential, but there was a gap in the law as juvenile criminal records are sealed when the perpetrator reaches adulthood. But a quick search of the internet using a web or newsgroup search engine should reveal details of a person’s hacking history, if it exists.
Windows SharePoint Services Template Packages (Nov 4)
This product shows the great results you can get when you customize a Windows SharePoint Services-based Web site using Microsoft Office FrontPage 2003. This template contains the custom Theme used in creating this site, and detailed instructions and necessary files to allow you to reproduce the look on your own Windows SharePoint Services-based site. For more inspiration, information and tools to help you customize Windows SharePoint Services-based Web sites with FrontPage 2003, visit the Microsoft Office FrontPage 2003 Customization Kit at http://www.sharepointcustomization.com/
Download: Windows SharePoint Services Template Package- Human Resources
Download: Windows SharePoint Services Template Package- Finance
Download: Windows SharePoint Services Template Package- Real Estate
Download: Windows SharePoint Services Template Package- Hospital
Xara Webstyle 4 (Nov 4)
A quick and easy way to produce quality graphics and photos for the Web, no programming skill required. Create graphics by simply customizing the professionally designed templates, including animated banner ads, button bars and DHTML menus, headings, web page backgrounds and even complete themed page layouts. And because the templates are vector graphics there is no loss of quality. Webstyle has a built in photo album builder to generate stunning albums in just a few clicks. Webstyle 4 also includes one of the quickest photo editors available, auto thumbnail creation, plus seamless integration with FrontPage. All customers receive a CD which contains the software, over 1600 fully editable templates, tutorial movies and a collection of TrueType fonts.
Download: Xara Webstyle 4 (trial)
Web hoaxes set to increase (Nov 3)
Widespread education needed as more consumers are targeted.
Web fraudsters are increasingly targeting consumers with password-confirmation scams, experts have warned.
The scam involves sending emails which purport to come from a service provider asking consumers to confirm their passwords at a website. Customers of several British banks were targeted last month.
The websites are cunningly constructed fakes. Once the password entries are made online thieves collect them. As well as banks, companies like eBay have also been targeted.
“A huge number of people are getting suckered by spoof websites, particularly in the US,” said Scott Schnell, senior vice president of sales and marketing for RSA Security. “Once they use the sites they are losing everything, all their personal information. This problem needs to be addressed.”
Schnell suggested that companies and the press should educate employees and the public respectively. Better identity management would also help, he added. “Someone being lazy or stupid, two essential human traits, can defeat the very latest risk management system,” said Jon Collins, associate at analysts Quocira. “Education is vital, there’s a fundamental misunderstanding about technology. When people go to these websites they aren’t thinking properly about threats.”
Financial institutions never ask customers for confidential information via email or to divulge such details at websites linked to by a web address in an email. Genuine banking websites are always prefixed with ‘https’. The ‘s’ stands for ‘secure’ and guarantees that details are being kept confidential.
Xara Online FrontPage Extension (Nov 3)
Xara Modules are hosted Web page add-ins providing everything from customized graphics to Web forms and online databases. Other Modules let you edit your photos online and place remotely updatable text within your Web page. Xara Online provides a wide range of free Modules and a 15 day trial of their Premium Modules.
Publishing a SharePoint Site Accessible to External Users (Nov 3)
Well the 30th I posted the link to the documentation on “Publishing a SharePoint Site Accessible to External Users”. Today Microsoft released it again!? Same version, same overview, different name, different download location. The last edit in the file was of the 26th so could it be that they simply lost the documentation and had to repost it??? I give them the benefit of the doubt and say “Unlikely”. Nevertheless, here’s the repost.
Many organizations require an efficient way to share files, folders, and resources and easily collaborate on the same document with people outside of the network. Using the Windows SharePoint Services solution in Windows Small Business Server 2003, organizations can now easily collaborate with users outside of the local network to satisfy this business need.
This document does not include information about publishing a SharePoint site accessible to external users using Microsoft Internet Security and Acceleration (ISA) Server.
Stay in Touch While on the Go (Nov 3)
Microsoft launched software for Pocket PC devices three years ago in the belief that people wanted to “do more” on mobile devices. In this presentation see the latest devices in 2003 that help you stay in touch while on the go.
Download: Stay in Touch While on the Go WMP presentation (300kbps)
Virus: The Mimail family (Nov 3)
W32.Mimail.C@mm is a Category 3 mass-mailing worm that steals information from infected computers. D and E variants have also reached the surface.
Spam and IM threaten email’s future (Nov 1)
Will the dominant communication tool end up going the same way as carrier pigeons?
The future of email as the dominant form of electronic communication and collaboration is becoming less certain as spam and the use of instant messaging (IM) chip away at the technology.
According to analyst IDC, more than 20 billion spam messages are expected to be sent daily worldwide by 2006.
IDC’s report, Worldwide Email Usage Forecast, 2003-2007: Spam and Instant Messaging Take a Bite out of Email, estimates that spam represents just under a third of all external and internal email sent on an average day in North America in 2003, up from 24 per cent in 2002.
The rising torrent of spam is reducing email’s usefulness by forcing users and IT staff to expend time and energy identifying and deleting it, and preventing it from clogging inboxes.
The other prong of the attack against email comes from the value of IM’s immediacy and the growing awareness of its presence in the workplace. But it is rapidly becoming more similar to email in terms of corporate requirements for tracking and archiving of messages.
“To keep email at the collaboration centre stage, email proponents will need to do a better job of helping end-users manage email and use other collaborative tools in conjunction with email,” said Mark Levitt, research vice president for collaborative computing at IDC.
Outlook 2003 Add-in: Personal Folders Backup (Oct 31)
This updated version fixes an issue with the browsing functionality on Windows 98 and Windows ME.
Outlook 2003 Add-in: Video Email (Oct 31)
Use a Web camera to easily send and reply with a video email to your friends and family with just two clicks on the Video Email for Outlook 2003.
Download: Outlook 2003 Add-in: Video Email