[ECP] In Focus: Will PatchGuard Stifle Security Innovation?
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 21 Nov 2006 05:00:00 -0500
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
Please link to the Educational CyberPlayGround
http://www.edu-cyberpg.com
Add your K12 SCHOOL OR SCHOOL DISTRICT URL
http://www.edu-cyberpg.com/schools/
Please Share and Add Your Song
http://www.edu-cyberpg.com/ncfr/
Educational CyberPlayGround Network Newsletters Mailing List ©1994
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
=== CONTENTS ===================================================
IN FOCUS: Will PatchGuard Stifle Security Innovation?
NEWS AND FEATURES
- End of Life Near for Firefox 1.5.x
- Webroot Launches New Product, Gains New CEO
- Reader-to-Reader: Use Cmdlets to Monitor Your Security Event Logs
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: File Recovery Caveats
- FAQ: Getting the Username, Computer Name, and Domain
- From the Forum: Copying Log File Data
- Know Your IT Security Contest
PRODUCTS
- Record RDP Traffic
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
=== IN FOCUS: Will PatchGuard Stifle Security Innovation? ======
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
You've probably heard of PatchGuard, Microsoft's new kernel technology
for 64-bit systems that will make its debut in Windows Vista.
PatchGuard works to help protect access to the kernel, or rather, as
Microsoft states it, PatchGuard makes the kernel completely off-limits
to any modifications. The limitation includes third-party modifications
designed to better protect Windows.
While the new technology will be welcomed by some people, others
(particularly a few companies that make security solutions) think it
goes too far. Symantec and McAfee have both complained loudly about
PatchGuard. These companies say they're worried that Microsoft will
systematically shut them out of certain sectors of the security
software market. Some of the companies' products rely on the ability to
patch the kernel, which doesn't provide the level of functionality
needed by their products.
Other companies, such as Authentium, have worked diligently to find
ways of interacting with PatchGuard that have resulted not only in
security solutions but have introduced a new level of functionality.
For example, the company's VirtualATM SDK can change Windows from a
multiprocessing platform into a single-processing platform. That sounds
completely counter to the purpose of a multithreaded OS, right? Well it
is, and for good reason.
If you can force Windows to only run one process at a time, all sorts
of malware (such as key loggers, sniffers, and Trojan horses) have
absolutely no way to do their work. If their process won't execute,
they're rendered completely ineffective. So VirtualATM becomes
immensely attractive as a tool to use for applications such as those
related to financial transactions or sensitive information input of any
type. VirtualATM, as obvious as the approach is, is truly innovative
and appears to hold incredible value. For more information, go to:
http://list.windowsitpro.com/t?ctl=40273:7EB890
Authentium is a Microsoft partner, so Microsoft is well aware of what
Authentium is doing with VirtualATM. Whether Microsoft changes
PatchGuard to prevent SDKs such as VirtualATM from working remains to
be seen.
Does PatchGuard go too far, stifling security-industry competition and
innovation? PatchGuard does seem to give Microsoft an advantage in the
security market space. Hopefully, Microsoft won't wield PatchGuard as a
sword against competition. This would thwart innovation, and typically
the best approach to security is a multivendor solution rather than a
single-vendor solution. If Microsoft were to take too much control over
the security market, it might find itself rapidly giving up ground to
other platforms, such as Solaris, Linux, and BSD, that have a healthy
variety of security solution choices.
=== SECURITY NEWS AND FEATURES =================================
End of Life Near for Firefox 1.5.x
Now that Firefox 2.0 is available, Mozilla said it will cease
updates of Firefox 1.5.x as of April 24, 2007.
http://list.windowsitpro.com/t?ctl=40274:7EB890
Webroot Launches New Product, Gains New CEO
Webroot Software launched Spy Sweeper with AntiVirus for consumers
and announced that board member Peter Watkins will become the company's
CEO.
http://list.windowsitpro.com/t?ctl=40275:7EB890
Reader-to-Reader: Use Cmdlets to Monitor Your Security Event Logs
Many people use a command-line utility named LogParser to
investigate logs produced by Windows products. An alternative exists
for interrogating Windows event logs: the Get-Event-Log cmdlet in
Windows PowerShell. Learn about this solution in this reader-written
article on our Web site.
http://list.windowsitpro.com/t?ctl=40278:7EB890
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=4026C:7EB890
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: File Recovery Caveats
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=4027D:7EB890
Once in a blue moon, someone will delete a file that shouldn't be
deleted. Even if you don't have a backup of that file, you might think
you can "undelete" the file by using specialized tools. Some files
can't be undeleted though. Learn more in this blog article.
http://list.windowsitpro.com/t?ctl=40276:7EB890
FAQ: Getting the Username, Computer Name, and Domain
by John Savill, http://list.windowsitpro.com/t?ctl=4027B:7EB890
Q: How can I use a script to quickly get the current username, computer
name, and domain?
Find the answer at
http://list.windowsitpro.com/t?ctl=40277:7EB890
FROM THE FORUM: Copying Log File Data
A forum participant formerly used xp_cmdshell to copy data from a
log file but turned that off for security reasons. Is there another,
more secure way to accomplish the task?
http://list.windowsitpro.com/t?ctl=40264:7EB890
KNOW YOUR IT SECURITY Contest
Share your security-related tips, comments, or solutions in 1000
words or less, and you could be one of 13 lucky winners of a Zune media
player. Tell us how you do patch management, share a security script,
or write about a security article you've read or a Webcast you've
viewed. Submit your entry between now and December 13. We'll select the
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security
newsletter. Email your contributions to tipswinitsec@xxxxxxxxxxxxxxxxx
Prizes are courtesy of Microsoft Learning Paths for Security:
http://list.windowsitpro.com/t?ctl=40279:7EB890
=== PRODUCTS ===================================================
by Renee Munshi, products@xxxxxxxxxxxxxxxx
Record RDP Traffic
According to TSFactory, its RecordTS product is the first RDP
recording solution for Windows platforms. It can capture all Remote
Desktop or Terminal Services traffic, record certain users at specific
times, monitor access to sensitive information such as financial data,
and save the data to digitally signed files. The two versions of
RecordTS, Remote Desktop Edition and Terminal Services Edition, are
available for a 30-day trial. For more information, go to
http://list.windowsitpro.com/t?ctl=40282:7EB890 or go to the Web site of
TSFactory's manufacturing and marketing partner, CNS Software, at
http://list.windowsitpro.com/t?ctl=40281:7EB890
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@xxxxxxxxxxxxxxxx and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=4027A:7EB890
The Event log (for Windows systems) and Syslog (for UNIX/Linux systems)
contain a wealth of information. In this free Web seminar, you'll learn
about the processes, challenges, and benefits of consolidating events
on a centralized server and will identify the 50 critical events that
should be monitored in your enterprise. Live Web seminar: Wednesday,
December 13
http://list.windowsitpro.com/t?ctl=40269:7EB890
Learn the basics of Linux and Windows interoperability, and find out
more about how to use Linux and open-source tools such as Samba and
pam_ldap with Microsoft tools such as IdMU, MSNFS, and SUA. Register
today for this free seminar with industry expert Dustin Puryear, and
get access to three additional seminars discussing virtualization,
single sign-on, and database replication. Find out more today! Live
event: Thursday, December 14
http://list.windowsitpro.com/t?ctl=40272:7EB890
Incorporate Virtual Machines into Your Disaster Recovery Plan
Join us for a free Web seminar to learn how incorporating virtual
machines into your disaster recovery plan can reduce your TCO by 50
percent or more, reduce hardware cost, and simplify management. Find
out more from industry leaders at VMware and CA XOsoft. Available now!
http://list.windowsitpro.com/t?ctl=40265:7EB890
BONUS: Register for any Web seminar--live or on-demand--during the
month of November, and you could win a PS3! View a full list of
eligible seminars at
http://list.windowsitpro.com/t?ctl=4026B:7EB890
You know you need to manage your email data, but how to do it? What
steps should you take? What additional measures should you enact? What
shouldn't you do? Get answers to these questions and get control of
your vital messaging data. Download the free eBook today!
http://list.windowsitpro.com/t?ctl=4026A:7EB890
When disaster strikes, do you feel like you're digging for buried
treasure to recover your data? Test your disaster recovery skills, and
you could win! Each week we'll give away a USB flash drive to one lucky
treasure hunter. You'll also be entered to win the full treasure chest,
including Bose headphones! Test your skills now!
http://list.windowsitpro.com/t?ctl=4026D:7EB890
=== FEATURED WHITE PAPER =======================================
Disaster recovery isn't just a theory for most businesses--it's a harsh
business reality. Improve your own disaster recovery efforts today and
learn from real-life disaster survivors. Make sure that your plan is
ready before a disaster strikes--download this free white paper today!
http://list.windowsitpro.com/t?ctl=40268:7EB890
Copyright 2006, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Educational CyberPlayGround Network Newsletters Mailing List
Subscribe - Unsubscribe - Set Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Copyright statements to be included when reproducing
annotations from the
Educational CyberPlayGround Network Newsletter
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
Email Prefrences - Subscribe - Unsubscribe - Digest
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Other related posts:
[ECP] In Focus: Will PatchGuard Stifle Security Innovation?
