[ECP] Which Antiphishing Solution Is Best?
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Thu, 30 Nov 2006 09:18:04 -0500
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
Please link to the Educational CyberPlayGround
http://www.edu-cyberpg.com
Add your K12 SCHOOL OR SCHOOL DISTRICT URL
http://www.edu-cyberpg.com/schools/
Please Share and Add Your Song
http://www.edu-cyberpg.com/ncfr/
Educational CyberPlayGround Network Newsletters Mailing List ©1994
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
=== CONTENTS ===================================================
IN FOCUS: Which Antiphishing Solution Is Best?
NEWS AND FEATURES
- Malware Could Become Its Own Worst Enemy
- GRISOFT Expands Offerings to Linux and FreeBSD
- Check Point Slated to Acquire Protect Data
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: New Tool from Sysinternals: Procmon
- FAQ: Hiding the List of Domains at Logon
- From the Forum: Shared Mobile Laptops
- Know Your IT Security Contest
- IT Pro of the Month--October 2006 Winner
RESOURCES AND EVENTS
FEATURED WHITE PAPER
=== IN FOCUS: Which Antiphishing Solution Is Best? =============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
The best antiphishing defense you could hope to build is based firmly
upon end-user education. If people could be freed from their naivete,
scammers wouldn't stand a chance of fooling anyone except themselves.
But many companies don't see the value in ongoing user education, and
some people simply can't be educated to a reasonable degree. Thus, we
need antiphishing software, which has become a major feature of Web
browsers and of various third-party security solutions.
In October, a Microsoft-commissioned report on various antiphishing
solutions was released. The testers found that Microsoft Internet
Explorer (IE) 7.0 has better antiphishing technology than competing
solutions. The products tested included IE 7.0 Beta 3, EarthLink
ScamBlocker, eBay Toolbar with Account Guard, GeoTrust TrustWatch,
Google Toolbar for Firefox with Safe Browsing, McAfee SiteAdvisor Plus,
Netcraft Toolbar, and Netscape Browser with built-in antiphishing
technology. In "IE 7.0 and Firefox 2.0 Both Have New Antiphishing
Technologies" (at the URL below), I reported that the test results were
weighted toward rewarding tools that completely blocked access to
suspected phishing sites (rather than just warning users) and to tools
that didn't produce false positives.
http://list.windowsitpro.com/t?ctl=41873:7EB890
The Mozilla Foundation commissioned its own study to gauge the
effectiveness of Mozilla Firefox 2.0's antiphishing technology as
compared with IE 7.0's. This study found that Firefox's antiphishing
technology was better than IE's by a considerable margin (see the
results at the URL below).
http://list.windowsitpro.com/t?ctl=41878:7EB890
One difference between the two studies is that Mozilla used a much
larger sample of known phishing sites, all of which appear on the
PhishTank Web site, at the URL below. The larger sample undoubtedly had
an effect on the overall outcome. Another difference is the weighting
in the Microsoft-sponsored test. If you don't place the same value on
certain features as the test did, you might not give the tools the same
ranking they received in the test results.
http://list.windowsitpro.com/t?ctl=41882:7EB890
I think the most interesting result is that some of the third-party
products performed exceptionally well in the test commissioned by
Microsoft. But neither report seems conclusive to me. One report
provides test results for many products but used a small sample of
known phishing sites. The other report used a large sample of sites but
tested only two products out of the many available.
It would be interesting to see a new report that uses a very large
sample of phishing sites and performs tests on all (or most) of the
available antiphishing solutions, including third-party solutions that
offer both browser-based protection and gateway-level protection.
It's especially important to know how gateway-level solutions perform,
because browsers and browser toolbars are updated frequently. Thus,
keeping up on all workstations is a big chore, especially in large
organizations. It seems to me that using a gateway-based solution would
be much more cost effective if at all possible. However, a gateway-
based solution might not work for you, depending on the way you handle
connectivity and security for your mobile users.
=== SECURITY NEWS AND FEATURES =================================
Malware Could Become Its Own Worst Enemy
An emulator that poses as a virtual machine (VM) could protect a
system against certain types of malware that detect VMs and refuse to
run in them.
http://list.windowsitpro.com/t?ctl=41877:7EB890
GRISOFT Expands Offerings to Linux and FreeBSD
Antivirus maker GRISOFT has expanded its line of antivirus and
antispam security products to include support for Linux and FreeBSD.
http://list.windowsitpro.com/t?ctl=41875:7EB890
Check Point Slated to Acquire Protect Data
Check Point Software Technologies said it has made an offer to
acquire Sweden-based Protect Data, owner of Pointsec Mobile
Technologies.
http://list.windowsitpro.com/t?ctl=41876:7EB890
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=4186B:7EB890
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: New Tool from Sysinternals: Procmon
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=4187D:7EB890
Process Monitor (Procmon) is Filemon and Regmon combined, and then
some. Microsoft says the capabilities will make Procmon "a core utility
in your system troubleshooting and malware hunting toolkit." Learn more
about it in this blog article.
http://list.windowsitpro.com/t?ctl=41874:7EB890
FAQ: Hiding the List of Domains at Logon
by John Savill, http://list.windowsitpro.com/t?ctl=4187B:7EB890
Q: How can I use Group Policy to hide the domain drop-down list in the
Windows Logon dialog box?
Find the answer at
http://list.windowsitpro.com/t?ctl=41872:7EB890
FROM THE FORUM: Shared Mobile Laptops
A forum participant has several laptops that are used by multiple
employees for presentations or meetings in the office and for working
at home. In the office, laptop users can connect to the Internet via
wireless access points (APs). Home users access the Internet via their
own private broadband connection (they don't have VPN access into the
company network). Should the laptops be part of the domain, which will
force users to log on using their individual accounts, or should they
be standalone systems, which means users sharing local accounts? Join
the discussion at
http://list.windowsitpro.com/t?ctl=41864:7EB890
KNOW YOUR IT SECURITY Contest
Share your security-related tips, comments, or solutions in 1000
words or less, and you could be one of 13 lucky winners of a Zune media
player. Tell us how you do patch management, share a security script,
or write about a security article you've read or a Webcast you've
viewed. Submit your entry between now and December 13. We'll select the
13 best entries, and the winners will receive a Zune media player.
Email your contributions to tipswinitsec@xxxxxxxxxxxxxxxxx
Prizes are courtesy of Microsoft Learning Paths for Security:
http://list.windowsitpro.com/t?ctl=41879:7EB890
IT PRO OF THE MONTH--October 2006 Winner
Congratulations to Chris Stanley, who was voted the October 2006 "IT
Pro of the Month." Chris built an Apache Web server (using MySQL and
FileZilla) and designed an intranet on which he posted manuals and
protocols used in a 911 center. Vital information is now centralized
and can be accessed quickly when time matters most. To learn more about
Chris's solution and find out how you can become the next "IT Pro of
the Month," please visit
http://list.windowsitpro.com/t?ctl=4187E:7EB890
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=4187A:7EB890
How will compliance regulations affect your IT infrastructure? Help
design your retention and retrieval, privacy and security policies to
make sure that your organization is compliant. Download the free eBook
today!
http://list.windowsitpro.com/t?ctl=41868:7EB890
Now that Microsoft and Novell have announced their alliance, you can't
miss an opportunity to learn about new ways to manage Windows and
UNIX/Linux networks efficiently. Register now for TechX World--free
online December 14--and learn how to manage your heterogeneous
environment, including task automation and scripting, data access and
application management, file and print sharing, and security and access
considerations. Register today!
http://list.windowsitpro.com/t?ctl=41871:7EB890
After disaster strikes, does recovering your data feel like digging for
buried treasure? Test your disaster recovery skills, and you could win!
Each week we'll give away a USB flash drive to one lucky treasure
hunter. You'll also be entered to win the full treasure chest,
including Bose headphones! Test your skills now!
http://list.windowsitpro.com/t?ctl=4186C:7EB890
Learn about the advantages for each alternative to traditional file
servers and tape storage solutions, and make the best choice for your
enterprise needs. On-demand Web seminar
http://list.windowsitpro.com/t?ctl=41865:7EB890
BONUS: Register for any Web seminar--live or on-demand--during the
month of November, and you could win a PS3! View a full list of
eligible seminars at
http://list.windowsitpro.com/t?ctl=41869:7EB890
Learn to differentiate between alternative solutions to disaster
recovery for your Windows-based applications and to ensure seamless
recovery of your key systems--whether a disaster strikes just one
server or the whole site. On-demand Web seminar
http://list.windowsitpro.com/t?ctl=41866:7EB890
=== FEATURED WHITE PAPER =======================================
What is the true cost of an in-house email archiving solution, and how
does it compare to the cost of an outsourced solution? Find out from
independent researchers what the TCO of both solutions really is, and
how the management of an in-house solution can strain IT budgets and
staff. Download your copy of this white paper today!
http://list.windowsitpro.com/t?ctl=41867:7EB890
Copyright 2006, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Educational CyberPlayGround Network Newsletters Mailing List
Subscribe - Unsubscribe - Set Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Copyright statements to be included when reproducing
annotations from the
Educational CyberPlayGround Network Newsletter
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
Email Prefrences - Subscribe - Unsubscribe - Digest
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Other related posts:
[ECP] Which Antiphishing Solution Is Best?
