To:"Mike Swier" <mswier@YAHOO.COM>
Date: Thu, 24 Mar 2005 15:20:54 -0500 (EST)
From:"Security Pipeline Newsletter" <secured@techwire.com>
Subject: [SPN] Security Pipeline - 03.24.2005 - Win vs. Lin Security Pipeline Newsletter | Win vs. Lin | 03.24.2005
Security Pipeline Newsletter
www.SecurityPipeline.com
Thursday, March 24, 2005


In This Issue:
  • Editor's Note: Two Perfectly Good Rants Gone To Waste
  • Top Security News
        - Microsoft Begins Beta Of Unified Update
        - A Third Of IRS Employees Suckered By Auditors Posing As Hackers
        - Mozilla Releases Security Updates To Thunderbird, Mozilla Suite
        - More News...
  • Editor's Picks
        - Report: Linux Vulnerabilities More Numerous And Severe Than Windows
        - Blog: IBM Isn't Getting Into The Mailbombing Business
        - Phishing, E-Mail Security Top IT Concerns
        - More Picks...
  • Voting Booth: How You Read About IT
  • Get More Out Of Security Pipeline
  • Manage Your Newsletter Subscription


    ------- Advertisement -------------------
    This issue sponsored by VeriSign.
    Get a FREE SSL Security Kit from VeriSign
    VeriSign(r) SSL Certificates protect e-commerce and other private
    information with 128-bit encryption, the strongest SSL
    protection available anywhere. Get a Free SSL Security Kit.
    http://clk.atdmt.com/SFI/go/tchwesrv0460000020sfi/direct/01/

    -----------------------------------------

    Editor's Note: Two Perfectly Good Rants Gone To Waste

    The Internet has produced two art forms so far: the goofy Flash animation and the rant.

    Sure, there were great rants before the Internet, and there are great rants not on the Internet. The comedian Bill Hicks, who died just when the Internet was taking off in 1994, is considered by connoisseurs to be a past master of the form. John Belushi used to do these great rants on the Weekend Update segment of "Saturday Night Live" back 30 years ago. And we always like to watch "The Daily Show" on TV to see if this is the week Lewis Black is going to have an aneurysm and fall over on Jon Stewart's lap.

    But, still, the Internet raised the rant to an art form. To look for the best rants, you have to go to the bowels of Usenet, and find raging flamewars on Windows vs. Linux vs. OS/2 vs. the Mac, abortion (either side), gun control (either side), and who was the best captain on Star Trek. (The right answers, in no particular order: Windows, Sisko, and, what, are you crazy, do you think I'm going to answer that here and lose my job?)

    I was all geared up this week with not one but two great rants, but I find that the facts support neither of them. Alas.

    Rant #1: The anticipated report finding Linux less secure than Windows has been released. And it turns out to have been funded by Microsoft. Can you imagine? I haven't been so surprised since Darth Vader said he was Luke's father.

    Our recent article by Michael Cohn has some juicy details about the study, which was by Security Innovation and the Florida Institute of Technology's College of Engineering. Although our earlier article covered the study in depth, Mike reports some new information and detail.

    I was all wound up to scold the researchers for failing to disclose the Microsoft funding sooner, when I had the following imaginary dialogue:

    MY IMAGINARY FRIEND: "So, is the report worthless because Microsoft funded it?"

    ME: "No, of course not. Microsoft has a right to speak out on this issue. And the study raises some interesting points. Prior to our earlier article on this subject, I would have said that Linux is more secure than Windows, hands down. Now, I'd say it may be impossible to tell which operating system is more secure. The question is meaningless, like deciding whether classical music is better than rock 'n roll."

    M.I.F.: "If you'd known from the beginning that Microsoft had funded the study, would you have published an article about it?"

    ME: "Almost certainly not. Maybe a couple of paragraphs, no more."

    M.I.F.: "So maybe the researchers were wise to withhold the source of the funding until after the report was released? Maybe this allowed debate to focus on the SUBSTANCE of the report, rather than the funding?"

    ME: "Oh, fine, yes, I suppose so. Say, could you pick me up some Starbucks?"

    M.I.F.: "Sorry, I'm imaginary."

    What do you think? Which is more secure, Linux or Windows? Does the source of the funding matter? Write and let us know; we'll publish the best of your letters.

    RANT #2: Several respected technology news media reported that IBM was going into the business of mailbombing companies that send spam. I won't say who they are, except to say that their names rhyme with Wall Street Hournal, Mashhot, and CMM. I was all geared up to deliver a scathing rebuke to IBM, a multinational corporation with multibillion-dollar sales that's nonetheless too cheap to buy a clue. But it turns out that the stories got the facts wrong; rather, what IBM has developed is promising technology combining a limited form of challenge/response with a variety of other spam-screening measures.

    More Noteworthy Articles This Week

    Microsoft Begins Beta Of Unified Update: Microsoft Update is a substitute for Windows Update that will keep users current with security patches and other updates for not only the OS, but also Office and other products.

    Spam Is All Your Fault, Says Study: Users are still clicking links and even buying products advertised in spam, according to the Radicati Group.

    Struggling Against The Spyware Plague: Learn how IT managers, merchants, vendors and regulators are working to eliminate, or at least contain, the year's biggest security problem.

    Microsoft Details Inner Workings Of New AntiSpyware: Windows AntiSpyware security software looks at criteria such as whether software is deceptive and how much damage it does to a PC to identify potential problems and make recommendations to as to whether the questionable software should be ignored, quarantined, or removed.

    For more opinions, links, and humor about security, technology, and the Internet, see Wagner's Weblog. This week: Firefox add-on Greasemonkey customizes the Web, IT organizations don't innovate, IM pluses and minuses, Yahoo buys Flickr, flexible displays, and signs that the world is coming to an end.

    And sorry about the whole Darth Vader/Luke spoiler thing if you haven't seen the movie.

    Mitch Wagner
    Editor, Security Pipeline
    mwagner@cmp.com
    www.SecurityPipeline.com


    Keep Getting This Newsletter
    Don't let future editions of Security Pipeline Newsletter go missing. Take a moment to add the newsletter's address to your anti-spam whitelist:

    secured@techwire.com

    If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.


    Top Security News

    Microsoft Begins Beta Of Unified Update
    Microsoft Update is a substitute for Windows Update that will keep users current with security patches and other updates for not only the OS, but also Office and other products.

    A Third Of IRS Employees Suckered By Auditors Posing As Hackers
    That's better than 2001, when 71 percent of IRS employees got taken in by the test run by the Treasury Department's Inspector General.

    Mozilla Releases Security Updates To Thunderbird, Mozilla Suite
    The Mozilla Foundation releases new versions of its Thunderbird mail client and its namesake Mozilla browser suite that both plug security holes.

    Spam Is All Your Fault, Says Study
    Users are still clicking links and even buying products advertised in spam, according to the Radicati Group.

    Symantec Introduces Hosted Mail Security
    The service is designed to protect companies against spam, viruses, and other unwanted e-mail.

    IBM Wades Into Murky Waters Of Anti-Spam Tech
    IBM introduces a new anti-spam technology that its developer says will nab eight out of ten spams off the bat, and fill the gap until more robust sender authentication schemes, such as Sender ID, SPF, or DomainKeys, are widely adopted.

    Texas Sues Vonage, Charging Misleading Advertising
    The lawsuit says Vonage misled customers by claiming that it could replace existing phone service. Vonage failed to clearly explain to customers that they must take special measures to make 911 service work, the lawsuit charges.

    CAN-SPAM Act Authors Re-Introduce Anti-Spyware Bill
    Sen. Ron Wyden and Conrad Burns say the SPYBLOCK Act would prohibit software installation without owner's consent and require uninstall procedures for all downloaded software. It would also forbid software that surreptitiously collects information about the user.

    EarthLink Launches VPN Service
    The service is designed for small and medium-sized businesses who need to provide secure access to traveling workers, and workers in home and remote offices.

    Feds Aim To Reduce Access To Social Security Numbers
    In the wake of the ChoicePoint and LexisNexis breaches, Congress mulls a bill that would prevent the sale of Social Security numbers without the owner's okay unless there is a legitimate law-enforcement reason.

    Parents Step Up Internet Filter Use
    Yet the increased vigilance doesn't seem to be impacting teens' behavior, according to a new research report.

    Postini To Unveil Anti-Spam Hosted Service For Small Business
    The Postini Perimeter Manager Small Business Edition is a managed security service optimized for organizations with unsophisticated e-mail infrastructures, simplified policy needs, and relatively low IT staff and budget resources.

    New Security Threats Target Cell Phones, Mobile Devices
    Though these viruses and hacker attacks are still in their infancy, experts predict that the threats quickly could become bigger, bolder and badder.

    Flaw Found In McAfee Anti-Virus Engine
    A critical vulnerability was disclosed in the anti-virus engine shared by all McAfee's virus scanners.

    Firefox Eats More Microsoft Market Share
    Market share for the open-source Mozilla Firefox climbed above 6% in February, while Microsoft's Internet Explorer share dropped below 90%.

    FBI And Retailers Collaborate To Prevent Theft
    The bureau is working with retailers to develop information-sharing networks and databases to cut down on organized theft.

    ID Thefts Erode Bank Consumer Confidence
    Nearly 60 percent of U.S. consumers polled in January said they were worried about identity theft, and about 6 percent have switched banks to reduce identity theft risk.

    Westlaw Restricts Social Security Number Access
    Government leader says company's decision is a model for the rest of the data-brokerage industry.

    Microsoft Details Inner Workings Of New AntiSpyware
    Windows AntiSpyware security software looks at criteria such as whether software is deceptive and how much damage it does to a PC to identify potential problems and make recommendations to as to whether the questionable software should be ignored, quarantined, or removed.

    Keyloggers Foiled In Attempted $423 Million Bank Heist
    British authorities reportedly stymied an attack using keystroke-logging software against the London offices of Sumitomo Mitsui. It would have been by far the largest bank heist in British history.

    Who's Forwarding All Those Dumb E-Mail Jokes? More Than Half Of Us
    More than half of employees admit to inappropriate uses of business e-mail, and IT people are more likely than others to e-mail confidential company info.


    Editor's Picks

    Report: Linux Vulnerabilities More Numerous And Severe Than Windows
    The report was Microsoft-funded, but researchers are providing the full methodology and challenging Linux advocates to prove them wrong.

    Blog: IBM Isn't Getting Into The Mailbombing Business
    While challenge/response systems are generally a terrible idea, IBM's implementation just might work.

    Phishing, E-Mail Security Top IT Concerns
    Business-technology professionals want simple, fast ways to manage e-mail security, with many aiming to consolidate with one vendor.

    Blog: Clueless Lawyer Tricks
    Attorney Michael Overly of the technology firm Foley & Lardner wins the clueless award for today for his statement that spyware is bad, but some adware is okay.

    Your Iptable Is Ready: Using A Linux Firewall
    Every Linux system includes one of the best firewalls in the business. Ross Greenberg explains how iptables works and how to put it to work protecting your system.

    Struggling Against The Spyware Plague
    Learn how IT managers, merchants, vendors and regulators are working to eliminate, or at least contain, the year's biggest security problem.

    Automated Security Management Gaining Favor
    New tools can help companies get a handle on IT-security systems. But they don't come cheap.

    Financial Services Firms Re-Evaluate E-Mail Security Preparedness
    Growing external e-mail threats and an evolving compliance and legal liability environment are forcing change.

    Compliance Requirements Put The Bite On Small Businesses
    Sarbanes-Oxley, HIPAA, and other rules are forcing small businesses to worry about compliance for the first time. That creates opportunities -- and problems -- for solution providers.

    Review: 3Com E-Mail Appliance Provides Security, Compliance For Small Businesses
    3Com's Email Firewall, an appliance-based e-mail protection device targeted at smaller businesses, can protect against the latest phishing schemes and spyware and perform content filtering to protect businesses against both security breaches and legal and financial risks.

    How One Company Protects Its Staff Against Spyware
    IT staff at travel agents Groople use a variety of spyware-removal tools and say PC-user education must be part of the solution.

    What Do Data Merchants Know About You?
    A reporter looked up her own records in merchants including ChoicePoint and LexisNexis, and discovered the records contain confidential information, are incomplete, and often just plain wrong.

    Legislation Won't Stall The Spyware Juggernaut
    The U.S. and states are passing laws designed to stop spyware. But the laws are so specific, and full of holes, that they won't do any good and could do a lot of harm. We should rely on existing laws and technology to solve the problems.

    Via Network Computing: New Mobile and Wireless Blogger
    We're pleased to bring you a new voice in our Mobile and Wireless Channel, Peter Rysavy. Each week, Peter will blog on Wi-Fi technologies and mobile communications infrastructures, focusing on interoperability. Welcome, Peter!
    Subscribe to the Network Computing newsletters

    Via Desktop Pipeline: New USB Flash Drive Will Move Applications And Data From PC To PC
    The drives will enable consumers to carry all of their personal computer settings, applications and data for use on any PC wherever they go.
    Subscribe to the Desktop Pipeline Newsletter


    Voting Booth: How You Read About IT

    Cast Your Vote Now!
    What's your favorite way to stay informed on IT topics?


    RESULTS UNTIL NOW

  • Using a Web browser to surf to tech sites and blogs: 45%, 52 votes out of 115
  • Reading e-mail newsletters I subscribe to: 25%, 29 votes
  • Reading a printed magazine I can hold in my hands: 10%, 12 votes
  • Using an RSS reader or service to gather Web articles: 9%, 10 votes
  • Calling the Psychic Friends Network: 9%, 10 votes
  • I'd rather not read about IT topics: 2%, 2 votes
    I was kind of surprised to see the Web emerge as the most popular channel; I figured among newsletter subscribers, newsletters would rank as #1.

    Then again, the popularity of wise-guy responses indicates that this poll is even less reliable than other polls of this type, which are pretty darn unreliable to begin with. I mean, a combined 11 percent of respondents said they either get their IT news from the Psychic Friends Network or they don't want to get IT news. That's more respondents than get their news from RSS (9 percent) and equal to the number who prefer print publications.

    This poll is being conducted through all of the TechWeb Pipelines.

    We'll let the poll go another week. Respond or we'll have the Psychic Friends Network put a curse on you so that you'll always have squirrel poop in your socks.

    As always, if you want to write to us about IT news or any other subject, send your e-mail to mailto:mwagner@cmp.com. We'll publish the best responses.


    Get More Out Of Security Pipeline

    Try Security Pipeline's RSS Feed
    Security Pipeline's content is available via RSS feed: Get RSS link. The feed is also auto-discoverable to many RSS readers from the Security Pipeline home page. Note: RSS feeds are not viewable in most Web browsers. You need an RSS reader, Web-based service, or plug-in to view RSS. Find out which RSS readers the Pipeline editors recommend.

    Check Out Our Security Product Finder
    Don't reinvent the wheel. Find the right off-the-shelf product to do the job. How do you find the right one? Two words ... Product Finder:
       - Firewalls
       - Vulnerability Assessment
       - Enterprise Anti-Spam
       - Security Appliances

    Discover All The Pipelines
    Security Pipeline is part of a large series of specialized IT sites from the TechWeb Network. Find out more about the Pipelines on the TechWeb Network Pipeline Publications page. Every Pipeline site has its own newsletter. Give them a try!

    Recommend This Newsletter To A Friend
    Do you have a friend or colleague who might enjoy this newsletter? Please forward it to him or her and point out the subscription page.


    ------- Advertisement -------------------
    This issue sponsored by VeriSign.
    Get a FREE SSL Security Kit from VeriSign
    VeriSign(r) SSL Certificates protect e-commerce and other private
    information with 128-bit encryption, the strongest SSL
    protection available anywhere. Get a Free SSL Security Kit.
    http://clk.atdmt.com/SFI/go/tchwesrv0460000020sfi/direct/01/

    -----------------------------------------

    Manage Your Newsletter Subscription

    We take your privacy very seriously. Please review our Privacy Policy.

    Security Pipeline Newsletter
    A free service of Security Pipeline and the TechWeb Network.
    Copyright (c) 2004-2005 CMP Media LLC
    600 Community Drive
    Manhasset, NY 11030