Missed the bus     
I can understand missing Astaro in the web content filtering Group Test [February 2007], but not listing Novell's Identity Manager looks like a payoff...

Doug Mallory, via email

Editor-in-chief Illena Armstrong responds:
Not sure what you mean by payoff...Unfortunately, we did invite Novell to join this review, but in the end they missed it. We have reviewed them in the past and will continue to seek them out for future applicable reviews. Meantime, depending on their development cycles, it may be that they have future products that would be appropriate for our First Look pages each month.

Sick of spam     
I like your magazine for the quick overview of the world of security. I would like to suggest that you also add spam coverage. We process over 10 million emails a month of which 96 percent is spam. This amounts to a denial of service attack. You could include the worst and best major ISPs for spam, top 10 spammers, etc.

Paul Boserup, lead analyst - server team, information systems, Sarasota Memorial Hospital

Editor-in-Chief Illena Armstrong says:
We run statistics each month in the DataBank section of the magazine which precisely detail malicious IT activity throughout the world.

Worm vs. virus    
I just read your news brief [Ringing in the new year with an email worm, Dec. 29, scmagazine.com] and thought I'd pass this on. You may be aware of this, but I think you should understand the difference between a worm and virus. What you are referring to in your news snippet is definitely a virus and not a worm. It may be helpful to remember that if it requires a user action to infect then it's a virus. Worms will spread by exploiting unpatched vulnerabilities on computer systems and do not require user interaction to infect or replicate.

John Riding, Jr. , Chief Security Officer

Reporter Dan Kaplan responds:
I checked with some experts who studied this and apparently these malicious code variants are both viruses and worms. After being executed — with user interaction — the attachment attempts to infect files. But it also spreads as an email worm, sending out complete copies of itself via email.

Data theft    
Regarding the article "Phishing attacks use Google Maps, IP addresses to obtain victim location" [www.scmagazine.com, February 2007], Google Maps and the IP address will give an idea of where a person's neighborhood is. What is more serious, is that a fraudster could obtain the name and address of the person they want to scam by looking at their emails, and possibly even more sensitive information (e.g., banking, financial, etc).

Norman Yelle, senior analyst - IT security, Natural Resources Canada, Government of Canada

Agree to disagree    
After reading the comparisons of forensic tools [Group Test, July 2006], what appalled me most was what I have been trying to combat everywhere I go. The author [Peter Stephenson] gave Encase and Sleuthkit the same rating.

My particular experience with three of the particular tools (Sleuthkit, Encase, FTK/UTK) has shown that the amount of money we saved using freeware was spent in man hours needed to conduct investigations.

My point is that in truth, Sleuthkit can do only a slim fraction of what Encase can do in much less time.

Ryan Washington via email

Technology Editor Peter Stephenson replies:
Thanks for your comments. I always appreciate the alternative view. In this case, however, I think that we are going to have to agree to disagree.

My views are based on a balanced review of the product space in the context of the review's focus (developing incident response kits).

What you interpret as two products giving the same results is not quite what we intend. We do not test these products against each other. We have a set of standards against which we test.

What this means is that, in the context of our testing, both products might display the same characteristics, but might actually be quite different at a much more detailed examination. You will notice in that set of reviews that we leaned toward the open source products for the smaller organizations that could not afford commercial products, and toward the commercial products for the larger organizations that could.

We give equal time, where it makes sense, to open source products in all classifications because for some organizations they are the only answer.

On the forensics side, while I may agree with your conclusions about open source, there are organizations that have no real alternatives. In that set of reviews they needed to be served as well as the big guys.

Verdict on Vista    
I just started receiving your magazine a few weeks ago. You know, I am almost leery about signing up for new magazines, even when they are free. But I must admit that if the article entitled "The Verdict on Vista" [January 2007] is an accurate representation of the quality of the magazine, it will be one of the dozen or so magazines I actually read. Ericka Chickowski did a very nice job on a difficult subject. It has excellent perspective and is well written. Nice job!

Bill Brock via email