From the online mailbag
In response to Aug. cover story, Social anxiety, by Dan Kaplan:
We wouldn't be facing this problem if people knew how to protect themselves, their private data or their computers. A good AV solution should do the trick, but there are still a lot of computers out there with no security software installed. That's why trial versions were created. I installed BitDefender Internet Security 2009 and, after a month, I bought a license. In three months, I had no problems with malware.

In response to Richard Starnes' column, A new and improved cyber dialogue, in Aug. issue:
Your article really resonated with me, and I especially liked your concluding sentence about protecting the data that will lead to the cure for cancer. I am a seasoned (30 years) systems engineer who has been fully engaged in cybersecurity since 1995. In this role, I often formulate business decisions for an audience that is far removed from the information security profession. Yet my core research and findings are deeply rooted in detailed discussions with the IT and software engineering folks. It is this ability to transcend domains that get my clients' systems certified by folks who often do not have a technical background. That's it. Just wanted to acknowledge a good piece of work.
Lew Bennett

In response to an Aug. 20 news story, “Dirtiest” websites host average 18,000 threats:
So, the next logical step would be to remove these URLs from DNS as a preventative measure. When they've cleaned up their site, then we reintroduce them into the DNS system. It's time we start using some common sense in dealing with insecure web sites.

Can't those sites simply use malware and/or virus scanning software to scan their websites and clean them up?

In response to an online column, It's time to embrace the shift to the cloud, by Philippe Courtot, CEO, Qualys:
It's true for servers and apps that they no longer need intense patch management when they move to the cloud. But, what about end-user devices, especially those that run Windows? Patching end-user machines should consume more effort (they are mobile and have less control) than servers. The move to the cloud is most welcome, but don't think it's going to magically make patch management easy.

Since the most vulnerable portion of internet users will wield IE for their browsing, it's important they be given the best tool. I have to believe that a properly configured Firefox browser (loaded up with NoScript and some other add-ons), would most likely best IE.

In response to an Aug. 14 news story, Microsoft leads browsers in malware, phishing defense:
The question is not how much they protect, it is what they leave unprotected. “The browser, released in March with a number of enhanced phishing and anti-malware components, blocked an average of 81 percent of socially engineered malware and stopped 83 percent of suspected phishing sites.”

What about the 17-19 percent that they leave behind? The truth is that you are or will be infected, and the only way to prevent this is to create a virtual environment that isolates security threats and prevents them from ever touching the user's hard drive.

In response to an Aug. 14 news story, Most malware dies within 24 hours:
Malware is evolving, and organizations must be ready to look beyond traditional endpoint protection if they hope to evolve in step with the threats. Quite simply, the malware game has changed and the protections have not kept up. Prior knowledge of an attack in the form of signatures is no longer a sustainable way of detecting malware and, as this article indicates, malware dies long before a signature can be written and distributed to the endpoint. Current signature alternatives, such as heuristics, behavioral analysis and reputation-based detection, have too many false positives or are too broad to be effective. Companies and government agencies must look past the usual suspects to new technologies that can detect dynamic, targeted attacks without prior knowledge and provide a complete view of the attack and the collateral damage it causes to the victim machine.
Jim Ivers, Triumfant

The Panda Security data reminds me of a researcher at Black Hat 2008 reporting that botnets revise their outbound malware every 10 minutes. Secunia illustrated the consequences by creating its own malware samples, to which the AV vendors they evaluated detected less than 10 percent. So, all computers require a different kind of protection that supplements signature-based technologies developed over a decade ago.
My advice is to make usability chief among the criteria applied when evaluating options, whether you look at a host-based IPS (HIPS), behavior blockers or rabbit's feet.

I couldn't agree more with the article and the comments. Here's my article on the subject:

In response to an Aug. 17 news story, Social network attacks top website target list:
Twitter is definitely under the most attack, a number of times over the past few weeks Twitter has just gone down suddenly. I did hear these attacks are being coordinated by groups of hackers.
Blaine Bullman

While the recent Twitter attacks were infamous almost immediately, the real problem is not the successful denial-of-service attacks, but realization that “they (crimno-hackers) are here.”

Anyone who visits Twitter regularly knows the amount of person-to-person advertising being spewed every hour. Click on a reasonable sounding come-on and you arrive at a squeeze page. Who is to say that it is not a “crush-page,” posing as an affiliate marketing tool when it is really just a crimno-hacker looking to get unsuspecting wealth prospector's NAZ and CC numbers from the weakest link in the security train – the consumer. Based on what is seen, there is little thought beyond finding an affiliate tool that allows the prospector to “do nothing,” while the program runs on auto-pilot, raking in untold millions.

Those with a half-ounce of business savvy know the empty dimensions of multi-level marketing (MLM) from the old Amway days; the half-ouncers are wisely not going to bite on any squeeze page. The less sophisticated will undoubtedly bite sooner or later. If they unwittingly choose a crimno-hacker's “crush page,” they will see their accounts ravaged and their free time spent in recovery of their good name and credit. Herein lies the true danger lurking about everyone's favorite social internet space.

While denial-of-service attacks certainly threaten large organizations like Twitter and Facebook, the hideous undercurrent is going to be the real plague of social media.

In response to an online Opinion, How to securely manage remote IT equipment, by Daryl Miller, VP of engineering, Lantronix:

Access to remote management hardware includes service processors, including IPMI and most notably Intel Active Management Technology, marketed as vPRO. Yes AMT works on servers very well. Console servers are an excellent hardware access method for even Windows servers that have enabled the SAC or system administration console.

I agree that support is extremely important for a product that will provide command and control of your servers, firewalls, routers, switches, remote power units, and storage devices. It needs to be 24/7/365.

I would take exception to the statement that only large companies provide capable support for such products. We are a small company in the remote management space for over 15 years. British Telecom and many others commented that our support was highly responsive. I would offer that our willingness to work with large end-users and provide significant product enhancements at their request has been a boon for our company and the end-user, a win-win arrangement.

I fully agree and have seen repeated examples of saving companies down-time and travel expense by providing a product that largely eliminates the need for a man-in-a-van. The most notable exception is hardware failure. However, knowing what part to bring or what field replaceable unit to send to the site is a real time-saver and available to those that have established remote access to management hardware that provide command and control to a serial command port.

Another significant advantage, depending on the type of software providing the access to remote hardware management, is the ability to capture output to a console log file. Many devices send valuable information to a console port attached to a console server that will be a harbinger of failure to come or reasons for the device's malfunction or non-operational state.

The other significant benefit to having software that allows access to consoles attached to console servers or KVMs or service processors, like HP ILO/RIOLE or Sun LOM, is the ability to collaborate. Tow tech staff in different locations may share access to a device and troubleshoot in a collaborative session. The saying “four eyes are better than two” is very true. Collaboration rules.

I hope these additional insights offer even more reasons to have software that allows full use of all vendors' remote management hardware.

The opinions expressed in these letters are not necessarily those of SC Magazine.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.