AV-Comparatives, an Austria-based project, compared 12 antivirus tools and only Microsoft’s Windows Live OneCare failed their test. OneCare only spotted 82.2% of 500,000 viruses. We’ve been considering moving from Sophos Antivirus to Microsoft Forefront Client Security, but this test doesn’t really inspire confidence in Microsoft’s new anti-malware tool for corporate environments since OneCare and Forefront use the same scan engine.

(more…)

Sometime ago there was a debate on 4sysops about the use of outbound filtering for personal firewalls. Some argued that once malware got started on the desktop, it is already too late to stop it with a personal firewall. I recently tested the outbound filter of Vista’s firewall. In my view, it makes sense for standard users to use it, but not, probably, for administrators.

(more…)

You might have realized in the past days that 4sysops was unreachable sometimes. There have been content spam attacks from countless different machines resulting in DDOS (Distributed Denial of Service).

(more…)

Microsoft Forefront Client Security Beta (formerly Microsoft Client Protection) can now be downloaded at Microsoft Connect. The final of Microsoft’s malware protection software for business desktops, laptops and servers is scheduled for the 2^nd quarter of 2007. I just skimmed over its product description. Forefront Client Security (FCS) could be a very interesting solution for mere Windows shops.

(more…)

James Bannan discusses an interesting issue on APC magazine about UAC of Windows Vista. The simple tool tweakvista allows you to disable UAC without prompting for confirmation. This means that any malware which manages to get itself running on you computer can do the same. Remember, UAC’s purpose is to warn you that something which could be dangerous is going on.

(more…)

I just read in the German magazine Computerwoche (print) that the number of Linux viruses doubled in 2005 (863) compared to 2004 (422). These numbers come from Konstantin Sapranov who works as a virus analyst for Kaspersky Lab. Of course, one has to be always cautious with such numbers especially coming from an anti-virus vendor. However, it is obvious that the growing popularity of Linux makes it more attractive for virus writers and other villains.

(more…)

Jeff Jones complains about Linux advocates making a baseless assertion that Linux is more secure than Windows. To prove his point he compared vulnerabilities with varying degrees of severity for Windows XP SP2 and Red Hat Desktop 3/4. The results are shocking for every Linux fan. Although, I believe that his vulnerability summary is probably correct, it does not say much about security.

(more…)

Smartline DeviceLock allows administrators to lock out unauthorized users from USB and FireWire devices, WiFi and Bluetooth adapters, CD-Rom and floppy drives, serial and parallel ports, and other plug-and-play devices. You can use Group Policy to centrally manage all devices. Check out this review at WindowsITPro for more information.

The Genius Slimstar 310 helps you to lock out malware of your keyboard: it comes with bacteria protection. It is also recommended, if you feel like pouring coffee over your keyboard every now and then since it is waterproof.

I just stumbled upon a Microsoft web page that contains a list of their security tools. It seems that the list is not complete though. Antigen is missing, for example. I am sure you will find some tools there which you don’t know yet.

More and more sys admins are realizing the danger of rootkits. However, I’ve known only a few, who spent enough time to estimate how big the threat really is. Since the main purpose of rootkits is to hide themselves from users and sysops, you usually don’t know of them. I guess there are not many Windows administrators out there, who never had problems with computer viruses. But how many ever realized that they have rootkits in their network?

(more…)

RunAsLimitedUser is a nifty RunAs tool that is so easy to use even for lazy admins. You probably know that Windows comes with a built-in RunAs feature. So-called security experts usually recommend that as a sysop you should only start applications with Administrator privileges when it’s necessary. The most secure way is to work with a normal user account, and start admin tools which need more rights, with an Administrator account. Well, I don’t know any sys admin who really works this way. It is just too time consuming to logon every time you need more privileges. RunAsLimitedUser works the other way around.

(more…)

It seems fashionable lately for every simple program to have a component which starts when the system boots up. Often this is not necessary and just costs valuable memory space. There is another kind of “application” which considers themselves important enough to run all the time: malware i.e. spyware, trojans, computer worms, etc. Therefore, it is necessary to check regularly which programs will start when Windows boots up. Startup Contral Panel and StartupMonitor are free tools which configure and monitor the programs that start when your computer boots up.

(more…)

When Microsoft released the Intelligent Message Filter (IMF) for Exchange 2003 I wrote an article for a German magazine about it. IMF is quite impressive compared to other spam filters, that we began using it right away. We have relatively seldom false positives, but recently the IMF identified our own newsletter as spam. So I wanted to add the sender of the newsletter to the Safe Senders list of Outlook 2003 on all our machines using Group Policies.

(more…)