Archive for July 28th, 2008

This weeks links (2008-07-28)

Published July 28, 2008 links Leave a Comment

Stop operating under a Principle of Most Privilege for the desktops

Stop operating under a Principle of Most Privilege for the desktops. In a corporate environment this is far easier. A little more difficult in an academic environment (I’ve been party to debates in academia on why we can’t do information security because it impedes academic freedom… luckily much of this has subsided, but still a problem). It is a very difficult problem at home, but there are still some things that we can do and some things that operating systems shouldn’t allow.
- John Bambenek [SANS]

Is Anti-Virus Dead? (2008-Jul-31) [SANS]

Proving that we have already lost …
(Previously discussed as You can’t do ‘that’ research in the UK!)

Academics have no “right” to research terrorist materials and they risk being prosecuted for doing so, the vice-chancellor of the University of Nottingham has told his staff.

Researchers have no ‘right’ to study terrorist materials
(2008-Jul-17) [Times Higher Education]

VMware ESXi Hypervisor Now Free

PALO ALTO, Calif., July 28, 2008 – VMware, Inc., (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced its stand-alone ESXi hypervisor will be available at no cost to help companies of all sizes experience the benefits of virtualization. Since 2001, VMware has provided the industry’s most popular and reliable hypervisor, which is now used by more than 120,000 customers. In December 2007, VMware announced significant improvements with ESXi – its third-generation stand-alone hypervisor. With the industry’s smallest footprint and OS-independence, ESXi sets a new bar for security and reliability. ESXi 3.5 update 2, available today, meets the criteria for mass distribution: (1) ease of use and (2) maturity and stability now having been ‘battle tested’ for six months with customers. The leading server manufacturers have all embedded VMware ESXi, including Dell, Fujitsu-Siemens, HP, IBM, and NEC. ESXi can be downloaded now from www.vmware.com/products/esxi/

VMware ESXi Hypervisor Now Free ( 2008-Jul-28 ) [VMware]

The real lesson is that the patch treadmill doesn’t work, and it hasn’t for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance. We need security engineers involved in system design. This process won’t prevent every vulnerability, but it’s much more secure — and cheaper — than the patch treadmill we’re all on now.

Security Matters: Lesson From the DNS Bug: Patching Isn’t Enough
(2008-Jul-23) [Wired]

Windows rootkit detection/removal tools

Published July 28, 2008 security Leave a Comment

A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms “root” access, in Windows “Administrator” access) of a computer system, without authorization by the system’s owners and legitimate managers. Access to the hardware (i.e., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. — wikipedia

Sophos Anti-Rootkit
Using Sophos Anti-Rootkit is easy. Whether you use its simple graphical user interface or run it from the command line, you can easily detect and remove any rootkits on your computer.
Sophos Anti-Rootkit

McAfee Rootkit Detective
McAfee Rootkit Detective is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.
McAfee Threat Center

Trend Micro RootkitBuster
Trend Micro RootkitBuster is a rootkit scanner that scans hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) rootkits. In addition, RootkitBuster can also clean hidden files and registry entries.
Trend Micro

Panda Anti-Rootkit
Panda Anti-Rootkit shows hidden system resources, identifying known and unknown rootkits. It analizes hidden drivers, processes, modules, files, registry entries, SDT modifications, EAT hooks, modification to the IDT, non standard INT2E and SYSENTER, IRP hooks. Unlike other anti-rootkit utilities which merely “reveal” hidden objects, Panda Anti-Rootkit positively identifies known and unknown rootkits and gives the option of removing them, including their associated registry entries, processes and files.
download.com

[1] List of Free Anti-Rootkit/Rootkit detection software for Windows ( ) [www.windowsreference.com]

 

July 2008
M T W T F S S
« Jun   Aug »
 123456
78910111213
14151617181920
21222324252627
28293031  

License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 Australia License.

Categories

del.icio.us

Flickr Photos

Holiday reading ... with Zombies!

IMG_3953

IMG_3952

IMG_3951

IMG_3950

More Photos

Twittering

Cluster Map

Locations of visitors to this page