This article can also be found in the Premium Editorial Download "Information Security magazine: Does security make the grade in Windows Server 2008?."
Download it now to read this article plus other related content.
No security threat has received more attention in the last year or so than botnets, and with good reason.
Trojans such as Storm, the Nugache worm and a host of other botnets have compromised millions of PCs, most without the knowledge of the machine's owners, and perhaps more worrisome, without the knowledge of the antivirus software on those machines.
In a recent interview about the botnet problem and the ways Trojan authors are evading antivirus and other defenses, Dave Dittrich of the University of Washington says malware authors have gotten to where it's not even a challenge for them to bypass security software. All it takes are seemingly insignificant changes in the text of a malicious email or the code. And if AV engines are only seeing a handful of each version of the malware, it doesn't look like a big outbreak and raise the alarm.
"It's become a classic longtail problem," Dittrich says.
In a sign the NAC market hasn't been the gold mine many vendors thought it would be, Vernier Networks has quietly relaunched itself under the new name Autonomic Networks. The company confirmed the name change in early January but wouldn't reveal details about its new direction until the official relaunch, scheduled for sometime in the first quarter of 2008.
Paul Roberts, a senior analyst with The 451 Group, says Vernier may be changing direction because the NAC market hasn't generated the interest vendors had initially
Sears and spyware
Retail giant Sears has decided it's OK to use spyware on its customers. Ben Googins, a senior researcher in CA's antispyware division, tripped over the practice during some online holiday shopping and outlined his experience in the CA blog. Sears.com is distributing spyware that tracks all of a customer's Internet usage--including banking logins, email and all other forms--all in the name of "community participation," Googins says.
Every Web site visitor who joins the Sears community installs software that acts as a proxy to every Web transaction made on the compromised computer. In other words, he says, "If you have installed Sears software (the proxy) on your system, all data transmitted to and from your system will be intercepted."
Sears claims the practice is above board and covered in its end user license agreement, but security experts say the license agreement language is vague at best.
This was first published in February 2008