General discussion

NEWS - February 12, 2005

HP tools would limit virus damage
By Matt Hines CNET February 11, 2005, 8:45 AM PT

Hewlett-Packard on Friday released its newest form of antivirus software, a set of damage control applications meant to stem the spread of attacks once they've already been launched on a network.

Labeled HP Virus Throttle software, the package is designed to speed the rate at which companies can find and address threats present in their IT systems. HP said the tools independently search for abnormal, virus-like behavior and limit the number of connections an infected device can make with other machines.

The Palo Alto, Calif.-based company said the product, developed by its HP Labs division, constantly monitors network connection requests and looks for new virus activity. HP claims that the faster a virus is trying to propagate itself within a specific network, the more rapidly Virus Throttle responds. The company said the tool's reaction time is typically measured in milliseconds and that it reacts without waiting for human attention.

more here

Discussion is locked

Reply to: NEWS - February 12, 2005
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - February 12, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Microsoft: Watch out for rogue code

By Matt Hines CNET February 11, 2005, 2:36 PM PT

Microsoft has urged customers to apply its latest security patches, after several companies published "proof of concept" attacks that exploit the flaws that the updates fix.

In a notice posted to its Web site late Thursday, the software giant highlighted proof-of-concept documentation, or sample software code to illustrate how a flaw might be used to attack a system, from two security software makers: Finjan Software and Core Security Technologies.

While Microsoft said it backs the disclosure of vulnerabilities and proof-of-concept code, a common practice in the IT security industry, it criticized the companies for publishing their test code mere hours after security patches had been released for the reported flaws.

"Microsoft will continue to support and advocate responsible disclosure, because we find it to be a vital tool to effectively identify and remedy security issues," the company said in its notice. "Microsoft is concerned that the publishing of proof-of-concept code within hours of the security updates being made available has put customers at increased risk."

more here

- Collapse -
Microsoft forces IM upgrades

By Jim Hu CNET February 11, 2005, 3:44 PM PT

Microsoft on Friday forced its millions of MSN Messenger users to download a new version of the software to plug a vulnerability discovered earlier this week. The mandatory upgrade began early Friday morning after a security company posted a how-to guide describing how the vulnerability can attack computers. MSN Messenger users were then greeted with a notice to upgrade before they could open their instant messaging clients.

more here

- Collapse -
F-Secure flaw opens door to intruders

By Karen Said CNET February 11, 2005, 2:23 PM PT

F-Secure has released a patch for a serious flaw in its antivirus products, the second time this week a security company has warned of a risk in its software.

The security hole in the antivirus library affects 18 products for desktops, servers and gateways, with the network products at "critical" risk, F-Secure said in a bulletin Thursday. By creating a specially crafted ARJ archive file, an intruder could use a buffer overflow to run arbitrary code on an unpatched machine, said Tony Magellanez, a systems engineer at F-Secure.

"At this point, it's a theoretical exploit," Magellanez said, noting that Internet Security Systems, which discovered the flaw, had not provided F-Secure with an example of malformed ARJ code. "ISS gave us details of how it could be done, and we created a patch."

more here

CNET Forums

Forum Info