Newsletters   Subscriptions  Forums  Store   Career  Media Kit  About Us  Contact  Search   Home 
two
Volume 2, Number 27 -- July 13, 2005

Microsoft Touts Security Progress as Worm Author Sentenced


by Alex Woodie


The folks up in Redmond have to feel pretty good about Sven Jaschan's sentencing. Last week, the German teenager who created the Sasser and Netsky worms in 2004 was found guilty and sentenced to 21 months probation. Microsoft, which is giving a $250,000 reward to the informants who helped capture Jaschan, also took the opportunity at its annual partner conference last week to tout the progress it's made since CEO Steve Ballmer stood before partners and pledged to improve security in October 2003.

2004 will go down in history as the year of Jaschan worms. Jaschan was 18 when he wrote Sasser--which made millions of PCs practically unusable without using e-mail to propagate--and Netsky, which spawned dozens of variations and remains on the top 10 list of most active viruses today. "Jaschan is responsible for more than 50 percent of all the virus incidents reported in 2004," says Graham Cluley, senior technology consultant at antivirus and antispam software vendor Sophos, which is based in England.

While Jaschan avoided jail time (he must also perform 30 hours of community service) his cyber-creations will continue to affect us for some time. Last week, Sophos released its virus infection report for the first six months of 2005, and found a 59 percent increase in new viruses compared to the first half of 2004. Four of the top 10 viruses on the list are Netsky variants--the Netsky-P variant continues to be widely distributed--ensuring Jaschan's legacy as one of the most prolific, if not the most prolific virus-writer in history. The fact that Jaschan originally wrote the Netsky worm to combat the Mydoom and Bagle viruses, and that he reportedly did not write his worms for financial gain, do little to temper the damage he's done.

In fact, things have gotten so ugly out there on the Information Superhighway that an unprotected Windows PC has a 50 percent chance of being infected by a worm within the first 12 minutes of being connected to the Internet, Sophos said last week.

But the most alarming development may be the increase in targeted Trojan Horse attacks over the first six months of 2005. Sophos has seen a threefold increase in the number of keylogging Trojans so far this year. These Trojan attacks are executed via e-mail attachments and links to malformed Web sites, and are designed to steal information and to launch new attacks. "We are seeing a large amount of new Trojan horses on a daily basis, representing what may be the most significant development in malware writing," says Gregg Mastoras, a senior security analyst at Sophos.

These may be alarming developments, but according to Microsoft, Windows users today are better prepared to deal with security threats than they were in October 2003, before the current rash of malware writing, and before Jaschan released his worms.

"It has been almost two years since Steve Ballmer addressed this audience making a companywide commitment that Microsoft would make security a top priority, and we have been focused on delivering on that commitment," Mike Nash, corporate vice president of the Security Business and Technology Unit at Microsoft, said at Microsoft's annual partner conference in Minneapolis, last week. "We've taken the feedback we've received from customers and partners and turned that into action, making notable strides developing more secure products, and delivering essential guidance and tools to help customers be more secure."

Specifically, Nash pointed to Windows XP Service Pack 2 and Windows Server 2003 SP1 as the ways in which it has improved security. These updates have succeeded in making computers more secure, according to Microsoft, which says more than 218 million copies of Windows XP SP2 have been downloaded since it became available in August 2004, compared to 2 million downloads of Windows Server SP1 since it shipped in March.

Microsoft did an internal study to gauge the security level of the new releases. It found that during the first nine months of availability, there has been one-half the number of critical vulnerabilities in Windows XP SP2 compared to the first nine months of availability of Windows XP, Windows XP SP1, and Windows 2000 Professional. In particular, Windows XP SP2 is more secure than earlier releases of Windows XP; Microsoft claims SP2 users are 13 to 15 times less likely to be infected by the most prevalent malicious software compared to earlier versions of XP.

Nash also pointed to efforts Microsoft has made to educate its 15,000 developers, program managers, and software testers about security, in particular something called the Security Development Lifecycle, or SDL. According to Nash, the continual development, testing, review, and redevelopment of products under the SDL program gives Microsoft products an edge over open source alternatives.


"Customers should evaluate the disciplined development process that comes with Microsoft products against open source, which has no similar process," Nash says. "That, coupled with our clearly defined commitment to managing security issues, is a compelling differentiator for Microsoft against other platforms on security." In this case, the security czar was referring to Linux and other open-source products, and not Netsky, which is also an open source program, and which has been continually adapted and improved upon by the virus- and worm-writing community to thwart attempts to defend against it since Jaschan released it to the world.

Other ways that Microsoft has improved security, Nash says, are the release of the Windows AntiSpyware beta; the release of the Windows Malicious Software Removal Tool; the Windows OneCare beta, which will provide PC users with integrated antivirus, firewall, PC maintenance, and backup functionality; and the acquisition of Sybari and its Antigen antivirus product line.

Lastly, Nash described new features of the Security Solutions Competency program, which is part of the Microsoft Partner Program. Starting this fall, partners will be able to enroll and gain accreditation in two new security-oriented specializations, including the Security Management and Infrastructure Security specializations.

Microsoft currently spends about one-third of its annual R&D budget, or about $2 billion, on security, Microsoft chairman and chief software architect Bill Gates said at the RSA Conference 2005 in San Francisco in February (see "Microsoft Says It Is Making Strides in Boosting Security").


This article has been corrected since it was first published. Sven Jaschan was sentenced to 21 months of probation, not jail time. IT Jungle regrets the error. [Correction made 7/13/05.]

Sponsored By
STALKER SOFTWARE

CommuniGate Pro Real-Time Communications

CommuniGate Pro is the most advanced Internet messaging server on the market today. The comprehensive, flexible solution enables corporations, educational institutions, and service providers to implement a variety of functionality. From email and calendaring, to instant messaging and voice over IP, CommuniGate Pro supports it all from one proven, reliable platform.


CommuniGate Pro Benefits:

  • It's Full-Featured. CommuniGate Pro supports email and so much more. The product also supports Outlook in workgroup mode for Calendaring, Invites, Tasks etc. Built-in functionality includes standards-based SMTP, POP, IMAP, user directory and Webmail. Rounding out the comprehensive feature set are integrated calendaring, scheduling, mailing lists, and live communications for instant messaging, VoIP and Video.


  • It's Flexible. CommuniGate Pro runs on over 30 major platforms, including all UNIX flavors, AS/400, Windows, Linux and Mac OS X. Plus, its open interface facilitates integration with billing, provisioning, and additional security applications.


  • It's Robust. Today, more than 8,500 CommuniGate Pro systems are installed worldwide, serving messaging environments that range from 25 to over 5 million accounts. CommuniGate Pro's advanced technology provides the best availability and performance to over 58 million active users.


  • It's Secure. CommuniGate Pro offers advanced built-in anti-spam and security features, along with support for leading third party anti-spam and anti-virus solutions.


  • It's Scalable. CommuniGate Pro's Dynamic Cluster architecture offers unlimited growth potential, along with support for 99.999% uptime.

For more information, please visit:
www.stalker.com
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik, Shannon O'Donnell,
Timothy Prickett Morgan, Victor Rozek, Kevin Vandever, Hesh Wiener
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

THIS ISSUE
SPONSORED BY:

Vision Solutions
HP World
Stalker Software
Geekcorps
Winternals Software


The Windows Observer

BACK ISSUES

TABLE OF
CONTENTS
Microsoft Mulls a Midrange Server

Dell Debuts First Dual-Core PowerEdge Server

Microsoft Touts Security Progress as Worm Author Sentenced

Microsoft Patches JVIEW Profiler Flaw

But Wait, There's More


The Four Hundred
Server Ecosystems: Take a Ride on a Slide

Java Turns Ten, Still At Odds with .NET, Aloof About PHP

iSeries ISVs Make Big Investments in Regulatory Compliance

The Linux Beacon
New SGI Linux Server, Storage Chase Entry HPC Customers

Top HP Server Exec Jumps Ship to Dell

Intel Previews Dual-Core Montecito Itanium Performance

The Unix Guardian
AMD Sues Intel for Antitrust Violations

Sun Gets First Dibs on New Opterons for Entry Workstation

AMD Readies Socket 939 Opteron, Debuts Top-End Athlon 64


Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc. (formerly Midrange Server), 50 Park Terrace East, Suite 8F, New York, NY 10034
Privacy Statement