In-Depth

CA's Updates AV, IM Problems Grow, Wardriving Primer Released

• By Mathew Schwartz
• 06/02/2004

CA Upgrades Its AV With Improved Management Console

Computer Associates (CA) released the latest version of its antivirus product, eTrust Antivirus 7.1. The software includes a centralized management console, runs on Windows, Netware, Macintosh, Unix, and Linux operating systems, and includes over 60 out-of-the-box reports for security managers (some for communicating antivirus activity to senior management). Reports include the top 10 virus attacks, exceptions to signatures, and sources of infection.

New in this version is support for Microsoft 64-bit Windows Server 2003 for Intel and AMD, and added support for Network Appliance’s Filer storage device.

CA says its product’s features will improve a company’s overall security administration and security knowledge among IT staff. Not coincidentally, a recent Computing Technology Industry Association (CompTIA) attributed those two problems—poor administration and security knowledge—contributed to more than 80 percent of security breaches.

Today the quality of the scanning engine isn’t the impediment to catching viruses; it’s keeping signatures up to date. “The challenge in fighting virus attacks has more to do with distributing and updating protection everywhere it’s needed than it does with the antivirus scanning itself,” notes Jim Vellella, the associate director of Technical Services at the University of Pittsburgh Medical Center, one of the largest nonprofit integrated health care systems in the United States. “By simplifying and streamlining our ongoing antivirus activities, this latest version of eTrust Antivirus is enabling us to take control and further reduce our exposure to malicious code without requiring us to devote additional staff to antivirus administration.”

- - -

Spam Over Instant Messaging Grows

Recent worms, plus the continuing proliferation of adware and malware, are leading to increased amounts of spam sent over instant messaging services (IM). The threat is sometimes referred to as SpIM (for spam over instant messaging).

One recent, adware-spewing worm is Osama Found, which uses AOL IM buddy lists on the PCs it compromises to send links to an IM-based game.

Such attacks are substantially different from “e-mail spam, where the vast majority of offending spammers are outsiders. In IM, that trend is reversed,” says Dmitry Shapiro, CTO of Akonix Systems. “Generally, people not on a buddy list are prohibited from sending messages to a user until they are accepted to their buddy list,” he notes.

Expect the problem to get worse, at least in the short term. “The bad news is that it’s a problem that’s only getting bigger,” Shapiro warns. On the other hand, since relatively few companies control the servers and specifications used for sending IM today, they’re much better positioned—vis-à-vis e-mail—to block “the adware, worms, and other viruses that hijack an IM user’s buddy list” to send IM spam.

- - -

Wardriving Primer Released

Syngress Publishing released “WarDriving: Drive, Detect, Defend,” by Chris Hurley, Frank Thornton, Michael Puchol, and Russ Rogers. The publisher bills it as the only available book covering the art of “wardriving”—driving around looking for 802.11 (WiFi) networks to hack into.

“This [book] is the ‘Kama Sutra’ of wardriving literature. If you can’t wardrive after reading this, nature has selected you not to,” says Bob Hagemann, co-founder of a wireless geographical logging engine.

Chapter topics include: learning to wardrive, operating NetStumbler and MiniStumbler, installing Kismet in Slackware Linux 9.1, and advanced wireless network security.

For security managers, knowing wardriving techniques helps ensure corporate networks resist wireless interlopers.