In-Depth

In Brief

Anti-spyware fallout, CTOs urge online crime taskforce, Microsoft specs IE7, mobile phone virus arrives in U.S.

• By Mathew Schwartz
• 02/23/2005

Anti-Spyware Association Fallout

Both Webroot Software and Computer Associates, which purchased PestPatrol last year, announced they’ve quit the non-profit Consortium of Anti-Spyware Technology Vendors (COAST). The organization was formed in 2003 “to increase awareness of the growing spyware problem,” according to the organization’s Web site.

Critics questioned the role of COAST in January, however, after 180Solutions joined, despite assurances the company met the COAST code of ethics. While 180Solutions characterizes itself as a “search marketing services” firm, others classify its software as adware. For example, CA’s Spyware Information Center, maintained by its eTrust PestPatrol team, classifies some 180Solutions software as adware, noting it displays pop-up advertising at random intervals, and distributes software with the ability to download files from a Web or FTP site and install “hostile code onto the system.”

Neither organization specifically mentioned 180Solutions’ COAST membership as cause of their defection. Webroot, for example, said in a statement, “We are not comfortable with the idea of COAST as a certification body or as a marketing tool for member companies.” Furthermore, it says, “Of late, we have become concerned that COAST is moving in a direction with which we cannot agree.”

Likewise, in a statement, Sam Curry, vice president of eTrust security management at CA, says, “We are withdrawing from COAST because we believe the organization no longer has the ability to create a consensus for effective anti-spyware standards.”

PestPatrol and Webroot, along with Aluria Software and NoAdware.net, had comprised COAST’s governing body.

- - -

CTOs Urge Congress to Tackle Organized Crime

Can the government do more to help cyber-security? Chief technology officers from leading technology companies were in Washington recently to push for greater government involvement in policing cyber-crime.

According to the Business Software Alliance (BSA), which organized the meetings, “The CTOs asked the administration to create a new commission on organized cyber-crime, fully fund federal investments for research and development, and improve federal information technology systems.”

Spam and identity theft were hot topics. “These crimes are no longer the province of mischievous, attention-seeking amateurs, but increasingly of organized professional criminals motivated by profit,” says Robert Holleyman, the president and CEO of BSA.

CTOs from such organizations as Dell, Entrust, HP, IBM, Internet Security Systems, McAfee, RSA Security, and Symantec participated.

- - -

Microsoft Outlines IE 7 Timetable

Speaking at this year’s RSA Conference in San Francisco, Microsoft’s chairman and chief software architect Bill Gates said the next version of Internet Explorer will arrive—at least in beta—before Microsoft ships its next-generation operating system, Longhorn, in 2006.

IE has been criticized by security experts for its numerous security flaws. The next version was to ship with Longhorn, but as the OS’s shipping date kept being pushed back, so too did hopes for a more-secure version of IE anytime soon, hence the new timetable for IE 7. The growing popularity of Firefox, which is reputed to be less vulnerable, may also have contributed to the change in plans.

“Betas of IE7 will be available this summer. This new release will build on the work we did in Windows XP SP2 and (among other things) go further to defend users from phishing as well as deceptive or malicious software,” says Dean Hachamovitch, who runs the Internet Explorer team, in a posting to IEBlog, the Microsoft Internet Explorer development team’s blog.

Microsoft has also caught some flak lately for delivering better security for Windows XP, but not paying the same attention to Windows 2000. “Right now, we’re focused on XP SP2,” notes Hachamovitch. “ We’re actively listening to our major Windows 2000 customers about what they want and comparing that to the engineering and logistical complexity of that work. That’s all I can say on that topic.”

Related Article:

Microsoft Says Security Improvements Coming
http://www.esj.com/security/article.aspx?EditorialsID=875

- - -

Cabir Continues Its Slow Crawl

The Cabir mobile phone virus—passed by Bluetooth, and only affecting Symbian mobile phones—is slowly spreading, with infections now reported in California. “This is not going to be the end of the world; the common Cabir variants have been proved to be very slow in spreading in the wild,” notes a spokesperson from antivirus firm F-Secure. “Also, Symbian-based phones probably aren’t as common in the United States as elsewhere yet.”

In the global market, however, F-Secure notes Cabir accounts for 80 percent of the operating systems on new phones shipped.