VSAPI: FW: NABU Trend Micro News Summary - 03/13/10

-------------------------------------------
???: Andrea Mueller (MKT-US)
????: 2010?3?22? ?? 10:21:16
???: Newsbank; All of Trend Corporate Marketing Department;
All of Trend Global PR; All of US Sales; All of US Marcom Dept.
??: Steve Quane (Seg GM-SMB); Thomas Miller (SAL-US); 'Mark Vangel';
Darren Blank (SAL-US); 'trendpr@upstreamaustralia.com.au';
Alan Wallace (MKT-US)
??: NABU Trend Micro News Summary - 03/13/10 - 03/19/10
????????

NABU Trend Micro News Summary – 03/13/10 – 03/19/10

Table of Contents

Trend Micro Quotes

· Network World (03.18) – Tailored enterprise security solutions needed: Trend Micro; New alliance to boost IT compliance and assessment of vulnerabilities

· Network World (03.16) – Why is cloud computing hard? Top tech execs speak their minds; Execs at Microsoft, Trend Micro, EMC's RSA division, McAfee and Symantec tackle the question of cloud security

· The Beach Reporter (03.12) – An invitation to crime: How a friendly click can compromise a company (USA TODAY reprint)

· ZDNet UK (03.18) – Be prepared for the year of mobile malware

· BBC News (03.18) – Spammers survive botnet shutdowns

· ZDNet: Zero Day (03.18) – Facebook password reset themed malware campaign in the wild

· V3.co.uk (03.16) – Facebook urges users to avoid rogue apps; Company is "aggressively disabling" the bogus applications

· The Register (03.16) – Facebook users warned over stalk-my-profile scam; Crap snoop app escapes whack-a-mole policy

· SC Magazine (03.15) – Facebook users warned of new malicious application that claims to show who looks at your profile

· Entrepreneur (03.18) – Should You Farm out Your Data Protection?

· IT-Director.com (03.18) – Cloud Computing: What is it really?

· The Register (03.16) – Anti-virus suites still can't block Google China attack; Protection layer flunks independent tests

· SPAMfighter News (03.18) - New Research Study on Zeus Released by Trend Micro

Trend Micro Hosted Email Security

· eChannelLine (03.15) – Trend Micro unveils new platform with Hosted Email Security 2.0

· V3.co.uk (03.16) – Trend Micro updates hosted email security platform

· Channel Insider (03.16) – Trend Micro Revamps Hosted E-Mail Security

· MSP Mentor (03.15) – Trend Micro Launches Hosted Email Security Service

What’s Your Story?

· CNET: Safe and Secure (03.16) – Internet safety video could win you $10,000

· YourSphere For Parents (03.16) – Internet Safety Video Contest - First Prize Wins $10,000

· Mad Mark’s Blog (03.18) – Trend Micro Has $10k For Your Video!

· eSecurityPlanet (03.17) – Trend Micro Announces Internet Security Video Contest

· The Huffington Post (03.16) – Submit Internet safety video & win $10K

· San Jose Mercury News (03.16) – MAGID ON TECH: Tech companies contribute to communities

· About.com: Christy's Family Computing Blog (03.17) – Trend Micro Asks: What's Your Story?

· The Cool Cat Teacher Blog (03.17) – Daily Spotlight on Education 03/17/2010; Larry Magid: Submit Internet safety video & win $10K

· CPU Reviews (03.16) – Your Video Could be Worth $10,000

· Pandora’s Blog (03.18) – Win $10k for Your Internet Safety Video

· Blog Briefs

o Best Virus Removal

o Cloud Computing Applications

o INOBTR.org

o SafeKids.com

o ServeCommunity Service Blog

Trend Micro Mentions

· ChannelWeb (03.2010) – Celebrating Excellence: The CRN Channel Champions Awards

· V3.co.uk (03.15) – Security spending rebounding strongly; Spending rises by more than 10 per cent in last quarter of 2009

· Network World (03.15) – The Rise of Free -- and Fake -- Antivirus Software; Free AV is gaining share but not as fast as the phony stuff

· The Register (03.18) – Energizer battery rechargers still haunted by trojan backdoor; Really does keep going and going

· About.com (03.2010) – Trend Micro Internet Security Suite Pro 2010

· Messaging News (03.11) – St. Lawrence College and Trend Micro--Real World Solutions

· Network World (03.17) – Cisco battered by large fall in security market; Rivals scoop up customers in Q4

· InformationWeek’s Security Weblog (03.13) – More Anti-Virus Fail

· About.com: Business Security (02.08) – William's Business Security Blog; Trend Micro Worry Free Security Services

· Wireless News (03.15) – Sophos Email Security Appliance Gets 5-Star Rating in SC Magazine Group Test

· Channel Insider (03.15) – Kaspersky Steals Trend Micro Exec to Head Up U.S. Sales in Security

· Messaging News (03.18) – Wesgar, Inc., and Trend Micro--Real World Solutions

Trend Micro Quotes

"Our alignment with Qualys, the recognised market leader in vulnerability and compliance management, allows us to extend our commitment towards security that fits. We are creating tailored security solutions that fit seamlessly into a corporation's overall IT network, whether they are in physical, cloud or virtualised environments." – Eva Chen, Trend Micro

Tailored enterprise security solutions needed: Trend Micro; New alliance to boost IT compliance and assessment of vulnerabilities

Network World – 3/18/10

"Traditionally, the IT infrastructure you owned. With cloud computing, you share the computing power, you share the storage. You want to know who you're sharing with. For security, are you going to live in a hotel with your door unlocked? Like a hotel, you may be temporarily renting in cloud computing. You need to know there are locks." - Eva Chen, CEO, Trend Micro

Why is cloud computing hard? Top tech execs speak their minds; Execs at Microsoft, Trend Micro, EMC's RSA division, McAfee and Symantec tackle the question of cloud security

Network World – 3/16/10

"These new communication platforms are where people go, so that's where the hackers are going." – Eva Chen, Trend Micro

An invitation to crime: How a friendly click can compromise a company

The Beach Reporter/USA TODAY – 3/12/10

The number of types of attack on mobile devices may not be growing, but circumstances are conspiring to create a genuine threat, says Rik Ferguson. (bylined article)

Be prepared for the year of mobile malware

ZDNet UK – 3/18/10

"So as far as impact on spam goes it has been minimal," said Rik Ferguson, a senior security analyst at Trend Micro.

Spammers survive botnet shutdowns

BBC News – 3/18/10

Asked to comment on the inner workings of the campaign, TrendMicro’s Ivan Macalintal commented that based on the samples he analyzed, the same campaign was also seen in October, 2009.

Facebook password reset themed malware campaign in the wild

ZDNet: Zero Day – 3/18/10

"A wave of applications have been published that promise to reveal the truth about which of your friends are viewing your Facebook profile. The promise is worthless and the apps are bogus." – Rik Ferguson, Trend Micro

Facebook urges users to avoid rogue apps; Company is "aggressively disabling" the bogus applications

V3.co.uk – 3/16/10

Rik Ferguson, a senior security consultant at Trend Micro, warns he has already identified 25 different copies of the same rogue app but using different monikers such as peeppeep-pro, profile-check-online and stalk-my-profile.

Facebook users warned over stalk-my-profile scam; Crap snoop app escapes whack-a-mole policy

The Register – 3/15/10

“These changes in scam tactics are clearly designed to overcome the changes that Facebook made recently to application functionality, including removing the ability for applications to send notifications directly.” – Rik Ferguson, Trend Micro

Facebook users warned of new malicious application that claims to show who looks at your profile

SC Magazine – 3/15/10

Dal Gemmell is a senior global product marketing manager in the Trend Micro Small Business solutions team. As a global product marketing manager, he works in partnership with regional leaders to drive sales and marketing efforts. (bylined article)

Should You Farm out Your Data Protection?

Entrepreneur – 3/18/10

"You need a provider that will be in business three years from now. When you give up your IT infrastructure, you need a reliable service provider." – Raimund Genes, Trend Micro

Cloud Computing: What is it really?

IT-Director.com – 3/18/10

"Trend Micro agrees with this assessment. This is why Trend Micro recently acquired Third Brigade and is currently integrating the Canadian firm's excellent vulnerability layer protection technology into Trend Micro's enterprise and consumer products." – Anthony Arrott, Trend Micro

Anti-virus suites still can't block Google China attack

Protection layer flunks independent tests

The Register – 3/16/10

Trend Micro, in its newly-published study named "Zeus: A Persistent Criminal Enterprise", says that of late, there has been an increase in the samples of Trojan Zeus at the rate of 300 daily on average

New Research Study on Zeus Released by Trend Micro

SPAMfighter News – 3/18/10

Trend Micro Hosted Email Security

"We have a brand new platform, with a whole new set of infrastructure, and some significant improvements in the software code," said Eric Jensen, senior product marketing manager for Trend Micro.

Trend Micro unveils new platform with Hosted Email Security 2.0

eChannelLine – 3/15/10

“Email security is mission-critical for our customers,” said Trend Micro small business product marketing manager, James Walker.

Trend Micro updates hosted email security platform

V3.co.uk – 3/16/10

"We're taking that core [anti-malware] technology and now incorporating that into hosted e-mail security." – Eric Jensen, senior product marketing manager for Trend Micro.

Trend Micro Revamps Hosted E-Mail Security

Channel Insider – 3/16/10

Security software vendor Trend Micro has announced that it’s retiring its InterScan Messaging Hosted Security (IMHS) platform in favor of the all-new Hosted Email Security product starting in April.

Trend Micro Launches Hosted Email Security Service

MSP Mentor – 3/15/10

What’s Your Story?

Computer security company Trend Micro has an offer for any teen or adult who cares about Internet safety and security and wants to become an award winning filmmaker.

Internet safety video could win you $10,000

CNET: Safe and Secure – 3/16/10

Trend Micro, a computer security company, just launched an exciting new contest called “What’s Your Story?” where the first-place winner can receive $10,000.

Internet Safety Video Contest - First Prize Wins $10,000

YourSphere For Parents – 3/16/10

Are you handy with a video camera and have a great Internet safety story to share? Trend Micro wants to hear it.

Trend Micro Has $10k For Your Video!

Mad Mark’s Blog – 3/18/10

A Trend Micro contest called What's Your Story? will award $10,000 to the best short video about online safety and security.

Trend Micro Announces Internet Security Video Contest

eSecurityPlanet – 3/17/10

A contest conducted by Trend Micro in partnership with Common Sense Media, ConnectSafely and Identity Theft Resource Center will award $10,000 to the person who can create the best short video on Internet safety.

Submit Internet safety video & win $10K

The Huffington Post – 3/16/10

Security company Trend Micro is investing in a video contest that will award $10,000 to a student, teacher, parent or anyone else who can create the best short video about Internet safety.

MAGID ON TECH: Tech companies contribute to communities

San Jose Mercury News – 3/16/10

Trend Micro is inviting Netizens ages 13 and up to create short videos that share what it means to be "safe and smart online."

Trend Micro Asks: What's Your Story?

About.com: Christy's Family Computing Blog – 3/17/10

Daily Spotlight on Education 03/17/2010; Larry Magid: Submit Internet safety video & win $10K

The Cool Cat Teacher Blog – 3/17/10

Trend Micro has a new contest going called "What's Your Story?" that one of you guys could easily win.

Your Video Could be Worth $10,000

CPU Reviews – 3/16/10

This is pretty cool. Trend Micro (the computer security company) has launched the “What’s Your Story?” contest where amateur filmmakers can enter their Internet safety video and possibly win $10,000!

Win $10k for Your Internet Safety Video

Pandora’s Blog – 3/18/10

Trend Micro Mentions

Thomas Miller, Trend Micro executive vice president, stepped up to the stage to accept the Channel Champs award from Everything ChannelVice President and Editorial Director Kelley Damore in the areas of Technical Satisfaction, Financial Performance and Overall Winner in the Network Security category.

Celebrating Excellence: The CRN Channel Champions Awards

ChannelWeb – 3/2010

On the client side, Trend Micro had the strongest growth at 13.9 per cent, but Symantec retook the top spot with over a quarter of the market, outpacing McAfee, which saw more modest growth.

Security spending rebounding strongly; Spending rises by more than 10 per cent in last quarter of 2009

V3.co.uk – 3/15/10

The bad guys know a good con when they see one. Many of the fake AV programs are "packaged" (i.e. fake ads show fake packaging) to look like McAfee, Symantec/Norton, Trend Micro and others.

The Rise of Free -- and Fake -- Antivirus Software; Free AV is gaining share but not as fast as the phony stuff

Network World – 3/15/10

To make sure it wasn't a false positive, The Register checked with anti-virus firms Immunet and Trend Micro, both of which said the infection is real.

Energizer battery rechargers still haunted by trojan backdoor; Really does keep going and going

The Register – 3/18/10

Trend Micro Internet Security Suite Pro 2010 offers all the latest buzzwords, but how well it delivers may be a mixed bag.

Trend Micro Internet Security Suite Pro 2010

About.com – 3/2010

As part of a major technology refresh initiative, St. Lawrence College underwent an evaluation of Trend Micro Enterprise Security solutions. The study convinced IT to switch from their previous vendor to Trend Micro.

St. Lawrence College and Trend Micro--Real World Solutions

Messaging News – 3/11/10

Other strong gainers included ambitious security appliance specialist, Fortinet, and Japanese vendor Trend Micro.

Cisco battered by large fall in security market; Rivals scoop up customers in Q4

Network World – 3/17/10

The tested applications include … and Trend Micro Internet Security 2010, version 17.50.1366.0000.

More Anti-Virus Fail

InformationWeek’s Security Weblog – 3/13/10

Worry Free protects business computers from web-based threats such as malware and viruses. It's designed for small businesses with no server, and no full time IT people to administer security updates

William's Business Security Blog; Trend Micro Worry Free Security Services

About.com: Business Security – 2/8/10

The appliance was also chosen as SC Magazine's 'Best Buy' for this group test, which included other vendor email security solutions from Fortinet, McAfee, PGP, Proofpoint, Trend Micro, and several others.

Sophos Email Security Appliance Gets 5-Star Rating in SC Magazine Group Test

Wireless News – 3/15/10

Kaspersky Lab Americas continued its 2010 hiring tear with the announcement last week that it lured channel vet Dan Burke from Trend Micro to head up Kaspersky's U.S. enterprise sales team.

Kaspersky Steals Trend Micro Exec to Head Up U.S. Sales in Security

Channel Insider – 3/15/10

Trend Micro Quotes

Network World

March 18, 2010

Tailored enterprise security solutions needed: Trend Micro

New alliance to boost IT compliance and assessment of vulnerabilities

By Ross O. Storey, MIS Asia

The rapidly evolving information technology threat landscape means enterprises are now demanding tailored security solutions across physical, cloud computing and virtualised environments, according to IT risk and compliance specialists Trend Micro.

Increasingly complex IT threats are driving businesses to boost compliance and vulnerability assessment.

Trend Micro outlined the latest trends when announcing an expansion of its security and compliance coverage through a strategic relationship with Qualys, a specialist in on-demand IT security risk and compliance management solutions.

Under the agreement, Trend Micro will repackage and sell the QualysGuard IT Security and Compliance Suite with its Trend Micro Enterprise Security compliance offerings.

With this new alliance, Trend Micro says it will offer organisations more comprehensive IT security compliance capabilities, including vulnerability and threat management, plus compensating controls and assessment, It will also enhance enterprise reporting and submission to meet GRC (governance, risk and compliance) requirements.

Integrated solutions as a service

"It's no longer enough just to identify vulnerabilities or threats," said Charles Kolodgy, IDC research director, security products. "Customers are demanding integrated solutions, preferably delivered as a service, that span the spectrum from assessment through protection."

Trend Micro CEO Eva Chen said: "Our alignment with Qualys, the recognised market leader in vulnerability and compliance management, allows us to extend our commitment towards security that fits. We are creating tailored security solutions that fit seamlessly into a corporation's overall IT network, whether they are in physical, cloud or virtualised environments."

Qualys chairman and CEO Philippe Courtot said that, with the rise of cloud computing and rapid technological changes, it was now imperative for vendors to work together to enable customers to secure their data and meet compliance requirements beyond the enterprise walls.

"We are thrilled to work with Trend Micro to help customers worldwide identify and remediate threats, protect against malware that could have previously evaded detection and give them a precise view of their global security and compliance posture," Courtot said.

http://www.networkworld.com/news/2010/031810-tailored-enterprise-security-solutions-needed.html?hpg1=bn

Return to top

Network World

March 16, 2010

Why is cloud computing hard? Top tech execs speak their minds

Execs at Microsoft, Trend Micro, EMC's RSA division, McAfee and Symantec tackle the question of cloud security

By Ellen Messmer, Network World

"It's going to be an ongoing challenge and ongoing area of not only technical innovation but also of communications innovations," said Microsoft CEO Steve Ballmer during an appearance at the University of Washington earlier this month. "Some people think the cloud is pretty darn safe, some people know that it is not safe and secure, and some other people don't think much about it at all. Can we give people the tools that let them feel in control, let them feel responsible? I think [users] will know [cloud security] when they see it. The problem right now is that users don't really know what's going on…and really making the tools and technologies that make it easy to manage the interaction is important."

Sharing makes cloud security a challenge, said Eva Chen, CEO at Trend Micro, in a conversation with Network World at RSA: "Traditionally, the IT infrastructure you owned. With cloud computing, you share the computing power, you share the storage. You want to know who you're sharing with. For security, are you going to live in a hotel with your door unlocked? Like a hotel, you may be temporarily renting in cloud computing. You need to know there are locks."

Network World also caught up with Art Coviello, president of EMC's RSA division and executive vice president at EMC, at RSA. "The hardest thing about cloud security? I honestly feel it's at the chip level because having that hardware root of trust is critical. It's the sine qua non of the process," Coviello said. "Another thing that's a big challenge in this is manageability. To manage all the controls, [you have to] merge security policy with your overall business policy and get those coordinated and leveraged. The organization subscribing to the cloud service has to be able to dictate federation or policy to the cloud provider. Only they can they decide."

Dave DeWalt, president and CEO at McAfee, told Network World that education is the biggest challenge: "Many companies are nervous now because for 20 to 30 years they've controlled their destiny, but in the cloud approach, applications are managed sometimes by several vendors to control their data. They're uneasy about losing control over critical assets. That's the first thing. And you don't have any standards for cloud-based computing today. The maturation of cloud-based computing is in its infancy, so it needs to evolve. Vulnerabilities exist and mistakes are made."

Enrique Salem, president and CEO at Symantec, said cloud computing puts some new requirements on security. "To begin with, from an infrastructure perspective, security will need to move closer to the applications and data. In a shared services architecture, it isn't sufficient for security to simply protect the cloud perimeter, the data center or even the individual servers and storage arrays," Salem said in an e-mail interview.

"Secondly, organizations need stronger information governance for managing corporate information. Organizations need to define policies and procedures and enforce them. This can be easier said than done. Another critical requirement is the need for IT to have better visibility into the security posture and operations of the cloud service provider. Service consumers need real-time visibility into their cloud vendor's security posture so that they can trust their information is being secured and managed in accordance with their governance policies. Finally, cloud-based security services that can work together with on-premise solutions will be required. This interoperability will be key and enable organizations to leverage different models together and maximize the benefits they both bring."

Read more about security in Network World's Security section.

http://www.networkworld.com/news/2010/031510-cloud-security-opinions.html

Return to top

The Beach Reporter (Manhattan Beach, California)

March 12, 2010

An invitation to crime: How a friendly click can compromise a company

By Byron Acohido, USA Today

SAN FRANCISCO _ "Hey Alice, look at the pics I took of us last weekend at the picnic. Bob"

That Facebook message, sent last fall between co-workers at a large U.S. financial firm, rang true enough. Alice had, in fact, attended a picnic with Bob, who mentioned the outing on his Facebook profile page.

So Alice clicked on the accompanying Web link, expecting to see Bob's photos. But the message had come from thieves who had hijacked Bob's Facebook account. And the link carried an infection. With a click of her mouse, Alice let the attackers usurp control of her Facebook account and company laptop. Later, they used Alice's company logon to slip deep inside the financial firm's network, where they roamed for weeks. They had managed to grab control of two servers, and were probing deeper, when they were detected.

Intrusions like this one _ investigated by network infrastructure provider Terremark _ can expose a company to theft of its most sensitive data. Such attacks illustrate a dramatic shift under way in the Internet underground. Cybercriminals are moving aggressively to take advantage of an unanticipated chink in corporate defenses: the use of social networks in workplace settings. They are taking tricks honed in the spamming world and adapting them to what's driving the growth of social networks: speed and openness of individuals communicating on the Internet.

"Social networks provide a rich repository of information cybercriminals can use to refine their phishing attacks," says Chris Day, Terremark's chief security architect.

This shift is gathering steam, tech security analysts say. One sign: The volume of spam and phishing scams _ like the "LOL is this you?" viral messages sweeping through Twitter _ more than doubled in the fourth quarter of 2009 compared with the same period in 2008, according to IBM's X-Force security research team. Such "phishing" lures _ designed to trick you into clicking on an infectious Web link _ are flooding e-mail inboxes, as well as social-network messages and postings, at unprecedented levels.

An infected PC, referred to as a "bot," gets slotted into a network of thousands of other bots. These "botnets" then are directed to execute all forms of cybercrime, from petty scams to cyberespionage. Authorities in Spain recently announced the breakup of a massive botnet, called Mariposa, comprising more than 12 million infected PCs in 190 countries.

Three Spanish citizens with no prior criminal records were arrested. Panda Security, of Bilbao, Spain, helped track down the alleged ringleader, who authorities say has been spreading infected links for about a year, mainly via Microsoft's free MSN instant messenger service.

"It became too big and too noticeable," says Pedro Bustamante, senior researcher at Panda Security. "They would have been smarter to stay under the radar."

What happened to Bob and Alice, the picnickers at the financial firm, illustrates how social networks help facilitate targeted attacks. As a rule, tech-security firms investigate breaches under non-disclosure agreements. Honoring such a policy, Terremark used pseudonyms for the affected employees in supplying USA Today with details of what happened at the financial institution.

Investigators increasingly find large botnets running inside corporate networks, where they can be particularly difficult to root out or disable. "Social networks represent a vehicle to distribute malicious programs in ways that are not easily blocked," says Tom Cross, IBM X-Force Manager.

The attacks run the gamut. In just four weeks earlier this year, one band of low-level cyberthieves, known in security circles as the Kneber gang, pilfered 68,000 account logons from 2,411 companies, including user names and passwords for 3,644 Facebook accounts. Active since late 2008, the Kneber gang has probably cracked into "a much higher number" of companies, says Tim Belcher, CTO of security firm NetWitness, which rooted out one of the gang's storage computers.

"Every network we see today has a significant problem with some form of organized threat," Belcher says. The Kneber gang "happened to focus on collecting as many network-access credentials as possible."

Stolen credentials flow into eBay-like hacking forums where a batch of 1,000 Facebook user name and password pairs, guaranteed valid, sells for $75 to $200, depending on the number of friends tied to the accounts, says Sean-Paul Correll, researcher at Panda Security. From each account, cyberscammers can scoop up e-mail addresses, contact lists, birth dates, hometowns, mothers' maiden names, photos and recent gossip _ all useful for targeting specific victims and turning his or her PC into an obedient bot, Correll says.

On the high end, the Koobface worm, initially set loose 19 months ago, continues to increase in sophistication as it spreads through Facebook, Twitter, MySpace and other social networks. At its peak last August, more than 1 million Koobface-infected PCs inside North American companies were taking instructions from criminal controllers to carry out typical botnet criminal activities, says Gunter Ollmann, vice president of research at security firm Damballa.

In another measure of Koobface's ubiquity, Kaspersky Labs estimates that there are 500,000 Koobface-controlled PCs active on the Internet on an average day, 40 percent of which are in the U.S., 15 percent in Germany and the rest scattered through 31 other nations. "The personal information employees post day-by-day on Facebook is turning out to be a real gold mine," says Stefan Tanase, a Kaspersky Lab senior researcher.

Facebook, the dominant social network, with 400 million members and therefore the biggest target, says recent partnerships with Microsoft and security firm McAfee to filter malicious programs help keep compromised accounts to a small percentage. "We are constantly working to improve complex systems that quickly detect and block suspicious activity, delete malicious links, and help people restore access to their accounts," says spokesman Simon Axten.

Still, social networks have grown popular because they foster open communication among friends and acquaintances, which plays into the bad guys' hands, says Eva Chen, CEO of anti-virus firm Trend Micro.

"These new communication platforms are where people go, so that's where the hackers are going," Chen says.

Meanwhile, discussions about restricting workplace use of social networks and training employees to be more circumspect are just beginning to percolate at venues like the big tech security trade show held the first week of March in San Francisco sponsored by RSA, the security division of EMC. "Most larger businesses simply ask employees to watch their time spent on social-networking sites," says Ollmann.

Each infected PC in a corporate network represents a potential path to valuable intellectual property, such as customer lists, patents or strategic documents. That's what the attackers who breached Google and 30 other tech, media, defense and financial companies in January were after. Those attacks _ referred to in security circles as Operation Aurora _ very likely were initiated by faked friendly messages sent to specific senior employees at the targeted companies, says George Kurtz, McAfee's chief technology officer.

The attack on the picnicking co-workers at the financial firm illustrates how targeted attacks work. Last fall, attackers somehow got access to Bob's Facebook account, logged into it, grabbed his contact list of 50 to 60 friends and began manually reviewing messages and postings on his profile page. Noting discussions about a recent picnic, the attackers next sent individual messages, purporting to carry a link to picnic photos, to about a dozen of Bob's closest Facebook friends, including Alice. The link in each message led to a malicious executable file, a small computer program.

Upon clicking on the bad file, Alice unknowingly downloaded a rudimentary keystroke logger, a program designed to save everything she typed at her keyboard and, once an hour, send a text file of her keystrokes to a free Gmail account controlled by the attacker. The keystroke logger was of a type that is widely available for free on the Internet.

The attackers reviewed the hourly keystroke reports from Alice's laptop and took note when she logged into a virtual private network account to access her company's network. With her username and password, the attackers logged on to the financial firm's network and roamed around it for two weeks.

First they ran a program, called a port scan, to map out key network connection points. Next they systematically scanned all of the company's computer servers looking for any that were not current on Windows security patches. Companies often leave servers unpatched, relying on perimeter firewalls to keep intruders at bay. The attackers eventually found a vulnerable server, and breached it, gaining a foothold to go deeper.

A short time later, the attackers were discovered and cut off. One of Bob's Facebook friends mentioned to Bob that the picnic photos he had sent had failed to render. That raised suspicions. A technician took a closer look at daily logs of data traffic on the company's network and spotted the vulnerability scans.

Terremark's Day says two or three collaborators, each with different skill sets, most likely worked together to pull off the attack. "They were noisy about how they went about this," says Day. "Had they been quieter they would've gotten much further."

Return to top

ZDNet UK

March 18, 2010

Be prepared for the year of mobile malware

By Rik Ferguson

The number of types of attack on mobile devices may not be growing, but circumstances are conspiring to create a genuine threat, says Rik Ferguson.

The rise in threats to mobile devices is definitely real, although still a long way from reaching epidemic proportions. The real message for the coming months is about preparedness.

There were a limited number of new threats in 2009, but a significant increase in their complexity and criminal intent. Signs are that consumer acceptance of mobile phone-based financial activity is now mainstream, with handset banking applications even being advertised on primetime television.

Rudimentary botnets

Two distinct handset-based rudimentary botnets emerged last year: one on the Symbian platform, which was aimed at stealing phone identity details and propagated through SMS; and one more recently that affected only jailbroken iPhones, but was clearly aimed at banking customers in the Netherlands, stealing their details and passing them on to a command-and-control server in Lithuania.

With this change in consumer habits and also the possibility, finally, of some sort of handset monoculture being created at the application layer — with the cross-platform availability of Adobe Flash for mobile — expect to see more mobile-related malicious activity, the extent of which will be dictated by consumer behaviour.

It is true to say that the threat is growing, but it is really more in complexity than in sample size. In fact, some commentators have noted that the raw number of malicious code samples has actually dropped over recent years.

Social engineering

It is important to remember that many of today's threats do not rely on malicious code and are purely web-based social-engineering exercises, such as pushing rogue social network applications, and phishing for bank, email, social networking or other credentials.

These attacks target the end user, irrespective of the device they are using — whether it be a mobile handset, netbook or PC. The problem is sometimes exacerbated on handsets by the way web browsers have been designed to save on screen space. For example, the default browser on my Symbian-based handset does not show the URL of the page I am visiting, yet that feature is often our last line of defence against phishing attacks and scam websites.

It is difficult to say whether one mobile operating system is more or less vulnerable than another, as again vulnerability is influenced by user behaviour to a large degree. Most handset operating systems enforce code-signing, meaning no unauthorised code can be run, but the user is free to disable this.

Apple iPhones have a relatively secure architecture that prevents applications from seeing files other than their own. But many users jailbreak theirs and install unapproved, unexamined apps, which opens security holes. The latest iPhone worms exploited holes of this type.

Mobile malware will be driven by consumer behaviour. Online crime is about money and as more mobile devices are used for web browsing, banking or storing personal information, their attractiveness will increase. The lack of a dominant vendor is also a mitigating factor, but in the world of exploits and malware, most attacks are now aimed at applications, rather than operating systems.

Common attack vector

The emergence of Adobe Flash for mobile devices may begin to provide the common attack vector that is currently missing. Certainly, once an operating system attracts determined criminal intentions, you can bet more flaws will become apparent.

The key protection for the enterprise when it comes to handsets is encryption, which is great against loss or theft of devices, preferably with a remote-wipe capability. Data leak prevention tools are also beginning to offer some integration with mobile services to prevent sensitive corporate data from being transferred onto vulnerable devices in the first place.

Mobile devices and the protection thereof should be managed in a very similar context to the more familiar computer estate of the enterprise — through central management, central policies and centralised logging. Acceptable use policies should be revisited to ensure they contain guidelines on the use of mobile devices and training should be more than a one-off event. Of course, that is true of all security training.

I would suggest a tip-of-the-day approach to security training — daily, small message stuff. As more and more user-configured and user-supplied technology creeps into the workplace, enterprises need to invest in building a culture of security.

Rik Ferguson is senior security adviser for Trend Micro. He has over 15 years' experience in the IT industry with companies such as EDS, McAfee and Xerox.

http://www.zdnet.co.uk/news/security/2010/03/18/be-prepared-for-the-year-of-mobile-malware-40052437/

Return to top

BBC News

March 18, 2010

Spammers survive botnet shutdowns

Spam levels have not been dented by a series of strikes against controllers of networks of hijacked computers.

Early 2010 has seen four such networks, or botnets, tackled via arrests, net access cutoffs and by infiltrating command systems.

The successes have not inconvenienced hi-tech criminals who found other routes to send spam, say experts.

And, they add, despite falling response rates, spam remains too lucrative for criminals to abandon.

Cable cutting

In early March, many parts of the command and control (C&C) system for the Zeus botnet were knocked out of action as Cisco and others cut off the Kazakhstani ISP being used to administer it.

The action comes on top of similar success against the Lethic, Waledac and Marioposa botnets in early 2010.

"So as far as impact on spam goes it has been minimal," said Rik Ferguson, a senior security analyst at Trend Micro.

Statistics on spam and botnet numbers in the UK gathered by Trend Micro show that the rates of both have stayed constant despite the growing numbers of successes against these networks of hijacked home PCs.

Victims, typically users of Windows machines, often fall victim via booby-trapped e-mail messages or through websites that slip malware onto computers via software vulnerabilities.

Botnet controllers have shown resilience in recovering swiftly after a shutdown. 2008 saw the close down of an ISP called McColo which provided net connections for many botnets. As a result of that, global spam levels dropped by 70% but it did not take long for junk mail levels to start climbing again.

Similarly, the recent action against the Zeus botnet briefly caused the number of C&C computers behind it dropping by a quarter. Since then, however, numbers have been climbing and the network is closing in on its earlier total.

The problem, say experts, is that those who send spam are not those that run the botnets. As a result, if one botnet disappears then spammers and other hi-tech criminals simply shop around for another.

Cashing in

Hi-tech criminals persist with spam despite evidence that response rates are plummeting.

Only 28 responses were recorded from a spam campaign of 350 million e-mails found a study carried out by Professor Stefan Savage and colleagues at the University of California, San Diego.

Of those 350 million, only 23.8% made it through spam filters to e-mail inboxes and resulted in more than 10,000 visits to site peddling cheap pills.

Professor Savage said it was difficult to draw conclusions based on its limited data but said even with response rates of 0.00001%, the most prolific spammers could potentially make millions of dollars per year.

"It is true that over the years spam campaigns have become less successful for certain age demographics in the USA and most of Europe, but not so much in Asia and developing countries." said Paul Sop, chief technology officer at security firm Prolexic.

"What counts is not the amount of spam being sent, but how profitable/effective the campaign is," he said. "Smaller more targeted spam campaigns, especially phishing, are more effective."

Mr Ferguson from Trend Micro said low response rates did not mean that spam had become a solved problem in some countries.

"Spam is not just about selling spurious bargains anymore," he said. Typically, he said, spam was the trigger that led people to a website where they may fall victim to some kind of malware.

"Most non-commercial spam these days is aimed solely to get you to click on a link, even out of curiosity," he said. "As soon as you click on that link, you're infected, most likely to become yet another botnet victim, have your identity and information stolen and go on to participate, all unknowingly in the infection of further victims."

http://news.bbc.co.uk/2/hi/technology/8570993.stm

Return to top

ZDNet: Zero Day

March 18, 2010

Facebook password reset themed malware campaign in the wild

By Dancho Danchev

Facebook is warning its users on an ongoing BredoLab malware serving campaign using the well known “Facebook Password Reset Confirmation Customer Support” social engineering theme.

More details on the campaign:

Subject: Facebook Password Reset Confirmation Customer Support

Message: “Dear user of Facebook,Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document. Thanks, Your Facebook.”

Asked to comment on the inner workings of the campaign, TrendMicro’s Ivan Macalintal commented that based on the samples he analyzed, the same campaign was also seen in October, 2009.

Moreover, according to Gary Warner, “The malware being delivered is called ‘BredoLab.’ It has been occasionally spread by spam since May of 2009,” Warner says. “The UAB Spam Data Mine has observed at least eight versions of the Facebook BredoLab malware since March 16.

“What is troubling is the newer versions of the BredoLab used in this latest attack campaign are not being detected by the majority of anti-virus services — and that means the majority of users who unwittingly click on the bogus attachments linked to fake e-mails are going to have their computers infected“.

The Zeus crimeware and Bredolab connection

In a recently published paper “ZeuS: A Persistent Criminal Enterprise” TrendMicro further details the connections between Zeus and BredoLab:

* According to our research, BREDOLAB and ZeuS are individual tools that are freely available in the cybercriminal underground. Their uses complement each other, which is why we very often see them together.ZeuS specializes in stealing information from infected systems. BREDOLAB, on the other hand, is a software that enables cybercriminal organizations to deliver any kind of software to its victims. Once a user’s machine is infected by BREDOLAB, it will receive regular malware updates the same way it receives software updates from the user’s security vendor.

The practice of using the same social engineering theme over a longer period of time, is nothing new. For instance, the fake Conficker infection alert campaigns originally seen in April, and October 2009, were also spamvertised last month.

Campaign outbreak graph courtesy of Commtouch.

http://blogs.zdnet.com/security/?p=5787

Return to top

V3.co.uk

March 16, 2010

Facebook urges users to avoid rogue apps

Company is "aggressively disabling" the bogus applications

By David Neal

Facebook is warning users about yet another threat on the site, this time a raft of new applications that claim to allow users to see who is viewing their profile.

The popular social networking site said it is "aggressively disabling" the apps, warning users that they do not work and should be avoided.

In a statement, Facebook said: "Don't believe any applications that claim they can show you who's viewing your profile or photo. They can't."

Security expert Rik Ferguson echoed this warning on Trend Micro's Countermeasures blog.

He added that he hoped this latest wave of rogue apps would prompt Facebook to review its application publishing policy.

"Now that these things are becoming a regular occurrence there must be a tremendous burden being placed on the incident response handlers at Facebook that could be better channeled into an application vetting process," he said.

http://www.v3.co.uk/v3/news/2259619/facebook-removing-rogue-apps

Return to top

The Register

March 15, 2010

Facebook users warned over stalk-my-profile scam

Crap snoop app escapes whack-a-mole policy

By John Leyden

A bogus application that lures Facebook users by falsely offering to show who has been viewing their profile has been exposed as a scam.

All of the rogue apps are spread by updates seeking to lure the friends of previous victims to give the stalkerware a try. Some even offer a photo montage of a victim's contacts in a bid to add more authenticity. However, none of the apps actually do anything except profit their creators via ad affiliate revenues and deceptive tactics.

"The app itself is designed to look convincing enough, but none of the many 'Continue' buttons it offers will activate some under-the-counter profile checking functionality - they will just push you into another Facebook app earning the scammer advertising revenue in the process," Ferguson explains in a blog post (http://countermeasures.trendmicro.eu/whos-checking-your-facebook-profile-scammers) containing screenshots illustrating the scam, which resurfaced over the weekend.

"There is no officially sanctioned Facebook functionality that will allow you to view who has been checking your profile."

Facebook recently removed the ability for applications to send notifications directly. The unknown creators of stalk-my-profile have built in functionality designed to get around that limitation while still attracting the attention of would-be marks.

Security staff at Facebook acted promptly on Sunday to remove the rogue apps. That's all well and good, but Ferguson argues that only the introduction of an app-vetting scheme - something he first suggested over a year ago - stands any chance of bringing under control the growing problem of misuse of the social network by rogue application developers.

A similar scam again involving a supposed answer to the question "Who is checking your profile?" was squashed by Facebook in late February, Websense reported (http://securitylabs.websense.com/content/Blogs/3563.aspx) at the time. The reappearance of much the same scam just two weeks later underlines Ferguson's contention that simply playing whack-a-mole with rogue apps is a waste of resources that unnecessarily endangers Facebook users.

Another run of rogue apps, detected by Ferguson at the end of February, attempted to fool victims into clicking the spam notifications it sent out, earning dodgy developers affiliate-based ad revenues in the process. The app adopted the name “Like” and borrowed the icon from the official Facebook “Likes” function, but was in reality nothing more than cheap crud whose only function was to direct users towards a website offering an application called Zwinky, as Ferguson explains here (http://countermeasures.trendmicro.eu/page/2/).

http://www.theregister.co.uk/2010/03/15/facebook_profile_stalk_scam/

Return to top

SC Magazine

March 15, 2010

Facebook users warned of new malicious application that claims to show who looks at your profile

By Dan Raywood

The removal of application notifications on Facebook has led to bogus applications that claim to show which of your friends are viewing your profile.

After speaking to SC Magazine earlier this month about the social networking sites' application notifications on actions and changes, Trend Micro senior security advisor Rik Ferguson claimed that he had identified a wave of applications that promise to reveal the truth about which of your friends are viewing your Facebook profile. However he claimed that ‘the promise is worthless and the apps are bogus'.

Facebook users will now likely see users adding the application, which adds a montage that claims to include the friends who look at your profile the most. The users in the montage are then tagged, spreading the rogue application further.

Ferguson said: “The app itself is designed to look convincing enough, but none of the many ‘continue' buttons it offers will activate some under-the-counter profile checking functionality, they will just push you into another Facebook app earning the scammer advertising revenue in the process.

He called for Facebook to review its application publishing policy, as these things are becoming a regular occurrence and there must be a tremendous burden being placed on the incident response handlers at Facebook that could be better channelled into an application vetting process.

“For now though, just don't click the links, they will disappear from your streams as Facebook remove the offending apps. There is no officially sanctioned Facebook functionality that will allow you to view who has been checking your profile,” said Ferguson.

http://www.scmagazineuk.com/facebook-users-warned-of-new-malicious-application-that-claims-to-show-who-looks-at-your-profile/article/165778/

Return to top

Entrepreneur

March 18, 2010

Should You Farm out Your Data Protection?

Now, even your security can be handled by cloud computing software--but consider these factors before you get on board.

By Dal Gemmell

As a smart entrepreneur, the biggest problem to contend with in regards to cyber criminals is that they're smart entrepreneurs, too. They're highly motivated and technically proficient hard workers.

What they're after isn't fame or notoriety. It's about money. Specifically, that means stealing data--personal and business facts and figures that can be used to generate illegal profits. It also means hijacking the computing power of your PCs and servers to steal other people's data in order to generate more profit.

It's true that businesses of all sizes are at risk and successful hacks at large corporations can pay off in a big way, but multinationals can also put up better defenses. Smaller businesses, by contrast, typically have limited IT resources, and the sheer number of firms in this category makes them irresistible. Even if your online transactions don't involve money or billing, you're still a fair target just by being connected to the internet.

So how do business owners avoid becoming another statistic?

Get in the cloud. Cloud-security's value proposition is focused on saving money by scaling to your business needs and improving productivity; it also allows you to stay connected wherever you are, whether you're using a laptop, desktop, or smart phone.

By working in the cloud, you get faster, more responsive protection without overburdening and slowing down your computers, especially as the volume of threats increase. Cloud security uses the internet and the security company's computers (data centers) to shoulder security technologies instead of relying on your PC's storage space.

But not all cloud-security is created equal. Before you make the final decision on which security product to purchase, I'd encourage you to ask these questions either to yourself, your channel partner or to the security vendor you're considering:

* Does the vendor offer cloud-security products that can actually stop online threats before they even hit your office, and without slowing down your computers? Many vendors claim to do this, but unless the technology is integrated in the products that's specifically tailored for your business, their claims can come up empty.

* Does the vendor have the size, expertise, and experience to not only invest, but maintain a cloud security infrastructure? An effective cloud security vendor needs global reach, a brigade of security experts, and multiple datacenters that can continue to scale to stop hundreds of millions of threats per hour around the globe.

* Is the technology mostly organically developed or through acquisitions? This is important because a big component of cloud security is how the technologies involved all work together. Companies that "grow" and develop their own technologies have a higher success in making sure they all meld together seamlessly which equals more effective protection.

The idea of the most effective protection not completely residing on your PC, but floating somewhere out there can be a hard concept for some self-sufficient business owners to accept. But, in today's borderless, electronic universe, relying on security outside of your businesses wall can be the safest measure of all.

- - -

http://www.entrepreneur.com/technology/newsandtrends/article205628.html

Return to top

IT-Director.com

March 18, 2010

Cloud Computing: What is it really?

By: Simon Holloway, Practice Leader - Process Management & RFID, Bloor Research

There is a noise going about that cloud computing can cut costs, speed implementations, and scale quickly. However, the noise may be slightly off-the mark—particularly in product pitches!

Just what is Cloud Computing? Search.com provides the following definition, "Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)." The term cloud is used as a metaphor for the Internet, based on the cloud drawing used to depict the Internet in computer network diagrams as an abstraction of the underlying infrastructure it represents. Martin Banks, Associate Analyst at Bloor Research for Data Centres, told me, "I prefer the term Exostructure—an externally sourced (and theoretically limitless) seamless extension of an internal IT systems infrastructure that delivers information services on a fee-paying basis. This is looking at the issue from the users' point of view."

Infrastructure-as-a-Service, like Amazon Web Services, provides virtual server instances with unique IP addresses and blocks of storage on demand. Customers use the provider's application program interface to start, stop, access and configure their virtual servers and storage.

Platform-as-a-Service in the cloud is defined as a set of software and product development tools hosted on the provider's infrastructure. Developers create applications on the provider's platform over the Internet. PaaS providers may use APIs, website portals or gateway software installed on the customer's computer. Force.com, (an outgrowth of Salesforce.com) and GoogleApps are examples of PaaS. Developers need to know that currently, there are not standards for interoperability or data portability in the cloud.

In the Software-as-a-Service cloud model, the vendor supplies the hardware infrastructure, the software product and interacts with the user through a front-end portal. SaaS is a very broad market. Services can be anything from Web-based email to inventory control and database processing. Because the service provider hosts both the application and the data, the end user is free to use the service from anywhere.

A cloud service has three distinct characteristics that differentiate it from traditional hosting.

* It is sold on demand, typically by the minute or the hour;

* A user can have as much or as little of a service as they want at any given time; and

* The service is fully managed by the provider (the consumer needs nothing but a personal computer and Internet access).

So what does this really mean to a business? Well, rather than running computer applications on an in-house computer, you run them on an external machine, which could be anywhere in the world, and access the application programs via the internet. It also means that the data associated with the application is held externally to your organisation. So the application is hosted on a server with the associated data being stored in a database—all on a server run by a third party.

There is just one more piece that we need to understand and that is that a cloud service can be either public or private. What does this mean? A public cloud sells services to anyone on the Internet. Amazon Web Services is the largest public cloud provider at the time of writing. A private cloud is a proprietary network or a data centre that supplies hosted services to a limited number of people. Just one more term that you need to understand and that is virtual private cloud; this is when a service provider uses public cloud resources to create their private cloud.

What makes cloud computing so appealing at the moment? In a recent article[1], Nigel Stanley, Bloor Research's Security Practice Leader, said the following, "In an economic downturn cloud computing oozes sexiness. The thoughts of off loading your data to a third party gets financial types excited as they start to see how much money can be saved." Cloud computing means that rather than purchasing software, which would go on your CAPEX, you pay for it when you use it so it comes off your OPEX budget instead. Banks feels that, in fact, cloud computing will also reduce your OPEX spend as well as the implementation costs and associated consultancy costs will be less as well. On one point that Banks made I am not sure that I would agree with in that he felt the integration cost would also be smaller; I am not so sure and would advocate budgeting the same as an in-house implementation.

So how can cloud computing be used in manufacturing? CRM has been one of the first areas covered; this being piloted by salesforce.com with its launch in 2000. Salesforce.com's CRM solution is broken down into several modules: Sales, Service & Support, Partner Relationship Management, Marketing, Content, Ideas and Analytics. Salesforce.com's Platform-as-a-Service product (Force.com Platform) allows external developers to create add-on applications that integrate into the main Salesforce application and are hosted on Salesforce.com's infrastructure. Salesforce.com currently has 55,400 customers and over 1,500,000 subscribers. Why CRM? Well the answer, in my view, is due to the need to support a mobile sales force that needs to be able to record information easily and quickly without necessarily having contact always to the centre. Couple this with the need for the centre to have control over this distributed workforce and you create an ideal environment for cloud computing solution.

A number of the large ERP vendors, such as SAP, provide cloud capabilities. SAP launched its Business ByDesign in September 2007. Over the past couple of years Business ByDesign has been plagued by some really bad press. In September 2009, SAP gave a briefing to the industry on how it was tackling a number of the issues. These included:

* Scalability issues: all customers run on their own blade servers

* Overly "feature-rich": the suite was originally designed to meet all of the needs of its customer base instead of focusing on specific functionality

* Lack of corporate commitment: SAP is cutting R&D funding and shifting resources to other products

* Runs on NetWeaver: a full instance is too heavy for a SaaS application and finding "cloud developers" who have full Java EE stack experience may be tough

Infor entered the market in October 2008 with the launch of a SaaS version of ERP SyteLine. This is a very typical entry from an existing vendor in that it allows a user to move seamlessly between SaaS and on-premises deployment, or vice-versa.

Microsoft Dynamics entered the SaaS market in 2007 with the introduction CRM Live. This is run at Microsoft data centres around the world, along with all the other "Live" products such as Live Small Business Office. Software-plus-Services for Microsoft Dynamics ERP is the new capability being offered. This allows a user to choose to implement their Microsoft Dynamics software as a wholly-owned on-site solution, via online services, all or partly- hosted, or in any combination.

Oracle entered the market last year with the introduction of an offering comprising its Oracle Sourcing and Oracle Sourcing Optimization products. Nagaraj Srinivasan, Oracle's vice president for EBS supply chain management, in an interview with Managing Automation in March 2009, described the primary focus as being on automating the transactional aspects of material procurement. The tool can be used to aggregate demand; determine whether an RFP, RFQ, or other sourcing process is needed; compile contract terms; notify and qualify suppliers; establish prices and discounts and conduct multi-round negotiations; and aggregate and award bids. In addition, Oracle is offering CRM as a SaaS, called CRM On Demand.

Cloud Computing-based manufacturing solutions are emerging as viable competitors to products from established vendors. These cloud solutions are most commonly used for supply chain visibility, transportation management and supplier/contract negotiation. Vendors are rapidly creating cloud computing modules to address other manufacturing issues, such as: supply chain execution, shop floor planning, demand planning and production scheduling.

But where else? Christian Verstraete, HP's Chief Technologist for Manufacturing and Distribution services, believes a couple of areas will quickly become the favourites of manufacturing companies and these include:

* Cross enterprise collaboration. Verstraete sees cross-enterprise collaboration as being a current weak point in Supply Chain management. The required integrated environment would require the exchange of structured and unstructured data, of synchronous and asynchronous communication. By integrating multiple concepts of social networking and providing them in an integrated, cloud based environment, companies could use a variety of collaboration mechanisms to perform key business processes without having to manage the environment. Data can be contributed by the parties on request, limiting the sensitive data in the cloud. Mike Frichol, founder of Pragmatic Papers, stated:[2]. "Cloud computing provides a geographically dispersed network approach that is much better aligned to serve all these trading partners trying to communicate with each other through different systems. Supply chains are networks. Cloud computing comprises networks for delivering business applications anywhere, anytime—that should significantly improve supply chain capabilities, communication and coordination."

* High Performance Computing. Verstraete foresees the needs for additional computing power, as companies increase the use of digital models to virtually test their products and/or to understand their business environment better through business intelligence and decision making. The models used are typically highly parallelizable and fit well for a cloud environment as long as the amount of data they need to be provided with is not large, when the network could become a bottleneck.

But cloud computing can get a business in hot water if they have not thought through the many consequences, and this particularly means data security. Stanley states, "Without assurances that organisational data will be totally secure in a remote site the whole concept of cloud computing is dead in the water." So securing the cloud is vital for its success. With companies trusting their corporate data—their most important asset—to third party organisations, what another of my Bloor colleagues, Peter Cooke, describes as the holy trinity of confidentiality, integrity and accessibility, has to be assured. The infrastructure underpinning this is Identity Access Management (IAM). Without it, system access security is non-existent.

Another worry is about the ability of the provider of the service ability to still be around tomorrow. Raimund Genes, CTO at Trend Micro, the global security company, in a recent eBook[3]. "You need a provider that will be in business three years from now. When you give up your IT infrastructure, you need a reliable service provider." Banks stated that "With Cloud Computing you must realize that your business process in no longer in your complete control. It is wrapped into the cloud service and in the control of the provider" Therefore it is imperative that when choosing a cloud service provider, you choose one that is likely to be there for the long-haul, or a supplier that has a strategy to manage the situation if they are not there. Could we ESCROW agreement for business processes locked in cloud services?

The goal of cloud computing is to provide easy, scalable access to computing resources and IT services. Cloud computing users gain some significant economic advantages. They have no capital expenses. They have reduced service costs because of a simplified IT infrastructure. They do not have to buy systems scaled to their worst case use scenarios, and there is a reduction in large client applications. The primary disadvantages are the risks associated with Internet reliability, security and access of data, and the financial stability of the service provider.

[1] Generating Maximum Value from your IT Security Spend - An Analyst's Perspective. Nigel Stanley, Bloor Research, 29 September, 2009.

[2] The Cloud Computing Advantage for Companies that Outsource Manufacturing, Dr. Katherine Jones, Industry Week, April 24, 2009

[3] What to Expect from Cloud Computing, internet.com, Three Steps to Secure Cloud Computing, Robert McGarvey, 2009

http://www.it-director.com/business/innovation/content.php?cid=11990

Return to top

The Register

March 16, 2010

Anti-virus suites still can't block Google China attack

Protection layer flunks independent tests

By John Leyden

Analysis The vast majority of consumer anti-virus products are still failing to block the Operation Aurora exploits used in the high profile attack against Google and other blue-chip firms last December, according to independent tests.

NSS Labs evaluated the effectiveness of seven popular consumer endpoint security products to see which blocked variants of the Operation Aurora attack. The security testing firm reckoned that most, if not all, of the products would block the exploit and malicious code payloads associated with an ultra-high profile attack that has been a mainstay of talk in the information security biz for the last six weeks.

However, only security software from McAfee out of all the seven tested products "correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection", NSS discovered to its surprise. Other tested security suites - AVG Internet Security, ESET Smart Security 4, Kaspersky Internet Security, Norton Internet Security 2010, Sophos Endpoint Protection for Enterprise and Trend Micro Internet Security 2010 - all failed.

NSS Labs argues that its research, unveiled at the BSidesAustin security conference on Saturday - highlights the importance of providing greater vulnerability-based protection.

"Rather than reactively blocking individual exploits or malware, vendors should focus on minimizing their customers’ risk of exposure by insulating the vulnerability," Rick Moy, president of NSS Labs explained in a statement.

The research has received a mixed reception from security vendors. Trend Micro, which received a thumbs-down in the test, nonetheless welcomed the research.

"NSS Labs is building up a series of tests that measure the protection at various 'protection layers'," said Anthony Arrott, product manager of security analytics at Trend Micro. "Individually, these tests do not attempt to measure end-to-end protection across all layers – ultimately what matters most to users."

Modern endpoint protection products rely on multiple layers of protection - including malicious attachment blocking, preventing access to malicious URLs and behaviour blocking as well as shielding the underlying vulnerability on the endpoint from being exploited - but the NSS tests only looked at the last of these layers, in concluding that only one in seven tested products snuffed out the exploit.

"Trend Micro is looking forward to the day when the independent security product testing laboratories develop tests that measure the end-to-end protection provided against threats regardless which layer thwarts the threat."

Non-vulnerability-shielding countermeasures in Trend Micro's arsenal already block the threat, he added.

Come and AVG a go

NSS' blog post on the tests includes a video illustrating how security software from AVG flunked the test.

AVG took exception to the exercise and posted a blog saying the tests were wrong. "AVG software stops the Aurora attacks just fine - in fact three different security rules of our software stop it," AVG argues.

The security firm, famous for its free-of-charge consumer security scanner, also criticised NSS for attempting to charge vendors for more information on how it ran its tests.

NSS responded to this post with its own broadside on Tuesday, defending its methodology and arguing that AVG's blog post showed the blocking of the exploit for surfers using Firefox - not IE - which is where problems arise.

Doing the business

Luis Corrons, technical director of PandaLabs, expressed concern that NSS tests were potentially misleading. Six of the seven tested products were designed for consumers, while the Aurora attack was targeting big companies, which use corporate antivirus products quite distinct from those used by consumers. Corporates have different protection layers (gateways, endpoint, etc.) but the NSS tests only looked at one layer of protection.

"A major issue is that product configuration is different, as the needs for corporate and consumer users are different, so a different result may be obtained depending on the product used in the test," Corrons explained. "For example, in a corporate environment it's common to block the http downloads of any packed file (malware is usually packed), but you'll rarely see that on a consumer product, as many games also use packers."

Moy acknowledged Panda had a point. "More extensive testing is being done on enterprise versions of these products and will be available to our clients in a few weeks," the NSS boss told El Reg. "We discussed the approach and testing with many of the vendors and other noted researchers with broad support for the initiative."

"The research was part of other independent testing work we were already performing when the Aurora attack became public. We performed and released the results to highlight issues that all endpoint security product users need to be aware of." ®

Updated

McAfee's software is not the only product capable of blocking Aurora at the first line of defence. F-Secure Exploit Shield, which is the part of the product that provides vulnerability layer protection, also thwarts Aurora., we're told. F-Secure's software was among the many products not tested by NSS.

http://www.theregister.co.uk/2010/03/16/aurora_av_test_fail/

Return to top

SPAMfighter News

March 18, 2010

New Research Study on Zeus Released by Trend Micro

Trend Micro, in its newly-published study named "Zeus: A Persistent Criminal Enterprise", says that of late, there has been an increase in the samples of Trojan Zeus at the rate of 300 daily on average.

Describing Zeus, Trend Micro said that it is chiefly a crimeware package which helped in the theft of Internet users' credentials for online banking along with other things. Moreover, it was associated with the organized criminals of Eastern Europe who designed it. Currently, it is available for sale-and-purchase by cyber-criminals in the underground shopping arena.

Trend Micro reportedly saw over 13,000 distinct Zeus samples alone in January 2010.

Trend Micro CTO, Raimund Genes commented on the findings and stated that Zeus is not a new concept, its there since many years. However, its recent upsurge in attacks is a worrisome issue, as reported by Net-security.org on March 10, 2010.

Furthermore, according to the study, to build the Zeus infected botnets, an extremely adaptable configuration file is used, which provides various particulars. These are: the bot network's name, the frequency in which it will transmit captured data back to the botmaster, as well as the server to which the bot must link up with. More significantly, there's a list in this file which enlists the banks Zeus is most likely to target.

Continuing further, Trend Micro also discusses an important characteristic of the new Zeus versions viz., the "Jabber" utility. This utility represents an IM (instant messaging) program of the open source type. Thus, JabberZeus represents a variant of Zeus through which the captured banking credentials are transmitted back via IMs. Subsequently, the botmaster uses those credentials to log into the victim's account without getting noticed.

Reportedly, during most of 2009, Zeus samples were spread through the Avalanche botnet as well. This botnet launched spam campaigns, which impersonated many well-known Web 2.0 sites such as MySpace and Facebook.

The spammers involved in the operation also attempted at copying e-mail as well as websites belonging to U.S government agencies such as the Internal Revenue Service, the Centers for Disease Control and Prevention, the Social Security Administration and the Federal Deposit Insurance Corporation, reports Trend Micro.

To conclude, the firm commented that the fight against Zeus continues, its not yet finished.

http://www.spamfighter.com/News-14055-New-Research-Study-on-Zeus-Released-by-Trend-Micro.htm

Return to top

Trend Micro Hosted Email Security

eChannelLine

March 15, 2010

Trend Micro unveils new platform with Hosted Email Security 2.0

By Mark Cox

Trend Micro has announced Trend Micro Hosted Email Security, which features both a new platform and some significant increases in the penalties the vendor promises to pay if it fails to live up to its' Service Level Agreements (SLAs).

"We have a brand new platform, with a whole new set of infrastructure, and some significant improvements in the software code," said Eric Jensen, senior product marketing manager for Trend Micro.

The first generation of this hosted product, which like this one has Trend Micro's Smart Protection Network infrastructure as its' engine, was known as InterScan Messaging Hosted Security (IMHS). The new version includes additional technology to further improve increase spam blocking efficacy. 99 percent or better spam blocking is one of the SLAs Trend Micro is promising.

"Trend Micro Hosted Email Security pledges customers will receive 100 percent service uptime, 99 percent or better spam blocking and zero email-based viruses." Jensen said. "We are also including our #1 rated anti-malware technology to stop malicious URLs embedded in email, which is something customers are very concerned about."

Jensen said that SLAs themselves are the same as in the first generation of the product. What is new is that the penalties Trend Micro promises to pay if the SLA is not maintained have been significantly increased, to show confidence in the product.

"On average, it's about three times stronger than most other vendors," he said.

Other new SLA commitments include no more than one minute of email delivery delays, no matter where you are in the world, and basically no false positives, with no more than three in one million emails incorrectly classified as spam. Jensen said Trend is able to make this commitment on false positives because the company has grown largely organically, and so has less of a problem with multiple sets of code acquired through integration that aren't fully integrated.

Jensen said that hosted email security is something all resellers need to consider seriously.

"The market for it is growing very rapidly, and resellers need to give hosted email security a shot," he said. "The question for resellers is do you want to sell this to your customer or do you want somebody else to."

Jensen acknowledged that some resellers don't bother with this kind of solution because the amount of money per box isn't that much, but he said that viewpoint ignores the larger perspective.

"They can attach hosted email security on top of another product they are selling," he said. "It's very easy to add it on top of an existing sale. And it also renews at 100 percent of the initial list cost."

"With email security, you also have to put a lot of time into the maintenance because the threats are consistently evolving. On-premise solutions customers have to do a lot themselves, but they don't have a lot of time, so if there is a problem, they are likely to blame the product or the VAR."

There are two versions of the product. Trend Micro Hosted Email Security (formerly IMHS Advanced), includes the full SLA, as well as inbound filtering, outbound filtering, content filtering and spam blocking settings and rules. Trend Micro Hosted Email Security -- Inbound Filtering (formerly IMHS Standard) includes SLA commitments for 100 percent uptime, zero email-based viruses, no more than one minute of email delivery latency and support response commitments, and only includes inbound filtering with default best practices spam blocking settings. Trend Micro Hosted Email Security starts at $40 per user. Trend Micro Hosted Email Security -- Inbound Filtering starts at $32 per user.

Existing IMHS Advanced customers will be automatically upgraded and migrated, at no cost, to Trend Micro Hosted Email Security. IMHS Standard customers -- including those customers who purchased IMHS Standard as part of the Worry Free Business Security Advanced bundle -- will be automatically upgraded and migrated at no charge to Trend Micro Hosted Email Security -- Inbound Filtering.

Both Trend Micro Hosted Email Security and Trend Micro Hosted Email Security Inbound Filtering will be available for purchase on April 1, 2010.

Interestingly, while these products received a name change as part of Trend Micro's new strategy of simplifying things with a common brand, the term 'cloud' -- which has become ubiquitous with similar solutions from other vendors -- is nowhere to be found in these.

"We've done customer research, and we found customers who want to buy this use 'hosted,' Jensen said. "They don't use 'cloud,' they don't use 'SaaS', We are using the language our customers use."

http://www.echannelline.com/usa/story.cfm?item=25536

Return to top

V3.co.uk

March 16, 2010

Trend Micro updates hosted email security platform

Service promises effective spam blocking and zero email-based viruses

By David Neal

Trend Micro today announced a new version of its Hosted Email Security Platform, which is designed to deliver cost-effective protection against mail-borne threats and malware.

“Email security is mission-critical for our customers,” said Trend Micro small business product marketing manager, James Walker.

“Trend Micro’s new Hosted Email Security 2.0 ensures customers receive 100 per cent service uptime, effective spam blocking and zero email-based viruses. In addition, we’re including our leading anti-malware technology stopping malicious URLs embedded in emails.”

The hosted platform connects to Trend Micro’s Smart Protection Network infrastructure, which uses cloud-based technology to analyse and filter more than 20 billion emails, web sites and files every single day, alerting customers to known and emerging threats.

Pricing for the service, which goes live on 1 April, starts at $40 (£26) per user.

Experts estimate that moving to a hosted email security platform can bring significant savings.

“According to our email best practices benchmarking, adding in hosted email security will typically reduce the time that IT staff must spend on email security maintenance by up to 75 per cent (or more in some cases) versus continuing with on-premises email security only,” said Michael Osterman of Osterman Research.

http://www.v3.co.uk/v3/news/2259600/trend-tackles-email-security

Return to top

Channel Insider

March 16, 2010

Trend Micro Revamps Hosted E-Mail Security

By Ericka Chickowski

Trend Micro Hosted Email Security stands atop a brand new technology platform and will replace the company's InterScan Messaging. It includes anti-malware technology baked directly into the platform

This week Trend Micro introduced to the channel a makeover to its hosted e-mail security platform that the company says will help partners add greater value to other overarching IT projects and satisfy customer's growing appetite for this e-mail security delivery model.

Introduced on Monday, Trend Micro Hosted Email Security stands atop a brand new technology platform and will replace the company's InterScan Messaging. Among other tweaks, Trend baked in its anti-malware technology directly into the platform, says Eric Jensen, senior product marketing manager for Trend.

"We're taking that core technology and now incorporating that into hosted e-mail security," he says. "It's particularly relevant for customers because malicious URLs embedded in e-mail is the number one emerging threat that people are most concerned about, and when you look at the data, they also are least satisfied with how email security vendors are addressing that particular threat.

Trend is so confident in the revisions that it also built in stronger money-back provisions within its SLA, which can be a significant differentiator for channel partners looking to get noticed within the increasingly crowded hosted e-mail security marketplace.

According to Jensen, with this latest release Trend hopes to win over even more channel partners to the hosted email security selling mindset, even among those who may not necessarily see the fit right away."If I'm a channel partner, I'm making money on hardware and implementation and that kind of thing, so I might wonder why I should be interested in selling hosted because I might perceive that there's no implementation and no margin there," he says. "The first thing to remember is that either your customer is going to buy it from you or they're going to buy it from someone else. And TrendMicro is historically 100 percent channel as opposed to Google or some of those other vendors out there. So there's just sort of a self-preservation element there."

As Jensen points out, IDC analysts estimate that hosted email security market will grow 32 percent through 2012, so there's no closing Pandora's Box. Partners who recognize that and leverage this shift to their advantage will end up helping to drive value to their customers. This may mean using the lower-margin products such as Trend's new release as an add-on to larger products.

"It is a very easy add-on sell for some typical projects that a VAR will be implementing with their customers," Jensen explains. "So, for example, adding in mail servers and then attaching hosted e-mail security and just saying, 'Hey, look, we're going to stop spam before it hits the network, it's going to extend the life of your current solution. It's essentially an insurance policy and you're going to get more value out of what you're buying from me right now."

http://www.channelinsider.com/c/a/Security/Trend-Micro-Revamps-Hosted-EMail-Security-Platform-580148/

Return to top

MSP Mentor

March 15, 2010

Trend Micro Launches Hosted Email Security Service

By Matthew Weinberger

Security software vendor Trend Micro has announced that it’s retiring its InterScan Messaging Hosted Security (IMHS) platform in favor of the all-new Hosted Email Security product starting in April. Here’s what service providers should know.

According to the press release, the main difference between IMHS and the new platform is simple — beyond an all new platform, the new Hosted Email Security offers enhanced malware and spam protection while increasing reliability to a promised 100% uptime.

Trend Micro Managed Email Security is going to come in two flavors: one that includes the full SLA, with inbound, outbound, and content filtering services, including spam blocking settings and rules, and one that does nothing but the inbound filtering. The former will cost $40 per user; the latter $32.

Apprently, the usual benefits of software as a service (SaaS) still apply. Trend Micro claims Managed Email Security is scalable, requires absolutely no intervention from IT staff, and it’s constantly updated with new threat information with no action required by the user.

There’s a lot of competition in the managed security arena. But we’ll be watching to see how Trend Micro differentiates.

http://www.mspmentor.net/2010/03/15/trend-micro-launches-hosted-email-security-service/

Return to top

What’s Your Story?

CNET: Safe and Secure

March 16, 2010

Internet safety video could win you $10,000

By Larry Magid

Computer security company Trend Micro has an offer for any teen or adult who cares about Internet safety and security and wants to become an award winning filmmaker. The company has launched a contest called "What's Your Story?" where the person who submits the best short video (no more than 2 minutes) can win $10,000. There are also four $500 prizes.

The deadline is April 30th and only residents of the U.S. and Canada who are 13 or older are eligible to win.

Entries must be about one of these four topics:

•Keeping a good rep online (avoiding embarrassing photos, videos, or postings)

•Staying clear of unwanted contact (including bullies)

•Accessing (legal) content that's age-appropriate (avoiding sites that are "offensive, violent, pornographic, full of foul language, or inappropriate for certain ages)

•Keeping the cybercriminals out (computer security issues like identity theft, scams, spam, viruses, and other bad stuff)

You don't need a fancy video camera. A Webcam, a cell phone video camera, or something like the Cisco Flip Camera will do.

http://news.cnet.com/8301-19518_3-10468385-238.html

Return to top

YourSphere For Parents

March 16, 2010

Internet Safety Video Contest - First Prize Wins $10,000

Trend Micro, a computer security company, just launched an exciting new contest called “What’s Your Story?” where the first-place winner can receive $10,000. Any teen (13 and up) or adult can enter the contest by submitting a short homemade video revolving around the topic of Internet safety.

Larry Magid, a technology journalist, co-director of ConnectSafely.org and one of the judges for the contest, announced the contest over CNET.com and provided the rules and details that contestants have to follow. To sum up the rules that Larry listed:

1. The submission deadline is April 30th, and only residents of the U.S. and Canada can participate.

2. The video cannot be more than 2 minutes long.

3. The video has to be based around one of these four sub-topics within Internet safety:

a. Keeping a good rep online (avoid posting embarrassing photos/videos online).

b. Avoiding unwanted contact.

c. Avoiding malicious sites and accessing content that is legal and age-appropriate.

d. Keeping cybercriminals out.

4. All video submissions will be checked for appropriateness before being considered as a legitimate contestant.

And as Larry says in his article, it would be great to see most of the submissions come from teens that care about Internet safety, or just making film in general. This contest is not only a great opportunity to win some cash, but it’s a great opportunity to promote some awareness about Internet-safety issues through the younger community.

For more information about the contest, visit Larry’s article at CNET.

Also visit Trend Micro’s website for some great sample videos.

Good luck!

http://internet-safety.yoursphere.com/news/internet-safety-video-contest-first-prize-wins-10000

Return to top

Mad Mark’s Blog

March 18, 2010

Trend Micro Has $10k For Your Video!

Are you handy with a video camera and have a great Internet safety story to share? Trend Micro wants to hear it.

The security vendor today launched the "What’s Your Story?" campaign, and is calling everyone in the US and Canada over the age of 13 to submit their videos on Internet safety. The campaign, which is sponsored and supported by the Trend Micro Internet Safety for Kids & Families initiative and its partners, is designed to help parents, teachers and youth become more aware of Internet safety issues so young people can be smart and safe when it comes to using the Internet.

Trend Micro is enabling kids, parents and educators to be smart about Internet safety through employee volunteerism, partnerships with organizations who share the same mission, and supporting causes that promote the Internet safety of kids around the world.

"When Trend Micro first launched Internet Safety for Kids & Families in 2008, we made a commitment to providing quality, practical information to those who have a stake in keeping young people safe on the Internet," said Lynette Owens, director of corporate outreach for Trend Micro. "We hope the "What’s Your Story?" campaign will be a fun, meaningful, and relevant way for people to share their creative sides, and promote Internet safety at the same time."

http://kohi10.wordpress.com/2010/03/18/trend-micro-has-10k-for-your-video/

Return to top

eSecurityPlanet

March 17, 2010

Trend Micro Announces Internet Security Video Contest

By eSecurityPlanet Staff

A Trend Micro contest called What's Your Story? will award $10,000 to the best short video about online safety and security.

"This is an opportunity for teens to share their own experiences and thoughts about Internet safety with their peers, which can be a lot more effective than lectures from adults," writes CNET News' Larry Magid. "Still, parents, teachers, and older students are also encouraged to enter, though contributions from teens are strongly encouraged."

"People who submit are encouraged to promote their own videos with links on their social-networking pages and blogs," Magid writes. "Judges will take into account the number of views -- not only as a way of promoting awareness but also giving filmmakers real-world experience in marketing and promotion."

Click here to read the CNET News article.

www.esecurityplanet.com/headlines/article.php/3871046

Return to top

The Huffington Post

March 16, 2010

Submit Internet safety video & win $10K

By Larry Magid

Technology journalist

Anyone in the U.S. or Canada that is 13 or older can submit a short video (up to 2 minutes) to What's your Story, about an aspect of Internet safety. To qualify, your entry must focus on one or more of these topics: "Keeping a good rep online", "Staying clear of unwanted contact" (including dealing with bullies), "Accessing (legal) content that's age-appropriate," and "Keeping the cybercriminals out" (computer security issues like identity theft, scams, spam, viruses, and other bad stuff).

I'll be one of the judges in my capacity as co-director of ConnectSafely.org. Trend Micro provides support to ConnectSafely and the other partner non-profit organizations.

Although the contest is open to adults, teens are especially encouraged to enter. We really want teens to participate because they, more than adults, can develop messaging that will resonate with fellow teenagers.

The deadline for this contest is April 30th. There are more details in my CNET News story about the contest.

http://www.huffingtonpost.com/larry-magid/submit-internet-safety-vi_b_501781.html

Return to top

San Jose Mercury News

March 16, 2010

MAGID ON TECH: Tech companies contribute to communities

By Larry Magid

Daily News columnist

Two companies with a presence in Silicon Valley have announced programs to put some money into education.

Security company Trend Micro is investing in a video contest that will award $10,000 to a student, teacher, parent or anyone else who can create the best short video about Internet safety.

And Santa Clara-based NVIDIA announced the 2010 edition of Project Inspire, an annual program "Helping Local Communities Make Big Change."

NVIDIA makes computer display adapters and other technology products including servers and motherboards.

The NVIDIA program — meant for schools, organizations and neighborhoods along Highway 101 from Redwood City to San Jose, as well as Campbell and Milpitas — will award the winner with prizes worth up to $230,000, including "up to 1,000 volunteers to transform your school, organization or neighborhood."

Two runners-up will receive $2,000, and seven finalists will each receive $750 "as a thank you."

Candidates can include schools, community centers, neighborhood coalitions and associations or a combination of these.

NVIDIA wants applicants to "dream big" and tell them "what is the single biggest thing we could do to your school, neighborhood or facility to meet the needs of those you serve."

NVIDIA's application deadline is April 9, and more imformation is available at http://bit.ly/aQnpaz.

The contest from Trend Micro is one that I'm closer to because I have the privilege of being a judge as co-director of ConnectSafely.org.

In the "What's Your Story" contest, anyone in the U.S. or Canada that is 13-years-old or older can submit a short video about an aspect of Internet safety.

To qualify, your entry must focus on one or more of these topics: keeping a good rep online; staying clear of unwanted contact" (including dealing with bullies); accessing (legal) content that's age appropriate; and keeping the cybercriminals out (computer security issues such as identity theft, scams, spam and viruses).

The judges will come from ConnectSafely, Trend Micro, Common Sense Media and Identity Theft Resource Center.

Although the contest is open to adults, teens are especially encouraged to enter. We want teens to participate because they — more than adults — can develop messages that will resonate with other teens.

The deadline is April 13, and more information is available at whatsyourstory.trendmicro.com.

Setting norms

Shifting gears, I have some thoughts about online children safety and how teens can help other teens stop engaging in destructive behavior, including cyberbullying and self-harm such as cutting or anorexia.

One of the things we've learned from health researchers is that social norming can have an enormous impact on how people behave. If kids think that cyber-bullying (harassment via cell phone or computer) is "normal," than they're more likely to engage in it. That's also true with physical bullying.

If we continue to spread messages about an "epidemic of cyberbullying," it seems like to youths that what we're really saying is that cyberbullying is "normal," and if it's normal, it must be sort of OK.

Cyberbullying is not OK, and it's not normal. It's abnormal behavior that most kids don't want to have anything to do with.

In an article in the current issue of "Archives of Pediatric and Adolescent Medicine," authors David Finkelhor, Heather Turner, Richard Ormrod and Sherry Hamby wrote that the percentage of youth (ages 2 to 17) reporting physical bullying in the past year went down from 22 percent to 15 percent between 2003 and 2008.

While 15 percent is too high a proportion, it also means that 85 percent of kids have not been bullied.

The same is true about being a bully.

A study conducted last year by Cox Communications in partnership with "America's Most Wanted" host John Walsh and the National Center for Missing & Exploited Children found that approximately 10 percent of teens said they've cyberbullied someone else. Again, that's 10 percent too many, but it means that 90 percent of teens have not engaged in this obnoxious activity.

In a paper presented at the 2008 National Conference on the Social Norms Approach, Perkins and David Craig found that "while bullying is substantial, it is not the norm. The most common (and erroneous) perception, however, is that the majority engage in and support such behavior."

The researchers found that the "perceptions of bullying behaviors are highly predictive of personal bullying behavior," but that the "norm is not to bully but only a minority know it." (http://bit.ly/ckaRFD)

Rather than trying to fight an "epidemic" of bullying, school officials had better success by reminding students that most children don't bully.

Craig and Perkins presented a series of posters used at middle schools with messages like "80% of Crystal Lake 6-8th grade students say students should not treat each other in a mean way, call others hurtful names or spread unkind stories about other students."

Larry Magid's technology column appears Wednesdays in The Daily News. E-mail him at larry@larrymagid.com.

http://www.mercurynews.com/peninsula/ci_14687881

Return to top

About.com: Christy's Family Computing Blog

March 17, 2010

Trend Micro Asks: What's Your Story?

By Christie Matte

Trend Micro is inviting Netizens ages 13 and up to create short videos that share what it means to be "safe and smart online." Videos, which can take on any style, should address one of the following topics:

* Keeping a good rep online

* Staying clear of unwanted contact

* Accessing (legal) content that's age-appropriate

* Keeping the cybercriminals out

Participants can enter one video in each category for a chance to win. Each video should be less than two minutes in length and under 100 MB. The grand prize is $10,000 with four additional prizes of $500 each. The What's Your Story? contest runs through April 30, 2010.

http://familyinternet.about.com/b/2010/03/17/trend-micro-asks-whats-your-story.htm

Return to top

The Cool Cat Teacher Blog

March 17, 2010

Daily Spotlight on Education 03/17/2010

Larry Magid: Submit Internet safety video & win $10K

A contest conducted by Trend Micro in partnership with Common Sense Media, ConnectSafely and Identity Theft Resource Center will award $10,000 to the person who can create the best short video on Internet safety. There are four additional awards of $500 each.

http://coolcatteacher.blogspot.com/2010/03/daily-spotlight-on-education-03172010.html

Return to top

CPU Reviews

March 16, 2010

Your Video Could be Worth $10,000

Trend Micro has a new contest going called "What's Your Story?" that one of you guys could easily win. There is a total of $12,000 up for grabs so why not give it a try? That's why we're inviting you to join our video competition. Tell us what being safe and smart online means to you, so your friends, family and fellow citizens can learn to be safer and smarter, too. If you have a story to share, we want to hear it! Comments

http://www.cpureview.com/your-video-could-be-worth-10000.html

Return to top

Pandora’s Blog

March 18, 2010

Win $10k for Your Internet Safety Video

This is pretty cool. Trend Micro (the computer security company) has launched the “What’s Your Story?” contest where amateur filmmakers can enter their Internet safety video and possibly win $10,000!

Computer monitoring software like our PC Pandora 6.0 will make an “Internet safety video” for you by recording snapshots of what your child is really doing online! That’s worth more than $10k… eh?

http://blog.pcpandora.com/2010/03/18/win-10k-for-your-internet-safety-video/

Return to top

Blog Briefs

Best Virus Removal

Cloud Computing Applications

INOBTR.org

SafeKids.com

ServeCommunity Service Blog

Return to top

Trend Micro Mentions

ChannelWeb

March 2010

Celebrating Excellence: The CRN Channel Champions Awards

Photo by Kim Kulish

Trend Micro: Network Security

Thomas Miller, Trend Micro executive vice president, stepped up to the stage to accept the Channel Champs award from Everything ChannelVice President and Editorial Director Kelley Damore in the areas of Technical Satisfaction, Financial Performance and Overall Winner in the Network Security category. Trend Micro, a global leader in Internet content security, pioneered the effort to provide integrated threat management to businesses and consumers alike. "Without their technology, we'd have a lot more spam, a lot more viruses and a lot more attacks on our systems and networks," Damore said.

http://www.crn.com/it-channel/223800128;jsessionid=ES5NHTTE12R3NQE1GHPCKH4ATMY32JVN?pgno=6

Return to top

V3.co.uk

March 15, 2010

Security spending rebounding strongly

Spending rises by more than 10 per cent in last quarter of 2009

By Iain Thomson in San Francisco

Spending on IT security is returning to pre-recession rates, according to the latest study from analyst firm Canalys.

In the fourth quarter of 2009 spending rose 10.1 per cent sequentially, with the market worth a total of $3.6bn by the end of the year. Spending was spurred on by rising PC sales to businesses and consumers.

"The release of Windows 7 and the resurgence of the PC market have dramatically helped the client security market," said Nikki Babatola, an analyst at Canalys.

"This improvement will likely continue throughout 2010 as businesses roll out more computer systems."

On the client side, Trend Micro had the strongest growth at 13.9 per cent, but Symantec retook the top spot with over a quarter of the market, outpacing McAfee, which saw more modest growth.

On the appliance side, Cisco is still the largest vendor with 27.7 per cent of the market, but Canalys warned that it is facing increasing competition in the sector.

"McAfee in particular has had good traction in its appliance business after having acquired Secure Computing at the end of 2008," said Babatola.

"Though Check Point experienced some contraction in its appliance business during the fourth quarter, it is now seeing the majority of its security business deployed in an appliance form factor," she added.

http://www.v3.co.uk/v3/news/2259548/security-spending-rebounding

Return to top

Network World

March 15, 2010

The Rise of Free -- and Fake -- Antivirus Software

Free AV is gaining share but not as fast as the phony stuff

By joltsik

With the tremendous growth in malware. identity theft, and on-line scams, you'd think that every PC owner in the world would make Internet security software a "must have" before connecting to the Internet. Unfortunately, this assumption is dead wrong. Believe it or not, lots of industry research indicates two huge misconceptions still exist:

1. Many users believe that all of the public media about Internet security must mean that things are improving (Author's note: Yes, this seems crazy but this perception is wide spread amongst computer novices).

2. Many users also believe that if they avoid problem sites like pornography and on-line gaming, they will remain safe (Author's note: Also untrue).

Folks like these need a cybersecurity wake-up call ASAP. They also need simple security tools that they can access and install without the need for technical help.

Fortunately there is a bit of good news. Free antivirus software seems to be gaining a foothold, especially in emerging markets around the world. AVG is a freeware leader but others packages like Immunet and PC Tools are also gaining appeal. Finally, Microsoft Security Essentials is now running on about 12 million PCs throughout the world. Microsoft deserves credit here for providing a free security offering strong protection and ease-of-use functionality.

These reputable free AV packages may help bridge the security gap by protecting previously unprotected machines. Unfortunately, the bad guys are outperforming their more altruistic counterparts. Back in late 2008, PandaLabs estimated that 30 million users had fallen victim to fake AV scams and my guess is that the number is up to over 50 million by now. Last year's Conficker worm was purpose-built to push this scam even further.

The bad guys know a good con when they see one. Many of the fake AV programs are "packaged" (i.e. fake ads show fake packaging) to look like McAfee, Symantec/Norton, Trend Micro and others. The names even sound like real Internet Security or mainstream software. Fake names include Vista AV, Security Essentials 2010, Antivirus 360, etc.

Ultimately, fake AV kicks unsuspecting users in the teeth. Instead of buying protection, they are actually buying malware that gets installed on their systems, turns them into zombies, or steals personal information.

To those of us in the IT and cybersecurity industries, these scams are relatively easy to spot but your parents, grand parents, friends, or kids who aren't as tech savvy need to be warned. Let these folks know about the good free offerings from AVG, Immunet, Microsoft, and PC Tools and warn them about the scams.

We need more public education about cybersecurity risks and threats but in lieu of this, lets get viral and spread the word.

http://www.networkworld.com/community/node/58566

Return to top

The Register

March 18, 2010

Energizer battery rechargers still haunted by trojan backdoor

Really does keep going and going

By Dan Goodin

"It keeps going and going and going" may be the slogan coined for Energizer batteries, but the same holds true for a nasty trojan backdoor that mysteriously slipped into software used to monitor rechargeable versions of the product.

Almost two weeks after a red-faced Energizer admitted its Duo USB battery charger installed a data-stealing backdoor on users' PCs, the file that spreads the infection was still being distributed Wednesday evening on a European site operated by the consumer-products company.

According to this VirusTotal analysis, UsbCharger_setup_V1_1_1.exe is flagged as malicious by 24 of the 42 leading anti-virus firms. To make sure it wasn't a false positive, The Register checked with anti-virus firms Immunet and Trend Micro, both of which said the infection is real.

Contrary to the VirusTotal results, the threat is also flagged by Symantec's Norton AV app, Immunet added. Trend Micro Senior Threat Researcher Paul Ferguson said his company's AV product also protects against it by flagging a key dll file, rather than the executable file.

Microsoft labels the trojan as Arurizer.A and warns that it installs a backdoor on user machines that allows attackers to upload, download, and delete files at will, install additional malware and carry out other nefarious deeds.

Twelve days ago, Energizer pledged to mount an investigation into how such a gaffe could have happened. The company has yet to release the results of that probe. Details that would be particularly useful include how long the malicious file has been available, how many of its customers may have been infected, and whether the company has hired an outside security firm to scan for such threats.

The public should hold Energizer accountable for that information. But first it ought to demand that the company conduct a top-to-bottom scan of every web property it owns for any signs of additional malware. And while customers are at it, they may want to ask themselves: Do you really want to trust the security of your PC to a battery maker?

Sometimes, the low-tech - or no-tech - solution is the way to go.

http://www.theregister.co.uk/2010/03/18/energizer_battery_trojan_returns/

Return to top

About.com

March 2010

Trend Micro Internet Security Suite Pro 2010

By Mary Landesman, About.com Guide

The Bottom Line

Trend Micro Internet Security Suite Pro 2010 offers all the latest buzzwords, but how well it delivers may be a mixed bag. The Trend Micro Smart Protection Network, which Trend dubs as "cloud-based" or "in-the-cloud" protection, is a re-adaptation of reputation monitoring services such as Microsoft SpyNet (in Windows Defender). The difference, however, is that Trend Micro relies on the Smart Protection Network for the bulk of its protection. Given that most modern day malware immediately cripples communications with security vendor sites and services, this heavy reliance may be misplaced.

Pros

· Pro version provides remote backup and remote locking of files

· State awareness prevents scheduled scans from interfering with activities

· Robust parental controls provide filtering and time limits

Cons

· Lacks browser virtualization or sandboxing

· Differences between Pro and regular suite could mislead consumers

Description

· Smart Protection Network provides continuous communication channel between your PC and Trend Micro servers.

· Behavior-based protection guards against unauthorized system file modifications.

· Remote backup and remote locking can prevent data loss in the event of hardware failure or theft.

· Parental controls offer multiple levels of customization

· State awareness delays scheduled scans if other resource intensive behavior is underway.

Guide Review - Trend Micro Internet Security Suite Pro 2010

Trend Micro Internet Security Suite 2010 combines antivirus, antispyware, and a firewall with parental control features and spam filtering. But to get protective features standard in most other Internet security suites - including Wi-Fi, phishing, and identity theft protection - you'll need to get the Pro version of the suite.

Smart Protection Network is the key component of Trend Micro Internet Security, included in both the Pro and vanilla version. The Smart Protection Network sets up a continuous communication channel between your PC and Trend Micro's servers, reporting file activities and other system activities on an ongoing basis. Trend Micro's servers analyze the data, create signatures as necessary, and push back the updates to users.

The Smart Protection Network successfully blocked 70% of the 3,243 known malicious URLs on first encounter in an August 2009 test performed by NSS Software. But its success with file execution was a disappointment - Trend Micro detected and blocked only 5.5% of the actual malware at runtime. As long as the communication channel with the Smart Protection Network is enabled, protection is on par with other Internet security suites. But for those without an always-on connection, or if there's a pre-existing infection or malware slips through that disables that connection, actual protection performance may plummet.

The Pro version provides 2GB of remote backup storage and features a remote locking feature in the event of a lost or stolen laptop. Parental controls are robust and enable customizable settings by age group, including the ability to impose time limits on surfing.

Trend Micro Internet Security Suite Pro 2010 retails for $69.95 for use on up to 3 PCs. The vanilla Trend Micro Internet Security 2010 retails for $49.95, also for use on up to 3 PCs.

http://antivirus.about.com/od/antivirussoftwarereviews/gr/trendmicroisspro.htm

Return to top

Messaging News

March 11, 2010

St. Lawrence College and Trend Micro--Real World Solutions

By Stephanie Jordan

With more than 800 employees and 6,500 full-time students, St. Lawrence College relies on its robust, technology-rich infrastructure. IT has deployed and managed a variety of technology solutions over the years, striving to create a productive environment for the college community. As part of a major technology refresh initiative, St. Lawrence College underwent an evaluation of Trend Micro Enterprise Security solutions. The study convinced IT to switch from their previous vendor to Trend Micro.

“Fighting Web threats is a priority for us,” says Michael Zeleny, technical support specialist for the college. “Students love to surf the Web—being able to detect malware and threats faster is always desirable. Trend Micro OfficeScan Client-Server Suite gives us Web and file reputation technology that blocks threats before they hit our network, and the Smart Scan Server feature makes new patterns available immediately, without waiting for updates to be pushed down to every endpoint.”

St. Lawrence College now implements Trend Micro Enterprise Security to protect endpoints with Trend Micro OfficeScan Client-Server Suite and to protect messaging for the gateway with Trend Micro InterScan Messaging Security Virtual Appliance.

“Trend Micro messaging security and our virtualized environment have reduced the CPU and memory requirements for security while increasing the spam catch rates and overall protection,” said Zeleny. “The in-the-cloud reputation services detect threats faster, help to mitigate them more quickly, and also reduce the time and resources consumed for updates. It’s really nice to see Trend Micro moving in this direction. With Trend Micro we gained a multilayered spam solution, Web threat protection, and a security vendor that was aligned with our commitment to virtualization.”

http://www.messagingnews.com/story/st-lawrence-college-and-trend-micro-real-world-solutions

Return to top

Network World

March 17, 2010

Cisco battered by large fall in security market

Rivals scoop up customers in Q4

By John E. Dunn, TechWorld

'Nobody fires you if you buy Cisco' it was once said but it seems somebody should tell the corporate security sector which has deserted the giant in droves in late 2009, new figures show.

According to market analyst Canalys, in the fourth quarter of last year Cisco's share of the market for a wide basket of security products, including hardware, software and services, dropped a staggering 22 percent year-on-year.

Woundingly, Cisco was the only major vendor to show falls of any kind, indeed every other leading company in the sector showed healthy gains in a market that grew 3.6 percent. MCafee was up 28.7 percent, Symantec 19.3 percent, Check Point 14.3, and Cisco's upstart rival Juniper Networks saw 32.2 percent.

Other strong gainers included ambitious security appliance specialist, Fortinet, and Japanese vendor Trend Micro.

"It [Cisco] is still the dominant vendor in the appliance market, with a market share of 27.7 percent. But its competitors, such as Juniper, are catching up." said Canalys analyst, Alex Smith.

The security market is currently buoyed by the arrival of Windows 7, and growing interest in cloud computing, virtualisation and services, the analysis suggests.

The report is circumspect about what is ailing the networking giant, but speculatively there are three likely candidates, primarily that it is too expensive compared to its rivals that often price against what it charges. It is also possible that Cisco is lagging in key areas of security innovation - its traditional strength has always been integrating disparate bits of technology rather than forging new ideas - or perhaps the company sometimes has a problem communicating its value.

A timely example of the latter was its hyped launch of a new high-end CRS-3 router a week ago. Despite its impressive stats, describing it as the router that would 'forever change the face of the Internet' invited ridicule. At other times, the company churns out press releases to journalists and analysts that are legendary for their impenetrable and unfashionable fascination with buzz-terms and business jargon.

Cisco's results for Q3 of 2009 were better than Q4, but came after a difficult first two quarters, which makes the year a tough one overall. The company has something to prove in 2010, with the Q1 performance under special scrutiny.

http://www.networkworld.com/news/2010/031710-cisco-battered-by-large-fall.html

Return to top

InformationWeek’s Security Weblog

March 13, 2010

More Anti-Virus Fail

Posted by George Hulme

By focusing on threats, rather than vulnerabilities, those who rely on anti-virus software to stop rapidly evolving attacks are simply asking for their systems to be owned.

If you're looking for a nail to drive into the coffin of traditional anti-virus software, you need to look no further than the latest report from NSS Labs which found that only one anti-virus application out of seven the independent testing firm evaluated caught multiple exploits and payloads that targeted the vulnerability used to attack Google late last year in the so-called "Operation Aurora" incidents. The vulnerability in those attacks was a flaw in Microsoft Windows Internet Explorer known as CVE-2010-0249.

For its testing NSS Labs created variants of the Operation Aurora attack and tested the anti-malware software to see which of the seven products stopped the exploits and malicious code payloads.

The tested applications include AVG Internet Security, version 9.0.733; ESET Smart Security 4, version 4.0.474.0; Kaspersky Internet Security 2010, version 9.0.0.736; McAfee Internet Security 2010 with SecurityCenter, version 9.15.160; Norton Internet Security 2010, version 17.0.0.136 (Symantec); Sophos Endpoint Protection for Enterprise – Anti-Virus version 9.0.0; and Trend Micro Internet Security 2010, version 17.50.1366.0000.

The only anti-malware application to catch multiple attacks aimed at the vulnerability was the McAfee product. Here's what NSS Labs had to say about their results in their statement:

Given the level of visibility of the attack and the time that has passed since its initial discovery, it was thought that most, if not all, of the products would cover the vulnerability. However, only one out of seven tested products correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection (McAfee).

This afternoon, Vikram Phatak, CTO at NSS Labs discussed the testing and demonstrated the Operation Aurora exploit during the BSidesAustin event held at the Norris Conference Centers. "There are many ways to possibly exploit a vulnerability, and rather than focusing on every attack method, vendors need to focus on [shielding] the vulnerability itself," he said.

Makes sense, whenever possible, doesn't it? Why create specific shields to block every attack variant when it's possible to create one shield that blankets a vulnerability from all attack variants aimed at it.

NSS Labs full report and test results is available here.

For my security and technology observations throughout the day, follow me on Twitter.

http://www.informationweek.com/blog/main/archives/2010/03/more_antivirus.html;jsessionid=1EBPCAHIDFSKPQE1GHPSKHWATMY32JVN?queryText=hulme+anti-virus+fail

Return to top

About.com: Business Security

February 8, 2010

William's Business Security Blog

Trend Micro Worry Free Security Services

By William Deutsch

Today, Trend Micro™ releases its new Worry Free™ Security Services.

Last week, I caught up with Greg Boyle and William Kam of Trend Micro to talk about their new product. Worry Free protects business computers from web-based threats such as malware and viruses. It's designed for small businesses with no server, and no full time IT people to administer security updates.

Working from an Internet console, you can monitor all of your company's computers - even those that are not connected to the network - but Trend Micro takes the burden of server management and constant updates off of your plate.

With Worry Free, Trend Micro has added several new features to its anti-malware arsenal, but two of them struck me as most useful:

* Smart Scan allows the Trend Micro server to handle most of the grunt work associated with running a full scan on your PC. I ran a manual scan on my desktop machine and then continued to write and download files while it chugged away. My computer was a little sluggish, but the fact that I was able to keep working at all was impressive.

* USB Protection stops autorun from starting when you plug in USB drive. You may remember that the USB autorun was one of the attacks used to spread the Conficker virus.

Worry Free is a subscription service. At about $32 per computer, it looks to be an efficient way for a small business to effectively manage security on multiple machines. If your company has one or more laptops or remote workers this program is worth a close look. Trend Micro is offering a trial version at no cost.

http://bizsecurity.about.com/b/2010/02/08/trend-micro-worry-free-security-services.htm

Return to top

Wireless News

March 15, 2010

Sophos Email Security Appliance Gets 5-Star Rating in SC Magazine Group Test

IT security and data protection firm Sophos announced that its managed email security appliance, which protects against spam, malware and data loss, has been awarded a perfect 5 out of 5 star rating across all categories in SC Magazine's March 2010 email security group test.

According to a release, the Sophos Email Appliance - part of the Sophos Email Security and Data Protection product line - received accolades for its top-notch features, ease of use, performance, documentation, support and value for the money. The appliance was also chosen as SC Magazine's 'Best Buy' for this group test, which included other vendor email security solutions from Fortinet, McAfee, PGP, Proofpoint, Trend Micro, and several others.

SC Magazine said that "the appliance setup was as easy as it gets, with regard to getting an appliance up and running. From an overall feature and performance perspective, the Sophos solution was definitely one of the most impressive appliances at this particular price point."

Sophos noted that the email security appliance provides real-time access to a broad range of the latest anti-spam intelligence via SophosLabs. It eliminates more than 99 percent of spam with Sender Genotype Technology and SXL real-time updates and proactively protects against evolving threats including viruses, phishing, and malware with Sophos Behavioral Genotype technology.

The appliance also protects sensitive data with integrated SPX Encryption technology and prevents accidental loss of sensitive information with Data Loss Prevention (DLP). Sophos said its approach for flagging sensitive content within email messages using CCL (content control lists) impressed the reviewer, who said, "Overall, the focus on data leakage is noticeable, and Sophos does a great job with the flexibility that an administrator can apply to both inbound and outbound messages." The Sophos appliance "has all the typical bells and whistles for email security and content management" and has an exceptional focus on data leakage and compliance.

SC Magazine is a monthly publication focusing on information security - computer viruses, hackers, internet crime, and how companies work to combat these threats.

Return to top

Channel Insider

March 15, 2010

Kaspersky Steals Trend Micro Exec to Head Up U.S. Sales in Security

By Ericka Chickowski

One of Dan Burke's main objectives going forward will be to help recruit enterprise-focused channel partners and further focus his efforts on ensuring existing partners are on-board with Kaspersky's vision for future enterprise growth.

Kaspersky Lab Americas continued its 2010 hiring tear with the announcement last week that it lured channel vet Dan Burke from Trend Micro to head up Kaspersky's U.S. enterprise sales team.

This follows hot on the heels of Kaspersky's poaching Nancy Reynolds from Dell to head up its corporate sales and lead the company in its vision to expand from its consumer-oriented roots up market into the enterprise. The energy Reynolds brought to Kaspersky played a large part in drawing Burke, who has experience on both the vendor and the reseller side of the channel ecosystem.

"Of course, I knew Nancy from previous lives and obviously got to know the remaining management team that is in place and I was just impressed with their leadership sklls and where they're taking the company," says Burke, who will now be vice president of U.S. corporate sales. "Secondly, if you look at the growth of Kaspersky it's quite amazing what they've done over the last few years in America, and typically when you have growth you obviously have great product, so that was very attractive to me."

Burke spent over five years at Trend Micro, nearly three of which he held an executive sales leadership position. Like Kaspersky, Trend runs on a 100 percent channel sales model, so Burke is well-acquainted with the nuances of catering to channel partners. Prior to his engagement at Trend, Burke also spent nearly six years at a major Midwest-based security reseller, representing a number of blue-chip security vendors.

“As we add velocity to our equation and continue to build upon the outstanding work that Kaspersky Lab has done in the consumer and SMB markets, we recognize that the right people matter," Reynolds in a statement. "Having built a world-class sales team in his previous role, Dan’s extensive security and sales experience are a welcomed addition to our rapidly expanding team of experts.”

Burke told Channel Insider that one of his main objectives going forward are to help recruit enterprise-focused channel partners and further focus his efforts on ensuring existing partners are on-board with Kaspersky's vision for future enterprise growth.

"My goal here is to get my sales team to work with the channel partners that we have that are aligned in the enterprise space," he says. "We've got many channel partners today, but my vision is to make sure that we're working in concert with the right partners that are focused on that organizations with 1,000-plus users and make sure that they fit with our corporate vision and where we're going in the enterprise space."

http://www.channelinsider.com/c/a/Security/Kaspersky-Steals-Trend-Micro-Exec-to-Head-Up-US-Sales-364668/

Return to top

Messaging News

March 19, 2010

Wesgar, Inc., and Trend Micro--Real World Solutions

By Stefanie Jordan Wesgar, Inc. is a supplier of precision sheet metal components, complete solutions, and value-added services to customers throughout the United States, Canada, and Mexico. “We are a small shop and cost is very important to us,” explains Troy Richman, the one-person IT department for Wesgar’s operations. “Ease of use is another priority, but for security, our top area of concern was spyware. We don’t allow our shop-floor users to access the Internet, but our office personnel have unrestricted access to the Web, and spyware infections were an issue in the past.” In response, Wesgar selected Trend Micro Worry-Free Business Security.

Wesgar continually introduces new systems and a lot of its computer equipment is fairly current. As a result, Richman must secure and support multiple versions of Microsoft Windows and Windows Server software including the latest releases. The company has also introduced virtualization, with approximately 50 percent of its servers currently virtualized. When evaluating security solutions, the IT requirements included support for Windows 7, Windows Server 2008, and Hyper-V servers.

According to Richman, Trend Micro Smart Protection Network infrastructure protects the company’s mission-critical infrastructure from the latest viruses, spyware, malware, and Web threats. The next-generation cloud-client infrastructure combines sophisticated reputation technology, feedback loops, and the expertise of TrendLabs researchers to deliver real-time protection from emerging threats while minimizing the impact to performance. “The Smart Protection Network is a great idea,” says Richman. “Security products are getting bigger, and this type of cloud functionality and having Trend Micro manage part of the security solution is a great idea.”

In addition, Richman likes the ability to quickly check status of security across its site, and set up email alerts to flag any issues that require his attention. “The new dashboard, with at-a-glance status, makes it easy for me to work with Worry-Free Business Security,” he says. “I like the improvements that Trend Micro has made to the status page. The zero administration was a big selling feature for us. I’ve really been able to deploy it and forget about it. Besides checking status about once a week, I ignore it. It’s just me here in IT, so Worry-Free Business Security has been great.”

http://www.messagingnews.com/story/wesgar-inc-and-trend-micro-real-world-solutions

Return to top

VSAPI

2010年3月22日星期一

FW: NABU Trend Micro News Summary - 03/13/10 - 03/19/10

沒有留言:

Blog Archive

2010年3月22日 星期一

FW: NABU Trend Micro News Summary - 03/13/10 - 03/19/10

沒有留言:

2010年3月22日星期一