InfoSec quotes from unexpected sources

I was sorting some old textbooks recently, and found my Pascal book from way back when at Calvin. Yes, children, that was before Java and C++ were the standard languages kids learned. The photo is of Swiss-born Niklaus Wirth who created Pascal.

I decided I could recycle the COBOL book from Grand Valley, but the Pascal book has some good history in the first chapter with cool old photos of things like the ENIAC, and quotes from the past and present spread throughout. This one gave me pause:

"It became increasingly apparent to me that, over the years, Federal agencies have amassed vast amounts of information about virtually every American citizen. This fact, coupled with technological advances in data-collecting and dissemination, raised the possibility that information about individuals conceivably could be used for other than legitimate purposes and without the prior knowledge or consent of the individuals involved."
- President Gerald R. Ford,
quoted in Pascal Programming and Problem Solving by Sanford Leestma & Larry Nyhoff

Photo of Niklaus Wirth from http://en.wikipedia.org/wiki/Niklaus_Wirth

Adobe Auto Updater

Lo and behold what is that on my home PC? Adobe launched their new auto-updater on the IT equivalent of Tax Day which (sometimes) sadly comes every month, yes I mean Microsoft Patch Tuesday.

A post on the Adobe Acrobat blog tells the tale.

I suppose I should give them some kudos as between Adobe Reader and Apple Quicktime from people who know things I don't the OS isn't the favorite attack surface for the bad guys/gals any longer. Javascript 'enhanced' PDF anyone? Enjoy the extra 'goodness'...

However I am just trying to figure out if this updater needs local admin perms, and if it does how can this be done with group policy without being an AD ninja.

Stoppin' the Badness

Last night I went to a security solutions event, BlueCoat and SourceFire were the vendor presenters. BlueCoat has a pretty cool product that is a 'hybrid web gateway' in market-speak. Basically it is a SaaS Internet filter/proxy appliance that taps the Internet habits of ~67 million users worldwide to decide what is good and what is 'badness' as the BlueCoat guy called it. There's a hilarious cartoon intro to the product online. Nice to see a company that can harness the power of humor instead of staying boring 100% of the time.

Apparently over the last 3 years BlueCoat has been building their user base for this cloud based crowd-sourcing of web traffic and then uses a combination of automated analysis, threat history, and some human analysis where needed to analyze what sites or parts of sites should be blocked. They also have a free version of the proxy software for home users called K9 that uses the same back end database/threat list:
http://www.k9webprotection.com/

The presenter shared how when he put the software on his 13 year old son's new laptop that within 2 days he heard the software make a barking sound (without warning him in advance that he had gone big brother) and then waited for the explanation. He said 1st his son threw a friend under the bus, but then did fess up.

The SourceFire preso was also interesting, some talk about security needing context and some current threat discussion. SourceFire's IDS/IPS seems to have a good product and interface, at least when compared to the only IDS/IPS I have experience with which is Cisco Intrusion Manager Express (IME) for which I have feelings between apathy and distaste (1).

References:
1. The head of IT at Davenport was the first person I heard use the phrase 'between apathy and distaste' speaking about how users felt about their email system before moving to Google Apps.

Lesser of Two Weevils?

With thanks to Master & Commander for the post title, I am thinking today about client protection suites. So you have your pick of all the usual suspects for antivirus/antispyware and add in the network protection features like firewall and maybe host IDS/IPS. Stir it all up and you have some good complexity going for the average small/medium shop.

If you accept that most of the solutions are relatively equal in their (in)ability to protect you from what my co-worker Matt likes to call 'goodness'. [Goodness (n.) - all the crap you get from surfing the web such as drive-by downloaders, droppers, keyloggers, bots, etc.]

Now look at the extra PITA of a management interface learning curve and how to make sense of the reporting options and find the glitches. Tired yet? Me too. Now think about switching to Microsoft Forefront Client Security 2010 and the integration with WSUS for easy updating. Plus what I have seen of Microsoft's free home av/as client Security Essentials (and before that OneCare) I believe they are getting enough data from home users to be able to do as well (arguably) as McAfee, Symantec and the rest of the usual suspects.

Pretty tempting, one ring to rule them all. To me it seems like a no brainer, provided there is a 3rd party scanning engine on the web security gateway/email filter (i.e. Kaspersky or another) to get a 2nd opinion on what is good or bad.

Now if only they would announce the RTM date for the 2010 client I could try to forget all that I know about big yellow client stuff. I could use that brainspace for other things like homebrew trivia or homework stuff.

Weevil image courtesy of Rentokil.com and their awesome blog post: I can has bugs?
Anybody in the pest control biz who loves lolcats has to be good.
http://www.rentokil.com/blog/