BuildOrBuy Network News http://www.buildorbuy.org/ http://www.buildorbuy.net/ Subject: PestPatrol News: April/May 2002 Date: Mon, 06 May 2002 16:55:08 -0700 From: "PestPatrol News" To: editorialreview@buildorbuy.net Welcome to the April/May 2002 issue of PestPatrol News. Here's what you'll find in this issue: * News you can use: Links to useful security related articles we've seen during the past month * PestPatrol update: New switches for PestPatrolCL, new Eastern Region Sales Director * Security focus of the month: This month we take a look at the level of privacy you can realistically expect online. * Customer in the spotlight: An interview with Matthew Crockett, IT Manager at Electronic Fasteners, one of the original 'Route 128' high-tech supply companies. * Events calendar: Where you can meet the PestPatrol team over the coming months * Opinion: The results of last month's questionnaire and a new poll * Unsubscribe information. As always, we welcome your comments on any item covered in the newsletter. Just drop a note to me at pbitton@pestpatrol.com to let me know what you think. We'll publish any letters we think are of broad interest to our readers in a future issue of PestPatrol News - good or bad. If you don't wish to receive PestPatrol News in the future, please refer to the unsubscribe instructions at the end of the newsletter. SECTION 1: NEWS YOU CAN USE Here are half-a-dozen useful articles related to pests and security that we've picked up recently. Read them for yourself, and pass them on to your management as further evidence of the reality of the pest threat. Note that some of these URLs may "wrap" in your e-mail message. If so, copy and paste the entire string into your browser. WHY YOU SHOULD ALWAYS READ THE SMALL PRINT Every month, millions of people agree to terms-of-service they haven't read to download free software. Many are later disturbed to find their computers coopted by little-known companies to distribute advertisements, monitor online behavior, or worse. http://zdnet.com.com/2100-1104-885792.html HOW YOU COULD BE A HACK ATTACK TARGET Cybercriminals are targeting desktop computers connected to the Web and the growing array of pocket PCs and hand-held devices. As mobile phones get smarter and carry large amounts of personal data, they too become easy meat for malicious coders. http://www.cnn.com/2002/TECH/ptech/04/12/hack.dangers/index.html WATCH OUT FOR SNOOPING SPAM Web sites have long planted cookies on hard drives to better target ads. Now, enhanced messages that share the look and feel of Web pages are being used to deliver the same bits of code through e-mail, often without regard for safeguards developed to protect consumer privacy. http://zdnet.com.com/2100-1105-876183.html PROTECTING AGAINST MALWARE IN THE NEW WORLD ORDER Our IT infrastructure may well prove a valid target for further attempts to damage the country's financial structures. Take steps now to help your organization avoid any trouble down the road. With greater attention to our IT environment, we can handle any crisis that might arise. http://www.itworld.com/nl/security_strat/10172001/ CAN NEW LEGISLATION HELP PROTECT YOUR ONLINE PRIVACY? According to the FTC, identity theft is the fastest-growing white-collar crime in the US. Experts say the numbers will only get worse unless additional safeguards are put into place. Victims can suffer anything from minor inconvenience to spending years trying to clear their names. http://www.msnbc.com/news/731660.asp?cp1=1 PROTECTING BROADBAND CONNECTIONS Home broadband systems are often compromised; it's common for such systems to be unpatched, misconfigured and open to manipulation. Attackers can gain access to company data, user identification and passwords, even a backdoor into the company network via the VPN. http://www.itworld.com/nl/security_strat/08152001/ SECTION 2: PESTPATROL UPDATE First, an apology for any problems you may have experienced in downloading the new version 3.1 a couple of weeks ago. The response was so huge that our servers were temporarily overwhelmed, but we hope that you weren't inconvenienced too much and that you are now enjoying the benefits of PestPatrol 3.1. And at your request, we've added a couple of spyware-specific switches to the command line program (PestPatrolCL.exe): /spycookie enables PPCL to detect all the same spyware and cookies as the graphical user interface version (PestPatrol.exe). The results will be logged and an e-mail alert sent if requested. Note that if you are running PPCL in a corporate environment, we strongly recommend you use the switch below. /spycookienoalert does the same as above, except that if spyware is the ONLY thing detected in a session, no email will be sent, even if specified. This allows systems administrators to configure PestPatrol to send e-mail alerts only when something more alarming than spyware is detected. On the company side, we are happy to introduce Michael Rosenstock, our new Eastern US & Canada Director of Sales. Michael replaces Jim Leonard, who has left PestPatrol to pursue other interests. Michael is currently living in Nevada, but will be relocating to North Carolina over the summer. He can be contacted at mailto:mrosenstock@pestpatrol.com. And we welcome a major new supplier of PestPatrol. Sunbelt Software, a leading provider of tools and utilities for Windows NT/2000/XP, has recently begun promoting and selling PestPatrol to its network of resellers and end-user customers. According to Sunbelt founder Stu Sjouwerman, everyone should "get one for yourself and then you'll understand this is something for your organization as well." Visit Sunbelt online at www.sunbelt-software.com. We recommend signing up for their newsletter too. SECTION 3: SECURITY FOCUS. THIS MONTH: PRIVACY ISSUES Collecting information about users has become a lucrative business. In this new white paper, privacy expert Professor Mich Kabay, CISSP, explains how users can get a sense of the fundamental issues that face all of us as we try to strike a balance between efficient commerce and our concerns about personal privacy, in the workplace and at home. http://www.pestpatrol.com/Whitepapers/PersonalPrivacy0402.asp SECTION 4: CUSTOMER IN THE SPOTLIGHT Matthew Crockett is IT Manager at Electronic Fasteners, Inc., one of the original 'Route 128' companies in New England's high technology hub, founded in 1960. It is now the largest provider of electronic fasteners to the high technology and defense industries in New England, so network security is a big issue for Matt. http://www.pestpatrol.com/customers/EFI.asp SECTION 5: EVENTS CALENDAR Business Development VP Pete Cafarchio is on the road again this month, with three speaking engagements. He'll be at ISACA chapter meetings on May 9 at 4pm at the Holiday Inn at Limekiln Road and I-83, New Cumberland, PA and on May 15 at PPL Corporation, 2 North 9th Street, Allentown, PA. And he'll be at the NovaForge industrial security seminar on external cyber security May 9 9am-noon at George Washington University in Washington DC. SECTION 6: WE WANT TO HEAR YOUR VIEWS! Last month, we asked you what remote administration tools PestPatrol should detect. The result was a unanimous vote in favor of our detecting all remote administration tools. Those that you use for your own security checks can be excluded from the scans of the systems on which they are authorized to be installed. All of you who responded felt that the potential for damage from such tools outweighs the "convenience" of not scanning for them. It appears no-one has any opinion about white hat hacking, so we'll put that issue on the back burner for now. Meanwhile, this month, we'd like to ask your opinion on appropriate names for the PestPatrol components. Historically, we've referred to components such as the command line program simply by its filename, PestPatrolCL.exe. But since we've now introduced the active memory scanner as MemCheck, we thought we should revisit the topic of 'marketing' names for the different components. Tell us your thoughts - what would you associate with the capabilities of PestPatrolCL: FileCheck? FilePatrol? FileScan? Something else altogether? The naming style needs to be applicable to other components as well - the upcoming on-access scanner and PPUpdater, for example. Send me your thoughts at pbitton@pestpatrol.com - there's a $50 amazon.com gift token waiting for the best suggestion. UNSUBSCRIBE INFORMATION: You have received this message because you have expressed interest in security software. If you no longer wish to receive these messages, simply reply to this message with the word 'Remove' (without quotation marks) in the subject line.