Network and Computer Security

The last Microsoft Office version appears to contain lots of vulnerabilities; so much in fact that many experts fear a new macro-virus like Melissa is quite likely to appear very soon.

Since the end of 2005, about 20 vulnerabilities have been found in Office; that’s more than enough for the virus and worm writers out there to find an easy to exploit one and to take over all the machines with the lastest Office (Word, Excel, PowerPoint, Outlook, and, for professional users, Access) installed.

The problem is even more accute that in takes an average of 4 months to Microsoft to issue patches fixing security problems; so as the number of known vulnerabilities increases tons of systems remain vulnerable.

Read more here: Flaw finders lay siege to Microsoft Office

It’s no news that no antivirus is 100% safe.

It has always been that way and will always be. The answer is simple: there are actually very few antiviruses sharing the biggest market share (the top 5 AVs most likely represent more than 95% of the installed base). So the virus writters can very quickly check their “lastest,not-released-in-the-wild-yet” virus and see which antivirus applications detect it as a malware and modify it accordingly.

ZDNet just published a good paper on the subject: Why popular antivirus apps ‘do not work’?

I’ve already featured some tools here like Nmap, OSSEC and Honeytrap, but I’m not talking about security tools nearly enough.

So this time let me introduce you to OSSIM. OSSIM stands for Open Source Security Information Management and aims to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, MRTG, NTOP, OpenNMS, nmap, nessus and rrdtool to provide the user with full control over every aspect of networking or security. It has always been long and painfull to install and maintain many security tools at once and OSSIM allows to benefit from the best security tools in an easy and integrated way.
OSSIM has been under heavy development for a few years now and the last release (0.9.9rc2) is much easier to install than the previous versions.

If you’re in doubt you can get a feel at how it looks by looking at those OSSIM screenshots.

Links:

• OSSIM homepage
• Download OSSIM

The July 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out.

As usualy, plenty of great articles that give a real insight into what matters as far is computer security is concerned. In particular, make sure you read the “Economics and Information Security” article, as it’s the best I’ve read on this subject so far!

Here’s the summary of the newsletter:
Economics and Information Security
Crypto-Gram Reprints
Google and Click Fraud
A Minor Security Lesson from Mumbai Terrorist Bombings
News
Getting a Personal Unlock Code for Your O2 Cell Phone
The League of Women Voters Supports Voter-Verifiable Paper Trails
Brennan Center and Electronic Voting
Comments from Readers

We’re all wondering which antivirus is the best one to protect our servers.

The guys from Nephentes wondered the same thing and took the time to submit a sample of 4987 viruses to 14 antivirus softwares running on *nix platforms (some free some not).

The full study is here, but if you’re impatient here’s the summary:

(Note: the ‘Trend’ percentage is the variation between the current test and the previous one)