Pings & Packets from eWEEK Labs - 37

DeepSight digs into domains ... Low barrier to spyware entry ... Can't Windows and Linux get along?

DeepSight Digs Into Domains

Symantecs DeepSight Threat Management System now monitors for domains in malicious code alerts and provides reports on spyware and adware.

Version 7.0, which was released Jan. 16 and costs $9,995, acts as a personalized information tool that alerts administrators to malicious activity, as well as to known and new vulnerabilities. I use Symantec DeepSight Threat Management System to keep track of alerts that mention any Ziff Davis domains . I also use DeepSight to track emerging threats and new vulnerabilities to make my security tests more challenging.

Ever since I first reviewed the product in 2003, Ive found its analysis and alerting both accurate and timely. The latest version adds more reports from Symantecs security analysts and a quick link to DeepSight documentation and refinements. For more, go to www.symantec.com.

--Cameron Sturdevant

Low Barrier to Spyware Entry

The latest version of Microsofts personal anti-spyware application, Windows Defender Beta 2, is a passable choice for low-risk Web surfers looking for some insurance in a free anti-spyware solution. Those needing a reliable industrial-strength malware cleaner should look elsewhere, however, as Windows Defender is sure to be a target for malware authors.

Windows Defender runs as a service (rather than as an application), which allows Windows Defender to start protection earlier in the boot cycle. Windows Defender Beta 2 also sports a new interface that makes it easier to quickly start scanning. However, the new interface also removes some of the expansive configurability in the products previous incarnation, Microsoft AntiSpyware.

I tested Windows Defender on two malware-infected Windows XP Pro workstations. On one workstation, Windows Defender found and deleted a pair of high-risk threats when I ran a full scan, but it failed to detect five low-risk threats found using Sunbelt CounterSpy 1.5.

On the second workstation, I couldnt install Windows Defender at first. Through plenty of trial and error, I discovered that the malicious process winldra.exe was blocking my attempts to install Windows Defender. Only after manually disabling this process was I able to complete the installation and perform a scan.

Windows Defender signature updates now are delivered via Windows Automatic Update routine. While I appreciate the attempt to leverage an existing update infrastructure in theory, in practice I found myself hamstrung by limited options.

--Andrew Garcia

Cant Windows and Linux Get Along?

Among the reader questions that we receive, one of the most reliably recurring themes is getting Windows and Linux to coexist peacefully. In many cases, particularly where Samba and Microsoft Active Directory are concerned, the answers arent simple enough to cover in a quick e-mail response.

Thats why Im pleased to have found "Windows & Linux Integration: Hands-on Solutions for a Mixed Environment," an excellent primer for achieving détente between the Penguin and the Borg in ones network.

The $50 book, which was written by Jeremy Moskowitz and Thomas Boutell, guides readers through the assembly of a test network of Windows and Linux clients and servers. The 539-page volume focuses on Windows Server 2003 and Windows XP and Fedora Core 3 on the Linux side. However, the authors make much of their instruction applicable to multiple Linux flavors.

Visit winlinanswers.com for more information.

--Jason Brooks