Pauldotcom Digest, Vol 20, Issue 10

[lazydj98 at gmail.com (Joshua Smith)]

Kaspersky has a good detection rate (so I'm told), but has, ummm, some
undesirable features.  I can't elaborate, but those in the intelligence
community are not fond of it...

On Thu, May 13, 2010 at 8:00 AM, <pauldotcom-request at mail.pauldotcom.com>wrote:

> Send Pauldotcom mailing list submissions to
>        pauldotcom at mail.pauldotcom.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> or, via email, send a message with subject or body 'help' to
>        pauldotcom-request at mail.pauldotcom.com
>
> You can reach the person managing the list at
>        pauldotcom-owner at mail.pauldotcom.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pauldotcom digest..."
>
>
> Thank you for subscribing to the PaulDotCom Mailing list digest.  Please
> visit our site, http://pauldotcom.com, for more hacking entertainment.
>
> Today's Topics:
>
>   1. Re: Corporate AV suggestions (Gregory Baker)
>   2. Re: Corporate AV suggestions (Raffi Jamgotchian)
>   3. Re: Corporate AV suggestions (Michael Salmon)
>   4. Re: windows7 hardening checklist (Jody & Jennifer McCluggage)
>   5. Re: Corporate AV suggestions (Francois Lachance)
>   6. Encrypted Disks (Grymoire)
>   7. Corporate AV (Grymoire)
>   8. Re: Corporate AV suggestions (Chris Keladis)
>   9. Re: Corporate AV suggestions (Chris Keladis)
>  10. Re: Corporate AV suggestions (Raffi Jamgotchian)
>  11. Re: Corporate AV suggestions (xgermx)
>  12. HTTPS Question (Craig Freyman)
>  13. Sniffer Options (Michael Allen)
>  14. Re: Sniffer Options (Will Metcalf)
>  15. Re: Sniffer Options (Matt Nelson)
>  16. Non-fiction audio books for the hacker type (Adrian Crenshaw)
>  17. Re: HTTPS Question (Bacon Zombie)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 12 May 2010 02:54:50 -0700 (PDT)
> From: Gregory Baker <travelingregbaker at yahoo.com>
> Subject: Re: [Pauldotcom] Corporate AV suggestions
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID: <162027.92991.qm at web30801.mail.mud.yahoo.com>
> Content-Type: text/plain; charset=us-ascii
>
> Sorry for the tardy reply - traveling. A vote for a very effective solution
> worth a looksee is Sunbelt's Vipre Enterprise. We just transitioned 1100
> nodes and are very happy. The footprint is 1/3 of SAV 11.x and 1/4 of Sophos
> and its catching everything. The beancounters loved the lower license fees.
>
> --- On Tue, 5/11/10, xgermx <xgermx at gmail.com> wrote:
>
> > From: xgermx <xgermx at gmail.com>
> > Subject: [Pauldotcom] Corporate AV suggestions
> > To: "PaulDotCom Security Weekly Mailing List" <
> pauldotcom at mail.pauldotcom.com>
> > Date: Tuesday, May 11, 2010, 9:32 AM
> > So, it's license renewal time for our
> > A/V and I'm open for
> > suggestions/recommendations/horror stories. (I'll be
> > covering roughly
> > 500 Windows based machines).
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 12 May 2010 07:15:15 -0400
> From: Raffi Jamgotchian <raffi at flossyourmind.com>
> Subject: Re: [Pauldotcom] Corporate AV suggestions
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID: <511D51EC-5E23-4C41-BA5B-F9C28698740B at flossyourmind.com>
> Content-Type: text/plain; charset=us-ascii
>
> I like Sophos and Panda.
>
> On May 11, 2010, at 3:14 PM, xgermx wrote:
>
> > Thanks for all of the replies. If anyone else has info, feel free to
> share.
> > On Tue, May 11, 2010 at 1:45 PM, Pommerening, Jeremy
> > <jpommerening at symbion.com> wrote:
> > > I was having an issue with Sophos not catching Fake-AV too until I
> turned on HIPS.  I'm catching most of it now with HIPS.  Environment is
> approx 1000 nodes.  I will agree that the online database is slim but I'm
> much happier than when we used Symantec EP.  As a bonus Sophos includes a
> lot of functionality at no extra cost with Data Control (DLP) and Device
> Control.
> > > Jeremy Pommerening
> > > MGR, Information Security
> > > Symbion, Inc.
> > > 615-234-8912 Direct
> > > 615-429-6883 BB
> > >
> > > GIAC - GCFA,GPEN, GAWN & GCFW,
> > > GIAC Advisory Board Member
> > > MCSE Win2K, MCSE NT4,
> > > CompTia SERVER+, HP APS
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: pauldotcom-bounces at mail.pauldotcom.com [mailto:
> pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh Little
> > > Sent: Tuesday, May 11, 2010 12:15 PM
> > > To: pauldotcom at mail.pauldotcom.com
> > > Subject: Re: [Pauldotcom] Corporate AV suggestions
> > >
> > > I'm on the fence regarding our Sophos EP distribution. I have a feeling
> > > that it is a little less resource intensive on the clients than the
> > > Symantec 10 system we replaced, but not by a whole lot. Logging and
> > > reporting isn't that strong, especially if you are looking at offloading
> > > events to a SIM or centralized log collector. Their online database of
> > > threats is very slim on information, especially when compared with
> > > Symantec's offering at http://www.sarc.com . It also doesn't deal very
> > > well with fast morphing threats like the rash of fake security products
> > > that have blown up in the last year. Almost all of the incidents I
> > > respond to are fake AV crap. The management console is still fairly
> > > nice, beyond being weak with reporting. One strong point is deployment -
> > > it was very easy to deploy out using SMS.
> > >
> > > Hope that helps...
> > >
> > > ZT
> > >
> > > On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote:
> > > > I've been very pleased with Sophos Endpoint protection both from a
> pricing perspective and support perspective.
> > > > Jeremy Pommerening
> > > > MGR, Information Security
> > > > Symbion, Inc.
> > > > 615-234-8912 Direct
> > > > 615-429-6883 BB
> > > >
> > > > GIAC - GCFA,GPEN, GAWN & GCFW,
> > > > GIAC Advisory Board Member
> > > > MCSE Win2K, MCSE NT4,
> > > > CompTia SERVER+, HP APS
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: pauldotcom-bounces at mail.pauldotcom.com [mailto:
> pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of xgermx
> > > > Sent: Tuesday, May 11, 2010 8:33 AM
> > > > To: PaulDotCom Security Weekly Mailing List
> > > > Subject: [Pauldotcom] Corporate AV suggestions
> > > >
> > > > So, it's license renewal time for our A/V and I'm open for
> > > > suggestions/recommendations/horror stories. (I'll be covering roughly
> > > > 500 Windows based machines).
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > > >
> > > >
> > > > Disclaimer: The email and files transmitted with it are confidential
> and are intended solely for the use of the individual or entity to whom they
> are addressed.  If you are not the original recipient or the person
> responsible for the delivering the email to the intended recipient, be
> advised that you have received this email in error, and that any use,
> dissemination, forwarding, printing or copying of this email is strictly
> prohibited.  If you received this email in error, please delete it from your
> system without copying it, and notify the sender by reply email so that our
> address record can be corrected.  Thank you. Symbion, Inc.
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > >
> > >
> > > Disclaimer: The email and files transmitted with it are confidential and
> are intended solely for the use of the individual or entity to whom they are
> addressed.  If you are not the original recipient or the person responsible
> for the delivering the email to the intended recipient, be advised that you
> have received this email in error, and that any use, dissemination,
> forwarding, printing or copying of this email is strictly prohibited.  If
> you received this email in error, please delete it from your system without
> copying it, and notify the sender by reply email so that our address record
> can be corrected.  Thank you. Symbion, Inc.
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 11 May 2010 23:09:25 -0400
> From: Michael Salmon <lonestarr13 at gmail.com>
> Subject: Re: [Pauldotcom] Corporate AV suggestions
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTiltylLqQgmZEzyg2JgZZ1TybSy8qLX5hNYpWR4T at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> My previous environment was McAfee w EPO. It was pretty good and the client
> wasn't a not a huge resource hog. It did catch a lot of malware, but it
> also
> let in the fake A/V.  Now my current environment has SEP, I'm not that
> happy
> with it personally.  The client seems to be a resource hog and it seems
> worse at catching fake a/v than Mcafee.
> What about Malwarebytes corporate? I haven't really looked into it but the
> free scanner seems better than Mcafee and Norton.
>
> On May 11, 2010 9:18 PM, "Matt Nelson" <mattnels at gmail.com> wrote:
>
> I've got to put a vote in for McAfee w/ ePO for the central console.
>
> The reporting capability is great and it has functionality beyond the Virus
> Scan product.  It comes with Rogue System detection capability, and you can
> set up Agent Handlers in segmented networks for central management without
> punching tons of holes through the firewall.  You can use it as a quasi
> network inventory tool, with Rogue System detection, it will detect and
> record all the devices that it finds.  You can then tag the systems with
> whatever Tag you want. (i.e. router, or bob's machine)
>
>
>
>
> -----Original Message-----
> From: pauldotcom-bounces at mail.pauldotcom.com
> [mailto:pauldotcom-bounce...
>
> So, it's license renewal time for our A/V and I'm open for
> suggestions/recommendations/horror storie...
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100511/30b5e64a/attachment.html
>
> ------------------------------
>
> Message: 4
> Date: Wed, 12 May 2010 06:52:28 -0400
> From: "Jody & Jennifer McCluggage" <j2mccluggage at adelphia.net>
> Subject: Re: [Pauldotcom] windows7 hardening checklist
> To: "'PaulDotCom Security Weekly Mailing List'"
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID: <000701caf1c1$375749d0$a605dd70$@adelphia.net>
> Content-Type: text/plain; charset="us-ascii"
>
> Don't forget to check out resources from the manufacturer itself.
>  Microsoft
> has a free tool called the Microsoft Security Compliance Manager
> (http://technet.microsoft.com/en-us/library/cc677002.aspx).  You can
> import
> baselines for several of its products and OSs, including Windows 7.  The
> Win
> 7 baseline includes a "Windows 7 Security Guide Doc" and several different
> group policy templates covering different scenarios. This is a great tool
> for getting started on building a group policy baseline.  Though not
> perfect, to be fair, Microsoft has put a lot of effort the past several
> years into better securing their products.  Sometimes I think they do not
> get the credit they deserve on that front.
>
>
>
> Jody
>
>
>
> From: pauldotcom-bounces at mail.pauldotcom.com
> [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Juan Cortes
> Sent: Tuesday, May 11, 2010 2:08 PM
> To: PaulDotCom Security Weekly Mailing List
> Subject: Re: [Pauldotcom] windows7 hardening checklist
>
>
>
> This awsome i was bout ask the same question. Gotta love the mailing list.
>
> On May 11, 2010 12:53 PM, "Tidball, Christopher"
> <Christopher.Tidball at qwest.com> wrote:
>
> You might want to check out the Center for Internet Security
> (http://cisecurity.org/en-us/?). They provide hardening benchmarks for
> many
> OS including Windows 7.
>
> Chris
>
>
>
>  _____
>
> From: pauldotcom-bounces at pdc-mail.pauldotcom.com
> [mailto:pauldotcom-bounces at pdc-mail.pauldotcom.com] On Behalf Of Andrew
> Anderson
> Sent: Tuesday, May 11, 2010 11:01 AM
> To: PaulDotCom Security Weekly Mailing List
> Subject: [Pauldotcom] windows7 hardening checklist
>
> Anyone have suggestions re: checklist, framework, or other gotchas when it
> comes to hardening Window...
>
>  _____
>
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful. If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/0b4c6aa4/attachment-0001.htm
>
> ------------------------------
>
> Message: 5
> Date: Tue, 11 May 2010 20:33:35 -0600
> From: Francois Lachance <digitallachance at gmail.com>
> Subject: Re: [Pauldotcom] Corporate AV suggestions
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTinbvTokXfq1mZjoyMqdi6Zdu1keJfZ23oKq34e6 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Yes, we have put AV on the Macs of our creative team.  The rest of the
> enterprise is running Windows, and of course they too have AV.  The
> developers have the same complaint, but they are on Windows.  Bottom line,
> no matter what AV you put on, it will impact performance (some AV are worst
> than other, of course).
>
> AV is a necessary evil, because we don't have anything that is clearly
> better yet (unless you want to implement application whitelisting, but that
> has its own set of problems I hear).
>
>
>
> On Tue, May 11, 2010 at 6:54 PM, Matthew Perry <mlperry at gmail.com> wrote:
>
> > Is anyone running AV on macs in their enterprise?  I am at a software
> shop
> > and the developers claim that McAfee is really slowing down their compile
> > times.
> >
> > On Tue, May 11, 2010 at 4:17 PM, leslie l <enlight2k at hotmail.com> wrote:
> >
> > > I have been happy with LANDesk AV which uses the Kaspersky engine.
> > >
> > >
> > >
> > > > Date: Tue, 11 May 2010 14:14:48 -0500
> > > > From: xgermx at gmail.com
> > >
> > > > To: pauldotcom at mail.pauldotcom.com
> > > > Subject: Re: [Pauldotcom] Corporate AV suggestions
> > > >
> > > > Thanks for all of the replies. If anyone else has info, feel free to
> > > share.
> > > > On Tue, May 11, 2010 at 1:45 PM, Pommerening, Jeremy
> > > > <jpommerening at symbion.com> wrote:
> > > > > I was having an issue with Sophos not catching Fake-AV too until I
> > > turned on HIPS.  I'm catching most of it now with HIPS.  Environment is
> > > approx 1000 nodes.  I will agree that the online database is slim but
> I'm
> > > much happier than when we used Symantec EP.  As a bonus Sophos includes
> a
> > > lot of functionality at no extra cost with Data Control (DLP) and Device
> > > Control.
> > > > > Jeremy Pommerening
> > > > > MGR, Information Security
> > > > > Symbion, Inc.
> > > > > 615-234-8912 Direct
> > > > > 615-429-6883 BB
> > > > >
> > > > > GIAC - GCFA,GPEN, GAWN & GCFW,
> > > > > GIAC Advisory Board Member
> > > > > MCSE Win2K, MCSE NT4,
> > > > > CompTia SERVER+, HP APS
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: pauldotcom-bounces at mail.pauldotcom.com [mailto:
> > > pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh Little
> > > > > Sent: Tuesday, May 11, 2010 12:15 PM
> > > > > To: pauldotcom at mail.pauldotcom.com
> > > > > Subject: Re: [Pauldotcom] Corporate AV suggestions
> > > > >
> > > > > I'm on the fence regarding our Sophos EP distribution. I have a
> > > feeling
> > > > > that it is a little less resource intensive on the clients than the
> > > > > Symantec 10 system we replaced, but not by a whole lot. Logging and
> > > > > reporting isn't that strong, especially if you are looking at
> > > offloading
> > > > > events to a SIM or centralized log collector. Their online database
> of
> > > > > threats is very slim on information, especially when compared with
> > > > > Symantec's offering at http://www.sarc.com . It also doesn't deal
> > > very
> > > > > well with fast morphing threats like the rash of fake security
> > > products
> > > > > that have blown up in the last year. Almost all of the incidents I
> > > > > respond to are fake AV crap. The management console is still fairly
> > > > > nice, beyond being weak with reporting. One strong point is
> deployment
> > > -
> > > > > it was very easy to deploy out using SMS.
> > > > >
> > > > > Hope that helps...
> > > > >
> > > > > ZT
> > > > >
> > > > > On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote:
> > > > > > I've been very pleased with Sophos Endpoint protection both from a
> > > pricing perspective and support perspective.
> > > > > > Jeremy Pommerening
> > > > > > MGR, Information Security
> > > > > > Symbion, Inc.
> > > > > > 615-234-8912 Direct
> > > > > > 615-429-6883 BB
> > > > > >
> > > > > > GIAC - GCFA,GPEN, GAWN & GCFW,
> > > > > > GIAC Advisory Board Member
> > > > > > MCSE Win2K, MCSE NT4,
> > > > > > CompTia SERVER+, HP APS
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: pauldotcom-bounces at mail.pauldotcom.com [mailto:
> > > pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of xgermx
> > > > > > Sent: Tuesday, May 11, 2010 8:33 AM
> > > > > > To: PaulDotCom Security Weekly Mailing List
> > > > > > Subject: [Pauldotcom] Corporate AV suggestions
> > > > > >
> > > > > > So, it's license renewal time for our A/V and I'm open for
> > > > > > suggestions/recommendations/horror stories. (I'll be covering
> roughly
> > > > > > 500 Windows based machines).
> > > > > > _______________________________________________
> > > > > > Pauldotcom mailing list
> > > > > > Pauldotcom at mail.pauldotcom.com
> > > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > > Main Web Site: http://pauldotcom.com
> > > > > >
> > > > > >
> > > > > > Disclaimer: The email and files transmitted with it are
> confidential
> > > and are intended solely for the use of the individual or entity to whom
> they
> > > are addressed.  If you are not the original recipient or the person
> > > responsible for the delivering the email to the intended recipient, be
> > > advised that you have received this email in error, and that any use,
> > > dissemination, forwarding, printing or copying of this email is strictly
> > > prohibited.  If you received this email in error, please delete it from
> your
> > > system without copying it, and notify the sender by reply email so that
> our
> > > address record can be corrected.  Thank you. Symbion, Inc.
> > > > > > _______________________________________________
> > > > > > Pauldotcom mailing list
> > > > > > Pauldotcom at mail.pauldotcom.com
> > > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > > Main Web Site: http://pauldotcom.com
> > > > >
> > > > > _______________________________________________
> > > > > Pauldotcom mailing list
> > > > > Pauldotcom at mail.pauldotcom.com
> > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > Main Web Site: http://pauldotcom.com
> > > > >
> > > > >
> > > > > Disclaimer: The email and files transmitted with it are confidential
> > > and are intended solely for the use of the individual or entity to whom
> they
> > > are addressed.  If you are not the original recipient or the person
> > > responsible for the delivering the email to the intended recipient, be
> > > advised that you have received this email in error, and that any use,
> > > dissemination, forwarding, printing or copying of this email is strictly
> > > prohibited.  If you received this email in error, please delete it from
> your
> > > system without copying it, and notify the sender by reply email so that
> our
> > > address record can be corrected.  Thank you. Symbion, Inc.
> > > > > _______________________________________________
> > > > > Pauldotcom mailing list
> > > > > Pauldotcom at mail.pauldotcom.com
> > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > Main Web Site: http://pauldotcom.com
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> >
> > --
> > Matthew Perry
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100511/354f5b10/attachment-0001.htm
>
> ------------------------------
>
> Message: 6
> Date: Wed, 12 May 2010 09:05:18 -0400
> From: Grymoire <pauldotcom at grymoire.com>
> Subject: [Pauldotcom] Encrypted Disks
> To: <pauldotcom at pdc-mail.pauldotcom.com>
> Message-ID: <201005121305.o4CD5ICm001210 at mail.grymoire.com>
>
>
>
> I, too, am skeptical of any encrypted drive with a software driver.
>
> There is an alternative.  I have used Apricorn Aegis Padlock.  The key
> is entered on a keypad on the disk itself. No software needed.  Workds
> for Windows, Max, Linux. AES encryption. 10 different passwords, and
> an account manager - built into the disk itself.
>
> If you forget the master password, you can reset it, and say goodbye
> to the data as well. Practical.
>
> http://www.apricorn.com/product_detail.php?type=family&id=58
>
> $189 for 640GB w/AES-256, Save $20 if you will settle for AES-128.
>
> If you want a secure portable SSD, that's $779 for 256GB.
>
> The only problem I had was when I powered it with a single USB cable.,
> They provide a Y-cable to get juice from two USB ports. Works.
>
> I think the new IronKey has a Linux driver. But that's not a disk,
> just flash.  They do have their heads screwed on right. That would be
> my second choice.
>
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 12 May 2010 09:04:26 -0400
> From: Grymoire <pauldotcom at grymoire.com>
> Subject: [Pauldotcom] Corporate AV
> To: <pauldotcom at pdc-mail.pauldotcom.com>
> Message-ID: <201005121304.o4CD4Q9d001122 at mail.grymoire.com>
>
> My HUGE unnamed company choose Sophos. I'm just a user (my IT work
> was 20 years ago, when our building had 1000 Sun workstations). Sophos
> updates the signatures inside and outside the corporate network,
> so clients are frequently updated several times a day, wherever they
> are. If I didn't also install Secunia PSI, I'd not notice the updates.
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Thu, 13 May 2010 00:00:49 +1000
> From: Chris Keladis <ckeladis at gmail.com>
> Subject: Re: [Pauldotcom] Corporate AV suggestions
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTiky0TvxAJ2ST6SSUrDtDBwPAB36FV18QdJG9qKZ at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Argh.. Damn keyboard of new PC :)
>
> Anyway. As i was saying, last i checked (a few years ago) their engine
> could unpack most packers used, to find re-packed variants, etc..
>
> But as i said, i've never used it in an enterprise setting. It's long
> been my fave tho.
>
>
> Chris.
>
> On Wed, May 12, 2010 at 11:55 PM, Chris Keladis <ckeladis at gmail.com>
> wrote:
> > Kaspersky have a good engine. Never used it in an enterprise setup
> however.
> > Last i checked (
> >
> >
> > On Tue, May 11, 2010 at 11:32 PM, xgermx <xgermx at gmail.com> wrote:
> >
> > > So, it's license renewal time for our A/V and I'm open for
> > > suggestions/recommendations/horror stories. (I'll be covering roughly
> > > 500 Windows based machines).
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
>
>
> ------------------------------
>
> Message: 9
> Date: Wed, 12 May 2010 23:55:51 +1000
> From: Chris Keladis <ckeladis at gmail.com>
> Subject: Re: [Pauldotcom] Corporate AV suggestions
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTikLUB8lVlCXMXB5H1qs-AntuZzjQ7o6iY8Wqzgt at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Kaspersky have a good engine. Never used it in an enterprise setup however.
>
> Last i checked (
>
>
> On Tue, May 11, 2010 at 11:32 PM, xgermx <xgermx at gmail.com> wrote:
>
> > So, it's license renewal time for our A/V and I'm open for
> > suggestions/recommendations/horror stories. (I'll be covering roughly
> > 500 Windows based machines).
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> ------------------------------
>
> Message: 10
> Date: Wed, 12 May 2010 12:40:49 -0400
> From: Raffi Jamgotchian <raffi at flossyourmind.com>
> Subject: Re: [Pauldotcom] Corporate AV suggestions
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID: <137036D8-FFA1-4C34-822F-553BA0CA7CC9 at flossyourmind.com>
> Content-Type: text/plain; charset=us-ascii
>
> I used Vipre but it was a resource hog in the past and once took out all of
> the essential Thinkpad drivers (similar to the recent McAfee fiasco). One of
> my coleagues just replaced Vipre with Trend and found a bunch of previously
> unrecognized malware.
>
> Guess what, they all suck at some point. get the one that is the lightest
> weight on your machines and the easiest to manage and maintain.
>
> On May 12, 2010, at 5:54 AM, Gregory Baker wrote:
>
> > Sorry for the tardy reply - traveling. A vote for a very effective
> solution worth a looksee is Sunbelt's Vipre Enterprise. We just transitioned
> 1100 nodes and are very happy. The footprint is 1/3 of SAV 11.x and 1/4 of
> Sophos and its catching everything. The beancounters loved the lower license
> fees.
> > --- On Tue, 5/11/10, xgermx <xgermx at gmail.com> wrote:
> >
> > > From: xgermx <xgermx at gmail.com>
> > > Subject: [Pauldotcom] Corporate AV suggestions
> > > To: "PaulDotCom Security Weekly Mailing List" <
> pauldotcom at mail.pauldotcom.com>
> > > Date: Tuesday, May 11, 2010, 9:32 AM
> > > So, it's license renewal time for our
> > > A/V and I'm open for
> > > suggestions/recommendations/horror stories. (I'll be
> > > covering roughly
> > > 500 Windows based machines).
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> ------------------------------
>
> Message: 11
> Date: Wed, 12 May 2010 14:52:38 -0500
> From: xgermx <xgermx at gmail.com>
> Subject: Re: [Pauldotcom] Corporate AV suggestions
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTinx9CkSiUaqDyRDq6sMOHdxugtDBsUkEYDjNhtO at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Thanks for all of the replies. I'll be demoing Sophos in a few days.
>
> On Wed, May 12, 2010 at 11:40 AM, Raffi Jamgotchian
> <raffi at flossyourmind.com> wrote:
> > I used Vipre but it was a resource hog in the past and once took out all
> of the essential Thinkpad drivers (similar to the recent McAfee fiasco). One
> of my coleagues just replaced Vipre with Trend and found a bunch of
> previously unrecognized malware.
> > Guess what, they all suck at some point. get the one that is the lightest
> weight on your machines and the easiest to manage and maintain.
> > On May 12, 2010, at 5:54 AM, Gregory Baker wrote:
> >
> > > Sorry for the tardy reply - traveling. A vote for a very effective
> solution worth a looksee is Sunbelt's Vipre Enterprise. We just transitioned
> 1100 nodes and are very happy. The footprint is 1/3 of SAV 11.x and 1/4 of
> Sophos and its catching everything. The beancounters loved the lower license
> fees.
> > > --- On Tue, 5/11/10, xgermx <xgermx at gmail.com> wrote:
> > >
> > > > From: xgermx <xgermx at gmail.com>
> > > > Subject: [Pauldotcom] Corporate AV suggestions
> > > > To: "PaulDotCom Security Weekly Mailing List" <
> pauldotcom at mail.pauldotcom.com>
> > > > Date: Tuesday, May 11, 2010, 9:32 AM
> > > > So, it's license renewal time for our
> > > > A/V and I'm open for
> > > > suggestions/recommendations/horror stories. (I'll be
> > > > covering roughly
> > > > 500 Windows based machines).
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> ------------------------------
>
> Message: 12
> Date: Wed, 12 May 2010 14:41:30 -0600
> From: Craig Freyman <craigfreyman at gmail.com>
> Subject: [Pauldotcom] HTTPS Question
> To: Pauldotcom at mail.pauldotcom.com
> Message-ID:
>        <AANLkTimxRxvQj4Zj3Bfz_P5-ghgnDbkeGqY9Jk_jYc5G at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Is there some security benefit I am not aware of for using https
> connections
> within frames and presenting them over http to the user? This site
> http://webcentral.du.edu does such a thing and I don't understand why. If
> we
> spend time training people to look for https and certificate errors, why
> would they do this?
>
> When you click on "security information" at the bottom it says:
>
> *Is this Site Secure?*
> Yes, webCentral.du.edu <http://webcentral.du.edu/> uses a Security
> certificate provided by VeriSign.
>
> *Where is the little key or lock then?*
> webCentral uses frames throughout. The login page is actually a frame
> within
> a normal http: page. It is still secure, you just can't see the key or
> lock.
>
> Someone please enlighten me.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/9d2cc17d/attachment-0001.htm
>
> ------------------------------
>
> Message: 13
> Date: Wed, 12 May 2010 16:30:38 -0500
> From: Michael Allen <sector876 at gmail.com>
> Subject: [Pauldotcom] Sniffer Options
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTik0JWzH5hDUvOgvxy6ihqQkVm8lrezMvzrsgqv_ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hey All,
> Can anybody recommend a good sniffer preferably freeware that not only
> shows
> captured packets but also real time network usage. I am looking for
> something that is similar to Sniffer offered by the then Network
> Associates.
> It allowed real time analysis eg top 'talker' on the network by mac addy
> etc.
>
> I currently use Wireshark and Windump to capture/examine packets but need
> something with the above mentioned functionality.
>
> Any suggestions ?
>
> Much obliged.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/d78d175c/attachment-0001.htm
>
> ------------------------------
>
> Message: 14
> Date: Wed, 12 May 2010 16:50:26 -0500
> From: Will Metcalf <william.metcalf at gmail.com>
> Subject: Re: [Pauldotcom] Sniffer Options
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTim7xIAAo-DDI102Ua7JWNKMXsRDaJf_s16AKoH_ at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> look at argus and ntop together they will probably do what you want.
>
> Regards,
>
> Will
> On Wed, May 12, 2010 at 4:30 PM, Michael Allen <sector876 at gmail.com>
> wrote:
> > Hey All,
> > Can anybody recommend a good sniffer preferably freeware that not only
> shows
> > captured packets but also real time network usage. I am looking for
> > something that is similar to Sniffer offered by the then Network
> Associates.
> > It allowed real time analysis eg top 'talker' on the network by mac addy
> > etc.
> >
> > I currently use Wireshark and Windump to capture/examine packets but need
> > something with the above mentioned functionality.
> >
> > Any suggestions ?
> >
> > Much obliged.
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> ------------------------------
>
> Message: 15
> Date: Wed, 12 May 2010 17:12:27 -0500
> From: "Matt Nelson" <mattnels at gmail.com>
> Subject: Re: [Pauldotcom] Sniffer Options
> To: "'PaulDotCom Security Weekly Mailing List'"
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID: <000001caf220$36315b40$a29411c0$@com>
> Content-Type: text/plain; charset="us-ascii"
>
> Ntop would be a good fit for this purpose and then some.  ntop.org
>
>
>
> From: pauldotcom-bounces at mail.pauldotcom.com
> [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Michael Allen
> Sent: Wednesday, May 12, 2010 4:31 PM
> To: PaulDotCom Security Weekly Mailing List
> Subject: [Pauldotcom] Sniffer Options
>
> Hey All,
> Can anybody recommend a good sniffer preferably freeware that not only
> shows
> captured packets but also real time network usage. I am looking for
> something that is similar to Sniffer offered by the then Network
> Associates.
> It allowed real time analysis eg top 'talker' on the network by mac addy
> etc.
>
> I currently use Wireshark and Windump to capture/examine packets but need
> something with the above mentioned functionality.
>
> Any suggestions ?
>
> Much obliged.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/e91491e1/attachment-0001.htm
>
> ------------------------------
>
> Message: 16
> Date: Wed, 12 May 2010 19:21:21 -0400
> From: Adrian Crenshaw <irongeek at irongeek.com>
> Subject: [Pauldotcom] Non-fiction audio books for the hacker type
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTimx40Kg776MieDQBici5HBhkPiCWBfjGxLWmYSr at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi all,
>     A while back, I asked about good books for the hack/security loving
> geek. Now for something a little different.  How about non-fiction audio
> books? For example, I liked listening to the SANS mp3s I had., and "The
> Hacker Crackdown" was a good book to listen to. Got anything to recommend?
> MP3s of classes, computer history, history of crypto, anything alike that?
>
> Thanks,
> Adrian
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100512/e14ef1bf/attachment-0001.htm
>
> ------------------------------
>
> Message: 17
> Date: Thu, 13 May 2010 00:23:09 +0100
> From: Bacon Zombie <baconzombie at gmail.com>
> Subject: Re: [Pauldotcom] HTTPS Question
> To: PaulDotCom Security Weekly Mailing List
>        <pauldotcom at mail.pauldotcom.com>
> Message-ID:
>        <AANLkTimlWkHxE6BP7boBHrmhGqxlpHhQQSxT3CKnxAxp at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I ready like this function in the source code:
>
> *function keepFunction()*
> *{*
> *  msg = "DO NOT REMOVE THIS FUNCTION";*
> *}*
>
> And to answer your question this is a really bad item.
>
> BaconZombie
>
> On 12 May 2010 21:41, Craig Freyman <craigfreyman at gmail.com> wrote:
>
> > Is there some security benefit I am not aware of for using https
> > connections within frames and presenting them over http to the user? This
> > site http://webcentral.du.edu does such a thing and I don't understand
> > why. If we spend time training people to look for https and certificate
> > errors, why would they do this?
> >
> > When you click on "security information" at the bottom it says:
> >
> > *Is this Site Secure?*
> > Yes, webCentral.du.edu <http://webcentral.du.edu/> uses a Security
> > certificate provided by VeriSign.
> >
> > *Where is the little key or lock then?*
> > webCentral uses frames throughout. The login page is actually a frame
> > within a normal http: page. It is still secure, you just can't see the
> key
> > or lock.
> >
> > Someone please enlighten me.
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100513/23ccb9ef/attachment-0001.htm
>
> ------------------------------
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>
>
> End of Pauldotcom Digest, Vol 20, Issue 10
> ******************************************



-- 
- Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100526/25fe7250/attachment.htm