Wares extraordinaire

The Pick: PestPatrol PestPatrol
By Winn Schwartau, On Security columnist
An exterminator for pesky computer bugs.

The late Grace Hopper, mother of modern computing, once remarked that when her 12-ton, room-sized tube computer operated erratically, it was because of a bug. Literally. A moth. And a half century later, no matter what we do, our computers are still "buggy."

But today, the worst bugs are the offensive, destructive and privacy-violating bugs; bugs on the attack that maliciously target computers and the operators behind the keyboard. They are those pesty and pesky Trojan horses, spyware, talkative cookies, hostile code and hacker tools that break past firewalls, intrusion-detection systems, antivirus software, VPNs, password protection tools and almost any other technical security measures you might implement.

My choice for security product of the year solves these problems and one other significant one: the insider threat. Statistics show more than 80% of investigated computer crimes involve current or former "trusted" insiders who had or have network access. But little attention has been focused on how to deal with this obvious and well-documented (albeit, perhaps politically incorrect) threat. PestPatrol's PestPatrol is unique security software that detects and eradicates nearly 60,000 known "pest-ridden" (non-viral) software bugs, coming from more than 11,000 distinct families (as of September 2002). Have you thought about the garbage that might be rummaging around your office's desktop computers now, not only violating privacy but also perhaps broadcasting corporate information to distant listening posts?

Do you know which employee is running steganographic software so he can send secret encrypted messages? Who's using hacker tools? Who's trying to download hostile code from the 'Net? Do you know or can you currently control the myriad cookies that broadcast yourcompany.com information to the Internet when your users log on? And what about that indecent invasion of privacy caused by unwanted spyware? The lists go on and on, and all you need do is ask one simple question: "Do you want to keep malicious code off of your computers or not?"

If you want your desktops free from the stench of hacker tools, password crackers, keystroke loggers, port scanners and more, then PestPatrol is for you. Consider remote administration tools (RAT), such as Back Orifice, SubSeven or NetBus. These Trojans communicate from the desktop to a distant server - generally without permission. They are a huge security breach, along with thousands of other applets and attack code. PestPatrol is designed to keep updating itself with the latest file detections for RATs and other pests, and to look through memory and media to find the executables, help and associated files that need eradicating. When I loaded PestPatrol onto my highly secure desktop computer, I was astounded to find 42 hostile applets and related pests that snuck past two firewalls and my ever-current antivirus software. I have tight restrictions on ActiveX and Java, no Visual Basic Script allowed - yet all of these pests managed to get through. How? Pest designers do their best to sneak in subtly, under your detection systems and past your defenses. It's their job. Your job is to keep hostile software off user desktops, out of your corporate enterprise, maintain high levels of privacy, not expose your company to unnecessary risks and create a secure working environment. You can't do that without PestPatrol.

Schwartau is president of Interpact, a security awareness consulting firm. He can be reached at winns@gte.net.

The Pick: iFolder Professional 2.0
Novell
By Dave Kearns, Wired Windows columnist
File synchronization made easy.

When I first previewed NetWare 6 in July 2001, some of the new functionality built into the system really struck me. In particular, the new iFolder utility for file synchronization caught my eye.

This utility lets you create a subfolder of your Windows desktop's My Documents folder and have the files you put in it automatically updated in an encrypted format on a NetWare server whenever a change is made to a file. Installing the iFolder client on any other machine guarantees that all the covered files are synchronized on all the desktops so configured. A Web browser also can be used to access the iFolder server and upload or download files should you be somewhere that you shouldn't, or can't, install the iFolder client.

All this is good - so good that Novell didn't take long in figuring out that not only is iFolder a good NetWare 6 utility, but also it could be a desirable application on its own - and easily could be pushed beyond the NetWare platform. So this April, Novell launched iFolder Professional Edition 2.0 as a stand-alone product. It has all the features of the NetWare utility, but adds new functionality and support for additional platforms. It supports NetWare 6 and NetWare 5.1 SP3, Windows NT4 SP6a and Windows 2000 SP2, RedHat Linux 7.1/7.2 and Solaris 8 operating systems. It requires the Apache Web server for NetWare, Linux and Solaris, and Microsoft's Internet Information Server for Windows. While this first release requires Novell's eDirectory, future versions are supposed to work with any certified Lightweight Directory Access Protocol-based directory system.

In a hurry? Download a quick-scan list of the products named in the 2002 Best Issue.

PDF Version (1M)

HTML Version

The product is ideal for users who frequently move among two or more client PC environments - even for people who like to work from home occasionally. The iFolder client sets up quickly and easily (you can let users download it from your corporate Web site), and the ability to access the iFolder files from any Web browser means that no one ever needs to be without a critical file so long as they have Internet access!

I use iFolder more than any other new NetWare feature. And if I had a mobile workforce, I'd want all my employees to use it. It takes less than 5 minutes to set up the client, then no time at all for users to maintain it. Files are synchronized automatically whenever they change.

We often talk about no-brainers, but iFolder Professional truly requires no thought at all to use - and use effectively. It just works. What more can we ask?

Kearns is a writer and consultant in Silicon Valley. He can be reached at info@vquill.com.

The Pick: SuperAgent 2.0
NetQoS
By Johna Till Johnson, Eye on the Carriers columnist
Measuring the true user experience.

Network executives are all too familiar with the battles between application and infrastructure groups over slow application response times. Application developers blame the overloaded network, and network managers blame poorly designed applications.

Users care only about glacial responsiveness. Time spent waiting for an application to react translates into lower productivity and, often, into reduced revenue - exactly what most businesses in today's economy can't afford.

A new class of products that provides what I call "quality of experience" (QoE) measurement is emerging. These tools let IT executives quickly and effectively diagnose performance problems on networked applications, pinpointing the cause of application delay. More importantly, with the help of these tools IT executives can implement fast, permanent fixes.

SuperAgent 2.0 from NetQoS is an outstanding example of a sleek, well-designed, elegant QoE monitor. The SuperAgent appliance connects to a mirrored switch port or network tap near the server farm and examines TCP header information to measure application response time. It breaks down response times into several components:

Connection time, the time it takes to establish a TCP session between the client and server, which helps determine if there are performance problems overall.

Server response time, the time elapsed between initial client request and a response from the server, which helps uncover server performance problems.

Data transfer time, the time between the server's first and final data responses, which can indicate problems with the server or the network.

Data retransmission time, which tracks the delay introduced by retransmitting data over the network.

Network round-trip time, the time it takes a packet to traverse the network, which helps uncover network performance problems.

SuperAgent is a passive monitor, meaning it doesn't increase network load (a great feature in a performance tool). It also tracks responses interactively, meaning it checks performance multiple times during one TCP session. Other tools, in contrast, measure response time once, at the start of the session. The problem with that approach is it doesn't account for changes as time goes on; performance could degrade, and the tools wouldn't know why.

SuperAgent stores its results in a SQL database that can be accessed via a Web-based interface. It also will deliver reports and alarms via e-mail or populate an existing management system. Using NetQoS' Reporter-Analyzer, you can combine this information with information from outside sources, such as Cisco NetFlow, NetScout probes and NetIQ response-time agents.

When Network World tested this product earlier this year, it proved easy to install and highly accurate, and it delivered as promised on all points. I can't improve on tester Bob Currier's final words, "SuperAgent 2.0's combination of functionality, reliability and superb reports make it a definite 'must have.' "

Johnson is president and chief research officer at Nemertes Research, which provides quantitative research on the business impact of technology. She can be reached at johna@nemertes.com.

The Pick: iHateSpam
Sunbelt Software By James Kobielus, Above the Cloud columnist
Shielding e-mail from spam blasters.

Spam is the cosmic background radiation from the Internet's rapid expansion into our everyday lives. Spam is everywhere, coming from seemingly every direction. But that doesn't mean that I have to accept it or that I have to subject my e-mail system to a continuous, corrosive stream of incoming junk.

Spam threatens to debase e-mail as a communication medium, just as junk postings slowly rendered many Usenet groups uninhabitable. I like Sunbelt Software's innovative iHateSpam client software because it lets me totally shield my e-mail in-box from spam. At the same time, the product lets me inspect every message that comes my way, just to make sure it didn't block or discard any important e-mail. IHateSpam is certainly not the only client-based antispam tool on the market, but it is the only client-based product I've come across that builds "whitelists" by scanning your Microsoft Outlook e-mail address book and your Outlook client-side message folders. IHateSpam also is the only client-side antispam tool that quarantines any incoming mail that doesn't come from a whitelisted sender. Whitelist-based antispam filtering is the only effective way to ensure a continuously spam-free in-box. Another plus is that iHateSpam lets users dynamically adjust the client-side rules to ensure the tool doesn't mistakenly filter out legitimate bulk e-mails - such as e-mailed newsletters - that they regularly receive.

The product's name is none too delicate, but it succinctly expresses the user's primary motivation for seeking it out. IHateSpam comes in separate versions for Outlook and Outlook Express, both downloadable from Sunbelt's Web site. The product installs quickly and easily, and setup is straightforward.

Upon setup, the software creates a whitelist of accepted e-mail senders - also known as a "friends list" - by retrieving addresses from users' e-mail address books and by scanning existing client-side mail folders for the addresses of senders of stored e-mail. IHateSpam prompts the user to define an acceptable spam-filtering threshold, ranging from the stringent "all spam" (which also might quarantine non-spam such as online newsletters to which the user has subscribed) to the more permissive "some spam" (which will only catch junk mail with easily identifiable spam indicators). Users can define a personal "enemies list" of addresses from which incoming e-mail is always blocked, and more fine-grained personal filtering rules keyed to contents of message headers, subjects, bodies and attachments.

One of the most powerful and dynamic features of iHateSpam is the client software's participation in a peer-to-peer online "Learning Network" hosted by Sunbelt (similar to rival peer-to-peer antispam communities such as Cloudmark's SpamNet). Users can designate any message in an in-box or a quarantine mail folder as "is spam" or "not spam" by clicking on buttons embedded in the mail client. When a user designates a particular message as spam, the iHateSpam client software sends a pattern of that message to an automated rules-creation engine in the Learning Network. The engine tabulates "votes" from all deployed iHateSpam clients, ranks messages by the probability of their being spam, and automatically creates new spam patterns and filtering rules. The engine regularly distributes updated spam patterns and filtering rules to all iHateSpam clients. As a final check, Sunbelt personnel review all patterns and rules before their distribution, just to make sure they're accurate and that user cliques aren't unfairly ganging up on legitimate commercial expressions (such as a competitor's e-mail-based direct-marketing pitches).

A big caveat for iHateSpam is - and for any antispam solution - that it relies on client-based rules-filtering. The product consumes CPU cycles on client machines, and briefly freezes the mail client while scanning, filtering and handling incoming mail. This computational load can be a significant burden on low-end workstations and can prove disruptive for users who receive a lot of e-mail, especially as the set of spam patterns and filtering rules grows. Ideally, much of the filtering should be done on a centralized basis, by mail gateways hosted internally by an enterprise customer or externally by Sunbelt. However, the vendor has not decided whether to evolve iHateSpam in that direction. Clearly, the product will hit a scalability wall soon, might not be appropriate for broad corporate adoption and can't address spam-based distributed denial-of-service threats if it doesn't centralize some CPU-intensive mail-filtering processes. Nevertheless, Sunbelt's iHateSpam delivers clear value where it counts: by enabling users to keep spam from constantly interrupting their lives and cluttering up their in-boxes.

Kobielus is an Alexandria, Va., senior analyst with Burton Group. Reach him at jkobielus@burtongroup.com.

The Pick: Virtela VPN
Virtela Communications
By Steve Taylor, Packet Evangelist columnist
VPN service with a twist.

Innovation comes in many forms. Truly unique ideas are rare. Less rare, and generally more productive, is innovation that comes in the form of taking a couple of old ideas and combining them in a unique fashion. This latter type of innovation makes Virtela Communications' Virtela VPN my choice as a category-breaker.

Several givens are shaping the long-haul services market today. Companies are demanding extremely reliable services. Stability of individual facilities-based service providers is a primary concern. The price has to be right. And most of the network traffic is evolving to - if it isn't already - IP.

Add to this a couple of industry-related factors. On the services side, most facilities-based carriers have vastly overbuilt their IP backbones, and the majority of the Internet backbone is, in reality, lightly utilized. Still, users are concerned about the lack of control and quality of service (QoS) in the Internet, especially if their traffic is primarily handled by one ISP.

On the equipment side, several vendors now offer IP service switches that provide tunnel management and measure QoS across IP backbones. These switches let service providers control a large number of secure tunnels and to impose a number of QoS parameters across the otherwise less-than-ideal IP backbone.

Throw in the reality that most service providers have historically bought and bartered bandwidth from other service providers - the carriers' carriers. This long-established, but not widely publicized, practice lets carriers provide bandwidth to each other over physical fiber or large dedicated bandwidth pipes that is subdivided and resold to corporations.

Virtela has taken advantage of the best of each of these factors to create a next-generation VPN service that provides QoS. It doesn't own its core network. Instead, it buys otherwise unused Internet bandwidth in bulk from facilities-based carriers. Then it puts its own IP services switches on the edge of the network so it can add QoS and secure tunnel management on the outside.

This multicarrier approach brings three fundamental benefits (see story, "Top tips for skating through the telecom meltdown"). First, because Virtela is buying bandwidth without the network infrastructure, it can offer the service at an attractive price. Second, the service switches let Virtela superimpose QoS with some strict service-level guarantees. This is possible because if one network is not providing the desired service level, Virtela simply can switch the traffic to a different part of the Internet backbone. Third, for those who are concerned about the future and stability of individual service providers, the multiprovider approach gives several back-up paths, insulating the customer from a single-carrier network failure. Virtela, which is one of Network World's 2002 10 start-ups to watch, offers a number of enhanced services, including turnkey voice and video, on top of this VPN backbone. But the company's unique infrastructure and market approach really provide the power behind the service.

Taylor is president of Distributed Network Associates in Greensboro, N.C., and publisher of Webtorials.com. He can be reached at taylor@webtorials.com.

Wares extraordinaire

Related links: