Week In Security: Symantec Check Flaw, Sobig.E, New Products

&#149 Symantec said an ActiveX control that can be used with its Security Check Web-based tool to test computers for vulnerabilities contains a buffer overflow. While running the tool, users can install the ActiveX control, which remains on their systems. The buffer overflow can be exploited when the user with the ActiveX control visits a malicious Web site. Symantec said it replaced the flawed ActiveX control on its Security Check Web site. Those who previously used Security Check should return to the site and run a new scan, which will replace the old ActiveX control with the new fixed version, Symantec said.

&#149 Another variant of the Sobig worm spread spread rapidly across the Internet this week. Sobig.E arrives as an e-mail with subject lines such as "Re: application" or "Re: movie," with a .zip file attachment. When the attachment is executed, the worm spreads itself to e-mail addresses on the victim's system. While not destructive, Sobig.E can clog networks with floods of e-mail, according to Guardent, a security services firm.

&#149 Research firm IDC said first-quarter worldwide security appliance revenue was $316 million, down 6 percent from the same quarter a year ago. Although revenue was down, unit shipments increased by 17 percent, due to several factors including price pressure, the firm said. Cisco Systems is the top security appliance vendor with 36.8 percent market share, followed by NetScreen with 14.4 percent. Security appliances priced from $3,000 to $5,900 were the most popular among customers, IDC said.

&#149 Top Layer Networks announced the general availability of its Secure Controller line of ASIC-based access control security switches for wired and wireless networks. The line consists of Secure Edge Controller and Secure Core Control, which force users to authenticate themselves before gaining network access and provides administrators with granular access control.

&#149 Microsoft tapped Peter Cullen, corporate privacy officer for Royal Bank of Canada, as its new chief privacy strategist. Cullen, who will join Microsoft on July 14, will report to Scott Charney, chief Trustworthy Computing strategist, to help ensure that privacy protections and best practices are incorporated into all Microsoft products, services, systems and internal processes, the company said.

&#149 Pedestal Software unveiled an enhanced version of its Intact change detection and recovery product. Intact 3.5 features enhanced configuration templates for fast installation and supports Internet Information Services (IIS) and SQL servers. The software costs $445 per server with volume discounts starting at 10 systems.

&#149 Novell said it will release in mid-July the public beta of Novell BorderManager 3.8, which provides remote access and Web access control within Novell Nsure identity management products. Enhancements include a standards-based VPN, easier installation and management, and support for more than 50 authentication methods.

&#149 System Detection said it closed $4.5 million in financing. Venture firms Novak Biddle Venture Partners, Metropolitan Venture Partners and Columbia Science and Technology Ventures participated in the round. System Detection is the exclusive licensee of data, mining, machine learning and statistical detection technologies developed at Columbia University through a $6 million research program funded by the Defense Advanced Research Projects Agency. The company plans to launch commercial threat management products in the third quarter.

&#149 SonicWall unveiled an upgraded version of its Global Management System (GMS) and ViewPoint security and productivity reporting software. New features in GMS 2.5 include a visual navigation tool, group policy filtering and centralized, customizable reporting. New features in ViewPoint 2.0 include detailed graphical reports, realtime and historical reports, and multiple firewall support.

&#149 WatchGuard Technologies said it will integrate intrusion prevention capabilities into its Firebox Vclass line and boost the current intrusion-prevention capabilities on the Firebox System line of firewall/VPN appliances for small and midsize businesses.