Week in Security: Microsoft Scanner, IIS Patch, Computer Crime Report

%95 Microsoft released a new tool that scans Windows NT 4, Windows 2000 and Windows XP for common security misconfigurations. The tool, called Baseline Security Analyzer, provides a security report card, best-practice checks and instructions on how to fix vulnerabilities it finds. It can run on Windows 2000 servers and workstations and Windows XP, Home Edition and Professional versions. The tool is available for free download at: http://www.microsoft.com/technet/security/tools/Tools/mbsahome.asp.

%95 Microsoft also issued a cumulative patch for 10 new vulnerabilities in its Internet Information Services (IIS) Web server software. Some of the vulnerabilities could allow an attacker to execute code on a server. The flaws affect IIS versions 4.0, 5.0 and 5.1. Information on the patch is available at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-018.asp.

%95 Computer crime continues to climb along with its cost, according to the seventh annual "Computer Crime and Security Survey" by the FBI and the Computer Security Institute (CSI). The study surveyed 503 information security professionals in U.S. businesses, government agencies and universities. Ninety percent of the respondents detected computer security breaches within the last 12 months compared to 85 percent the year before.

Eighty-four of this year's respondents said they suffered financial losses due to the breaches. Forty-four percent, or 223 respondents, quantified the losses, reporting a total loss of $455 million. That compares with $377 million in total losses reported by 186 respondents in last year's survey.

%95 RSA Security, Bedford, Mass., said it certified Fort Lauderdale, Fla.-based Citrix Systems' Secure Gateway and Citrix Nfuse Classic portal software for use with the RSA SecurID two-factor authentication products. The companies said the partnership provides customers with added security for accessing applications from remote locations.

Blaming weak IT spending, RSA reported a loss of $13.7 million on $55.5 million in revenue for the quarter ended March 31. That compares with net income of $9.6 million on $76.3 million in revenue for the same quarter a year ago.

%95 Network Associates, Santa Clara, Calif., reported revenue of $220.7 million and net income of $15.8 million, or 10 cents per share. On a pro forma basis, which excludes its McAfee.com spin-off, the company recorded $201.9 million in revenue and earned $15.9 million, or 9 cents per share. Network Associates had predicted it would earn 4 cents to 6 cents per share, on a pro forma basis. The company is in the process of trying to buy the remaining outstanding shares of McAfee.com and increased its bid by 15 percent.

%95 SonicWall, Sunnyvale, Calif., upgraded the firmware for its entire line of Internet security appliances. New features include control and reliability for remote access, Network Address Translation (NAT) Traversal, and user-level authentication to control VPN access at the user level.

%95 Atlanta-based Internet Security Systems said Steve Laubenstein joined the company as vice president of channels and small to medium businesses. He formerly worked at Symantec, where he served as vice president of sales, channels, and SMB. Steve Cooker, former vice president of North American sales for Nortel Networks, joined ISS as vice president and general manger of public sector operations.

%95 Securify, Mountain View, announced the appointment of Mark Hangen as president and CEO, succeeding founder Taher Elgamal, who will continue as CTO and co-chairman of the board. Hangen formerly was president and general manager of the managed security services business at ISS.