AV Industry: Trend Micro buys Third Brigade

Trend Micro buys Third Brigade
http://www.itnews.com.au/News/102128,trend-micro-buys-third-brigade.aspx
By Shaun Nichols
30 April 2009 01:46PM

Security giant Trend Micro is aiming to increase its enterprise security presence by acquiring enterprise specialist Third Brigade for an undisclosed sum.

The companies said that the deal was made with server security in mind.

Third Brigade specialises in datacentre security and Trend hopes that the deal will bolster its arsenal in both the physical and virtualised server markets.

"Trend Micro has been a pioneer and global leader in server protection software for over ten years," said Trend chief executive Eva Chen.

"This acquisition underscores our commitment to maintaining that leadership position, and accelerates our ongoing efforts to deliver innovative new solutions that are uniquely suited to dynamic datacentres, as they expand from physical to virtual and public/private cloud-computing environments."

The company said that it also hopes to parlay Third Brigade's intrusion prevention systems (IPS) into its own enterprise offerings.

The two companies have previously had a deal which includes embedding the Third Brigade IPS in Trend Micro's Intrusion Defense Firewall product.

The two companies said that they hope to finalise the deal by the end of June.

Third Brigade specialized in Host Intrusion Prevention Systems (HIPS).

Enrique Salem takes over at Symantec

By Shaun Nichols
7 April 2009 02:16PM

Symantec's new chief executive has officially taken over..

The security and storage firm said that former chief operating officer Enrique Salem had formally assumed the chief executive and company president roles.

Outgoing chief John Thompson is remaining with the company as board chairman.

The move was first announced in November, but the official transition was delayed until the end of the company's fiscal year on April 4.

"Through that process, Enrique emerged as the right person to lead the company and I am confident in his ability to continue to drive the success of our team," Thompson was quoted as saying in November.

Salem will be the company's first new chief executive in more than ten years, rising to the position from the chief operating officer role.

Salem had first joined Symantec as a lead engineer when the company acquired Norton Computing in 1990. He later became the company's first chief technology officer before leaving in 1999 to join Ask Jeeves.

Salem returned to the company in 2004 when Symantec purchased Brightmail.

Copyright © 2009 vnunet.com

New BIOS attack renders antivirus useless

By Iain Thomson
27 March 2009 10:45AM
A new form of attack that installs a rootkit directly onto a computer’s BIOS system would render antivirus software useless researchers have warned.

Alfredo Ortego and Anibal Sacco of Core Security Technologies explained that the attack was possible against almost all types of commonly used BIOS systems in use today.

The two devised a 100 line Python script that could be flashed onto the BIOS to install a rootkit. Because the BIOS software activated before any other program on a computer when it starts up then normal antivirus software would be unable to detect it.

“We tested the system on the most common types of BIOS,” said Ortega.

“There is the possibility that newer types of Extensible Firmware Interface (EFI) BIOS may be resistant to the attack but more testing is needed.”

The attack is only possible if the attacker already has full administrative control of the target PC, but this is possible through a standard virus infection. Once that is achieved the malware operator would be able to flash a rootkit directly onto the BIOS.

Even if the initial virus was detected and removed the computer would still be under remote control. Even a full wipe of the hard drive and complete reinstallation of the operating system would not remove it they warned.

If a sophisticated rootkit was put onto the BIOS it could be even more difficult for an administrator to debug the system, said Ivan Arce, chief technology officer at Core Security Technologies.

“You’d need to reflash the BIOS with a system that you know has not been tampered with,” he said.

“But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the BIOS chip.”

The attack vector is also usable against virtual systems the researchers said. The BIOS in VMware is embedded as a module in main VMware executable and thus could be altered.

However it is possible to protect against this attack by locking down the BIOS chip from flash updates, either by password protecting the system against unauthorised changes or physically.

“The best approach is prevention, preventing the virus from flashing onto the BIOS,” said Sacco.

“You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard.”

Copyright © 2009 vnunet.com