HNS Newsletter Issue 92 - 17.12.2001 http://net-security.org http://security-db.com This is a newsletter delivered to you by Help Net Security. It covers weekly roundups of security events that were in the news the past week. Visit Help Net Security for the latest security news - http://www.net-security.org. Subscribe to this weekly digest on: http://www.net-security.org/text/newsletter Archive of the newsletter in TXT and PDF format is available here: http://www.net-security.org/news/archive/newsletter Table of contents: 1) General security news 2) Security issues 3) Security world 4) Featured products 5) Featured article 6) Security software ======================================================== Sponsored by GFI, the developers of a revolutionary new intrusion detection product - LANguard Security Event Log Monitor. Download your copy! http://www.net-security.org/cgi-bin/ads/ads.pl?banner=gfitxt ======================================================== General security news --------------------- ---------------------------------------------------------------------------- THE 2600 IRC NETWORK RETURNS irc.2600.net is back online after nearly a month's absence. The last server was discontinued because of security issues and overall lack of structure. There is a number of new features, more capacity, and a strong desire to keep expanding in the future. Link: http://www.2600.com/news/display.shtml?id=884 THE POWER OF THE CHROOT COMMAND This article is discussing some of the features of the chroot command. As some of you might already know, chroot creates a type of jail if you like to call it that. It locks a part of a filesystem away from the rest. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.mlug.ca/sklav/stories/November_issue2001 FIREPROOFING AGAINST DOS ATTACKS In the past few months many anti-DoS devices have popped onto the market. These products claim to mitigate various forms of DoS attacks. At first glance they appeared to be a dream come true. But then reality set in, and we started to wonder: "Do they really work?" Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.nwc.com/1225/1225f3.html GAO SERVERS COMPROMISED eWeek reports that a group claiming to be part of a large "hacker" organization known as the Alqaeda Muslim Alliance compromised several servers belonging to the U.S. General Accounting Office in Washington on Sunday. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.eweek.com/article/0,3658,s%253D701%2526a%253D19727,00.asp IPSEC TUNNELING BETWEEN FREEBSD HOSTS IPSec encrypts data at the IP packet level, so insecure applications can be encrypted while travelling over the Internet. Mike DeGraw-Bertsch shows us how to set it up. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.onlamp.com/pub/a/bsd/2001/12/10/ipsec.html STARTER PKI FOR YOUR BUSINESS As noted on their web page, Thawte's Guide to PKI "Starter PKI for your Business" will provide you with the information you need to issue your own SSL and developer certificates from your desktop. Link: http://ad.doubleclick.net/clk;3570562;6611360;c?http://www.thawte.com/ucgi/gothawte.cgi?a=b192765280024000 PALM OS: A PLATFORM FOR MALICIOUS CODE? Since its introduction, only four malicious programs have been seen for the Palm-OS platform. This article is part of a series that will attempt to establish to what degree Palm OS-based systems represent a suitable platform for malicious code. This installment will examine the OS in general, as well some of the types of malicious code that could be used to infect Palm OS platforms. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/infocus/1521 THE TRUE ONLINE SECURITY STORY Controlling who has access to online data and who does not can be a costly proposition, but there are guidelines for getting the job done efficiently. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.osopinion.com/perl/story/15197.html BRIDGE BUILT BETWEEN HUSHMAIL AND PGP USERS Users are promised interoperability between HushMail accounts and desktop PGP users with a tool which uploads PGP public keys to HushMail servers. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/55/23325.html CRACKDOWN ON SOFTWARE PIRATES In the FBI's most extensive software piracy undercover investigation ever, roughly 100 search warrants were executed, and were carried out with international cooperation, according to U.S. Attorney General John Ashcroft. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://money.cnn.com/2001/12/11/technology/software_piracy/ REMOTELY MANAGED FIREWALL STARTUP BETS ON OPEN SOURCE Is the path to financial stability sought by entrepreneurs in the hybrid open source and proprietary software communities? Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxworld.com/site-stories/2001/1211.rocksteady.html PEACEFIRE.ORG WINS SPAM SUITS Bennett Haselton, webmaster of Peacefire.org, is the latest in a string of Washington residents to emerge victorious in small claims court by invoking the state’s new law against unsolicited bulk e-mail. Link: http://www.newsbytes.com/news/01/172891.html THE WEB: SECURITY THROUGH OBSCURITY Not only is Microsoft getting people to sign up and give away their personal info for $20, but now it's going to start keeping track of what they watch on TV as well... Link: http://www.nma.co.uk/lo-fi/story.asp?id=231281 HACKERS, PROGRAMMERS "IMPROVE" XBOX "It's a very powerful piece of hardware - that's what motivates us," said Dan Johnson, creator of XboxHacker, a site dedicated to disseminating the latest information on Xbox tweaks. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1006-200-8147450.html HACKING THE TCSX-1 FOR FUN AND PROFIT They say good things come in small packages. Advantage Business Computer Systems' TCSX-1 Thin Client is one of those good things. Add a keyboard, mouse and VGA monitor to this little box and you have a simple Network, Serial or X Windows terminal. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxdevices.com/articles/AT3193512578.html INCIDENT MANAGEMENT WITH LAW ENFORCEMENT This article will offer an overview of dealing with law enforcement agencies in security incident handling. It will offer some suggestions that will help to make private sector involvement with the cyber-police satisfactory and effective for both sides. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/infocus/1523 CHECK POINT AND NOKIA TO CO-DEVELOP SECURITY Firewall maker Check Point Software and communications giant Nokia have expanded their alliance and will co-develop security technology for mobile and Internet applications. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-200-8155148.html CERT COURSE ON CREATING A CSIRT Creating a Computer Security Incident Response Team (CSIRT) is a one-day course designed for managers and project leaders who have been tasked with implementing a computer security incident response team. Event is scheduled for December 18, 2001. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cert.org/training/2001/creating_csirt.html CHARGES AGAINST DMITRY SKLYAROV WILL BE DROPPED Dmitry Sklyarov had been charged in the first criminal prosecution under the 1998 Digital Millennium Copyright Act. He could have faced up to five years in prison and a $500,000 fine. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,49122,00.html VIPUL'S RAZOR Call him the Spaminator. Zonker's out to eradicate spam as he presents Vipul's Razor, a tool for reporting and filtering unsolicited commercial email. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.unixreview.com/documents/urm0112f/ A SIMPLE ORACLE HOST-BASED SCANNER As with any large software package, the default installation of Oracle does not provide for the most secure system out of the box. This paper will explore the scanning of an installation of Oracle's RDBMS and, in doing so, will investigate some common security deficiencies. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/infocus/1522 THE NEW DANGER: BLENDED THREATS Symantec has an article on blended threats. Their definition is - a blended threat utilizes multiple methods and techniques to transmit and spread an attack. Two examples from this "branch" of threats are Nimda and Code Red. Link: http://enterprisesecurity.symantec.com/article.cfm?articleid=967 GOKAR WORM Gokar is a combination of e-mail, IRC and IIS web worm. It was found in the wild early on December 13th, 2001. Anti-virus vendors catgorized Gokar worm as a low threat. Link: http://www.net-security.org/text/viruses/1008292741,3955,low.shtml OPENSSH ON WINDOWS V3.0.1 Mark Bradshaw contributed the following - "NetworkSimplicity has released the latest version of the OpenSSH on Windows package, version 3.0.1. This version includes numerous feature enhancements, along with bug fixes and security updates." Link: http://www.networksimplicity.com/openssh AUTOMATIC PATCHES? NOT Vinton G. Cerf, widely recognized as a "father of the Internet" for co-inventing one of its communications technologies, warned against a White House proposal to have software companies automatically repair their products whenever new vulnerabilities were discovered. Link: http://sns.chicagotribune.com/technology/sns-ap-computer-security1212dec12.story?coll=sns%2Dtechnology%2Dheadlines MAGIC LANTERNS AND SUCH Cult of Dead Cow - "While we applaud the innovation of the federal law enforcement agency, those of us who are US citizens would be remiss if we did not offer our expertise in this area... So we intend to re-architect Back Orifice from the ground up. There will be absolutely no shared code between the two projects (FBI's Magic Lantern and CDC new program), in order to skirt detection by commercial antivirus packages. The code will remain totally secret. The software will never surface publicly. And it will be far more stealthy than anything we have ever released, demoed, or publicly discussed." The CDC release can be found here: http://cultdeadcow.com/details.php3?listing_id=425 Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computing.vnunet.com/News/1127639 CASUAL PKI AND MAKING E-MAIL ENCRYPTION EASY E-mail encryption seems to be hard enough, or annoying enough, that even many technically sophisticated people don't do it regularly. Non-technical people rarely seem to be able to figure it out at all. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.advogato.org/article/391.html FOUNDER SUES BALTIMORE FOR DISSING HIM Fran Rooney is taking Baltimore to court for saying harsh things about him in public. He is demanding an apology and damages for comments made by new CEO Bijan Khezri in a series of press briefings. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/55/23395.html EBAY MESSES UP ON PASSWORDS Numbers of Ebay customers appear to have received emails which include their passwords in the subject line. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theinquirer.net/14120107.htm INTERNET EXPLORER MEGA PATCH This is a cumulative patch that, when installed, eliminates all previously discussed security vulnerabilities affecting IE 5.5 and IE 6. In addition, it eliminates three newly discovered vulnerabilities that are detailed in the following Microsoft security bulletin. Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-058.asp GUIDE TO THE DANGERS OF BROADBAND Corey Phelps contributed the following - "I just surfed across an interesting article on Symantec's web site that deals with Broadband. While Broadband connections makes surfing the Internet simple and extremely fast, it also makes attacking your system easy." Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.symantec.com/securitycheck/broadband.html BILL WOULD TOUGHEN CYBERCRIME PENALTIES House legislation would also exempt ISPs from liability for overzealous Carnivore surveillance. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/news/299 QUANTUM CRYPTO EDGES CLOSER British boffins have made a breakthrough in quantum cryptography, an advanced code-making technology which is theoretically uncrackable, by developing a single photon-emitting diode. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/55/23414.html OUTLOOK'S NOHTML.DLL As HTML e-mail messages are 'evil', this could be a good solution for Outlook users. NoHTML.dll is an Outlook Add-in designed to convert HTML-based emails into harmless messages. It works slightly differently for Outlook 2000 than it does for Outlook 2002. It does not work with Outlook 98, or any version of Outlook Express. Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.ntbugtraq.com/NoHTML.asp ---------------------------------------------------------------------------- ======================================================== HNS Security Database ======================================================== HNS Security Database consists of a large database of security related companies, their products, professional services and solutions. HNS Security Database will provide a valuable asset to anyone interested in implementing security measures and systems to their companies' networks. Visit us at http://www.security-db.com ======================================================== Security issues --------------- All vulnerabilities are located at: http://net-security.org/text/bugs ---------------------------------------------------------------------------- NEW MACROMEDIA SECURITY ZONE BULLETINS Several security issues that may affect Macromedia JRun customers have come to our attention recently. To learn about these new issues and what actions you can take to address them, Please visit the Security Zone at the Macromedia/Allaire Web site: http://www.allaire.com/security Link: http://www.net-security.org/text/bugs/1008032234,64815,.shtml RACE CONDITION IN FREEBSD AIO IMPLEMENTATION AIO is a POSIX standard for asynchronous I/O. Under certain conditions, scheduled AIO operations persist after an execve, allowing arbitrary overwrites in the memory of the new process. Combined with the permission to execute suid binaries, this can yield elevated priviledges. Link: http://www.net-security.org/text/bugs/1008032376,14517,.shtml LOTUS DOMINO WEB SERVER VULNERABILITY With a particular craft URL, an anonymous users can lock the databases accesses. Result: Any notes users (even the administrators and the servers) can not access the targeted databases until the domino server will be restarted. Link: http://www.net-security.org/text/bugs/1008032464,75522,.shtml BUFFER OVERFLOW IN /BIN/LOGIN ISS X-Force has discovered a serious vulnerability in the "login" program present in Sun Solaris systems. Login allows users to sign on to the system by entering a username and password. This vulnerability allows remote attackers to execute arbitrary commands on a target system with superuser privilege. Systems are vulnerable to this issue only if certain types of interactive connections are allowed, such as Telnet or Rlogin. These services are enabled by default on most platforms. X-Force has learned that an exploit for this vulnerability has been made public. Link: http://www.net-security.org/text/bugs/1008270907,24135,.shtml EFTP 2.0.8.346 VULNERABILITY It is possible to see the contents of every drive and directory of vulnerable server. A valid user account is required to exploit this vulnerability. It works both with encryption and w/o encryption. Link: http://www.net-security.org/text/bugs/1008294572,35724,.shtml SMC BARRICADE'S DODGY "DMZ" FEATURE I've tested one home firewall appliance (that claims to offer "DMZ" functionality) that doesn't offer the security that a (traditionally- defined) DMZ should. In fact, using the feature results in less security. Link: http://www.net-security.org/text/bugs/1008294672,85537,.shtml WEBSPHERE REVEALS SYSTEM ROOT PASSWORD On default installation WebSphere installs itself to run with root-identity, and stores root password as a clear text to a file $WASROOT/properties/sas.server.props. The file has permissions 600, and therefore other users on system cannot access it. The problem is that by default all java-code at WebSphere (jsp's, Servlets etc.) are running with root-identity, therefore able to access all files on servers filesystem readable by root. It is possible for normal user (who has access to the system) to construct a JSP file which reads the content of sas.server.props, copy it in approriate directory and access the jsp through web-browser. Thereby getting access to root password. It might be also possible to construct a JSP file that creates shell-scripts to server filesystem and executes them with root-identity. Link: http://www.net-security.org/text/bugs/1008294850,26406,.shtml ---------------------------------------------------------------------------- ======================================================== Help Net Security T-Shirt available ======================================================== Thanks to our affiliate Jinx Hackwear we are offering you the opportunity to wear a nifty HNS shirt :) The image speaks for itself so follow the link and get yourself one. Get one here: http://207.21.213.175:8000/ss?click&jinx&3af04db0 ======================================================== Security world -------------- All press releases are located at: http://net-security.org/text/press ---------------------------------------------------------------------------- PRIVACY BY DESIGN CONFERENCE LESSONS The second annual Privacy by Design conference taught business executives, legal staff and chief privacy officers about strategies and technologies to turn privacy into a competitive advantage. The conference, hosted by Zero Knowledge Systems, featured addresses by John Patrick, IBM's VP of Internet technology, US Under Secretary of Commerce for Technology Philip J. Bond, and presentations by senior executives from companies including Bell Canada, DaimlerChrysler, DoubleClick, Earthlink, Hewlett Packard, Nokia, Oracle and Sun Microsystems. Press release: < http://www.net-security.org/text/press/1008018931,21598,.shtml > ---------------------------------------------------------------------------- SYGATE SECURE ENTERPRISE 2.2 RELEASED Sygate Technologies today announced the release of Sygate Secure Enterprise (SSE) 2.2. With this new version, Sygate extends its security protection with new Host Integrity and Wireless Enforcer features. Security administrators can now use Sygate’s trusted solution to enforce required protection and security settings across previously unchecked elements of the network. Press release: < http://www.net-security.org/text/press/1008032876,36599,.shtml > ---------------------------------------------------------------------------- SERIES OF REGIONAL WORKSHOPS BY NIST To address the specific needs of small and medium sized businesses and organizations, The National Institute of Standards and Technology (NIST), in co-sponsorship with the Small Business Administration and the National Infrastructure Protection Center's InfraGard Program will hold a series of regional workshops in cities across the country. Press release: < http://www.net-security.org/text/press/1008033022,78180,.shtml > ---------------------------------------------------------------------------- INTER.NET DEPLOYS ANTI SPAM AND VIRUS PROTECTION Inter.net Global, a US-based international consumer Internet Service Provider, announced the deployment of a real-time anti-virus and anti-spam filtering solution, Inter.net VirusDefender and SpamGuardian, as part of its basic monthly subscription service. U.S. customers will be the first to benefit from the service followed shortly by customers in the 15 other countries Inter.net serves. Press release: < http://www.net-security.org/text/press/1008033086,12718,.shtml > ---------------------------------------------------------------------------- DEMAND FOR LOCKSTEP'S INTERNET SECURITY PRODUCTS EMS-global Europe Ltd ("EMS-global"), the global technology security and managed services company, announces strong and continuing demand for Lockstep's WebAgain and SiteRecorder products for the monitoring and protection of corporate web sites. EMS-global was appointed as the sole UK reseller of Lockstep's suite of web based monitoring products in September 2001. Press release: < http://www.net-security.org/text/press/1008096224,55097,.shtml > ---------------------------------------------------------------------------- THE FBI’S “MAGIC LANTERN” SHINES BRIGHT The rumors surrounding the US Federal Bureau of Investigation’s developing of its own Trojan program, Magic Lantern, has drawn interest from the computer underground. On December 10, it was discovered that a seventeen year-old Argentinean hacker, going by the pseudonym of “Agentlinux,” has developed a Trojan that poses as the widely advertised Magic Lantern. Press release: < http://www.net-security.org/text/press/1008150079,3415,.shtml > ---------------------------------------------------------------------------- RAINBOW AND GUARDIAN DIGITAL TEAM UP Rainbow eSecurity, a Rainbow Technologies, Inc. company and a leading solutions provider of digital content and transaction security, and Guardian Digital, the open source security company, today announced a strategic and technology partnership aimed at securing Linux-based transactions. This integrated solution consists of Rainbow's CryptoSwift eCommerce accelerator and Guardian Digital's EnGarde Secure Linux software suite. Press release: < http://www.net-security.org/text/press/1008150335,86284,.shtml > ---------------------------------------------------------------------------- NCC NETWORKS SELECTS QUALYS VULNERABILITY SERVICE At InfoSec in New York, Qualys, Inc., the pioneer of Automated Vulnerability Assessment (AVA), announced a partnership with NCC Networks, a Midwest leader in the Security arena, specializing in VPN (Virtual Private Network), PKI (Public Key Infrastructure), Intrusion Detection and two-factor authentication technologies. Press release: < http://www.net-security.org/text/press/1008150391,89758,.shtml > ---------------------------------------------------------------------------- V-ONE INTRODUCES NEW SMARTGUARD APPLIANCES ONE Corporation, a highly specialized company offering an industry-leading suite of network based security products, announces the immediate availability of its portfolio of SmartGuard VPN appliances. Press release: < http://www.net-security.org/text/press/1008271324,78205,.shtml > ---------------------------------------------------------------------------- SYMANTEC ANNOUNCES NORTON ANTIVIRUS 2002 PE Symantec Corp., the world leader in Internet security, announced the release of Norton AntiVirus 2002 Professional Edition, the world's most trusted anti-virus solution for professionals, small businesses and advanced users. Norton AntiVirus 2002 Professional Edition is compatible with the latest Palm and Windows operating systems and has been developed to address the needs of sophisticated users by automatically keeping their PCs and PDAs safe from malicious code without interrupting productivity. In addition to protecting users from the latest virus threats, Norton AntiVirus 2002 Professional Edition prevents downtime by enabling the quick recovery of erased files and the secure elimination of sensitive and confidential digital documents. Press release: < http://www.net-security.org/text/press/1008291626,22347,.shtml > ---------------------------------------------------------------------------- NORTON INTERNET SECURITY 2002 PE ANNOUNCED Symantec Corp., the world leader in Internet security, announced Norton Internet Security 2002 Professional Edition, the first and most complete online security and privacy suite for small businesses and advanced users. Norton Internet Security 2002 Professional Edition provides business professionals comprehensive protection against a wide range of serious Internet risks including viruses, hackers, privacy breaches, and online productivity distractions. Norton Internet Security 2002 Professional Edition is the first Symantec consumer product to include Norton Intrusion Detection, enterprise-strength protection against both external and internal security breaches. Press release: < http://www.net-security.org/text/press/1008291697,67584,.shtml > ---------------------------------------------------------------------------- F-SECURE ANTI-VIRUS FOR INTERNET MAIL 6.0 NEWS To stop new and fast spreading viruses, anti-virus products require more advanced functionalities. To address this need, F-Secure Anti-Virus for Internet Mail 6.0 now provides advanced protection against new unknown viruses, and introduces several new features to improve corporate virus protection. Press release: < http://www.net-security.org/text/press/1008381178,53663,.shtml > ---------------------------------------------------------------------------- Featured products ------------------- The HNS Security Database is located at: http://www.security-db.com Submissions for the database can be sent to: staff@net-security.org ---------------------------------------------------------------------------- HOLOPASS Let’s begin with the optics which incidentally, put us on the map. Here the HoloPass exceeds beyond all counts. It boasts a focal length of 2.5 inches and, with its patented holographic optics, can crank out consistently better fingerprint images than other renown systems costing twice as much. Read more: < http://www.security-db.com/product.php?id=1118 > This is a product of Advanced Precision Technology, for more information: < http://www.security-db.com/company.php?id=256 > ---------------------------------------------------------------------------- QUALYSGUARD QualysGuard, Qualys's flagship service, is an online vulnerability assessment solution that evaluates the security of networks remotely. QualysGuard provides comprehensive, on-demand security audits that identify, analyze, and report on network security threats. By focusing on networks from a "hacker's eye view" perspective, Qualys identifies real-world weaknesses that would elude traditional security solutions. Read more: < http://www.security-db.com/product.php?id=1054 > This is a product of Qualys, for more information: < http://www.security-db.com/company.php?id=231 > ---------------------------------------------------------------------------- ECOMMERCE TRACKBALL The eCommerce Trackball will help prevent credit card fraud and bring a new level to computer and internet security. By using Advanced Biometrics' patented LiveGrip technology, infrared light can "see" the inside of your hand to allow only authorized users access for e-ommerce, credit card and computer network security. Read more: < http://www.security-db.com/product.php?id=1115 > This is a product of Advanced Biometrics Inc., for more information: < http://www.security-db.com/company.php?id=255 > ---------------------------------------------------------------------------- Featured article ---------------- All articles are located at: http://www.net-security.org/text/articles Articles can be contributed to staff@net-security.org ---------------------------------------------------------------------------- BOOK REVIEW: BUILDING SECURE SOFTWARE A great book about secure software developing, that not only the developers should read, but also the managers and security experts. It's a must for any serious company that publishes its own software. A must. Read more: < http://www.net-security.org/various/bookstore/viega > ---------------------------------------------------------------------------- Security Software ------------------- All programs are located at: http://net-security.org/various/software ---------------------------------------------------------------------------- PCAUDIT pcAudit is a free security evaluation program, for personal computers, developed by Internet Security Alliance, to allow any PC user to determine whether their personal computer is vulnerable to outside intruders. This might be the case even if you are behind a corporate or a personal firewall. Info/Download: < http://www.net-security.org/various/software/1008588739,22299,windows.shtml > ---------------------------------------------------------------------------- SECURITY DEPARTMENT 1.8 Security Department is a resident file system protector for Windows 95 and Windows 98. It provides several levels of protection for different folders and files. You can prevent various actions for folders and files: copying, moving, deleting, renaming, and so on. In addition to the two standard protection levels--read-only and full protection--there is the Custom Protection level that allows you to fine-tune the access of specific folders and files. Access to various folders and files can also be set differently for each user on a single PC. Info/Download: < http://www.net-security.org/various/software/1008589842,71163,windows.shtml > ---------------------------------------------------------------------------- Questions, contributions, comments or ideas go to: Help Net Security staff staff@net-security.org http://net-security.org http://security-db.com