WebTrends Corp. (Nasdaq: WEBT) recently announced that its Security Analyzer product has been updated, enabling it to run security vulnerability tests to address a significant Microsoft Office security hole discovered last month.
The vulnerability could “allow hackers to execute malicious and potentially destructive programs” on a wide range of systems running Windows NT, particularly those with Office 97, according to the company. AntiVirus programs are not yet capable of detecting the problem.
A Security Consultant in a Box
WebTrend’s Security Analyzer is an Internet security management, analysis and reporting solution that discovers and fixes security vulnerabilities on Internet, intranet and extranet systems, regularly updating its range of detection capabilities.
According to the company, this recently discovered hole is being exclusively spread online, either through e-mail or Web page transmission, making it a particular concern for Internet-centric businesses such as e-commerce firms. The hole utilizes database queries, and can be exploited remotely by a hacker/cracker over the Internet.
“WebTrends Security Analyzer can help organizations protect against vulnerabilities like this one by acting as a security consultant in a box,” commented Robert Finlay, WebTrends product manager, in an E-Commerce Times Interview. “It helps customers detect insecurities and describes how the system can be hardened against security threats.”
Security for E-Commerce
Dr. Mudge, head scientist with independent online security firm and think tank L0pht Heavy Industries, has called for software vendors to exercise higher levels of responsibility for the security of products. “The security world needs to design incentives for software makers to test and certify their security,” he said in a recent ZDTV interview. Mudge has pointed out that many companies engaged in e-commerce have insufficient security solutions in place.
“As more and more companies install Internet systems, the need for comprehensive security solutions increases,” Finlay commented when asked why e-commerce firms and their customers should be concerned about security vulnerabilities. “System administrators need help managing the continuously changing security environment and WebTrends has responded by providing the most comprehensive set of security tests for Microsoft Windows NT and IIS web servers.”
Juan Carlos Cuartango, the researcher who discovered the most recent security problem, said that any Windows NT system running Microsoft’s Jet database engine 3.51 could be impacted. Although Microsoft has not yet issued a patch, they’ve encouraged users to upgrade their systems to the Jet database version 4.0.
The Next Logical Step for Utility Software Vendors
WebTrend’s Security Analyzer is only the latest in a recent wave of similar product releases. Security solution providers including Trusted Systems, L0pht and eEye seek to advance the security options for network administrators and other IT professionals, securing e-commerce and other online activities.
Cult of the Dead Cow (CDC), the controversial hacker/cracker group that released the Back Orifice 2000 trojan program, is working on its own security product — the CDC Protector — designed to block both viruses and trojan horse programs. According to some industry observers, the solutions offered by these companies represent the next logical soft for Symantec and other antivirus utility software vendors.