Mike Saign smelled something fishy about the e-mail he received — purportedly from an eBay auctioneer — accepting his lowball offer for a high-end golf club.

The sender claimed his PayPal account was down and asked Saign to wire payment to him via Western Union. Instead, Saign, 25, downloaded Iconix e-mail ID, a free tool that pegged the e-mail as a fake.

Saved from being scammed, Saign, a real estate adviser, disabled Iconix and hasn’t used it since. “I feel like the security software in a normal computer keeps you away from most bad things,” he says.

That’s not necessarily so. Fraudulent e-mail and tainted Web sites are more prevalent than ever. Spam, much of it pitching fake drugs and financial scams, accounts for 80 percent of all e-mail, says Symantec. The number of new strains of malicious programs increased fivefold in 2007 over 2006, and about 20,000 new malicious programs are unleashed on the Web each day, says AV-Test Labs.

Yet most consumers are in a fog about the array of tech security tools they can — and probably should — use to protect themselves, tech security analysts say. Craig Spiezle, Microsoft’s director of security and privacy, says his own wife couldn’t tell anyone which security tools they really ought to be using. “The big challenge we’re dealing with is the volume and velocity of new threats,” says Spiezle.

Tech security companies add to the confusion by focusing on solving very specific problems. “We’re in a pandemic situation with consumer infections,” says Chris Rouland, chief technology officer for IBM Internet Security Systems. “And no one has figured out a business model to cure that.”

The result: Home PC users are left to decipher for themselves what set of security products they ought to be using and how much protection they are actually getting.

“There are many…

SAN FRANCISCO, Apr 08, 2008 (BUSINESS WIRE) — Barracuda Networks Inc., the worldwide leader in e-mail and Web security appliances, today launched the Barracuda Web Site Firewall product line, the industry’s most cost-effective Web application security appliance. The Barracuda Web Site Firewall leverages the capabilities of the award-winning Web Application Controller product line acquired from NetContinuum in September 2007. Targeted at businesses of all sizes requiring Web application security and PCI compliance, the Barracuda Web Site Firewall starts at $4,999.

“Hackers are increasingly taking advantage of Web sites that do not have ample protection against major Web application attacks, and many of these sites belong to small and medium businesses,” said Stephen Pao, vice president of product management for Barracuda Networks. “Until now, Web application security products have largely been targeted at large enterprises that have expansive IT budgets, leaving SMBs without an affordable option. The Barracuda Web Site Firewall delivers a powerful, easy-to-use solution for the ‘rest of us.’”

By harnessing the same powerful protection offered by the Barracuda Web Application Controllers, the Barracuda Web Site Firewall secures Web sites against data theft, denial of service or defacement. As a full proxy, the Barracuda Web Site Firewall blocks or cloaks attacks, such as SQL injections, cross-site scripting attacks or buffer overflows, while preventing outbound sensitive data leakage. To minimize ongoing administration associated with security, the Barracuda Web Site Firewall automatically receives Energize Updates for the latest policy definitions, security updates and attack definitions. In addition, the Barracuda Web Site Firewall features the same user interface and management framework common to all Barracuda Networks products, including the Barracuda Spam Firewall and Barracuda Web Filter.

The Barracuda Web Site Firewall product line integrates varied degrees of traffic management capabilities, including SSL offloading, hardware-based SSL acceleration and load balancing, which increases both performance and availability…

More than 100 vulnerabilities exist in voice-over-IP (VoIP) hardware from vendors including Avaya, Cisco and Nortel, according to research from VoIPshield Laboratories. These vulnerabilities could be exploited by attackers to spy on companies by recording calls or even extort money from providers by threatening service outages, the company says. But VoIP product vendors say that the immediate danger is minimal.

Researchers at VoIPshield Laboratories, the research division of VoIPshield Systems, which provides security products for VoIP setups, have notified affected vendors and offered to help determine remediation measures, according to the company. The three VoIP vendors were chosen “because of their popularity in the North America market,” according to the company, but other vendors, including VoIP newcomer Microsoft, will likely come under scrutiny as well.

The vulnerabilities are presented on the company’s Web site and are “categorized based on the exploit’s most likely intent: unauthorized access, code execution, denial of service or information harvesting.” Searches by vendor are possible, and severity ratings and vendor responses and actions are also noted.

The research located 27 separate vulnerabilities in Cisco devices, most from its Unified Communications Manager line. A dozen vulnerabilities were identified in Avaya’s Communications Manager products, and five in several Nortel devices.

No Actionable Information

Kevin Flynn, senior marketing manager at Cisco for Secure Unified Communications, told us that the company was aware of the issues mentioned by VoIPshield and has been in contact with its researchers for several weeks. “It is not uncommon for researchers to bring possible vulnerabilities to Cisco’s attention. We work with the outside party to identify the precise cause of the vulnerability. We then release a software patch or other mitigation techniques to our customers,” he said.

Despite the severity rankings about the vulnerabilities, Flynn said “there is a range of seriousness to the vulnerabilities mentioned…

Google announced new pricing for its Postini security products on Tuesday, essentially chopping per-user costs from $30 per user per year to as low as $3. The company wants to broaden the market for managed security services from Postini, which it acquired for $625 million in July. Postini delivers message filtering, encryption and archiving for business users.

“As threats rise in volume and complexity, and compliance requirements pile up, IT is struggling to find the resources to keep up,” said Scott Petry, director of product management at Google. “Now Google can take care of this for you. Organizations of all shapes and sizes can get access to Google’s industry-leading security and compliance technologies.”

The Pricing Model

Postini is part of Google Apps used by more than 500,000 businesses and thousands of universities. The new services tap into the same technology that protects e-mail for nearly 40,000 customers and 14 million users a day. Policy management and 90-day message discovery services are also available at no additional charge to Google Apps Premier Edition users.

The first Postini package is Google Message Filtering. This product filters incoming spam and malware for companies that want to shift the burden to off-site resources. Google will offer this hosted service for $3 per user per year.

Google Message Security, which includes Google Message Filtering plus enhanced virus detection, outbound processing and content policy management, will cost $12 per user per year.

Finally, Google Message Discovery, which targets companies seeking to reduce security exposure and improve legal discovery readiness and message compliance, will be $25 per user per year.

Will Microsoft Impact Postini?

Google figures companies of all sizes are seeking solutions to the challenge of security and compliance. Outbound message filtering helps prevent sensitive data from going outside the company firewall, which could result in identity theft or compromise a client’s…

Technology awards tend to be real yawners because there are so
many.

But there’s one annual competition I love because the winners in
over two dozen tech categories are chosen by popular vote of small
business tech buyers themselves. In other words, the folks who use
the stuff day-to-day under real business conditions are naming the
hardware, software, e-commerce services and security products that
they think have performed best.

And when it comes to recommending a product or service for your
business, there’s no better source than another small business.

Voters in the 2008 Excellence in Technology Awards run by
SmallBusinessComputing.com continue to back perennial small business
winners such as Dell, Symantec, HP, Intuit and Microsoft. But Apple
has seen a surge of popularity, gaining hearts, minds and market-
share among small business and earning top honors in two categories
for the first time.

Here are some of the key results:

Desktop PC: Despite the move to more mobility, desktop computers
are still the main small business workhorse, and Dell remains the
most popular brand for the fifth straight year. This time it was
Dell’s Optiplex 755 in the winner’s circle. This powerful but power-
saving new line of PCs meets Energy Star standards and starts at
around $800. Runner-up was the HP Compaq dc5750.

Notebook PC: The sleek and powerful MacBook Pro surged to the top
for the first time, as business users embraced its speed and
versatility. The Apple entry grabbed 53percent of the votes to run
away with the award. In second place, with 16 percent of the votes,
is the HP Compaq 6820s.

Printers and multi-function devices: HP rules the printer and
multi-function categories with an iron fist. For color printers, HP
took top honors in a landslide with its Officejet Pro K5400dtn
model. Tied for runner-up were the Brother HL-4070CDW and Xerox
Phaser 8860. HP also earned both top places for black and white
printers, with its LaserJet P1505n (first…