A leading supplier of e-mail security systems says Microsoft could have easily fended off the hacker who recently broke
into its computer system.
The product manager at Content Technologies, Lindsay Durbin, says Microsoft fell prey to a sophisticated Trojan Horse
program embedded in an e-mail sent to an employee’s personal computer.
The program allowed the hacker to collect user names and passwords of other Microsoft employees and then access the
giant company¹s most secret commercial information.
The Trojan Horse that attacked Microsoft was an executable, Mr Durbin said. “When it’s run, it exports data via mail to
a third party - but it will only work if the e-mail system lets it.”
Organisations with software such as Content Technologies' MAILsweeper could have a company policy which blocked all
incoming executables, thus eliminating the problem, he said.
“In the New Economy cyber crime is one of the most serious issues facing businesses, yet organisations continue to react
to attacks rather than prevent them in the first place.
“The Melissa virus, the I Love You bug and the latest Microsoft attack have crippled some of the world's most powerful
companies, but they can easily be avoided if security is implemented as a proactive measure, not a reactive clean up,”
he said.
The key to proactive security was a security policy.
"Organisations should establish a policy that suits the way it does business, educate the workforce about the policy and
the reasons for its existence, and enforce the policy. This eradicates some of the most common security threats, such as
human error in opening contaminated and high risk files such as executables," Durbin said.
MAILsweeper for SMTP is a content security solution that sits on the gateway and allows businesses to implement content
security policies for e-mail entering and leaving the enterprise. This enables organisations to control threatening
activity from the outset, including quarantining of suspect data. Comprehensive notification and alerting facilities can
be set up and customer-definable auditing and reporting tools can be established.
With MAILsweeper, organisations can scan for e-mail borne viruses, block or delay transmission of oversize files, detect
malicious code leading to corruption or loss of data and identify unwanted file types, such as executables, videos and
images.
Content Technologies' solutions prevent unauthorised transfer of confidential information, filter out spam and detect
spoofed e-mails, all of which stops the unauthorised transfer of encrypted or password-protected data based on an
organisations’ security policy.
"The risks involved are too dire to ignore and monitoring suspect activity after the breach is not sufficient
protection," concluded Durbin.
About Content Technologies:
Content Technologies is a leading developer of e-mail and Internet content security and policy management solutions.
Over 6,000 customers and six million users world-wide use Content Technologies MIMEsweeper family of content security
solutions. The existing family of solutions includes MAILsweeper for SMTP, SECRETsweeper, MAILsweeper for Microsoft
Exchange, WEBsweeper, MIMEsweeper for Domino, e-Sweeper, MAILsweeper for Archivist and PORNsweeper.
MIMEsweeper, launched in 1995, was the first product on the market to scan e-mail and attachments for content threats.
The MIMEsweeper family has since become a leading solution for content security, providing organisations with content
security and policy management defences against business and network integrity threats. These threats include misuse of
e-mail and the Web, confidentiality breaches, exposure to e-mail legal liability, junk e-mail, Spam and spoofing, as
well as e-mail-borne viruses.
Content Technologies' MAILsweeper for SMTP Version 4.1 provides a comprehensive policy-based content security solution
that enables companies to implement and manage policies to combat key business security threats posed by the Internet.
The company's SECRETsweeper product enables content management of encrypted e-mail, and
e-Sweeper provides a content security solution for Service Providers and their customers.
Content Technologies is headquartered in the UK with additional offices across the USA (Seattle, New York, Boston and
Washington DC), as well as in France, Germany, Australia and Japan. The MIMEsweeper family is sold both direct and
through select reseller channels made up of VARs, systems integrators and Internet Service Providers.
Content Technologies was recently acquired by Baltimore Technologies, a global leader in e-security.
For information on the complete range of e-security solutions from Baltimore please visit www.baltimore.com
All names and trademarks are recognised and acknowledged.
……ends/
Contact: Narelle Behn-Carey Julian O’Brien or Gerry Morris
Content Technologies (04) 472-8505 (00612)
9212 3888
Narelle.behn-carey@mimesweeper.com