Assured: The Isode Blog

As an iPhone user one of the 'missing' pieces in my user experience (apart from cut and paste) is  the inability to properly use Instant Messaging (IM) on this platform.

The demand is certainly there as evidenced by the popularity of the AIM application that has been available in the iTunes application store since its launch and the appearance yesterday of a Palringo client which proved so popular that the website handling registrations for this multi-protocol client service crashed within a few hours of the application appearing (to be replaced with a text message acknowledging that their website problems were directly related to the sudden flood of new enquiries they'd received from iPhone users).

While these applications are interesting they are both, through no fault of their own, missing the point of IM. Isode builds and markets an IM server (M-Link) based on the protocol that is the clear winner in the IM standard war, XMPP.

The eXtensible Messaging and Presence Protocol contains in its title the reason why iPhone IM clients can, at the moment, only provide half of a solution.

For while they allow for Messaging, unless the IM application is the only application that the user is using their iPhone for, it cannot fulfill the presence part of the equation (the iPhone does not allow third-party applications to run in the background).

Whereas a real iPhone IM client would enable you to multi-task (it is after all very likely that you'd be available for an online chat and listening to music or reading a website at the same time), iPhone IM clients allow for only two real status indicators:

1. I'm running the IM application only and can set my status to indicate my willingness to chat.
2. I'm not

A pity, and hopefully something Apple will correct soon.

A really clever iPhone IM application would of course integrate presence (online, offline, away, do not disturb etc) with geolocation services (I am online and at *this location*) taking advantage of the iPhone's GPS capabilities. Given the current enthusiasm for location based services, I'm certain that this cannot be too far away - let's hope that developers looking into this remember to use the correct Open Standards approach for this.

Isode's new Mobile Email Gateway demonstration provides push email on a wide range of handsets, using IMAP-IDLE, as well as illustrating Isode's browser applications...

We've just launched a new live demonstration system of our Mobile Email Gateway, the primary purpose of which is to demonstrate M-Box operating in gateway mode, taking email from a POP email server and delivering IMAP email, including push email using IMAP-IDLE, to a wide range of mobile devices. You can try it out yourself by visiting the evaluation page on the Isode website.

While push email is mostly associated with smartphones, many non-smartphones have email clients compatible with the IMAP-IDLE standard, the Open Standard for push email. Over the last few months we've noticed increasing interest from email service providers wishing to provide push email access to their end-users without putting those end-users through the expense of acquiring newer handsets or the inconvenience of downloading and installing new client software. The gateway is demonstrates that this is a realistic goal that can be achieved by plugging M-Box into an existing infrastructure.

The gateway isn't only demonstrating the gateway abilities of M-Box. We're also showing the flexibility of Isode's browser-based applications which in this case can be used by end-users to obtain their phone settings, manage their whitepage information, look up contacts and change their password.

The recently published Directory Services Interface (DSI) evaluation guide touches on the customizations possible with Isode's browser-applications (changing styles and attributes displayed) and we'll be publishing a fuller customization guide within the next few weeks.

If you are service provider and want to try out the gateway, simply email marketing@isode.com or sign up using the form here.

As mentioned in previous posts (Blog post May 9th 08 and Blog post May 14th 08) we have been paying particular attention to the False negative rate of the copy of M-Switch Anti-Spam running here at Isode's offices. We wrote a whitepaper on our findings:

“Measuring the False Negative Rate for Isode’s M-Switch Anti-Spam.”

The whitepaper included graphs showing the daily quantities of Spam we received and the daily False Negative rate going back over 4 months (up to 30th April). We always intended to keep these graphs up to date so that they would continue to track M-Switch's performance and today we've updated them to include May's figures.

We will continue to update these graphs, at the end of each month, so that they always show current data.

Isode CEO Steve Kille will be speaking at the European e-Identity Conference in The Hague next week. Steve's talk on "International Passport Verification and the Role of Secure Distributed Directory" comes out of the work we've been doing at Isode on Directory in Support of Machine Readable Travel Documents (MRTD).

Steve will be speaking on Day 2 of the Conference, which is being organized by EEMA and taking place in The Museum of Communication in The Hague. More information on EEMA and registration details for the conference can be found here

Richi Jennings noted in a recent post on the Ferris Blog (BorderWare Claims Amazing Reputation Filtering) the claim from BorderWare of getting 98.3% detection using IP Reputation (DNSRBLs), and that other sources suggested 75%.

Isode has been making measurements of false negative rates, published in a white paper, “Measuring the False Negative Rate for Isode’s M-Switch Anti-Spam.”

Our measurements suggest that the (public) DNSRBLs we use hit about 90% of spam. Well-managed DNSRBLs seem an effective way to detect spam, because they have a very low false positive rate. We use DNSRBLs to mark messages (rather than reject at the SMTP server), so we can examine quarantine to check for false positives.

A further 5% can be hit by two other reputation mechanisms:

1. SPF (which is well known) is reasonably effective, but can produce some false positives, particularly in conjunction with mailing lists.
2. SURBL detects URLs within messages, using an underlying RBL mechanism.

Isode’s M-Switch anti-spam can hit most of the remaining spam with a variety of other spam markers and content scoring (using Support Vector Machine derived tables). General-purpose content scoring appears to work very well for many users, but aggressive checking leads to false positives for others, which can be mitigated by use of whitelists.

It seems conceivable that rates higher than 90% can be achieved using public DNSRBLs, although experience suggests that some (poorly managed) DNSRBLs lead to false positives.

This has been cross-posted from the Ferris Blog.

Isode's M-Vault now supports Directory Access Control using Security Labels, this is a feature we introduced with R14.2 and which we've talked about in a number of our recent Directory Whitepapers.
To illustrate how this works in practice, we've produced a new evaluation guide that leads an evaluator through:

* Setting up security label and security clearance controls for the directory
* Testing authentication restrictions and object access permissions
* Testing object addition restrictions

The evaluation page for this feature, together with links to documentation, can be found on the evaluation page.

As new features are added to Isode software and new documents added to our evaluation library, this guide will change. To make it easier for evaluators to keep track of potentially important changes and additions, we've made an RSS feed available for this guide.

A key feature of any anti-spam solution is how effective it is at removing spam. A perfect anti-spam system would have a zero false positive rate and a zero false negative rate. In practice, this is not usually achieved, and systems will invariably trade off the two measurements.

A new whitepaper on the Isode website describes how false negatives can be measured and looks at false negative rates from the beginning of this year for Isode's M-Switch Anti-Spam.

"Measuring the False Negative rate for Isode's M-Switch Anti-Spam"

The graph below shows the false negative rate from January 2008.

We're pleased to announce that a new version of R14.2 is now available for download from the Isode website.

Details of features and fixes in R14.2v1 can be found in the accompanying release notes.

The binaries for this release can be downloaded from the Partner Index Page or by following the relevant links from the Evaluation section of the website.  You'll  need a Partner or Evaluator login and password to download the binary files and the accompanying Release Notes which details the features and fixes in R14.2v1.

If you wish to evaluate Isode software and do not have an evaluation login, you can obtain one by filling in this short evaluation form.

ClamAV is an open source, free anti-virus tool, designed for email scanning on mail gateways.

It is owned by Sourcefire, which employs the ClamAV developers and provides commercial support for ClamAV.

The most important capability of an anti-virus product is to be able to remove a high percentage of viruses, including rapid reaction to new viruses.

A test by Untangle put ClamAV as one of the top three (along with Kaspersky and Symantec). This test generated a lot of controversy, with some arguing the test methodology to be flawed and others suggesting that commercial vendors are trying to suppress a free alternative.

A comment from AV-Comparatives, which provides independent testing, gives useful insight in explaining why it does not include ClamAV in its standard list. AV-Comparatives notes that ClamAV is not designed or suitable for use on an end system, but is designed to detect spreading viruses, and has a very good response rate to new threats. This is confirmed in its report and other references on the net.

ClamAV detects phishing attacks, as well as conventional viruses and worms. During one day’s operation on the Isode servers, the following viruses and phishing attacks were detected:

• Exploit.HTML.IFrame: 10 Time(s)
• Exploit.WMF: 6 Time(s)
• HTML.Phishing.Auction-144: 1 Time(s)
• HTML.Phishing.Auction-222: 2 Time(s)
• HTML.Phishing.Bank-1232: 1 Time(s)
• HTML.Phishing.Bank-474: 18 Time(s)
• HTML.Phishing.Pay-36: 1 Time(s)
• W32.Sality.Q-1: 5 Time(s)
• Worm.Mydoom.I: 1 Time(s)
• Worm.Mydoom.M: 4 Time(s)
• Worm.SomeFool.AA-2: 9 Time(s)
• Worm.SomeFool.D: 1 Time(s)
• Worm.SomeFool.P: 17 Time(s)
• Worm.Stration.YY: 1 Time(s)
• Worm.Womble.D: 8 Time(s)

The integration with an email gateway is straightforward and efficient. This is important for gateway/boundary use. A number of AV vendors are focusing on appliance and “complete solution,” and either dropping or reducing support for integration with other products.

ClamAV is a good anti-virus option for boundary checking.