Today we are releasing Microsoft Forefront Client Security Service Pack 1 (SP1), which supports:

·         Agent protection on Windows Server 2008 – Server and Core

·         Server role support and protection for Windows Server 2008 (except Core, which is Client only)

·         Agent protection and server roles on Hyper-V

·         Agent protection on cluster servers

·         Agent protection on Home editions of Windows Vista or later, Windows XP SP2 or later, Windows 2000 SP4, and Windows Server 2003 SP1 or later

·         NAP Integration

To try the SP1 release, customers should download and install the Forefront Client Security evaluation software.  Once installed, customers will be prompted to install the SP1 upgrade via Microsoft Update.  Existing Forefront Client Security customers will automatically be prompted to install the SP1 upgrade via Microsoft Update. To read more about Forefront Client Security SP1, see KB article #951951.

Forefront Client Security helps organizations better protect users against malware and spyware across multiple Microsoft platforms– from small businesses to large enterprises.  Forefront Client Security supports enterprise deployments of more than 10,000 clients from a single Forefront Client Security Console.  Forefront Client Security Enterprise Manager provides administrators the ability to centrally manage multiple Forefront Client Security deployments from a single server and provides alerts and reporting for Forefront Client Security agents in the entire enterprise. This simplifies administration and provides more visibility to the endpoint security of an enterprise.

Several of the characteristics of botnets are not only significant in and of themselves, but are emblematic of some of the unique challenges that cyberwarfare as a whole presents.

This is part of a series run by Stratfor with some additional commentary (and jokes) by me.

Analysis

Botnets are a conglomeration of thousands (or more) hijacked computers known as zombies. These networks can amass the processing power of many computers and servers from all across the globe and direct them at targets anywhere in the world. Botnets are used not only in massive spam campaigns on a daily basis but are also used in cyber-security attacks. 

In DDoS attacks, individual bots can direct their computers to repeatedly access a particular target network or Web site — with the entire network of zombies doing so at the same time. These kinds of attacks, depending on their scale and the target system’s ability to cope, can begin to degrade accessibility or completely overwhelm and shut down access to that network, Web site or server. They can also autonomously exploit a user’s address book and e-mail server to send out spam or infected e-mails or distribute other types of malicious software — including copies of itself to further expand the network.

The good botnets has its software written and controlled by individuals; these botnets are often controlled by subnational actors — be they hackers, terrorist organizations or cybercriminals.  Less effective botnets can be created by downloading existing software from the Internet, but because they are widely available, systems with up-to-date security software are generally already protected against them.  In stock trading, it's kind of like trading the news -- there's no point because once it's widely distributed it is already priced in.

Ultimately, DDoS attacks can be a particularly crude method of challenging advanced systems. But while some technologies have been developed to help reduce their effectiveness, thus far this fairly simple technique has continued holding its ground against improvements in computer security, especially for short-duration disruptions and remains the most effective and unstoppable method of attack with large botnets. Even if the DDoS cease to be an effective tool, the capability to muster a massive pool of processing power will likely remain a key aspect of cyberwarfare for some time to come.

In my previous post, which is taken from a series that Stratfor has run recently, we looked at some of the motivations of hackers.  Let's take a look at some more.

Altruism

The tenets of altruism vary greatly, depending on the person subscribing to it, but often they are based on an individual’s beliefs regarding the Internet and are often associated with what are considered positive actions intended to serve a perceived public good. These tenets can include the free flow of information, security preservation and user protection. In some ways, altruism can be understood as a variation of the Hacker Ethic with a benevolent bent. But because it all comes down to a personal perception and world view, “altruistic” hackers may sometimes perform actions that seem quite malicious to others (e.g., shutting down Web sites that are believed to be blocking the free flow of information).

Hackers who believe in altruism either aren't fans of Ayn Rand or haven't read anything by Ayn Rand.

Hacktivism

Hacktivism promotes the use of hacking to accomplish political goals or advance political ideologies. Depending on the campaign, these actions may involve both white-hat hackers and black-hat hackers and can include Web site defacement, redirects, DoS attacks, virtual sit-ins and electronic sabotage. Many hacktivist actions often fall under the media radar but their political, economic, military and public impact can be significant.

An example of this is way back in the 1990's when some hackers broke into the CIA web site and changed the name on the main site to the "Central Stupidity Agency." I actually don't know if this actually happened because I never personally verified it... but I think it falls under the hacktivism mantle.

Nationalism

Although a rare hacker ideology, nationalism can envelop large portions of the community given the right cause or circumstance. By their very nature, hackers are individualists who rarely pledge allegiance to other hackers or groups, let alone countries. This is partially due to the fact that the Internet itself and the hacker community it supports have their own cultural elements — indeed, some of the other motivations discussed above often supersede or transcend national identity. There are situations, however, when hackers can be motivated to act in what they perceive to be the best interests of their respective nations.

Those are some of the motivations of hackers.  One day maybe I'll do a series on the motivations of spammers, but I think I can sum it up in one word: greed. 

Those types of spammers would have no disagreement with Gordon Gecko who asserted that "Greed is good."

There are more than just blue, black and white hat hackers.  There are a few more types of folks out there that don't fit into the above categories.  This article is taken from Stratfor with some commentary by myself.

Coders

Many of the hackers described in my previous post are also coders, or “writers,” who create viruses, worms, Trojans, bot protocols and other destructive “malware” tools used by hackers.

Spammers who write their own viruses (to infect PCs into botnets) have an advantage over other spammers.  Spammers who are coders with some background in marketing or psychology have a bigger advantage still.

Crackers

Crackers are hackers who circumvent or bypass copyright protection on software and digital media. The most prominent recent example of cracking was the “unlocking” of Apple’s iPhones in order to break software-imposed restrictions on the use of GSM cellular networks other than AT&T (which made a deal with Apple to be the sole provider of iPhone service).

In anti-spam, a type of cracker might be someone who attempts to crack a spam filter.  For example, some spammers will sign up for Hotmail accounts and spam themselves until something gets through.  Once they do, they spam all of their Hotmail spammees.

Script Kiddies

Script kiddies represent an intermediate category of actor between regular computer user and hacker. A script kiddie is more knowledgeable about computers and the Internet than most users but has yet to develop the skills, experience and expertise to be a truly effective actor. This would be a lot like me pre-2004.

Script kiddies know just enough to get themselves in real trouble or to bring real trouble to bear on others.  In my own world, I know just enough about our back end databases to be dangerous.  It's really useful to be able to insert into the database, but at the same time it took me two hours to restore all the rules when I accidentally forgot to specify the rule number when I said update SpamRules set text='this is changing the spam rule';  Not including the "where rule_id=xx" really cost me some time.

After I did it a second time, I learned my lesson.

Bots and Zombies

Not all actors in cyberspace are human. This is not to classify every server and application in cyberspace as an actor. But there is a unique non-human actor in cyberspace known as a zombie, which is a computer wholly or partially controlled by a bot. A bot, for our purposes, is a parasitic program that hijacks a networked computer and uses it to carry out automated tasks on behalf of a hacker. Individual bots can be building blocks for powerful conglomerations of bots.  One famous example is the conglomeration of bots infected by the Storm worm.

Once many bots and bot herders have been amassed, they can be consolidated into a collective computing network called a botnet, also called a “bot army.” This allows a single hacker to wield simultaneously the computing power of many thousands of machines — or more — and accomplish tasks that would otherwise be impossible with a single computer.  Mass spam campaigns are one of the uses of botnets.  It makes it possible for spammers to send out piles of spam without triggering reputation filtering.

Why do hackers do what they do?  Are they motivated by something?  Altruism?  Greed?  Strafor examined this in one of their recent articles, parts of which I have below with some additional comments from me.

The personal motivations driving individual hackers are virtually infinite. But there are a handful of dominant ideologies that can offer insight into the mindsets and motivations of much of the larger hacker community. Not all hackers subscribe to or are driven by these beliefs, but most are shaped or affected by them in some fashion.

Any discussion of these ideologies must begin with the basic Hacker Ethic, the founding principle of the hacker community.

Hacker Ethic

Interpretation of this ethic can vary, but it essentially entails the following beliefs:

• Information should be free and accessible to all.
• Access to computers should be unlimited.
• Computers and the Internet can be a force for the betterment of humanity.
• Authority is not to be trusted.
• The principle of decentralization goes hand-in-hand with all of the above.

These fundamental principles, and variations thereof, are commonly held in the hacker community and have evolved over time into some of the ideologies described below.

Exploration

The basic principles of exploration — an outgrowth of the Hacker Ethic and the first ideology many hackers adopt — are to look into every corner of the Internet and bypass any security simply for the sake of improving skills and learning how to navigate cyberspace covertly.  As a side note, I've been known to do this when playing around trying to improve my Linux skills - play trying out new commands to see what they do.  That's how I acquired skill in awk and xargs.  Of course, I wasn't trying to break into anything at the time.

In the process, explorationists generally try to leave no trace and to avoid any damage to the system (which would, inherently, be evidence of their intrusion). The better an explorationist is, the better they are at hiding their steps.  Of course, sometimes ego can get in the way.  Not me, though.  I'm the least egotistical person I know.

Many of this ideology’s tenets originate from newer versions of the Hacker Ethic — especially the white-hat version, which emphasizes benevolent rather than malevolent actions.

Informationism

Another outgrowth of the original Hacker Ethic is informationism, which holds that information should be allowed to flow freely throughout the Internet and, by extension, throughout all human societies. Hackers who embrace this ideology often have specific areas of interest they monitor to identify developments and actors that they might perceive to be limiting the free flow of information. Once these hackers identify constraints, they attempt to remove them by a variety of means, from simply rerouting data to removing security protocols to staging comprehensive network attacks — essentially making that information free through force.

When I read the book "Spam Kings", there was a brand of informationism.  Whenever somebody would post a spammer's contact information, piles of more anti-spammers would mirror that data and repost it on their own sites.  Authorities might be able to shut down the original poster, but they couldn't catch them all (like Pokemon).  In effect, anti-spammers would ensure free access to information, namely the identity of known spammers, by sheer volume.

In my next post, I'll get to a few more motivations.

My name is Mark Hassall and as Director in the Identity & Security Business Group at Microsoft Corp, I am responsible for partner marketing for Microsoft’s Forefront and IDA family of products. After spending a lot of time with many of our partners last week at Microsoft’s Worldwide Partner Conference (WPC), I came away with a number of impressions. For starters, I was reminded how great it is to get face-to-face time with friends in the industry. Secondly, it is incredible to see how the identity and security market continues to evolve at a rapid rate. If our channel partners took at least one thing away from our time at WPC, I hope it is this: our partners have always been, and will always be, at the core of Microsoft’s identity and security strategy.  In fact, I feel there has never been a better time to have a partnership with Microsoft. For example: at WPC the newly established Microsoft Identity and Security Business Group announced a $75+ million investment in sales, marketing and readiness initiatives and a series of program enhancements designed to further aid channel partners in designing effective, profitable business models while working with their customers to stay on top of the ever-changing security landscape.

We also announced some great promotions at WPC.  We expanded the Security Software Advisor (SSA) program, which allows partners to earn fees of up to 30 percent of the price of a customer's security product order through Microsoft Volume Licensing, and will now pay advisor fees on Identity and Access products (Microsoft Identity Lifecycle Manager and Microsoft Active Directory Rights Management Services) in addition to Microsoft Forefront products. By enrolling in the Security Software Advisor program, partners will be able to claim up to 10% of the product list price as advisor fees, when they recommend and deploy these identity and access products and will be in an ideal position to capitalize on the rapidly converging market for identity and security solutions.

Another new feature in the SSA program is the ‘Jumpstart’ offer where partners filing their first SSA claim will receive a 50% bonus payment on top of the advisor fee as well as two Microsoft Learning exam vouchers to help partners get certified and qualify for the Security Solutions competency. This limited time promotion runs from July 1^st through September 30^th 2008.

This is exciting stuff for my team and I as these program enhancements will lead to more opportunities for our partners and will strengthen the current relationships. In fact; in a recent study commissioned by Microsoft, IDC found that Microsoft partners that have the Microsoft Security Solutions Competency and/or qualify for the Microsoft Security Software Advisor program outperformed other benchmarked companies offering security solutions in 12 of 15 of the Key Performance Indicators (KPIs) surveyed. Key performance metrics include:

• Bottom line profitability – operating profit margins are one third higher for Microsoft partners

• Business velocity – revenue growth is three times higher than benchmark companies

• Business execution – revenue per employee is over $45,000 more per employee for Microsoft partners

• Services fulfillment – services to product resale ratio is double the rate of benchmark companies.

The report found that these results can be attributed to a number of factors, including services opportunities, availability of qualified technical resources, process efficiencies and deeper relationships with customers.  The report can be found here: https://partner.microsoft.com/download/US/40030202  

If you’re a Microsoft partner or you’re thinking about joining the Microsoft partner program, I urge you to sign up for SSA now and attain the Security Solutions Competency. As many of our partner friends witnessed last week in Houston; it’s an exciting time for both of the Forefront and IDA product families and we want partners to join in and start thinking about how you can drive revenue by attaching to existing infrastructure solutions. As I said when I started this blog partners are at the core of our strategy and we want you to engage with us on joint identity and security opportunities.  You can find out more about these programs and opportunities at https://partner.microsoft.com/global/productssolutions/securityproducts.  

-Mark Hassall

One of the other web sites I subscribe to is Stratfor.  It's a global intelligence website and doesn't really have much to do with spam.  But I like politics so I read it.  They have some articles which you can get for free, but the better stuff you have to pay for.

About two weeks ago, they ran a three-part series on Cyberwarfare.  The first article was the title of this post, which you can access here (requires registration... not sure if it's free).  In the article they described different types of cybercriminals and not-so-criminals which they referred to under the umbrella as "hackers."  I'm not going to reprint the entire article here but will quote some parts.

A hacker can be many things. For our purposes here, it is someone with sufficient understanding, skill and experience in the nuances and inner workings of computer systems and networks to be able to wield meaningful power and influence events in cyberspace — even if only in concert with others. Such a person must then actively choose to exercise that capability and act boldly on that stage (hacking is almost universally illegal).

This is a simplified definition but it works.

Black Hats

The most threatening hackers are known as black hats, or “dark side” hackers. These are hackers whose primary activities and intentions are malicious and often criminal. Black hats attempt to locate, identify and exploit security gaps or flaws within operating systems, computers and networks in order to gain control of them, steal information, destroy data or orchestrate other illicit activities.

White Hats

The antithesis of the black hat is the white-hat hacker, also known as an “ethical” or a “sneaker.” White hats are ethically opposed to the abuse or misuse of computer systems. Like their black-hat counterparts, white hats actively search for flaws within computer systems and networks. These efforts often occur with systems in which a white hat has a vested interest or of which they have substantial knowledge. They distinguish themselves by either repairing or patching these vulnerabilities or alerting the administrator of the system or the designer of the software. Basically, white hats attempt to maintain security within the Internet and its connected systems.

Other Hats

Other hackers “wear” colored or hybrid hats. Grey hats, for example, are a blend of the black hat and the white hat. Drawing on experience from both sides can make for a very robust skill set. Computer security professionals are often known as blue hats. Their activities are not unlike those of white hats but are more focused on the interests of paying customers. Hackers wear an assortment of other colored hats, and not all warrant definition here.

Using these basic definitions, let's attempt to classify the people in the spam industry.

• Spam fighters (who get paid for it, like me) are blue hats. 
• Spam fighters, who don't get paid for it (like some of the guys/girls in Spam Kings) are white hats or grey hats.
• Phishers are black hats.
• Spammers are tough to classify since they don't technically try to break into computer systems.  Maybe grey hats?

While these labels don't completely apply, in my next post we'll look at a few more definitions.

We've just had a reorganization in  Microsoft's Server & Tools Business (STB) that combines the engineering and marketing of the Identity team with the Security products team to form the new Identity & Security Division.  We've got a lot of cool products under our new umbrella, including:

• Identity: Identity Lifecycle Manager (beta), Active Directory, Rights Management Services (RMS), Active Directory Federation Services (ADFS), Windows Cardspace
• Security: Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, Forefront Security for Office Communications Server (beta), Forefront Server Security Management Console, Internet Security & Acceleration Server, Intelligent Application Gateway, Forefront Codenamed "Stirling" (beta)

Microsoft is combining the two groups because of the increasing overlap and dependencies of identity and security in a changing IT environment where establishing and security identity is crucial to securing appropriate access, protecting information, and securing vital resources.  

Doug Leland will become the General Manager of the new Identity & Security Division business and marketing group.  Ryan Hamlin,  General Manager heads the overall product development efforts.  The division includes the Forefront portfolio of products, Identity Lifecycle Manager, Rights Management Services, Active Directory, Federated Identity and Windows CardSpace. These changes take effect on July 1, 2008.

More to come in the future...

• FCS Virtualization Security
  Microsoft will provide support for virtualization with the Forefront line of security products, which includes Forefront Client Security support for Hyper-V upon its release. The FCS agent will be installable on Windows Server 2008 host and virtualized operating systems to protect against malicious threats. The FCS Management Server roles can also be installed on Hyper-V virtualized machines to consolidate management server roles.
  
  And there's more to come. Forefront "Stirling" protection technologies will share and use security information to dynamically respond to threats across physical or virtual environments. For example, if a user's virtual machine is offline and it's brought back online, Stirling will be able to identify that it is out of compliance and automatically trigger remediation. "Stirling" is targeted for release to market in the first half of 2009.
  
  
• NAP-FCS integration Kit
  It's finally here. The NAP-FCS Integration Kit provides customers with health policy enforcement for Forefront Client Security. The kit includes a System Health Agent (SHA) and System Health Validator (SHV) which are key services used to enforce a health policy. In addition to the SHA and SHV, this free kit provides tested guidance to quickly and easily integrate NAP and FCS. The kit will help strengthen defenses against malware by providing a means to enforce a health policy that requires FCS to be installed, functioning, and up-to-date. If this health standard is not met, NAP can deny access to network resources until FCS is updated, remediation occurs, and the client is returned to a healthy state. Get it here now!
  
  
• Windows Server Support
  Starting now, Forefront Client Security Agent as well as the Forefront Client Security Management Console will both support Windows Server 2008. The FCS agent also protects Windows Server Core, as well as supporting Microsoft Cluster Services. Customers can install the FCS agent to protect operating systems that are running Microsoft Clusters Services.

Today at the Tech Ed IT Professional Conference, Microsoft announced the availability of the first public beta of Forefront Security for Office Communications Server, the latest addition to the Forefront line of enterprise security products.  Forefront Security for Office Communications Server provides anti-malware scanning, keyword filtering, and file blocking for Office Communications Server 2007, and will be generally available in the second half of 2008.

You can download the beta here.

Forefront Security for Office Communications Server has some nice features, including:

• Multiple anti-malware scanning engines provide better protection: Microsoft Forefront Security for Office Communications Server provides enhanced protection against IM-based malware by including multiple scanning engines from industry-leading security partners. As tests we published on this blog last year showed, Multiple scanning engines increase the chances that emerging threats will be quickly caught.
  
  
• Keyword filtering and file blocking reduce liability: Microsoft Forefront Security for Office Communications Server helps reduce corporate liability by blocking IM messaging containing inappropriate content, while file and keyword filtering technologies prevent the sharing of out-of-policy files, unauthorized corporate confidential information or offensive language in IM conversations.
  
  
• Integration with Office Communications Server: Forefront Security for Office Communications Server protections are integrated with Microsoft Office Communications Server to provide high performance malware scanning optimized for enterprise instant messaging environments. Forefront Security for Office Communications Server includes automated signature updating, IM notification alerts, and built-in management controls to simplify administration.
  
  
• Integration with multiple server roles: Forefront Security for Office Communications Server integrates with the Access Edge, Director and Front End server roles in Office Communications Server 2007 Enterprise Edition, as well as the Office Communications Server Standard Edition Server role.
  
  
• Provides protection for federated connections and public IM users: By integrating with Office Communications Server Access Edge, Forefront Security for Office Communications Server ensures that all external communications - including those to and from external public IM clients or federated networks - are secure.
  
  
• Localization: Forefront Security for Office Communications Server will be localized into eleven languages.

Prism Consulting has released a new Total Cost of Ownership (TCO) analysis of desktop anti-malware.  The summary of the 21- page report states:

Value Prism Consulting, a management consulting and financial analysis firm, conducted a survey, measuring TCO changes with eight organizations that switched to Forefront Client Security.  Survey participants estimated an average of $24.00 in savings per desktop based on reduced IT security response time. Although not quantified, significant end-user productivity gains have also been realized by several organizations. Overall, participants experienced 85% fewer security issues after installing the solution. Several of the participating organizations encountered significant IT administration benefits of an additional $7.50 per desktop.  In addition, participants expect significant benefits from Forefront Client Security's unique reporting and control features. Initial investment costs for the companies averaged $16.50 per desktop. These Forefront Client Security deployment costs included deployment effort as well as additional software and hardware costs incurred.

Enterprise users interviewed for the report cited FCS's superior protection as a key reason for the improved TCO:

"We were not well-protected against spyware or malware," said Markus Kleinen, Managing Director at Konnex.  Performance problems were another issue. "The [previous] solution took a lot of time to scan computers, which slowed things down for employees."

Forefront Client Security provides an integrated solution. "As a financial institution, we have a need for machines to be 'well protected' for our own business, as well as for government compliance," said Ken Ong Kok Keng, System Engineer at PhillipCapital, a financial services firm in Singapore. "Forefront Client Security will help protect our desktop PCs from viruses and spyware."  

Companies interviewed experienced significant cost savings in security response management - based on both reduced issues and reduced cost handling for each issue. Right away, customers started seeing improved security - several participants commented on the number of issues undetected by the previous security software that were identified during the first Forefront Client Security scan.

Download the whole report here.

There is a fascinating 33-page paper on the underground economy of stolen data by Kimberly Kiefer Peretti of the  U.S. Department of Justice, Computer Crime and Intellectual Property Section.  The report explores the practice of "carding" - how credit card data is stolen and sold through a global network of criminals using online forums:

This article first provides a brief background on large scale data breaches and the criminal "carding" organizations that are responsible for exploiting the stolen data. Second, the article provides an in-depth examination of the process by which large volumes of data are stolen, resold, and ultimately used by criminals to commit financial fraud in the underground carding world. Third, this article discusses how carding activity is linked to other crimes, including terrorism and potentially drug trafficking. Fourth, this article outlines several recent investigations and prosecutions of carding organizations and the individual carders themselves. Fifth, this article examines the responses by the credit card industry and state legislatures to the recent increase in reported data breaches. Finally, this article outlines several recommendations to enhance the government's ability to continue to successfully prosecute carders and carding organizations.

The full paper is here.

This summer, we will be releasing Microsoft Internet Security and Acceleration (ISA) Server 2006 Service Pack (SP) 1.    This Service Pack introduces new features and improved functionality for ISA Server 2006 Enterprise and Standard Editions. The new features focus primarily on enhanced troubleshooting mechanisms designed to help you identify and resolve ISA Server configuration issues.  

 ISA Server 2006 SP1 includes the following new features:

• Configuration Change Tracking - logs all configuration changes applied to ISA Server configuration to help you backtrack through your change history.
• Web Publishing Rule Test Button - helps you verify that the rule configuration agrees with what is set at the published web server and provides specific suggestions when they disagree.
• Traffic Simulator - simulates network traffic as it would be seen by the ISA rules engine and gives you specific information about traffic processing along the way.
• Diagnostic Logging Query - an extension to the Diagnostic Logging feature provided in the Supportability Pack, this feature makes it much easier to see only the data that is relevant to the current troubleshooting effort.
• Support for Network Load Balancing (NLB) multicast and multicast with IGMP operations.
• Support for certificates with multiple Subject Alternative Name (SAN) entries in published web servers.
• Kerberos Constrained Delegation (KCD) authentication supports trusted-domain user accounts.

There's lots more detail here, including screenshots:

Microsoft support engineer Yuri Diogenes really digs into the Threat Management Gateway (TMG) beta.  TMG is the next version of ISA server that will be released with Stirling: 

There are many things that you will notice and see that it is different from ISA Server 2006. As far as installation is concern there are some things that you need to remember:

·         IIS will be installed:  that’s correct; IIS now will be installed by TMG. You might be thinking: “I remember that we have issues with IIS and ISA in the same box…”.  You are right for ISA Server, but for TMG we need IIS because TMG needs SQL Reporting Services 2005 and SQL Reporting Services 2005 needs IIS. It is important to emphasize that IIS is not removed if you uninstall TMG.

·         64 bits System: although the final version of TMG requires a 64-bit processor and Windows Server 2008 64-bit, this beta version can be installed in a 32-bit system with Windows Server 2008.

·         WEBS: the TMG beta version that we have available for download it will be part of the Windows Essential Business Server. TMG will be available through WEBS Standard and Premium Edition.

There's lots more, including a bunch of screen shots here.