First Windows 2000 Virus and Security Patch

Don't panic. The Windows 2000 (Win2K) virus in question is safely under control—but the fact that the virus exists at all worries me. The virus is called Win2K.Inta, and it's capable of infecting a wide variety of file types, including those that the Microsoft Installer uses (e.g., .msi), and thus has the potential to propagate to all the systems on a network.

When I queried Microsoft about the virus, the company told me that while it's aware of Win2K.Inta, it's not terribly concerned about it. At the same time, Microsoft notes that viruses are a reality and recommends that users take necessary precautions to protect themselves.

I think that's good advice. I hate to admit it, but I haven't bothered with antivirus software since I started running Windows NT full-time—6 or 7 years ago. At first, I didn't bother with antivirus software because no antivirus software was available for NT. This lack wasn't a problem because there also weren't any NT-specific viruses. Viruses written for DOS and 16-bit versions of Windows wouldn't run under NT.

Win2K.Inta is a wake-up call that this situation is about to change. Users are going to see 32-bit viruses written directly to attack Win2K. So, if you're like me and have been assuming you're safe—you're not, and it's time to act appropriately. You can find more information about Win2K.Inta here.

First Win2K Security Patch

Coincidentally, while researching Win2K.Inta, I learned that Microsoft has posted the first security patch to Windows 2000 (Win2K). The patch addresses a possible vulnerability in the indexing service that could let an unauthorized person view (but not change) pages and physical directory locations on a Web server. For details and to download the patch, click here.

The patch is of interest primarily to Web masters, but I mention it here for two reasons: First, Win2K Pro contains Microsoft's Personal Web Server (PWS), along with the Indexing Service. If you're running these programs, you might be vulnerable. Second, as with Win2K.Inta, it's a wake-up call that security issues aren't going away with Win2K.

Microsoft maintains an updated set of security bulletins for Win2K and other products here. You can also sign up to automatically receive security notifications by e-mail. I highly recommend this service.

Directory Wars: Novell vs. Microsoft

I was amazed this week to discover the latest blasts in the ongoing war between Novell and Microsoft over directory services. Novell has a critique of Microsoft's Active Directory (AD) here. To read Microsoft's response, go to it's Web site and look for "Microsoft's Perspective on Novell's Active Directory Claims: Parts I, II, and III.

Because this newsletter is for desktop users, I don't want to dwell on the issue; most of you will wind up running whatever directory your company chooses to standardize on. For what it's worth, I'll repeat what some of you heard me say in person at last fall's COMDEX: Although Win2K is really Windows NT 5.0, the directory in Windows 2000 Server (Win2K Server) is really Microsoft Directory 1.1. I used to say version 1.0, but the significant improvements that Microsoft made between Win2K Beta 2 and the Release to Manufacturing (RTM) version amount to what I expected to see in a first service pack (SP).