Windows Client UPDATE, August 2002
David Chernicoff explains why it's important to check your "automatic" updates to be sure your client systems are current, and he gives a tip on changing three Windows XP bevaviors. Paul Thurrot shares news of the "new" Windows security vulnerability.
August 28, 2002
Windows Client UPDATE, brought to you by the Windows & .NET MagazineNetwork
http://www.winnetmag.net
THIS ISSUE SPONSORED BY
NetSupport Manager PC Remote Control Software
http://www.netsupport-inc.com/download/download.html?good&English&NSM&nsmeng
Security Administrator Web Site
http://www.secadministrator.com
(Below COMMENTARY)
SPONSOR: NETSUPPORT MANAGER PC REMOTE CONTROL SOFTWARE
Perform remote support and management on multiple systems simultaneously over a LAN, WAN and the Internet with this powerful PC remote control software. NetSupport Manager provides speedy, secure remote PC access, dynamic inventory, automated scripting and scheduling, file transfer, remote deployment, system monitoring, help requests and much more. Use NetSupport Manager remote control software to manage help desk support, mobile computing, desktop management, software training and system automation. A great add-on for SMS. Installed in millions of desktops worldwide. Download a free, fully functional 30 day trial today.
http://www.netsupport-inc.com/download/download.html?good&English&NSM&nsmeng
August 29, 2002—In this issue:
1. COMMENTARY
Keeping Your Windows Systems Updated
2. NEWS AND VIEWS
New Windows Security Vulnerability: Fact or Fiction?
3. ANNOUNCEMENTS
Take Our Exchange Survey and Enter to Win a Microsoft Xbox!
Planning on Getting Certified? Make Sure to Pick Up Our New eBook
4. RESOURCES
Tip: Changing Three Windows XP Behaviors
New Book: Microsoft Windows XP Power Toolkit
Featured Thread: Windows XP Pro Client Logon Problems
5. NEW AND IMPROVED
Application Makes It Easier to Work Offline
Create Hard-To-Guess Passwords
6. CONTACT US
See this section for a list of ways to contact us.
1. COMMENTARY
(David Chernicoff, News Editor, [email protected])
KEEPING YOUR WINDOWS SYSTEMS UPDATED
I run both Windows XP and Windows 2000 Professional as client OSs, but I find that XP helps me keep my Win2K systems updated. Updating your computers should be an automatic activity—either by using the built-in tools in the OS (as with XP) or by getting in the habit of checking for updates (Win2K and Windows NT). With XP, you automatically get all the critical updates, but without manually checking the Windows Update Catalog Web site, you won't know whether updates are available that can improve performance or reliability. Although many of the updates that the XP Automatic Updates download are XP-specific, some are also beneficial for Win2K and NT computers on your network.
I find that automatic updating is important for a couple of reasons, but the most pressing is that my previous source of concentrated system update information, the Windows Update Corporate Web Site (see the first URL below), was officially retired almost 6 months ago. Users must now go to the Windows Update Catalog Web site (see second URL below). But the Windows Update Catalog Web site seems less user-friendly to me than the corporate site, which let me create download packages specific to what I wanted to download. Now, I have to download the updates one at a time. Fortunately, the Windows Update Catalog lets you check for updates for XP and Win2K from a machine that runs either OS, and you can download the updates to a location on your network for later installation. To use the Web site's "Scan for Updates" feature, you need to click the Windows Update tab, not the Windows Update Catalog tab that you'll see at the top of the Web page.
http://corporate.windowsupdate.microsoft.com/en/default.asp
http://v4.windowsupdate.microsoft.com/catalog/en/default.asp
I hadn't realized how complacent I had become about updating my Win2K systems until this week, when I noticed that one of the updates delivered to my XP desktop was the August cumulative update (see URL below) for Microsoft Internet Explorer (IE). I realized that this update wasn't XP-specific, and I decided to check the Windows Update Catalog Web site to determine how many updates I'd missed for my Win2K systems. I discovered that I was at least four or five updates behind on my Win2K Pro systems, and on my least-used Win2K server, I was 26 updates behind!
http://microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp
Although I've been letting XP's automated update install whatever it wants to on my primary XP desktop system, I thought I would let the Windows Update Catalog Web site scan that computer to see how "updated" it really was. Imagine my surprise when the Web-based tool reported 14 available updates, 9 of which were classified as "Recommended." By using the tool on three other XP systems, I found at least the same number of available updates for all of those computers, so I let them download and run the update installation to get caught up with the available updates. For the Win2K Server updates, I downloaded to my network all 26 updates that the least-updated system needed, then installed the updates where I needed to.
I thought that I was very good about keeping my computers updated with the most recent OS patches, but when I investigated, I found that my systems were far from current. And the OS updates they needed didn't even include what I found I was missing when I checked the Office Update Web site by clicking its tab on the Windows Catalog Update site—I was just as far behind in keeping Microsoft Office XP up-to-date. Many updates are available for all the current Windows OSs, but unless you explicitly check for them, you'll never know that they exist. When was the last time you double-checked the state of your client systems?
SPONSOR: SECURITY ADMINISTRATOR WEB SITE
WHERE TO BE PROACTIVE ABOUT SECURITY!
When you suspect a hack or virus attack, don't waste time surfing the Web. The Security Administrator Web site delivers news, articles, discussion forums, FAQs, and hotfixes (in one easy-to-navigate Web site!), so you can mitigate the effects of today's disaster and prevent tomorrow's. Visit:
http://www.secadministrator.com
While you're there, check out this article on Exchange Server Antivirus Software:
http://www.secadministrator.com/articles/index.cfm?articleid=23564
2. NEWS AND VIEWS
(contributed by Paul Thurrott, [email protected])
NEW WINDOWS SECURITY VULNERABILITY: FACT OR FICTION?
Yet another Microsoft controversy is in the news this week. This controversy involves a so-called Windows Shatter Attack that's "unfixable" because the only reliable solution reportedly requires functionality that Windows doesn't have. Predictably, several news agencies have latched onto the story, foretelling the upcoming demise of Windows. But as Microsoft points out, for the Shatter Attack to do any damage, an intruder must gain access to a user's system. And, according to the company's Ten Immutable Laws of Security (see URL below), after this situation occurs, the user's system already has been exploited. Thus, Microsoft says, the Shatter Attack doesn't represent a Windows vulnerability but illustrates what can happen when users ignore basic security practices.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/10imlaws.asp
Programmer Chris Paget authored an online white paper that describes the Shatter Attack and other attack methods (see URL below). According to Paget, Microsoft Group Vice President Jim Allchin's comments during the company's antitrust trial inspired Paget's research. Allchin said that certain flaws in Windows were so serious that if the company revealed the Windows source code, information about the flaws would threaten national security. Allchin then mentioned the Windows message-queuing subsystem, and Paget got to work looking for flaws. The Shatter Attack is apparently one successful result of his research.
http://security.tombom.co.uk/shatter.html
Microsoft's response to Paget's attack is credible, however. After noting that the Shatter Attack is just a new approach to an old issue that the company has known about for years, a Microsoft spokesperson told Paget in an email that his attack requires that a system be compromised before the attack can do any damage. "The attack you describe either requires [users] to run an attacker's program on their [systems] or the attacker needs to have access to the [users' systems]," the email reads. "In either case, the attacker has been allowed to cross a security boundary. In our essay, the 'Ten Immutable Laws of Security,' these are Law #1—'If a bad guy can persuade you to run his program on your computer, it's not your computer anymore,' and Law #3—'If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.'"
Obviously, the Shatter Attack isn't the real problem. The problem is the email virus that could deliver the attack or any other delivery vehicle that gives an attacker remote or physical access to a user's system. Thus, the details of the attack matter little.
3. ANNOUNCEMENTS
(brought to you by Windows & .NET Magazine and its partners)
TAKE OUR EXCHANGE SURVEY AND ENTER TO WIN A MICROSOFT XBOX!
We need your opinion! Take our brief survey on managing Microsoft Exchange Server with third-party tools, and we'll automatically enter your name into a drawing for a Microsoft Xbox. Click here to start the survey!
http://www.zoomerang.com/survey.zgi?1ax4vkr1q8a55gj12hdhw5Ja
PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW eBOOK!
"The Insider's Guide to IT Certification" eBook is hot off the presses and contains everything you need to know to help you save time and money while preparing for certification exams from Microsoft, Cisco Systems, and CompTIA and have a successful career in IT. Get your copy of the Insider's Guide today!
http://winnet.bookaisle.com/ebookcover.asp?ebookid=13475
4. RESOURCES
* TIP: CHANGING THREE WINDOWS XP BEHAVIORS
Recently, I've received several email messages from administrators who want to change the way the Start menu behaves in Windows XP. The three most common questions are how to remove the "most frequently used programs list" from the Start menu, how to remove the pinned programs, and—in an interesting contrast to the first two questions—how to make the OS use the Classic (Windows 2000-style) Start menu.
You can make all three modifications by editing the registry (as well as system policies). The settings are all in the same registry subkey.
Launch regedt32.
Open the HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion PoliciesExplorer registry subkey.
To remove the most-frequently used programs list, add a DWORD value named NoStartMenuMFUprogramsList.
To remove the pinned programs list, add a DWORD value named NoStartMenuPinnedList.
To force the use of the Classic Start menu, add a DWORD value named NoSimpleStartMenu.
Setting the value of each DWORD value to 1 will enable the function; 0 will disable the function.
NEW BOOK: MICROSOFT WINDOWS XP POWER TOOLKIT
"Microsoft Windows XP Power Toolkit," written by David Chernicoff, Paul Thurrott, and Walter Bruce, is now available from Microsoft Press. The book covers tips and tricks for the average desktop user and the power networking user to help them get the most out of their XP computer. You can find "Microsoft Windows XP Power Toolkit" (Microsoft Press) at this URL.
FEATURED THREAD: WINDOWS XP PRO CLIENT LOGON PROBLEMS
A reader can't log on to his Windows 2000 server from a Windows XP Professional client. After creating users, he tested the logon and connected successfully. Now, he can't log on with any username (including Administrator) through the client machine. To read more about the problem or offer your expertise, use this link.
5. NEW AND IMPROVED
(contributed by Judy Drennen, [email protected])
APPLICATION MAKES IT EASIER TO WORK OFFLINE
MetaProducts released Offline Explorer Pro 2.0, an application that lets you download Internet directories, files, video and audio streams, and entire Web sites and work with them offline. Creating a new project for downloading is as easy as identifying the starting URL, specifying the number of levels into the Web site that you wish to capture, and deciding on the file types that you want to include in the project. Offline Explorer Pro 2.0 runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x and costs $50. Contact MetaProducts at [email protected] or visit the Web site.
http://www.metaproducts.com
CREATE HARD-TO-GUESS PASSWORDS
AccuSolve released Masking Password Generator 2.0, a random password or number generator. Masking Password Generator can help companies that are seeking to increase their password security. Because the computer generates the password by using random number-generator routines, you don't have to worry about employees thinking up words or combinations of words and numbers that attackers could easily guess. The program runs on the Windows System Tray and costs $10. Contact AccuSolve at 801-302-1381 or email [email protected].
http://www.accusolve.biz
6. CONTACT US
Here's how to reach us with your comments and questions:
ABOUT THE COMMENTARY — [email protected]
ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
PRODUCT NEWS — [email protected]
QUESTIONS ABOUT YOUR Windows Client UPDATE SUBSCRIPTION?
Customer Support — [email protected]
WANT TO SPONSOR Windows Client UPDATE?
[email protected]
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=wswi201x1z
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
About the Author
You May Also Like