Windows Client UPDATE--New and Improved MBSA Belongs in Your Security Toolkit--August 4, 2005

Subscribe to Windows IT Pro:

Make sure that overzealous antispam software doesn't block your copy of Windows Client UPDATE--add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Client UPDATE.

Gone in 30 Days: Exchange, Retention, and Regulatory Compliance


1. Commentary
- New and Improved MBSA Belongs in Your Security Toolkit

2. Reader Challenge
- July 2005 Reader Challenge Winners
- August 2005 Challenge

3. News & Views
- Mozilla Goes Corporate to Build Market Share

4. Resources
- Tip: Disable the "Did you notice the Information Bar" Dialog Box
- Featured Blog: Here Comes the Fuzz

5. New and Improved
- Monitor and Identify Desktops in Real Time
- Tell Us About a Hot Product and Get a T-Shirt!

==== Sponsor: Gone in 30 Days: Exchange, Retention, and Regulatory Compliance ====

The advent of Sarbanes-Oxley, Gramm-Leach-Bliley, and assorted market-specific regulations means that you may be legally required to have an email compliance and retention policy. Download this free whitepaper now to learn general retention and compliance issues, gain an understanding of Microsoft Exchange Server's built-in archiving and compliance features and guidance on first steps to take when starting an archiving regime. Plus - discover how to analyze trends and usage across your messaging store; implement retention policies in Exchange mailboxes, PST files (network/local), public folders and more.


==== 1. Commentary: New and Improved MBSA Belongs in Your Security Toolkit ====
by David Chernicoff, [email protected]

IT pros and ordinary computer users face basic security concerns every day. For the small business IT pro, protecting the systems they support is a major part of the job and can be quite time consuming. That's why tools such as the Microsoft Baseline Security Analyzer (MBSA) can be an integral part of the IT security toolkit.

When I first recommended the MBSA tool, I received a lot of responses from readers who found it clumsy to use, inaccurate in its reporting (because of problems with the way it handled Microsoft Office application configurations), and useful only if the user was able to read between the lines (i.e., fully understand the security concerns and the way that MBSA reports on them.)

Last month, Microsoft released MBSA 2.0 ( ), which addresses all the common complaints about the first-generation tool. MBSA 2.0 is much easier to use and has a better Help system than the first version did. It also provides better explanations of problems (or potential problems) that it finds and is more aware of the operating environment (e.g., workgroup or domain) of the computers you're testing.

To scan all or some of the computers in your network, you simply give the tool the IP address range of your target computers (ensure that you have local administrator rights on all the target computers) and let it run. MBSA produces a report for each specified computer, detailing any problems found and providing the status for each of the items it checks. For security checks that aren't appropriate for the target computers (e.g., checking domain-related items in a workgroup environment), the tool simply reports that it didn't perform the check.

MBSA checks the security status of Office 2003, Office XP, and Office 2000 and any version of the 32-bit Windows OS later than Windows 2000 Service Pack 3 (SP3). The tool checks for security updates rated moderate, important, or critical and reports not only whether security updates are needed, but will confirm that no security updates are missing.

For users in larger environments, Microsoft has released the Microsoft Office Visio 2003 Connector for MBSA 2.0. This tool lets MBSA users generate a color-coded report as a Visio 2003 network diagram that provides an at-a-glance view of the status of their network computers. The process isn't totally automated: The user must create the initial network diagram in Visio, either manually or by using a network auto-discovery tool that reports data back to Visio. After you create the diagram, Visio Connector for MBSA creates a smart-tag that lets you launch MBSA from the diagram. Then you can drill down from the diagram directly into MBSA reports. You can read more about the tool and download it at .

Users who want to automate the operation of MBSA can use a command-line version that's installed when the GUI version is installed. By using the command-line tool, users can automate the scanning process, either through batch files or more complex scripting tools. If you've been steering clear of MBSA because of its earlier shortcomings, it might be time to reevaluate this handy tool.


==== 2. Reader Challenge ====
by Kathy Ivens, [email protected]

July 2005 Reader Challenge Winners
Congratulations to Laura Watts of California, who wins a copy of "Windows Server Hacks," and to Jeff Albert of British Columbia, Canada, who wins a copy of "Windows Server Cookbook for Windows Server 2003 & Windows 2000." Both of these terrific books are from O'Reilly Publishing, and both winners presented correct and amusing answers.

August 2005 Reader Challenge
Solve this month's Windows Client challenge, and you might win a prize! Email your solution (don't use an attachment) to [email protected] by August 17, 2005. You must include your full name, and street mailing address (without that information, we can't send you a prize if you win, so your answer is eliminated, even if it's correct).
I choose winners at random from the pool of correct entries. I'm a sucker for humor and originality, and a cleverly written correct answer gets an extra chance. Because I receive so many entries each month, I can't reply to respondents, and I never respond to a request for a receipt. Look for the solutions to this month's problem at on August 18, 2005.

The Challenge:
I was visiting a friend who administers the Help desk crew at a large company. One of the support technicians came into his office with a problem. The technician had created a bootable 3.5" disk for Windows XP computers running NTFS so that he could fix computers that wouldn't boot. The disk didn't work this day, and he couldn't figure out why. My friend asked him a question, and the technician had the right answer (and subsequently repaired the computer that was crashing). Do you know the answer to this question: Under what circumstances does a boot disk not work?

==== 3. News & Views ====
by Paul Thurrott, [email protected]

Mozilla Goes Corporate to Build Market Share
In an unexpected move, the nonprofit Mozilla Foundation announced this week that it's creating a for-profit subsidiary, the Mozilla Corporation, to more rapidly increase market share for its core product, the Firefox Web browser. Although the Mozilla Corporation will seek to make a profit, that won't be its primary goal, Mozilla representatives say. Instead, the new company will help the Mozilla Foundation promote the use of open Web standards. Read the entire story at the following URL:

==== Events and Resources ====
( A complete Web and live events directory brought to you by Windows IT Pro: )

Windows Connections 2005 Conference
October 31-November 3, 2005, San Diego, CA. Microsoft, Windows, and Exchange Server experts present over 60 in-depth sessions with real-world solutions you can take back and apply today. Don't miss Mark Minasi's insightful keynote presentation "Windows Server R2, Longhorn and Beyond" and your chance to win a Harley-Davidson motorcycle! Call 800-505-1201 for more information.

Continuous or Real-Time Backup Systems--Are They Right For You?
Continuous or real-time backup systems help avoid the danger of losing data if your system fails after the point of backup by providing real-time protection. In this free Web seminar, learn how to integrate them with your existing backup infrastructure, how to apply continuous protection technologies to your Windows-based servers, and more. Register now and learn how you can reduce your downtime with continuous data protection!

New Cities Added--SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

Deadline Extended – 2005 Windows IT Pro Innovators Contest!
If you've used Windows technology in creative ways to devise specific, beneficial solutions to problems your business has faced, we want you! Now's your change to get the recognition you deserve. Enter the 2005 Windows IT Pro Innovators Contest now! You could win a complimentary conference pass to Exchange Connections and Windows Connections in San Diego in late October 2005.

Sort Through Sarbanes-Oxley, HIPAA Legislation, and More--Quicker And Easier!
In this free Web seminar, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance-related tasks that reduce IT efficiency. Turn these mandates into automated and cost-effective solutions. Register now!

==== Featured White Paper ====

Enabling Mobile Sales: Putting CRM in Your Pocket
In this free white paper, find out how you can enable the latest handheld devices and smartphones to deliver scalable, real-time access to enterprise systems on today's high-bandwidth data networks--complete with enterprise-class security and NTLM authentication. Don't wait--get your free copy now and improve sales productivity and customer responsiveness by using a faster, more convenient, wireless solution.

==== 4. Resources ====

Tip: Disable the "Did you notice the Information Bar" Dialog Box
(contributed by David Chernicoff, [email protected])

Since Windows XP Service Pack 2 (SP2), users of Microsoft Internet Explorer (IE) have had protection for what Microsoft terms "potentially dangerous content." Every time such content appears, a notification displays at the top of the IE window, accompanied by a "Did you notice the Information Bar" dialog box. To stop this dialog box from appearing (which doesn't turn off the protection), perform these steps:
1. Open the registry editor.
2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InformationBar registry subkey.
3. Open (or create) the REG_Dword FirstTime entry.
4. Set the value of FirstTime to 0 to prevent the "Did you notice" dialog box.
5. Set the value to 1 to reenable the notification.

Featured Blog: Here Comes the Fuzz

Read about two new security tools in Mark Edwards' latest post to the Security Matters blog.

==== Announcements ====
(from Windows IT Pro and its partners)

Windows IT Pro Gives IT Professionals What They Need
The August issue is a must have! Subscribe now and find out the best ways to plan for Longhorn, what you need to know about VBScripts, and how to make sense of SQL Server. If you order today, you'll also gain exclusive access to the entire Windows IT Pro online article database (over 9000 articles) and save 44% off the cover price!

Try a Sample Issue of Exchange & Outlook Administrator!
If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and downtime. Request a sample issue today, and discover tools and solutions you won't find anywhere else to help you migrate, optimize, administer, backup, recover, and secure Exchange and Outlook. Order now!

==== 5. New and Improved ====
by Dianne Russell, [email protected]

Monitor and Identify Desktops in Real Time
eTelemetry announced Locate 3.2, a real-time network activity and monitoring appliance. The appliance passively analyzes network traffic on a mirrored switch port and automatically links IP addresses with a user's name, phone number, physical location, and email address. You can track a computer's network account activity, discover which users and machines connect to specific ports, and detail past links between computers, users, and network equipment. Locate integrates with legacy support, security, and asset management systems through a Web services interface. The turnkey appliance doesn't require desktop software agents. A Collection Node appliance is available for monitoring distributed enterprises. Contact eTelemetry for pricing.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows IT Pro T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== Sponsored Links ====

Professional and secure remote control from all major platforms

Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring an UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Manage Your Account You are subscribed as %%$email%%

You are receiving this email message because you subscribed to this newsletter on our Web site. To unsubscribe, click the unsubscribe link: %%UNSUB_HREF%%

View the Windows IT Pro Privacy policy at

Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.