WinInfo Daily UPDATE, February 11, 2004

This Issue Sponsored By

Argent Software

Sponsor: Argent Software

Free Download: Monitor Your Entire Infrastructure with ONE Solution
The Argent Guardian monitors servers, applications, any and all SNMP-compliant devices as well as the overall health of the entire network at a fraction of the cost of "framework" solutions. Network Testing Labs states that "The Argent Guardian will cost far less than MOM and yet provide significantly more functionality." Using a patented Agent-Optional architecture, the Argent Guardian is easily installed and monitoring your infrastructure in a matter of hours. Download a fully-functioning copy of the Argent Guardian at:

1. In the News

by Paul Thurrott, [email protected]

Controversial Microsoft Security Fixes Have Company on Security Defensive Late yesterday, Microsoft issued its planned monthly set of security updates, but this month the updates are more serious and controversial than usual. One of the fixes, rated as critical, applies to "an extremely deep and pervasive technology in Windows" that attackers can compromise to take over PCs, but the flaw was discovered 7 months ago and fixed only this week. Security experts describe the flaw as one of the most devastating ever, and Microsoft recommends that all users download and install the patch for this problem as soon as possible. The timing couldn't be worse for the company: Microsoft Chairman and Chief Software Architect Bill Gates recently alleged that Windows is more secure than any OS alternatives because the system has been so thoroughly tested in the real world through constant attacks; Gates will also keynote an upcoming industry security event in San Francisco. So why did Microsoft take so long to fix the flaw, leaving Windows users open to potentially devastating electronic attacks?
"This is one of the most serious Microsoft vulnerabilities ever released," Marc Maiffret, chief hacking officer and cofounder of eEye Digital Security, the company that discovered two of the Windows flaws Microsoft revealed this week, said. "The breadth of systems affected is probably the largest ever. This is something that will let you get into Internet servers, internal networks--pretty much any system." Alarmingly, eEye discovered the flaws last July and agreed to keep quiet until Microsoft could fix them. But Maiffret described the lag time between eEye's discoveries and Microsoft's fixes as "totally unacceptable." Microsoft defends the whopping 7 months it took to fix the flaws as necessary because the company needed to ensure that a patch to such central Windows components didn't break software or cause other problems. "We really took the steps to make sure our investigation was as broad and deep as possible," Microsoft Security Program Manager Stephen Toulouse said.
The critical security flaw exists in a Windows component called the ASN.1 library, which interacts with multiple Windows features, including file sharing and digital certificates. The flaw affects every Windows version from Windows NT 4.0 to Windows Server 2003, and includes all desktop and server variants of these systems. Interestingly, attackers can compromise the flaw with a simple buffer-overrun attack, a common type of attack that Microsoft has wrestled with since its Trustworthy Computing code review 2 years ago. Both XP Service Pack 2 (SP2), due midyear, and Windows 2003 SP1, due in late 2004, will include new memory-protection features designed to thwart most buffer-overrun attacks. You can learn more about the patch on the Microsoft Web site, but Windows users should use Automatic Updates or Windows Update to download and install each of the security patches Microsoft issued this month.

Lindows Trademark Case Delayed Indefinitely
A US district court judge put Microsoft's trademark-infringement case against on indefinite hold this week, pending an appeals court ruling that could strip the software giant of its Windows trademarks. The judge's decision is bad news for Microsoft, which sued last year because the name Lindows is too similar to Windows. The lawsuit backfired when challenged the Windows trademark, noting that the word windows is a generic term and thus can't be legally protected with a mark. This week's ruling means that an appeals court will decide whether windows is indeed a generic term; if so, Microsoft could lose its trademark. At the very least, a jury will be able to use that determination to decide the future trial case between Microsoft and
But before the anyone-but-Microsoft crowd gets too excited, it's important to note that the appeals court will be working under a strict set of rules. According to US District Judge John Coughenour, the court can consider only whether the term windows was a generic computing term before November 1985, when Microsoft released the original version of Windows. And Microsoft can appeal the ruling, of course.
However, the term windows was indeed a generic computing term before November 1985, thanks largely to the introduction of graphical computing systems such as Apple Computer's Macintosh, which the company released in early 1984. Describing the then-new graphical paradigm, the premiere issue of "Macworld," published in early 1984, noted, "When you want to look at the information that one of the icons represents \[on screen\], you open a window ... Choose the Open command from the File menu and the screen almost fills up with a rectangular 'window' containing icons that represent the documents and programs on the disk." And the Mac isn't the only example of a pre-Windows computer windowing system; other examples include VisiCorp's VisiOn shell, which was released in late 1982, and IBM's TopView shell, which was released in February 1985.
Microsoft argues that the term windows should be judged by its acceptance today, not by the standards of the computing market of 20 years ago. But the company says it's pleased that this matter will finally be decided. "We are very encouraged that the judge has granted our request to ask the court of appeals to provide guidance and clarity on this important issue of law before going to trial," a Microsoft spokesperson said. described the ruling as a "major victory."

2. Announcements

(from Windows & .NET Magazine and its partners)

Windows & .NET Magazine Connections
Windows & .NET Magazine Connections features speakers from Microsoft as well as other top independent experts. Complete details about workshops, breakout sessions, and speakers are now online. You'll save $200 if you register before the early-bird discount expires--plus, you'll get a chance to win a Florida vacation! Go online now to register.

Try a Sample Issue of Security Administrator!
Security Administrator is the monthly newsletter from Windows & .NET Magazine that shows you how to protect your network from external intruders and control access for internal users. Sign up now to get a 1-month trial issue--you'll feel more secure just knowing you did. Click here!

3. Events Central

(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

New--Microsoft Security Strategies Roadshow!
We've teamed with Microsoft, Avanade, and Network Associates to bring you a full day of training to help you get your organization secure and keep it secure. You'll learn how to implement a patch-management strategy; lock down servers, workstations, and network infrastructure; and implement security policy management. Register now for this free, 20-city tour.

Sponsored Links

Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?

Javelina Software
Check out ADvantage to bulk modify Active Directory attributes.;7115967;8214395;t?


4. ==== CONTACT US ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Manage Your Account
You are subscribed as #EmailAddr#.

You received this email message because you requested to receive additional information about products and services from the Windows & .NET Magazine Network. To unsubscribe, send an email message to mailto:[email protected] Thank you!

View the Windows & .NET Magazine Privacy policy at

Windows & .NET Magazine a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.