Windows Client UPDATE, February 5, 2004

1. Commentary: Bounce Notification Hell

2. Reader Challenge
- January 2004 Reader Challenge Winners
- February 2004 Reader Challenge

3. News & Views
- Intel Releases Faster Pentium 4 Generation

4. Announcements
- Work with SQL Server?
- Check Out the Latest Web Seminar--A Practical Guide to Selecting the Right IM Security Solution

5. Resources
- Tip: Solving Problems with Scheduled Tasks in Win2K
- Featured Thread: Permissions for Screen Saver and Desktop Background in Win2K

6. Events
- New Web Seminar--Realizing the Return on Active Directory

7. New and Improved
- Monitor Your PC's Network Performance
- Tell Us About a Hot Product and Get a T-Shirt!

8. Contact Us
- See this section for a list of ways to contact us.

==== Sponsor: Windows & .NET Magazine ====

Get 2 Sample Issues of Windows & .NET Magazine! Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange Server, and more. Our expert authors deliver content you simply can't find anywhere else. Try two no-risk sample issues today, and find out why 100,000 IT professionals read Windows & .NET Magazine each month! http://www.winnetmag.com/rd.cfm?code=fsep204xup

==== 1. Commentary: Bounce Notification Hell ====
by David Chernicoff, [email protected]

I was inundated with copies of the MyDoom virus after the latest outbreak. Within the first 24 hours of the epidemic, more than 300 copies of the virus were sent to me. A situation like this isn't unusual for me: I have many email addresses, and they reside in a huge number of address books. However, this time I noticed an interesting mix of spoofed email addresses as the reply-to address in the virus-loaded messages. What caught my attention was that a large percentage of the spoofed addresses were those of employees in high-tech companies. That fact makes me think that some of the earliest vectors of infection were people in the industry, which is unusual.

I've been known to launch into diatribes about users who spread email virus infections, but those users aren't my target in this commentary. Regarding MyDoom, I feel obligated to take email antivirus scanner vendors to task. These vendors make the software that sits on your email gateway and detects and blocks infected email. I'm not aggravated with them for their uncharacteristically slow response to MyDoom (although the industry is usually very quick to respond to new major infections, I received announcements about protection from MyDoom finally being available as long as 72 hours after the first reports of the virus), but rather with the fact that these vendors haven't updated the intelligence in their scanner-product notification systems. The following rant doesn't apply to every antivirus gateway vendor; however, it applies to far too many of them.

After a large percentage of antivirus gateway vendors had pushed MyDoom definition files out to their clients, I started receiving almost as many bounce notification messages as I did copies of the actual virus. My favorites were the messages that not only sent me a bounce notification but thoughtfully expanded the attack parameters of the virus writer by including a copy of the virus.

I don't understand this behavior. The gateway recognizes that an email message has a virus attached. It identifies the virus in question (and in some cases adds that identity information to the bounce notification), then bounces the message back to the address specified in the reply-to field of the message header. That last action is what mystifies me: If you can identify a virus, you know whether the virus is inserting a random address from the infected system's email address book into the reply-to field. So the antivirus software sends a message to an address that it knows, at some level, has been spoofed. Doing so, and also attaching a copy of the original message, merely repeats the attack. Not to mention that bounce notification messages suck up network bandwidth and can easily clog your corporate connection to the Internet while they're filling innocent users' Inboxes with a series of unintentional virus attacks.

I wrote about this problem in the August 7, 2003, Windows Client UPDATE. I solved it by creating a series of spam filters on my systems that deep-six most bounce notification messages. Unfortunately, with MyDoom, so many of the messages (more than 100) slipped past my existing filters that I had to deal with them. Neither I nor any other end user should have to wrestle with this artifact of the days when massive virus outbreaks were rare and you felt you were helping out by letting correspondents know that they'd sent you an infected message. This bounce notification "feature," and I use the term loosely, should always default to disabled in any antivirus gateway and should require multiple obscure steps to enable. If such a configuration were the norm, the email world would be a better place.

==== 2. Reader Challenge ====
by Kathy Ivens, [email protected]

January 2004 Reader Challenge Winners

Congratulations to Michael C. Bednar of Pittsburgh, who wins first prize, a copy of "Windows Server Undocumented Solutions: Beyond the Knowledge Base" by Serdar Yegulalp (McGraw-Hill Publishing). David Carter of Leominster, Massachusetts, wins second prize, a copy of "Linksys Networks: The Official Guide, Second Edition," by Larry J. Seltzer and Kathy Ivens (McGraw-Hill Publishing). Visit http://www.winnetmag.com/articles/index.cfm?articleid=41417 to read the answer to the January Reader Challenge.

February 2004 Reader Challenge

Solve this month's Windows Client problem, and you might win a prize! Email your solution (don't use an attachment) to [email protected] by February 19, 2004. You must include your full name, street mailing address, and phone number (all required for shipping your prize).

I choose winners at random from the pool of correct entries. Because I receive so many entries each month, I can't reply to respondents. (I never respond to a request for a receipt.) Look for the solutions to this month's problem at http://www.winnetmag.com/articles/index.cfm?articleid=41703 on February 19, 2004.

Over the past few weeks, I've received several queries from readers on the same subject: When users send a job to a remote printer, Windows frequently displays an error message that the printer can't be found. The message suggests that the printer name is incorrect in Windows or that the printer has been removed from the print server. My correspondents insist that the printer names are correct and the printers are connected, and two readers mentioned that their printers were published to Active Directory (AD). One writer pointed out that if either error condition existed, the problem would be constant instead of intermittent. Good logic! This problem's cause is a common one. Do you know what it is?

==== 3. News & Views ====
by Paul Thurrott, [email protected]

Intel Releases Faster Pentium 4 Generation

On Monday, Intel unleashed next-generation Pentium 4 chips, ushering in a new chip design that lets the processors scale to new speeds. Intel released four new Pentium 4 chips based on its Prescott family of processors that run with an 800MHz bus speed at 3.4GHz, 3.2GHz, 3.0GHz, and 2.8GHz. In addition, a new 3.4GHz version of the Pentium 4 Extreme Edition microprocessor that's based on the Prescott technology is now the fastest desktop processor in the world. Intel manufactures the chips by using a new 90 nanometer (nm) process that allows for a smaller physical package, which yields twice as many transistors as the earlier-generation Northwood Pentium 4 processors. And because the new chips are smaller than their predecessors, Intel can cut more chips from a silicon wafer, resulting in lower production costs.

"This new manufacturing technology, along with numerous architectural enhancements, enables us to continue delivering products that allow end users to interact with a wide variety of digital devices," Bill Siu, general manager of Intel's Desktop Platforms Group, said. "These processors provide improved responsiveness for today's corporate and home applications and offer headroom for the next wave of technologies." In addition to new speeds, which Intel says will scale to 4GHz by the end of the year, the new chips also feature the Hyper-Threading Technology multitasking feature from earlier Pentium 4 designs and a larger (1MB) L2 cache, further increasing their performance advantage over competing chips (earlier Pentium 4 versions featured 512KB of L2 cache). Intel says that the chips also include 13 new instructions that will increase the performance of multimedia applications.

Unlike most processor revisions, the new Pentium 4 designs actually consume a bit more power than the earlier generation did, drawing 90 to 115 watts of power, depending on the chip's speed. Intel says that the higher power requirements are a result of expanded L2 cache and additional processor instructions. Major PC makers such as Dell, HP, and Sony are already shipping new PCs that feature the 3.2GHz, 3.0GHz, and 2.8GHz versions of the new microprocessors. Intel says it will ship the 3.4GHz version to PC makers by March.

==== 4. Announcements ====
(from Windows & .NET Magazine and its partners)

Work with SQL Server?

Subscribe to SQL Server Magazine and gain access to a valuable treasury of SQL Server tools and content. You'll receive 12 print issues along with access to the entire online article archive, endless code listings, valuable tips and tricks, and more. Bonus--the System Table Map Poster and Subscriber Benefits Card. Subscribe today!
https://secure.pentontech.com/nt/sql/index.cfm?promocode=psep2142pw

Check Out the Latest Web Seminar--A Practical Guide to Selecting the Right IM Security Solution

Deploying an IM security solution is the only way to gain control over your IM security. In this free Web seminar, you'll learn about IM authentication, encryption, support for and interoperability between different IM networks, auditing, automatic legal disclaimers, virus and worm scanning, and more. Register now!
http://www.winnetmag.com/seminars/imsecuritysolution

==== 5. Resources ====

Tip: Solving Problems with Scheduled Tasks in Win2K

by David Chernicoff, [email protected]

A few months ago, I received some email messages asking for help with a scheduled task problem in Windows 2000. Many Windows Client UPDATE readers had written to tell me that after their system clocks made the change to daylight saving time, their scheduled tasks either were scrambled, lost information, tried to run as a non-Administrator user, or exhibited other problems. All the readers mentioned that they solved their problems by recreating scheduled tasks, but they wanted to know whether I knew what had caused the trouble and whether they should expect it to happen again.

At the time, I couldn't find an explanation, but recently I discovered the problem's cause. If your Win2K computer is running FAT32 as the system partition, problems with scheduled tasks occur because of the way time changes affect the file stamps. This problem doesn't occur with NTFS, and because I use NTFS, I never encountered, nor was I able to duplicate, the problems on my systems. I always recommend using NTFS with Windows XP and Win2K.

This week's tip is a simple one: Use NTFS. The advantages of doing so far outweigh the disadvantages.

Featured Thread: Permissions for Screen Saver and Desktop Background in Win2K

Forum member Ryank has a small LAN with four computers running Windows 2000 Server. His roommates use his computers and change the desktop background and screen savers. Ryan would like to know whether he can set permissions for the screen savers and desktop background if he creates user accounts for them. If you can help, join the discussion at the following URL:
http://www.winnetmag.com/forums/rd.cfm?cid=37&tid=67208

==== 6. Events ====
(brought to you by Windows & .NET Magazine)

New Web Seminar--Realizing the Return on Active Directory

Join Mark Minasi and Indy Chakrabarti for a free Web seminar and discover how to maximize the return on your Active Directory investments and cut the cost of security exposures with secure task delegation, centralized auditing, and Group Policy management. Register now and receive NetIQ's free "Layered Security Architecture" white paper. http://www.winnetmag.com/seminars/activedirectoryroi

==== 7. New and Improved ====
by Dianne Russell, [email protected]

Monitor Your PC's Network Performance

G-Lock Software announced Advanced Administrative Tools (AATools) 5.56, a multithreaded network diagnostic tool suite for Windows computers that gathers information about a computer's network status and service availability. AATools includes 12 utilities that work together to assess, manage, safeguard, and optimize a computer's network functions and performance. The Network Monitor module displays information about a computer's inbound and outbound network connections and maps the computer's open ports to their respective applications. The Resource Viewer module lets you view .exe and .dll files' resources, displaying information about program resources such as dialogs, icons, and strings. The Trace Route module shows you the path packets sent from your machine to other machines on the network take as they hop from router to router and includes each router's name and IP address. You can save all information AATools collects to .txt files. The intuitive interface makes employing the program easy for users. AATools supports Windows XP/2000/NT4/Me/9x. Pricing is $49.95 for a single-user license; upgrades are free. Site licenses are available. You can download a fully functional trial version of the software from the AATools Web site at http://www.glocksoft.com/aatools.htm . Contact G-Lock Software at [email protected]. http://www.glocksoft.com

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==== Sponsored Links ====

Argent

Comparison Paper: The Argent Guardian Easily Beats Out MOM http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink

==== 8. Contact Us ====

About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]