Skip navigation
Menu
Security

Windows & .NET Magazine UPDATE, May 20, 2003

********************

Windows & .NET Magazine UPDATE--brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies.
http://www.winnetmag.com

*********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Aelita Software
http://www.aelita.com/winnetupdate052003

Windows & .NET Magazine
http://www.winnetmag.com/seminars/mobility
(below COMMENTARY)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: AELITA SOFTWARE ~~~~
FREE Guide for Migrating to Active Directory Thinking about migrating to Active Directory? Organizations often make the move without first understanding the impact on their environment. The result? Extra work and unresolved security issues. Get the information you need before you begin from the Active Directory experts at Aelita. Get your FREE Guide: 10 Things to Know Before Deploying Active Directory
http://www.aelita.com/winnetupdate052003

********************

May 20, 2003--In this issue:

1. COMMENTARY
- Next-Generation Secure Computing Base: Panacea or Big Brother?

2. HOT OFF THE PRESS
- Microsoft to License UNIX Source Code

3. KEEPING UP WITH WIN2K AND NT
- Watch for the Win32.Palyh-A Email Worm

4. ANNOUNCEMENTS
- Get Windows 2003 Active Directory Answers in a New eBook! - How Can You Reclaim 30% to 50% of Windows Server Space?

5. INSIDE WINDOWS SCRIPTING SOLUTIONS
- June 2003 Issue
- FOCUS: Command-Shell Scripting Tools

6. HOT RELEASES (ADVERTISEMENTS)
- Hewlett-Packard
- Tumbleweed Communications
- Raxco Software

7. INSTANT POLL
- Results of Previous Poll: Server Systems
- New Instant Poll: NGSCB

8. RESOURCES
- Tip: Why Can't I Hear Sound from the Speakers on My Windows Server 2003 System, Even Though the Sound Device Appears to Be Working?

9. EVENTS
- Security 2003 Road Show

10. NEW AND IMPROVED
- Back Up to Any Type of Storage Device
- Connect Tablet PCs to Legacy Devices
- Submit Top Product Ideas

11. CONTACT US
- See this section for a list of ways to contact us.

********************

1.

COMMENTARY


(contributed by Paul Thurrott, News Editor, [email protected])

* NEXT-GENERATION SECURE COMPUTING BASE: PANACEA OR BIG BROTHER?

I was surprised by the number of email messages I received this past week from Windows & .NET Magazine UPDATE readers eager for more information about Next-Generation Secure Computing Base (NGSCB--formerly Palladium, the name I still prefer), given the fact that we won't be able to implement this technology until 2005 at the earliest. NGSCB is vast, complex, and widely misunderstood; I'm at a loss to understand the bizarre anti-NGSCB opinions that have become widespread on the Web. This week, I examine NGSCB from the mile-high view: Why it was created, what problems it will solve, and why some people are afraid of it. Next week, I'll delve a little deeper and look at the often discrete technologies that make up NGSCB.

At its most basic level, NGSCB will emerge as the product version of Microsoft's Trustworthy Computing initiative--in other words, it's all about trust. Think of it this way: When you flip a light switch, you trust that the electricity will be on, much the same way that you trust your car will start when you turn the key. Although these events sometimes surprise us, they're reliable enough that a level of trust has set in; when things go wrong, it's the exception, not the rule.

Contrast these events with the PC. At home, I have a variety of systems, each with its own personality. My wife uses a Pentium III 866 machine that's very reliable but sits unusable while the BIOS check pauses for several minutes each time the machine reboots. We don't know why, it just happens. And I have a notebook computer that I use around the house that refuses to work well with hibernation. Again, I have no clear reason why--it just doesn't work. Both systems are examples of the problems with computers today. A more drastic, and perhaps more common example occurred at the Web development company at which I worked in the mid-1990s: We had to reboot our Windows NT 4.0 Web server once a week or the resources would dry up and the Web sites would crawl. We never determined why this problem happened--it was a memory leak of some sort, I think--but the fact remains that we didn't trust that machine.

With PCs (and PC-based servers), the sad truth is that one bad experience or one unexplainable glitch that destroys data or brings down the box is often reason enough to make us never trust the PC again. This lack of trust is the reason why the public stereotypes PCs as unstable and unreliable.

So Microsoft is seeking to fix this problem by lifting our trust in PCs to the level of trust that we have in other devices and services. The problem exists at both the hardware and software level, but the problem isn't just about reliability. We put our personal information, private corporate data, and other crucial information on these devices, then connect them to one another through networks and to the world through the Internet. Virtually every day, I hear a report about some new virus, email-based worm, or hack that could potentially bring the whole house of cards crashing down around us. The PC wasn't designed to support this distributed model. And like Windows, the PC has been bandaged and patched beyond recognition to support new industry trends and technologies over the years. The time has come to start anew.

Microsoft's answer is NGSCB, a hardware and software solution that will make security, personal privacy, reliability, and stability integral parts of the PC platform. Largely because of Microsoft's long-term goal of maintaining backward compatibility, the company will build NGSCB off the PC platform, and that, perhaps, is the weakest part of the plan, although understandable from a marketing perspective. If the company simply introduced a totally safe but completely incompatible hardware and software platform, few companies would jump on board.

You might think of NGSCB PCs as "PC Plus" devices because they'll have everything a typical PC has, plus additional NGSCB circuitry, and everything Windows has, plus additional NGSCB services and features (I'll delve into the details next week). These NGSCB PCs will integrate and interoperate with other PCs on a network and across the Internet and offer additional features to users, such as secure communications, data isolation, and a trust model for exchanging data with non-NGSCB PCs. Contrary to some of the scarier reports I've seen, NGSCB isn't about Microsoft being Big Brother; the technology won't turn off access to applications or MP3 files you've "borrowed," for example, but will instead offer ways to ensure that your personal information is distributed only to whom you want, in the level of detail you want. NGSCB is about control, but not the way some describe. Under the NGSCB model, you control your data and private information.

Many people have compared NGSCB to Digital Rights Management (DRM) technology, which is bogus, other than the fact that few people understand DRM either. DRM is designed to let content creators specify how consumers use their intellectual property (or, as the critics say, to limit your fair use rights, which is an exaggeration). So you'll see DRM in use at online movie rentals or with Apple Computer's new iTunes Music Store, which lets users purchase digital songs for 99 cents each. NGSCB isn't DRM, but it would be an excellent platform for DRM because it exposes security features that would make DRM more valuable to users. For example, if a DRM-encoded song could definitively determine that you were, indeed, the true owner of that music, you could play it on any NGSCB-enabled device (and yes, Microsoft will port NGSCB to other platforms such as Linux and the Palm OS, I'm told). That interoperability would effectively end most arguments against DRM's sometimes Draconian restrictions because of the limits of today's PCs and devices.

So, is NGSCB the end-all, be-all technology? No. Like any other technology, NGSCB will have limits, and given the years-long lead time, watching how it comes together will be interesting. Next week, I'll discuss some specifics, and explain why a NGSCB-enabled PC will be more secure, reliable, and trusted than the PC you're using now.

********************

~~~~ SPONSOR: WINDOWS & .NET MAGAZINE ~~~~
Microsoft Mobility Tour Couldn't make the Microsoft Mobility Tour event? If you were too busy to catch our Microsoft Mobility Tour event in person, now you can view the Webcast archives for free! You'll learn more about the available solutions for PC and mobile devices and discover where the mobility marketplace is headed.
http://www.winnetmag.com/seminars/mobility

~~~~~~~~~~~~~~~~~~~~

2.

HOT OFF THE PRESS


(contributed by Paul Thurrott, [email protected])

* MICROSOFT TO LICENSE UNIX SOURCE CODE
In an unexpected move, Microsoft announced that it will license the UNIX source code from SCO Group, the company that owns patents on the technology and is involved in a controversial lawsuit alleging that Linux has illegally stolen source code from UNIX. Why Microsoft wants to license the technology is unclear; analysts say the company made the decision to license UNIX source code and technologies to encourage other companies to strike similar deals with SCO and improve interoperability. But darker reasons could exist. In March, SCO sued IBM for $1 billion, charging the company with transferring SCO trade secrets to Linux. The Linux community reacted with outrage, voicing fears that other Linux makers would soon be sued. Obviously, the Microsoft decision could cause further fury from the Linux world, and given the software giant's attitude toward Linux, causing an uproar could have been the plan all along. Read the complete story at the following URL: http://www.wininformant.com/articles/index.cfm?articleid=39040

3.

KEEPING UP WITH WIN2K AND NT

(contributed by Paula Sharick, [email protected])

* WATCH FOR THE WIN32.PALYH-A EMAIL WORM This morning, I found 10 messages in my Inbox from [email protected], with subject lines of "Cool screensaver," "Re:My details," and others from the list below. According to Central Command's Emergency Virus Response Team (EVRT), these messages are distributing a new Internet worm called Win32.Palyh-A in the message attachments. Email from [email protected] with one of the following subject lines is likely infected with this worm: - Your Password - Screensaver - Re: Movie - Your details - Approved (Ref: 38446-263) - Re: Approved (Ref: 3394-65467) - Cool screensaver - Re: My details - Re: My application - Re: Movie

The message attachments have a .pif extension and a filename that reflects the text in the Subject field. When you open the attachment, the worm copies a file called mscon32.exe into the \windows\directory and creates a registry entry that runs this file every time you boot your system. Command Central's instructions don't explain how the worm works when the system folder has a name other than \windows. When the worm runs, it scavenges email addresses embedded in files with file types of .dbx, .eml, .htm, .html, .txt, and .wab, then propagates itself to the addresses it collects. To find out more about this worm as well as a Windows Media Player (WMP) security update, visit the following URL:
http://www.winnetmag.com/articles/index.cfm?articleid=39056

4.

ANNOUNCEMENTS


(brought to you by Windows & .NET Magazine and its partners)

* GET WINDOWS 2003 ACTIVE DIRECTORY ANSWERS IN A NEW EBOOK! The first chapter of Windows & .NET Magazine's latest eBook, "Windows 2003: Active Directory Administration Essentials," is now available at no charge! Chapter 1 delves into Windows Server 2003 and focuses on what's new and improved with Active Directory (AD). Expert Jeremy Moskowitz discusses which AD features might be important to you (and why). Download it now! http://www.windowsitlibrary.com/ebooks/administeringad/index.cfm?pc=adupd

* HOW CAN YOU RECLAIM 30% TO 50% OF WINDOWS SERVER SPACE? Attend the newest Web seminar from Windows & .NET Magazine and discover the secrets from the experts. We'll also advise you on how to reduce storage growth and backups by 30% and how to reduce storage administration by 25% or more. There's no charge for this important Web event, but space is limited so register today! http://www.winnetmag.com/seminars/precise

5.

INSIDE WINDOWS SCRIPTING SOLUTIONS

Windows Scripting Solutions is a monthly paid print newsletter loaded with news and tips to help you manage, optimize, and secure your Web-enabled enterprise. NONSUBSCRIBERS can access all the newsletter content in the online article archive from the premiere issue of Windows Scripting Solutions (December 1998) through the print issue released 1 year ago.

In addition to receiving the monthly print newsletter, SUBSCRIBERS can access all the newsletter content, including the most recent issue, at the Windows Scripting Solutions Web site ( http://www.winscriptingsolutions.com ). Subscribe today and access all the 2003 issues online! http://secure.duke.com/nt/win32scripting/index.cfm?action=sub&code=wi26xhm

* June 2003 Issue To access this issue of Windows Scripting Solutions, go to the following URL: http://www.winscriptingsolutions.com/articles/index.cfm?action=usprint&issueid=643

FOCUS: Command-Shell Scripting Tools This month, read about a menu of troubleshooting tools and commands that introduces new users to command-shell scripting and helps veterans remember command syntax. Plus, learn how to use ADSI scripts to manage your IIS environment.

* Creating a Shell Scripting Tools Menu System This menu of troubleshooting tools and commands introduces new users to command-shell scripting and helps veterans remember command syntax.
--Dick Lewis
http://www.winscriptingsolutions.com/articles/index.cfm?articleid=38666

6.

HOT RELEASES (ADVERTISEMENTS)

=

* HEWLETT-PACKARD
HP OpenView for Windows Test Drive Monitor the availability and performance of your corporate website -- FREE for 30 days, using powerful HP OpenView management software for Windows. Simulate activity. Monitor complex transactions. Meet business demands. Manage web services. Click here. http://www.winnetmag.com/hptestdrive/

* TUMBLEWEED COMMUNICATIONS
LIVE WEBCAST: ZERO IN ON SPAM IN THE ENTERPRISE
Featuring analyst firm Gartner, City of Hope and Mutual of Omaha on Thursday, May 22, 2003, 10:00 a.m. PT / 1:00 p.m. ET. Find out about anti-spam best practices for large enterprises and how Tumbleweed customers are successfully managing spam. http://anon.doubleclick.speedera.net/anon.doubleclick/PentonMedia/placeware051503.html

* RAXCO SOFTWARE
New! PerfectDisk V6.0 Defragger
It's here -- PerfectDisk(R) V6.0, the world's most complete defragger. Now provides full integration with Active Directory, plus rules-based recommendations and trending. Network World calls PerfectDisk the defragmenter "Cadillac." Join EDS, IBM, thousands of others. Defrag AND optimize with PerfectDisk. Free evaluation and more at http://www.raxco.com/winnetmag

7.

INSTANT POLL

* RESULTS OF PREVIOUS POLL: SERVER SYSTEMS
The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Which server does your company most commonly use?" Here are the results from the 347 votes. - 44% HP/Compaq - 35% Dell - 11% IBM - 1% Unisys - 8% Other

(Deviations from 100 percent are due to rounding error.)

* NEW INSTANT POLL: NGSCB
The next Instant Poll question is, "Do you think NGSCB (formerly known as Palladium) will present a positive security solution or an invasion of privacy?" Go to the Windows & .NET Magazine home page and submit your vote for a) A security solution, b) An invasion of privacy, c) Both, or d) I don't know yet. http://www.winnetmag.com/magazine

8.

RESOURCES

* TIP: WHY CAN'T I HEAR SOUND FROM THE SPEAKERS ON MY WINDOWS SERVER 2003 SYSTEM, EVEN THOUGH THE SOUND DEVICE APPEARS TO BE WORKING? ( contributed by John Savill, http://www.windows2000faq.com )

To play sound from your Windows 2003 system, ensure that the Windows Audio service is running. To do so, open a command session, then type net start and verify that Windows Audio is listed. If Windows Audio doesn't appear in the list, start the service either from the Microsoft Management Console (MMC) Computer Management snap-in or from the command line by typing net start "windows audio" or net start audiosrv If you want to hear sound every time you start the machine, navigate to the Services branch of the Computer Management snap-in and set the service mode to Automatic start-up.

9.

EVENTS


(brought to you by Windows & .NET Magazine)

* SECURITY 2003 ROAD SHOW Join Mark Minasi and Paul Thurrott as they deliver sound security advice at our popular Security 2003 Road Show event. http://www.winnetmag.com/roadshows/security2003

10.

NEW AND IMPROVED


(contributed by Carolyn Mader, [email protected])

* BACK UP TO ANY TYPE OF STORAGE DEVICE PANTERASoft released Careful Backup 1.52, software that provides automatic data backup to any type of storage. You can use the software to protect your data from accidental deletes, overwrites, and viruses that can permanently destroy data. You can schedule backups to run on a minute, hour, daily, and monthly basis. The software runs on Windows XP/2000/NT/Me/9x systems and costs $34.95. Contact PANTERASoft at [email protected]. http://www.panterasoft.com

* CONNECT TABLET PCS TO LEGACY DEVICES Keyspan announced USB connectivity products that let you connect your Tablet PC to legacy devices. The USB Serial Adapter connects a serial device to a USB port. The USB Parallel Printer Adapter connects a parallel printer to a USB port. The Mini Port Replicator combines the USB serial adapter, USB parallel printer adapter, and the two-port USB hub. For pricing, contact Keyspan at 510-222-0131 or [email protected]. http://www.keyspan.com

* SUBMIT TOP PRODUCT IDEAS Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected].

11.

CONTACT US


Here's how to reach us with your comments and questions:

* ABOUT THE COMMENTARY -- [email protected]

* ABOUT KEEPING UP WITH WIN2K AND NT -- [email protected]

* ABOUT THE NEWSLETTER IN GENERAL -- [email protected] (please mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- [email protected]

* QUESTIONS ABOUT YOUR WINDOWS & .NET MAGAZINE UPDATE SUBSCRIPTION? Customer Support -- [email protected]

* WANT TO SPONSOR WINDOWS & .NET MAGAZINE UPDATE? [email protected]

********************
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today. http://www.winnetmag.com/sub.cfm?code=wswi201x1z

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email |-+-|-+-|-+-|-+-|-+-|

Thank you for reading Windows & .NET Magazine UPDATE.

__________________________________________________________ Copyright 2003, Penton Media, Inc.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024