Windows & .NET Magazine UPDATE--October 21, 2003

This Issue Sponsored By

IBM Rational software

PolyServe Matrix Server Clustering Software


1. Commentary: Securing the Perimeter

2. Hot Off the Press
- Microsoft Faces Antitrust Complaints on Three Fronts

3. Announcements
- New Windows & .NET Magazine Web Site Unveiled!
- RSA Conference 2003, RAI Congress Centre, Amsterdam, November 3-5, 2003
- COMDEX Las Vegas 2003

4. Inside Windows Scripting Solutions
- November 2003 Issue
- Focus: Automate Three Tedious and Time-Consuming Tasks

5. Instant Poll
- Results of Previous Poll: Software Update Services
- New Instant Poll: Secure the Perimeter

6. Resources
- Tip: How Can I Stop Web Sites from Accessing My Local Clipboard?

7. Event
- The Secret Costs of Spam 8. New and Improved
- Optimize Your Server Resource Environment
- Protect Your Company from Email Threats
- Tell Us About a Hot Product and Get a T-Shirt!

9. Contact Us
- See this section for a list of ways to contact us.

==== Sponsor: IBM Rational software ====
Get A Robust Collection of New Developer Resources--FREE
If you're a developer who wants to stay on top of the latest technology, be sure to sign up to receive the latest developer PowerPack from IBM(R) Rational(R) software. Get a robust collection of resources— market-leading evaluation software, technical articles, extensive artifact libraries, webinars, expert presentations, reference posters, and software demos. View what you want. Explore your technical interests. Click Here


==== 1. Commentary: Securing the Perimeter ====
by Paul Thurrott, News Editor, [email protected]

Last week, I began a discussion about Microsoft's new plan to secure Windows and its other products, but I ran out of space. This week, I'd like to complete that thread and briefly discuss the feedback I received to a related Windows & .NET Magazine UPDATE editorial, "Should Microsoft Be Held Financially Liable for the Bugs in its Products?" ( ).

You might recall that Microsoft CEO Steve Ballmer recently discussed his company's ever-evolving plans to secure its users' systems at the Microsoft Worldwide Partner Conference 2003 in New Orleans. Going forward, Ballmer pledged that Microsoft would reduce the size of patches, reduce the number of reboots that patches cause, introduce better patch-deployment automation, address the needs of legacy systems, provide more predictable patch schedules, and provide more guidance about securely deploying and managing Microsoft systems.

That wasn't all Ballmer had to say, however. A growing feeling among security experts at the software giant is that a new strategy of better securing the edges of networks might ultimately better protect the numerous Windows systems found within those networks. This strategy, called "Securing the Perimeter," is now a core tenet of Microsoft's wider Trustworthy Computing initiative, and it will affect all IT administrators and decision makers that use Microsoft products.

The idea behind "Securing the Perimeter" is simple: By hardening the network entry points to your vulnerable Windows machines, you can install security patches whenever you want, after they've been tested inhouse, and not panic when the next massive virus or worm outbreak occurs. "Patching is critical, but patching is insufficient ... in terms of the speed with which new vulnerabilities are coming out," Ballmer said. "What we really want to do is make our customers resilient to attack, even when patches are not installed. You should be able to have a kind of perimeter around you that protects you so that you can install patches on your own schedule--I'm not saying patching becomes irrelevant--but you should be able to apply patches on your own schedule, not on the schedules of the hackers."

Part of the strategy is simple pragmatism: Microsoft can't go back and fix every vulnerability in every product it's ever made, a situation made more difficult by the wide range of Microsoft products in constant use at so many enterprises, businesses, and homes worldwide. But even if the company did fix every vulnerability, one problem that the MSBlaster (LoveSan) and SoBig.F attacks made clear was that no amount of technology or communication on Microsoft's part will ever convince the majority of its customers to install those patches. By securing the entry points to networks, Microsoft is logically handling what seemed to be a fairly insurmountable problem.

For a secure perimeter, you must have secure end-user desktops (albeit those running recent Windows versions) and firewalls on the network's edge. End-user desktops need to be secured because these machines are often attached directly to the Internet or to non-Windows devices that Microsoft can't control. Also, you must consider nonsecured notebooks that are brought into work or that connect through a VPN into a network. Microsoft is looking at some obvious attack vectors: malicious email messages, viruses, and worms that scan ports on the Internet; malicious Web content; and buffer overruns. Ballmer said Microsoft is working on technologies that will solve these problems, and most of these technologies will be delivered in Windows XP Service Pack 2 (SP2), due in the first half of 2004, and in a Microsoft Internet Explorer (IE) update. (These technologies from XP SP2 and IE will also be rolled into Windows Server 2003 SP1.) To handle the other cases, Microsoft simply advises users to adopt a third-party antivirus package.

XP SP2 will enable an improved Internet Connection Firewall (ICF); this new ICF version will include better management tools and, I hear, outbound scanning in addition to the inbound scanning offered in the current version. XP SP2 will also include an improved memory-protection feature that will "essentially lock that memory so that worms and exploits can't write into bad pieces of memory after a buffer-overrun problem," Ballmer said. The IE update will bolster the program with new code that prevents the execution of ActiveX controls from Web sites that you don't explicitly trust.

On the server side, Microsoft is adding perimeter-inspection technologies that will debut in Windows 2003 SP1. This release, which will include a new security configuration wizard for role-based security configurations, will debut by mid-2004, Microsoft says. The company is also working on a crucial new update to its enterprise firewall, Microsoft Internet Security and Acceleration (ISA) Server 2004, which will provide application-level firewalling features.

Part of Microsoft's message here sounds a bit marketing heavy: The company believes that all laptop and VPN users should be running XP and all outbound-facing servers should be running Windows 2003. Microsoft's rationale is that these systems are more secure and more securable than previous versions. The cynics might point out that adoption of these systems will help Microsoft's financial picture. Both points are equally valid, I believe.

Feedback on Microsoft and Financial Liability for Bugs
At the risk of deflating expectations, I'm probably not going to be able to provide anything earth-shattering here: In more than 100 responses to this editorial, the opinions were split almost evenly, with those believing that Microsoft should indeed be held liable winning a small majority. Equally unsurprising, many respondents felt quite strongly about their opinions. I'm still on the fence about this matter, but the one overwhelming factor for me is that software, especially the crucial systems infrastructure software that Microsoft supplies, is an economic necessity for many businesses, markets, and governments. If Microsoft wants to continue to set the standard and be the dominant player, its products must meet the security challenge. Whether this happens in an open market or through some sort of government oversight is unclear: Most readers thought government involvement is a bad idea, and I tend to agree. But something has to change. If Microsoft can't make more reliable software, maybe we need to stop relying on it for our most crucial systems.


Sponsor: PolyServe Matrix Server Clustering Software ====
Want to consolidate under-utilized Windows file servers, enable all servers to share one highly-available, consolidated copy of data, and reduce TCO over 50%?
Consolidate your standalone and two-node file servers into a simple to manage "all-active" cluster of servers and shared data. PolyServe's Matrix Server is the only clustering solution to combine shared data clustering and high availability into a single, easy to use framework for cluster management helping you eliminate "passive" servers, "manage many servers as one", and simplify LUN management and backup. FREE file serving solution brief


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

Microsoft Faces Antitrust Complaints on Three Fronts A series of antitrust-related events has dogged Microsoft in the past few days. The European Union (EU), the state of Massachusetts, and the US Department of Justice (DOJ) all issued separate complaints that come to the same conclusion: Despite its settlement with the US government and several US states, Microsoft continues to abuse its software monopoly and run roughshod over the industry. The complaints came just as Microsoft issued its official response to the EU's proposed antitrust remedies, which Microsoft says are too strict. For the complete story, visit the following URL:

==== 3. Announcements ====
(from Windows & .NET Magazine and its partners)

New Windows & .NET Magazine Web Site Unveiled!
We are proud to announce the new and improved Windows & .NET Magazine Web site. Discover the fresh, new look and a more simplified way to find answers, news, strategic guidance, and how-to information. Check out our new Web site at

RSA Conference 2003, RAI Congress Centre, Amsterdam, November 3-5, 2003
Whether you are deploying, developing, or investigating data security or cryptography products, make sure you attend Europe’s leading information security conference and exhibition! To register or for more information, please click here.

COMDEX Las Vegas 2003
At COMDEX, you'll have the opportunity to learn the ins and outs of the most prominent platform of the enterprise, data center, and desktop. Key elements include in-depth sessions on Windows Server 2003, Exchange Server 2003, reducing spam with Exchange Server 2003 and Outlook 2003. Come to Las Vegas this November 16-20 and take charge.;6362177;8488938;f?

~~~~ Hot Release: Faxback ~~~~

Aware of the FCC's New FAX Rules? (whitepaper)
Ready or not, the FCC's regulations regarding FAX are here. Think they don't affect you -- think again.
The whitepaper provides an overview to the July 2003 FCC rules and discusses tools to help companies fax responsibly.

4. ==== Inside Windows Scripting Solutions ====

Windows Scripting Solutions is a monthly paid print newsletter loaded with news and tips to help you manage, optimize, and secure your Web-enabled enterprise. NONSUBSCRIBERS can access all the newsletter content in the online article archive from the premiere issue of Windows Scripting Solutions (December 1998) through the print issue released 1 year ago.

We've updated our Web site!
To continue bringing you the highest quality articles and information, and to make it easier for you to access our site, we have created a simple registration process that will let you access important security-related articles and other resources on the Windows & .NET Magazine Network plus receive special discounts and other benefits. When you register you will pick a log on ID and password, tell us a little bit about yourself, and be on your way.

In addition to receiving the monthly print newsletter, SUBSCRIBERS can access all the newsletter content, including the most recent issue, at the Windows Scripting Solutions Web site ( ). Subscribe today and access all 2003 issues online!

November 2003 Issue
To access this issue of Windows Scripting Solutions, go to the following URL:

Focus: Automate Three Tedious and Time-Consuming Tasks
Tasks such as cleaning out file caches and MRU lists, enumerating group memberships to determine which users have access to a resource, and finding out which GPOs exist in AD can be tedious and time-consuming. Here are some scripts to automate such tasks.

Scripting Group Policy Searches
Find out how you can use the GPMC's COM objects to automate some simple and some complex policy-based searches. — Alistair G. Lowe-Norris

==== 5. Instant Poll ====

Results of Previous Poll: Software Update Services
The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Does your organization use Microsoft Software Update Services (SUS)?" Here are the results from the 530 votes:
- 50% Yes
- 39% No
- 11% What's SUS?

New Instant Poll: Secure the Perimeter
The next Instant Poll question is, "Do you think Microsoft's 'Securing the Perimeter' strategy will significantly reduce the company's security problems?" Go to the Windows & .NET Magazine home page and submit your vote for a) Yes, it's a great strategy, b) No, Microsoft needs to address the underlying security of its products, c) I don't know.

==== 6. Resources ====

Tip: How Can I Stop Web Sites from Accessing My Local Clipboard?
by John Savill,

The dynamic HTML component in Microsoft Internet Explorer (IE) 5.0 and later lets Web sites access and write to the clipboard unless you use the High security setting. To avoid having to use the High security setting, perform the following steps:
1. Start IE.
2. From the Tools menu, select Internet Options.
3. Select the Security tab.
4. Select Internet, then click Custom Level.
5. Scroll down to the Scripting section.
6. Under "Allow paste operations via script," set to Disable or Prompt, then click OK.
7. Close all dialog boxes.

You should perform the same steps for the "Restricted sites" zone and any other security zones you think you might need (e.g., the "Local intranet" zone).

==== 7. Event ====
(brought to you by Windows & .NET Magazine)

The Secret Costs of Spam
Do you really know spam's hidden costs? In this free Web seminar, you'll learn how to identify and quantify spam's costs by exploring how organizations define and combat spam, and how spam affects your bandwidth, storage, and server processing costs. Don’t be left in the dark, register now!

==== 8. New and Improved ====
by Carolyn Mader, [email protected]

Optimize Your Server Resource Environment
Consera Software released Consera AgileOne, lifecycle management software for Windows file servers. The software optimizes an organization's server resource environment, automates common workflows, and adapts infrastructure management operations to the specific environment. The software determines server properties and establishes a simple view of the server infrastructure. Consera AgileOne also discovers, deploys, moves, migrates, and consolidates server resources. For pricing, contact Consera Software at 425-455-2506 or [email protected]

Protect Your Company from Email Threats
St. Bernard Software released ePrism, an email-filtering appliance with security, spam protection, antivirus scanning, and content control. You can position the appliance between internal mail servers and the Internet to protect against a spectrum of email threats. The appliance is sold with a supporting subscription service that features upgrades, technical support, and hardware maintenance. Pricing starts at $6000. Contact St. Bernard Software at 858-676-2277 or 800-782-3762.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== Sponsored Links ====

Free Download - NEW NetOp 7.6 - faster, more secure, remote support;5930423;8214395;j?

Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.;6080289;8214395;q?


==== 9. Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.