Windows & .NET Magazine Security UPDATE—brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows Server 2003, Windows 2000, and Windows NT systems.
http://www.secadministrator.com
THIS ISSUE SPONSORED BY
Experience How Real Time Monitoring Will Benefit YOU
Windows & .NET Magazine Network Web Seminars
(below IN FOCUS)
SPONSOR: EXPERIENCE HOW REAL TIME MONITORING WILL BENEFIT YOU
A proactive Security Administrator installed TNT Software's ELM Enterprise Manager 3.0 on his critical servers to assess the benefits of real time monitoring. During the first week, EEM 3.0 paged him as a disgruntled employee attempted to access confidential files, alerted him when the QoS of his Exchange Server began to drop, and automatically restarted a failed anti-virus service. As a result, ELM Enterprise Manager was purchased and fully deployed during the second week. Download your FREE 30 day full feature evaluation copy today and experience how real time monitoring will benefit YOU.
http://www.tntsoftware.com/winsec021203
February 12, 2003—In this issue:
1. IN FOCUS
- Junk Mail and Spyware
2. SECURITY RISKS
- Multiple Vulnerabilities in Microsoft IE
- Unchecked Buffer in Windows XP Redirector
3. ANNOUNCEMENTS
- Catch the Microsoft Mobility Tour—Time Is Running Out!
- Black Hat Briefings & Training: Windows Security
4. SECURITY ROUNDUP
- News: In-Stat/MDR Expects Broadband Security Market to Soar
- News: IDC Says Security Market to Reach $45 Billion by 2006
5. SECURITY TOOLKIT
- Virus Center
- FAQ: How Can I Use Group Policy to Configure the Shutdown Event Tracker?
6. NEW AND IMPROVED
- Ensure Logon Security Through Signature Authentication
- Protect Lotus Notes/Domino Databases
- Submit Top Product Ideas
7. HOT THREAD
- Windows & .NET Magazine Online Forums
- Featured Thread: Clear History When a User Exits Windows
8. CONTACT US
- See this section for a list of ways to contact us.
1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, [email protected])
Unsolicited (aka junk) email is a big problem. I've written about such email in a previous edition of Security UPDATE (see " Tired of Unwanted Email? Try This Simple Solution"). Solicitors can find your email addresses many ways, some of which involve mining data from public news groups and Web-based message forums.
Other methods of obtaining your email address involve intrusive software packages that include various types of data mining, such as copying your contact list or address book contents. Such software is typically referred to as "spyware." For one example of how others gather data about you and those you know, read the Security UPDATE commentary "Protect Your Contact List: Read the EULA!".
To help protect yourselves from some kinds of spyware, you need to take several actions. First, don't let Java-based or ActiveX-based code run on your systems through your Web browser and email client software unless you're certain you can trust the content provider not to spy on your system. Second, you need to scan your systems from time to time to determine whether any known spyware might have slipped onto your system.
One great tool to help scan your systems for spyware is Lavasoft's Ad-Aware. Lavasoft recently released Ad-Aware 6.0. Although other available tools perform similar tasks, the basic version of Ad-Aware 6.0 does a great job and is free.
Ad-Aware scans your system's registry and file systems looking for keys and files that match known spyware programs. When Ad-Aware finds such an item, you can have the software remove it from your system. One useful feature of Ad-Aware is its ability to check for new spyware signature update files. For example, as of February 10, Ad-Aware scans for 4375 known spyware programs.
You must pay for the two more advanced versions of Ad-Aware: Ad-Aware Plus will scan for spyware in realtime and help prevent it from entering your system in the first place. Ad-Aware Professional can perform scans of remote systems and contains many additional features. For complete details about each version check the Lavasoft Web site \[http://www.lavasoft.de\] and click on the specific product.
Another useful tool for spyware identification is the SpyChecker.com Web site. The site maintains a database and search engine in which you can enter a name to determine whether it's listed as a spyware program or vendor.
Eliminating spyware from your systems won't eliminate junk email, but it will probably help you keep the amount of unwanted junk mail you receive to a minimum. It will also help keep marketing companies from snooping on your system to learn your Internet use habits without your knowledge and consent.
SPONSOR: WINDOWS & .NET MAGAZINE NETWORK WEB SEMINARS
DON'T MISS OUR WEB SEMINARS IN MARCH!
Windows & .NET Magazine has 3 new Web seminars to help you address your security and storage concerns. There is no fee to attend "Selling the Importance of Security: 5 Ways to Get Your Manager's Attention," "Building an Ultra Secure Extranet on a Shoe String," or "An Introduction to Windows Powered NAS," but space is limited, so register for all 3 events today!
http://www.winnetmag.com/seminars
2. SECURITY RISKS
(contributed by Ken Pfeil, [email protected])
Andreas Sandblad discovered two new vulnerabilities in Microsoft Internet Explorer (IE) that can result in information disclosure or the execution of arbitrary code on the vulnerable system. These vulnerabilities stem from a flaw in IE's showHelp function that results in incomplete security checking, which lets a Web site access information in another domain. An attacker can misuse certain dialog boxes to run malicious scripts and obtain that data. Microsoft has released Security Bulletin MS03-004 (Cumulative Patch for Internet Explorer) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. This patch addresses all previously discovered IE vulnerabilities.
http://secadministrator.com/articles/index.cfm?articleid=37973
A new vulnerability in the Microsoft Windows Redirector can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from an unchecked buffer that Windows XP uses to receive parameter information. By providing malformed data to the Windows Redirector, a potential attacker can cause the system to fail or run code of the attacker's choice. Microsoft has released Security Bulletin MS03-005 (Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.
http://www.secadministrator.com/articles/index.cfm?articleid=37974
3. ANNOUNCEMENTS
(brought to you by Windows & .NET Magazine and its partners)
This outstanding seven-city event will help you support your growing mobile workforce. Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. You could also win an HP iPAQ Pocket PC. There is no charge for these live events, but space is limited, so register today! Sponsored by Microsoft, HP, and Toshiba.
http://www.winnetmag.com/seminars/mobility
Attend the world's premier technical event for Windows and .NET security experts, February 24-27, 2003 in Seattle. You'll find six tracks, seven training sessions, and full support from Microsoft. See for yourself what the Black Hat buzz is all about. Register today!
http://www.blackhat.com
4. SECURITY ROUNDUP
According to In-Stat/MDR, the market for broadband-based security solutions will grow to $829 million by the end of 2004, up from $71 million in 2000. The company attributes the expected growth rates to expanding use of broadband connectivity solutions.
http://www.secadministrator.com/articles/index.cfm?articleid=37948
IDC reports that it expects the IT security market to reach $45 billion in revenues by 2006. The predicted figures include software, hardware, and services. Revenues in 2001 were about $17 billion.
http://www.secadministrator.com/articles/index.cfm?articleid=37945
5. SECURITY TOOLKIT
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
http://www.secadministrator.com/panda
( contributed by Brett Hill, http://www.iisanswers.com )
A. You can use Group Policy to configure the Shutdown Event Tracker by performing the following steps:
- Open Group Policy, then load the group policy to which you want to apply the change.
- Expand Computer Configuration, Administrative Templates, System.
- Double-click Display Shutdown Event Tracker.
- Select Enabled.
- Select the Never option, then click OK.
- Click OK to close all dialog boxes.
6. NEW AND IMPROVED
(contributed by Sue Cooper, [email protected])
Security Biometrics released BIOSign, a biometric signature authentication solution to replace text-based password and PIN logon systems in Windows XP and Windows 2000. BIOSign is powered by Security Biometrics' PenFlow technology, which analyzes the way in which a signature is signed, not how it looks. To verify your users' identities, the software compares the pen's force, speed, and directional vectors to profile data. Contact Security Biometrics at 866-522-3888 and [email protected].
http://sigbio.xplorex.com
Symantec announced Symantec AntiVirus/Filtering for Domino, an integrated virus protection and filtering solution for Lotus Notes/Domino databases. The software now offers rules-based content filtering and realtime protection from malicious and spam attacks. Supports Lotus/Domino databases running AIX, iSeries, Linux, Solaris, Windows 2000 and Windows NT. Contact Symantec through its Web site.
http://enterprisesecurity.symantec.com.
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected].
7. HOT THREAD
http://www.winnetmag.com/forums
(One message in this thread)
A user writes that he wants to be able to clear the Microsoft Internet Explorer (IE) history folder and delete all temporary Internet files and folders when a user logs off. Lend a hand or read the responses:
http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=54145
8. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT IN FOCUS — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR SECURITY UPDATE?
[email protected]
This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today!
http://www.secadministrator.com/sub.cfm?code=saei25xxup
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
