Windows Client UPDATE, August 14, 2003

==== This Issue Sponsored By ====

Windows Scripting Solutions


1. Commentary: No Excuses--Protecting Computers on the Internet
2. Reader Challenge - July 2003 Reader Challenge Winners - August 2003 Reader Challenge

3. News & Views - Windows Worm Exploits Infamous RPC Vulnerability

4. Announcements - Try Windows & .NET Magazine! - Get the eBook That Will Help You Get Certified!

5. Resources - Tip: Changing the Default Number of Downloaded Messages in Outlook Express's NNTP Reader - Featured Thread: Problems with Windows Update

6. Events - New--Mobile & Wireless Road Show!

7. New and Improved - Preview Results of Office File Migrations - Increase Your System Performance - Submit Top Product Ideas

8. Contact Us - See this section for a list of ways to contact us.

==== Sponsor: Windows Scripting Solutions ====

Windows Scripting Solutions for the Systems Administrator You might not be a programmer, but that doesn't mean you can't learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions, the monthly print publication that helps you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. Try a sample issue today at: ====================

==== 1. Commentary: No Excuses--Protecting Computers on the Internet ====
by David Chernicoff, [email protected]

As someone who spends way too much time sitting in front of a computer, I sometimes forget that I know things that the general computer-using population rarely thinks about. The truth of that statement was brought home to me this week by two incidents that, although they were unrelated to each other, illustrate a common problem.

Late last week, I started receiving emailed questions about computers automatically shutting down with a warning message shortly after being booted. Because I was getting these messages from a disparate set of users, it was clear that some sort of virus was on the loose. A couple minutes of research uncovered the Windows remote procedure call (RPC) vulnerability that Microsoft released a patch to repair 3 weeks ago. (You can read the details about the vulnerability in the Microsoft article "MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution" at .)

This vulnerability affects all versions of Windows based on Windows NT that are later than NT 4.0. Because only Windows XP enables automatic updating by default, I'm certain that many users of earlier OS versions didn't receive the patch automatically and probably aren't subscribed to either the corporate or end-user version of Microsoft Security Update. (To learn more about Security Update, go to ). What bothered me most about the situation is the simple fact that, even unpatched, none of the vulnerable OSs can be attacked if they're behind a properly configured firewall. In this day and age, no user should expose his or her computer to the Internet without adequate protection.

I recently took a trip on short notice, and I grabbed a new notebook computer to take along. Other than configuring my email applications on the notebook, I hadn't done anything with it. When I travel, I use MSN for dial-up access. I don't install the MSN client; rather, I simply configure dial-up networking with a local phone number for wherever I happen to be. When I arrived at my hotel, I connected to the Internet and within just a few minutes began receiving messenger service pop-up ads. Realizing my mistake, I disconnected, brought up the properties for the DUN connection, and enabled the built-in Internet Connection Firewall (ICF) that's available in XP. Doing so stopped the attacks, and my dial-up experience improved immensely. More important, my security level increased.

My experience offers a quick and easy example of what a firewall can accomplish; in XP, increased protection was only a few mouse clicks away. Which brings me to the second incident I referred to earlier. I received a phone call from a panicked friend who was certain that her new work notebook computer had a virus. The small company she worked for had just issued new notebooks to its sales force (of a dozen users), and she told me that when she took hers home and connected to the Internet, carefully following the instructions she was given, all sorts of weird things started happening.

When I took a look at her computer, it was clear that she didn't have a virus; she was simply being inundated with a constant stream of messenger pop-ups. "A simple enough fix," I thought to myself, "I'll just enable ICF and she'll be fine." So I blithely went to the network connections page, right-clicked the network connection (after closing the telephone connection), and nothing happened. No context menu appeared. So I clicked the "Change settings of this connection" entry in the left-pane menu. Nothing.

Wanting to make sure that her notebook was working properly, I configured a DUN connection to my MSN account, which worked fine, with all properties available. So I had to ask her the dreaded question: "Who decided that you should be using AOL for remote access?" I was certain that the AOL client was the problem. To verify that I was correct, I installed the AOL client on a computer I had that was slated for an OS removal. Sure enough, no way existed to modify the connection properties so that ICF could run on the AOL-provided connection.

It seems that, as a cost-saving measure, my friend's company had decided to get rid of the 800 number direct-dial connection that the sales force had been using and instead use a generic Internet connection and Microsoft Outlook Web Access (OWA) to give the sales force email access. Because email was all this group of employees needed, a large cost savings seemed to be available. Evidently, after a discussion about ISPs, the owner of the company had directed the single IT professional on staff to "Use AOL. It works fine for me at home."

I told my friend to have her company's IT guy give me a call. I explained to him that he would either need to purchase and configure a firewall for each of the outside sales computers, or, given that the sales force spent only a short amount of time online each day, simply switch to another national ISP and enable ICF on the DUN connection. As for my friend, I downloaded and configured a shareware firewall product on her notebook so that she could surf the Internet in peace. I didn't send the company a bill for my time. I hope it takes my advice.

==== 2. Reader Challenge ====
by Kathy Ivens, [email protected]

July 2003 Reader Challenge Winners

Congratulations to our July Reader Challenge winners! Carrie Piazza of Clarkston, Washington, wins first prize, a copy of "Windows Server 2003: The Complete Reference." Randall Ader of Spokane, Washington, wins second prize, a copy of "Admin911:Windows 2000 Registry." Visit to read the solution to the July 2003 Reader Challenge.

August 2003 Reader Challenge

Solve this month's Windows Client problem, and you might win a prize! Email your solution (don't use an attachment) to [email protected] by August 28, 2003. You must include your full name, street mailing address, and phone number (all required for shipping your prize).

I choose winners at random from the pool of correct entries. Because I receive so many entries each month, I can't reply to respondents (and I never respond to a request for a receipt). Look for the solution to this month's problem at on August 28, 2003.

I heard from a reader who works in the market research department of a large company. The five people who work in the department frequently exchange document files, sometimes for the purpose of editing and sometimes because one user asks, "Can I borrow your report on the frazzle for my report on the doohickey?" Each user creates folders for current projects and shares the folders, so accessing all the users' documents is easy. (This team spirit is commendable.) The department's computers are running either Windows XP or Windows 2000 and are members of a Win2K domain. Every computer runs NTFS.

The reader who wrote to me said that she received an email message from another department member, who said, "Open the frazzle.doc file you transferred to my Project6 folder, look at the nifty stuff I added to it, and make corrections." When the reader tried to open the document, she received an error message telling her that she didn't have permission to access the file. NTFS permissions can be tricky when you move objects around.

How much do you know about the way NTFS permissions work? Indicate either true or false for each of the following statements:

1. When you move an object to a different volume, the object's permissions are inherited from the new parent object, and the original permissions are ignored.

2. If you move an object to a different folder on the same volume, the original permissions are retained, even if the new parent object's permissions are different.

3. The Everyone group has Full Control permissions on the root of an NTFS drive.

4. Deny permissions have precedence over Allow permissions.

5. Explicitly set permissions have precedence over permissions that the parent object grants.

6. If a user's group permissions conflict with her individual user permissions, NTFS grants the most liberal permissions.

==== 3. News & Views ====
by Paul Thurrott, [email protected]

Windows Worm Exploits Infamous RPC Vulnerability

A rapidly duplicating worm known as LoveSan, Blaster, or MSBlaster is spreading to Windows systems across the Internet. The worm exploits a vulnerability Microsoft fixed more than a month ago--the same remote procedure call (RPC) vulnerability that the US Department of Homeland Security warned about weeks ago, which makes the worm's spread all the more irritating because IT departments had the tools to stop the worm but didn't. The worm makes affected systems reboot, and its underlying code includes mocking attacks on Microsoft Chairman and Chief Software Architect Bill Gates.

"Billy Gates why do you make this possible?" the worm's code asks. "Stop making money and fix your software!!" Security experts who have examined the worm say that it also includes a Denial of Service (DoS) time bomb that floods Windows Update, making it difficult for users to get the software update that protects them from the worm. The worm scans the Internet for other vulnerable machines and propagates to those hosts. By loading itself on an ever-expanding list of hosts, the worm is able to spread more quickly over time.

Users who have applied Microsoft's security patch are spared from the worm's attack. In addition, the company is looking at ways to deflect the Windows Update attacks, which could last for months, security experts say. So far, however, most of the worm's disruption is a result of the Internet traffic it generates, not of its ability to make machines spontaneously reboot. The worm appears to affect most Windows NT-based versions of Windows, including Windows XP and Windows 2000. For the latest news update about the worm, including information about coping with the outbreak, see Mark Joseph Edwards, "UPDATE: ISC Detects RPC/DCOM Worm," at .

==== 4. Announcements ====
(from Windows & .NET Magazine and its partners)

Try Windows & .NET Magazine!

Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Microsoft Exchange Server, and more. Our expert authors deliver how-to content you simply can't find anywhere else. Try a sample issue today, and find out what more than 100,000 readers know that you don't!

Get the eBook That Will Help You Get Certified!

The "Insider's Guide to IT Certification," from the Windows & .NET Magazine Network, has one goal: to help you save time and money on your quest for certification. Find out how to choose the best study guides, save hundreds of dollars, and be successful as an IT professional. The amount of time you spend reading this book will be more than made up by the time you save preparing for your certification exams. Order your copy today!

==== 5. Resources ====

Tip: Changing the Default Number of Downloaded Messages in Outlook Express's NNTP Reader
(contributed by David Chernicoff, [email protected])

Many readers have asked me about using Microsoft Outlook Express as a Network News Transfer Protocol (NNTP) reader for accessing Microsoft's public support newsgroups. One of the most common questions is about changing the default number of downloaded messages to a number larger than what the Outlook Express NNTP reader typically allows. When you visit a newsgroup and want to scan 5000 messages, it's annoying to be able to pull down only 1000 at a time. As you might expect, a registry edit can solve the problem. Take the following steps:

1. Open a registry editor and find the HKEY_CURRENT_USER\Identities\\Software\Microsoft\Outlook Express\\News subkey. (The GUID and Outlook Express version number are specific to your computer and depend upon what version of Outlook Express is installed.)

2. In the right pane, double-click the "Download at a time" value, of type REG_DWORD.

3. Select Decimal and change the value to the number of messages you want Outlook Express to automatically download.

A reboot isn't required; the next time you launch Outlook Express, the new default count will be set. Mine has been set to 100,000 for quite a while with no problems. I pulled down a newsgroup with over 94,000 messages to double-check for this tip.

Featured Thread: Problems with Windows Update

Forum member MattDD is having trouble with Windows Update. He's able to access Personalize Windows Update and View Installation History and can download Critical Updates and Driver Updates. However, he can't download any of the Windows downloads. MattDD is running Windows 2000 with Service Pack 4 (SP4). If you can help, join the discussion at the following URL:

==== 6. Events ====
(brought to you by Windows & .NET Magazine)

New--Mobile & Wireless Road Show!

Learn more about the wireless and mobility solutions that are available today! Register now for this free event!

==== 7. New and Improved ====
by Sue Cooper, [email protected]

Preview Results of Office File Migrations

ConverterTechnology announced OfficeConverter ScanIT, a utility that scans desktops and file servers for Microsoft Office files that might be affected during an upgrade to newer versions of Office applications. ScanIT lets companies scan an unlimited number of files and reports on the number and type of errors that will occur in a file migration. You can speak with a ConverterTechnology Migration Engineer to determine how ConverterTechnology can help convert and repair the ScanIT-identified files. OfficeConverter ScanIT is free to Microsoft Office users; you can download the utility from .

Increase Your System Performance

Outer Technologies released Cacheman 5.5, a Windows performance enhancement and memory recovery utility. Cacheman 5.5 optimizes the disk cache and system settings to prevent frequent swapping of data to the hard disk. New features include a command-line memory recovery utility, more efficient memory recovery, and additional settings for tweaking Windows XP and Windows 2000 performance. Cacheman 5.5 supports Windows XP/2000/NT/Me/98/95. Pricing is $10 for a single-user license. Contact Outer Technologies on its Web site.

Submit Top Product Ideas

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected]

==== Sponsored Links ==== Ultrabac FREE live trial-Backup & Disaster Recovery software w/ encryption;5945485;8214395;x?

CrossTec Free Download - NEW NetOp 7.6 - faster, more secure, remote support;5930423;8214395;j?


==== 8. Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.