Windows Client UPDATE, August 28, 2003

==== This Issue Sponsored By ====

Windows Scripting Solutions


1. Commentary: Readers Respond: Patching, Virus Attacks, and Antivirus Software Alerts
2. News & Views - SoBig.F Slows, But SoBig.G Is Coming Soon

3. Announcements - Decision Point: Windows 2000 or Windows Server 2003? - Find Your Next Job at Our IT Career Center

4. Resources - Tip: More About the Convert Command in Windows XP - Featured Thread: Using "Run As" in a User Logon Script

5. Events - New--Mobile & Wireless Road Show!

6. New and Improved - Administer Windows Machines Remotely - Let Users Reset Their Passwords - Submit Top Product Ideas

7. Contact Us - See this section for a list of ways to contact us.

==== Sponsor: Windows Scripting Solutions ====

Windows Scripting Solutions for the Systems Administrator You might not be a programmer, but that doesn't mean you can't learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions, the monthly print publication that helps you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. Try a sample issue today at:


==== 1. Commentary: Readers Respond: Patching, Virus Attacks, and Antivirus Software Alerts ====
by David Chernicoff, [email protected]

Last week's commentary about the various avenues of infection open to the malicious hacking (i.e., Lovesan, and although I didn't mention it by name, the SoBig virus) going on in the real world generated quite a few heated responses from readers. As usual, some readers agreed and some disagreed with each side of the issue I presented. In retrospect, I might have painted the IT universe with too broad a brush, so I'd like to revisit the topic this week.

A large percentage of this column's readers are IT professionals or power users in small companies. From these readers, I received many messages describing their attempts to keep up with the latest patches from Microsoft, and their eventual decision to give their users greater access to their computers so that the users can run Windows Update themselves. The businesses for which these readers work employ only one or two full-time IT people, who are already overwhelmed by business-process-focused tasks and need the cooperation of users to keep computers updated with system patches and real-time antivirus tools. An equally large percentage of readers told me that they are hard-pressed to keep up with required system updating but that their corporate policy is to lock down user computers as tightly as possible, so individual users can't perform their own updating and must depend on IT staff to do the job.

The most interesting responses I received are from some users who are livid that they were attacked from inside their large corporate environment. In these companies, more than just one user sent the SoBig virus to the addresses in the corporate address book. Although IT staff in these companies had updated the email gateway scanning software, many readers reported receiving hundreds of SoBig-infected messages before their local antivirus software was updated. This situation makes me wonder how many environments are well secured from outside attacks but vulnerable to internal attacks.

Finally, many IT professionals contacted me to complain about the side effects of the various network attacks occurring. Their primary concern is that they have had to deal with spoofed email using their companies' domain names and a corresponding amount of automated email containing antivirus software rejection or infection notices. A few of these readers are seeing more than 20 percent of their total email capacity used to transmit various alert messages to noninfected addresses. Some readers lamented needing to explain to non-IT management that the email slowdown their companies have been experiencing isn't due to problems with the computing environment. Their systems have the necessary patches, firewalls, and antivirus software to protect all the corporate computers. Despite all that effort, they're victims of the possibly unintentional side effect of other networks' and users' infections: Their email systems need to deal with other email systems' robots.

That particular problem ties in well with a concern I've been calling for action on: Vendors of system-protection products (e.g., firewalls, antivirus software) need to look for ways to build additional intelligence into their products. After dealing with an almost overwhelming flood of both SoBig infected messages and antivirus software alerts informing me about infected messages I've been protected from, plus dozens, if not hundreds, of similar alert messages from outside email servers, I think there has to be a better way to handle antivirus software notifications. Do any vendors reading this newsletter care to shed some light on their plans to do so?

==== 2. News & Views ====
by Paul Thurrott, [email protected]

SoBig.F Slows, But SoBig.G Is Coming Soon

SoBig.F, the fastest-spreading email virus in history, slowed down somewhat last weekend, but security experts warn that replicated viruses could launch a new wave of attacks soon. SoBig.F's creator designed the virus to unleash two broad attacks over the weekend, either of which could have temporarily crippled the Internet, but security experts were able to protect against the assaults, rendering them ineffective. Before the virus expires on September 10, it will try one more broad attack, according to experts who have examined its source code.

In the meantime, SoBig.F's long-term effects will be felt for months. According to industry analysts, the virus infected hundreds of thousands of computers every day last week for several days straight. By Sunday, the rate of infection had slowed to just tens of thousands of computers, leading security experts to believe the worst was over. As IT workers labor to remove the pernicious virus from these systems, computer users from all walks of life are pondering what they could have done to prevent the vicious outbreak.

But with viruses, attacks never really end--a bigger and more dangerous virus or worm is always waiting around the corner, ready to take another crack at usurping control of users' computers, launching Distributed Denial of Service (DDoS) attacks, and wreaking other havoc in an attempt to bring the Internet to its virtual knees. In many ways, user education seems to have failed with SoBig.F. Enough people opened infected attachments from unknown users to let this virus spread more rapidly than any other. And the fact that the SoBig.F outbreak was infinitely preventable makes the situation even more frustrating.

So what's next? Security experts say the next generation of the virus, SoBig.G, is just around the corner. Whether this assault will as devastating as--or even more devastating than--its predecessor remains to be seen. Let's hope that next time we'll be ready.

==== 3. Announcements ====
(from Windows & .NET Magazine and its partners)

Decision Point: Windows 2000 or Windows Server 2003?

Is now the time to move to Windows Server 2003? Learn answers to this question and much more at Windows & .NET Magazine Connections. To stay competitive in your job, you need to invest your time to keep pace with the latest technologies, tips, and tricks. Register now and receive access to the concurrently running Exchange Connections.

Find Your Next Job at Our IT Career Center

Check out our new online career center, in which you can browse current job openings, post your resume, and create automated notifications to notify you when a job is posted that meets your specifications. It's effective, it's private, and there's no charge. Visit today!

==== 4. Resources ====

Tip: More About the Convert Command in Windows XP
(contributed by David Chernicoff, [email protected])

Last week, in my tip "Running the Convert Command in Windows XP," I wrote that in XP, the Convert command selects the most appropriate cluster size for the disk size. That's true only if XP originally formatted the disk or disk partition. If an OS earlier than XP created the FAT partition and you run the Convert command in XP, the command can use only 512-byte clusters. If your machine has XP preinstalled and is using FAT32, the Convert command will perform the NTFS conversion with a cluster size that's optimal for the volume. Typically, that size is 4KB.

Featured Thread: Using "Run As" in a User Logon Script

Forum member krolrules wants an executable file to run on his users' machines when they log on. However, the file requires administrator rights to the PC on which it runs in order to execute correctly. He would like to know whether he can use "Run As" in a logon script to run the executable file as the domain administrator. All the PCs in his domain run either Windows XP or Windows 2000. The domain servers run Windows Server 2003 and Win2K. If you can help, join the discussion at the following URL:

==== 5. Events ====
(brought to you by Windows & .NET Magazine)

New--Mobile & Wireless Road Show!

Learn more about the wireless and mobility solutions that are available today! Register now for this free event!

==== 6. New and Improved ====
by Sue Cooper, [email protected]

Administer Windows Machines Remotely

ScriptLogic announced Desktop Authority, remote administration software that lets you manage files, shares, processes, services, registry settings, and permissions from a Web browser, PDA, or Wireless Application Protocol (WAP)-enabled telephone browser. No client software is required for you to perform secure, interactive desktop management tasks and have real-time remote control of your Windows desktops. Networked users can access their desktop PC and files when working remotely. You can download Desktop Authority from the ScriptLogic Web site, or you can obtain it from resellers and distributors. Contact ScriptLogic at 561-886-2400 or visit its Web site. Let Users Reset Their Passwords

Avatier released Password Station.NET 2.0, a self-service password reset solution built on Microsoft .NET technology. The software, which is compatible with Windows 2000/NT, lets users securely reset their passwords or set new passwords without Help Desk intervention. Password Station.NET ensures security by using challenge/response authentication, encrypting stored answers, and sending proactive alerts about potential password break-ins to systems administrators. Password Station.NET 2.0 pricing is $15 per user for a minimum of 100 users. Downloads are available at Contact Avatier at 800-609-8610 or [email protected]

Submit Top Product Ideas

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected]

==== Sponsored Links ====


FREE live trial-Backup & Disaster Recovery software w/ encryption;5945485;8214395;x?


Free Download - NEW NetOp 7.6 - faster, more secure, remote support;5930423;8214395;j?


Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.;6080289;8214395;q?


==== 7. Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.