Windows & .NET Magazine UPDATE--July 22, 2003

This Issue Sponsored By

InstallShield Software

HP Openview


1. Commentary: Windows 2003 Gets Its First Major Security Vulnerability

2. Hot Off the Press

- Microsoft Loses Key DRM Battle

3. Keeping Up with Win2K and NT

- Readers Report About Win2K SP4

4. Announcements

- Take Our Brief Active Directory Survey!

- Windows Scripting Solutions for the Systems Administrator

5. Instant Poll

- Results of Previous Poll: Free Antivirus Services

- New Instant Poll: Win2K SP4

6. Resources

- Featured Thread: Task Manager Won't Run

- Tip: How Can I Request a Read Receipt from Microsoft Outlook?

7. Event

- New--Mobile & Wireless Road Show! 8. New and Improved

- Restore Decentralized Desktop Data

- Securely Transport Syslog Data

- Submit Top Product Ideas

9. Contact Us

- See this section for a list of ways to contact us.

==== Sponsor: InstallShield Software ====

FREE eBook on Quick Application Packaging

InstallShield presents "The Administrator Shortcut Guide(TM) to Software Packaging for Desktop Migrations," a compact resource for getting up to speed quickly and making your migration project a success. Authored by IT expert Chris Long, this eBook contains best practices for planning a software migration project, references on migration standards, resource requirements, and more. Download now!


==== 1. Commentary: Windows 2003 Gets Its First Major Security Vulnerability ====

by Paul Thurrott, News Editor, [email protected]

Last week, I got a curious phone call from one of Microsoft's public relations firms asking whether I was available for a call later that day to discuss a recently discovered critical security vulnerability. Intrigued by the nature of the call, I agreed.

You might already be familiar with the topic of the call, which ended up being a big story late last week. Microsoft wanted to discuss Security Bulletin MS03-026 (Buffer Overrun In RPC Interface Could Allow Code Execution). The vulnerability is notable for several reasons. First, it's the first Windows Server 2003 security vulnerability that Microsoft has labeled "critical." Second, it affects virtually every Windows NT-based OS in mainstream use, including Windows 2003, Windows XP (32- and 64-bit versions), Windows 2000, NT 4.0, and NT Server 4.0, Terminal Server Edition. (On a curious side note, the bulletin notes that Windows Me isn't affected, but neither are any of the Windows 9x OSs, from what I can tell.)

So why did Microsoft want to discuss the vulnerability and resultant patch ahead of its public announcement? Well, MS03-026 is a bit embarrassing to the company, and I think it wanted to address the public relations problems the vulnerability might cause. At first glance, the vulnerability is nothing out of the ordinary: A security vulnerability in a Windows Distributed COM (DCOM) remote procedure call (RPC) interface could let an intruder gain remote access to a Windows-based system, over a network or the Internet, and run code with Local System privileges. Although no systems have yet been compromised, a well-written hack could install software; view, change, or delete data; or perform most any other action imaginable on the affected system. More information about the vulnerability and a download for the patch are available at the link below.

Aside from the serious security concerns surrounding this vulnerability, I'm more concerned with Microsoft's desire to discuss this problem and the bizarre reactions to this problem I've seen in the press and from readers. I feel that by highlighting this problem, Microsoft has needlessly drawn attention to the fact that Windows 2003 has been compromised, making that event sound more important than it is. Let me explain.

I don't think anyone honestly believed that Windows 2003 would remain unhacked forever. And I don't think Microsoft's claim of "most secure Windows ever" is unfounded, even given this vulnerability. But I don't know what the company gains from saying more than "lesson learned." One of the comments I heard during the call was that many people at Microsoft felt that the company should have found this vulnerability during the infamous 2002 Trustworthy Computing code review--when the company halted development of Windows 2003 and other products to reorganize its development methodology and look for security holes. Today, I'm told, the company has upgraded the process to look for this kind of mistake. I don't think we could expect anything less.

From a customer standpoint, any critical security vulnerability, especially one whose patch requires a system reboot, is a problem for several reasons. First, I don't think many customers yet trust Microsoft to release high-quality patches or trust that installing a patch won't cause other problems. Second, a system reboot is often expensive and disruptive. And finally, no one cares that no systems have yet been compromised; as a Windows customer, you can't help feeling like you're playing a security version of Russian roulette. No one wants to be first.

From my viewpoint, freaking out over this vulnerability, beyond any valid concerns you have about the expense and effort of rolling out the fix, isn't time well spent. Improving Windows security is an ongoing activity in Redmond, and I don't mean to be cavalier about the topic. However, if we'd all been clamoring for security during the OS wars, the office suite wars, or the browser wars, we would have gotten it. Ultimately, Microsoft is a customer-driven company that depends on its users upgrading regularly. If we don't feel that the company's latest products don't answer our concerns--which are now prioritized to include high security--then maybe it's time to look elsewhere. But honestly, I don't think you've any reason to believe that the security in Linux or Mac OS X is any better, unless of course you're a real gambler. Spin that wheel.

More About Windows and Antivirus

Last week's column about Microsoft and antivirus technology bundling garnered a large reader response. Unlike some articles I've written, however, the reaction was expected; the topic seems to ignite strong feelings. I don't have the exact figures, but most readers who wrote strongly agreed that Microsoft needs to offer antivirus technology and regular antivirus definition updates for free. However, a strong contingent of readers feel that Microsoft shouldn't do so for various reasons, including the fact that the company already faced serious legal problems for bundling Microsoft Internet Explorer (IE) and other products in Windows. Some suggested that antirust technology is simply an excuse for the company's shoddy software: If Windows were well written, they argued, we wouldn't need this protection. I'm not sure I agree with that last point--I believe attackers target Windows only because it's the most popular platform. Surely Linux and the Mac OS would have similar problems if the market share picture were reversed.

I still feel strongly that antivirus protection should be a key feature of Windows Longhorn and a benefit that customers receive simply by choosing Windows. Plenty of technological precedents for adding such technology to Windows exist, and if Microsoft is serious about "trustworthy computing," few decisions could show that concern more clearly than bundling antivirus technology--for free--in Windows.

Microsoft Security Bulletin MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution (823980)


==== Sponsor: HP Openview ====

Test your Website FREE for 30 days

HP will remotely Monitor the availability and performance of your corporate website FREE for 30 days, using powerful HP OpenView management software. Simulate activity. Monitor complex transactions. Meet business demands. Manage web services. Click here.


==== 2. Hot Off the Press ====

by Paul Thurrott, [email protected]

Microsoft Loses Key DRM Battle

In a strangely unpublicized case, Microsoft has found itself on the losing end of a ruling in a crucial Digital Rights Management (DRM) battle with InterTrust Technologies, a DRM company that's suing the software giant for almost 150 counts of patent infringement. This week's ruling sets the stage for a trial that will determine whether Microsoft broke the law, although the two companies will likely pursue settlement talks. InterTrust says that Microsoft has violated its DRM patents in products such as Windows Media Player (WMP) and the Xbox video game console. For the complete story, visit the following URL:

==== 3. Keeping Up with Win2K and NT ====

by Paula Sharick, [email protected]

Readers Report About Win2K SP4

I recommend you read through the laundry list of Windows 2000 Service Pack 4 (SP4) experiences that readers have sent me. I've edited the comments for clarity and readability and posted them at the URL below. Based on these comments, apparently SP4 introduces a problem with Windows 2000 Server Terminal Services, and a documented problem exists with the Multiple Universal Naming Convention Provider (MUP) component, mup.sys. Some people are also seeing incredibly long delays during system restart and logon, but we haven't determined the source of the delays. If any of you want to contact the author of one of these comments, send me a note and I’ll forward it to the originator. And please, keep sending your feedback my way.

==== 4. Announcements ====

(from Windows & .NET Magazine and its partners)

Take Our Brief Active Directory Survey!

Windows & .NET Magazine would like to know how your organization uses Active Directory. Your feedback will be kept absolutely confidential, so take our brief survey today!

Windows Scripting Solutions for the Systems Administrator

You might not be a programmer, but that doesn't mean you can't learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions, the monthly print publication that helps you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. Try a sample issue today at

~~~~ Hot Release: Internet World ~~~~

Internet World

Win a portable DVD player from Internet World and BSA!

Is your organization playing "roulette" with your company's ethics, budget and computer safety by using unlicensed software?

Learn how software piracy can dramatically effect your organization at our next Webcast on June 23 at 2:00 pm EDT.

Plus one lucky Webcast attendee will walk away with a FREE portable DVD player! Register today:

==== 5. Instant Poll ====

Results of Previous Poll: Free Antivirus Services

The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "Do you think Microsoft should offer free antivirus services to its Windows customers?" Here are the results from the 286 votes:

- 76% Yes

- 22% No

- 3% I don't know

(Deviations from 100 percent are due to rounding error.)

New Instant Poll: Win2K SP4

The next Instant Poll question is, "Have you updated your Windows 2000 systems to Service Pack 4 (SP4)?" Go to the Windows & .NET Magazine home page and submit your vote for a) Yes, we've installed SP4, b) Yes, but we uninstalled SP4 because of system problems, c) No, we're waiting until SP4 problems are ironed out, or d) We have no plans to upgrade to SP4.

==== 6. Resources ====

Featured Thread: Task Manager Won't Run

Zanshin writes that he can't get taskmgr.exe to run. The program loads for about 1 second, then immediately closes. If you can help, join the discussion at the following URL:

Tip: How Can I Request a Read Receipt from Microsoft Outlook?

by John Savill,

A message sender can configure Outlook to receive a read receipt, which is a message sent to the sender when the recipient opens the message. To request a read receipt, perform the following steps:

1. Create a new message as usual.

2. From the View menu, select Options.

3. Under "Voting and Tracking options," select the "Request a read receipt for this message" check box.

4. Click Close.

==== 7. Event ====

(brought to you by Windows & .NET Magazine)

New--Mobile & Wireless Road Show!

Learn more about the wireless and mobility solutions that are available today! Register now for this free event!

==== 8. New and Improved ====

by Carolyn Mader, [email protected]

Restore Decentralized Desktop Data

Peer Software announced Save-N-Sync 3.0, software that lets you protect and restore decentralized desktop data. Save-N-Sync incorporates Embedded Open File Manager (EOFM) software from St. Bernard Software to provide protection for open and locked files. The software provides as many as 15 source-target backup and synchronization routines for expanded control, customization, and protection. You can map relationships between desktops, laptops, Network Attached Storage (NAS) devices, or servers. Save-N-Sync is available in a standard and corporate edition. Pricing is $29 per license for Save-N-Sync Standard and $79 per license for Save-N-Sync Corporate. EOFM is an optional addition that costs $59 per license. Contact Peer Software at 631-979-1770 or [email protected]

Securely Transport Syslog Data

Kiwi Enterprises released Kiwi Secure Tunnel 1.0.5, software that runs as a service on Windows NT-based systems. The software receives, compresses, and securely transports syslog messages from distributed network devices to a Kiwi Syslog Daemon. The Kiwi Secure Tunnel comprises a client and a server and gathers messages from network devices and forwards the messages across a secure link to the Tunnel Server. The software is available as freeware. For more information, contact Kiwi Enterprises at [email protected]

Submit Top Product Ideas

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected]

==== Sponsored Links ====


Jerry Honeycutt Desktop Deployment Whitepaper;5790077;8214395;s?


Learn about the new security features of Exchange 2003 -- FREE!;5856606;8214395;t?


==== 9. Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.