Security UPDATE--Browser Security; More About Security Through Obscurity--June 8, 2005

1. In Focus: Browser Security; More About Security Through Obscurity

2. Security News and Features

- Recent Security Vulnerabilities

- Does Web Browser Choice Affect Security?

- Setting Up Windows Server Update Services

3. Security Toolkit

- Security Matters Blog

- FAQ

4. New and Improved

- Keep Your Windows PC Secure

==== Sponsor: Raritan Computer ====

A New Dimension in IT Infrastructure Management: Integrated KVM and Serial Console Control Systems

In this free white paper learn how today's KVM and serial console control tools have evolved to meet the challenge of large, multiplatform, heterogeneous infrastructures data centers becoming ever more complex. Plus – discover the many benefits of integrated KVM and serial solutions, which include reduced downtime, mean-time-to-repair, lower costs and improved ROI. Download your copy now!

http://www.windowsitpro.com/whitepapers/raritan/integratedkvm/index.cfm?code=sectop_608

==== 1. In Focus: Browser Security; More About Security Through Obscurity ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

In a recent survey performed by Opera Software, approximately 32 percent of respondents had no idea whether the browser they choose affects their system's overall security (see the news item below). It's probably safe to assume that those people don't know how any application might affect their system's overall security.

Some people might argue that using any browser other than Microsoft Internet Explorer (IE) is far safer. That might not be true depending on how someone uses IE. For example, if you load the latest patches, stay on top of the latest vulnerabilities and exploits, use add-on tools that increase security, and possibly modify certain registry settings, then IE can become much safer to use than it is in its default configuration. Plus, if you use Windows XP with Service Pack 2 (SP2), IE is much safer.

If you subscribe to our WinInfo Daily UPDATE newsletter, you probably read last Friday's Short Takes edition in which Paul Thurrott mentioned that IE 7.0 is in development. It will undoubtedly be more secure than previous versions, but there's a catch: It will be available only for Windows XP and Windows Server 2003. At this time, it seems that Microsoft won't make the new browser version available for Windows 2000. Mainstream support for that OS ends June 30, but that doesn't mean that no security patches will be available. Since the company will provide free security patches until June 2010, I think we can assume that includes security patches for IE on Win2K.

It's certainly possible to switch from IE to another browser on any Windows platform, but of course doing so presents problems because some application interfaces rely on the use of IE. This means that in many cases, you'll have to use two browsers, which isn't a big deal, but you do incur the added work of managing an additional application on your desktops.

Last week, I wrote about security through obscurity. One reader wrote to say that in his opinion I completely missed the point of what the phrase "security through obscurity" really means. There's no sense arguing semantics. I'll just say that I was advocating adding as much security as possible even if the added amount is trivial. Another reader wrote with a comment that illustrates this point. He said that even though he knows a thief can quickly unlock his car door and steal the vehicle, he locks the car anyway.

That about sums it up. However, there is the notion of cost, which I didn't cover last week. Some might argue that the cost of managing something like MAC address filtering on wireless Access Points (APs) is excessively expensive for the amount of security gained. This could be true depending on the size of your environment, the size of your budget and your ideas about where that money is best spent, and the manner in which you implement network management. Obviously, you have to decide that for yourself.

A feature item below mentions a feature article about Windows Server Update Services (WSUS). You can read the complete feature article on our Web site and chat about WSUS with Doug Toombs today at 12 P.M. Eastern (9 A.M. Pacific). Learn more about the "WSUS Is Not for Wussies!" Web chat at

http://ad.doubleclick.net/clk;16543905;6134865;n?http://www.microsoft.com/communities/chats/default.mspx#05_0608_tn_wsus

==== Sponsor: MessageOne ====

Avoiding Availability Pitfalls in Microsoft Exchange Environments

When Microsoft Exchange is down, many businesses are down. Although many solutions are targeted at making Exchange email environments more reliable, a wide range of potential difficulties still lurk, waiting to interrupt service and, ultimately, your business. In this free white paper, discover the more common pitfalls that can lessen Exchange availability and the recommendations for what you can do to avoid the problem and better plan your Microsoft Exchange messaging environment.

http://www.windowsitpro.com/whitepapers/messageone/availabilitypitfalls/index.cfm?code=secmid_608

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Does Web Browser Choice Affect Security?

A recent survey revealed that many people still don't realize how applications might affect overall system security. The survey revealed that 17 percent of respondents thought that the browser played no role in overall system security and 32 percent said they didn't know one way or the other.

http://www.windowsitpro.com/Article/ArticleID/46554

Setting Up Windows Server Update Services

Patch management is a headache for security administrators at most organizations. Windows Server Updates Services (WSUS) offers benefits for organizations of all sizes. In this article, John Howie walks you through the process of installing and configuring WSUS for your organization, obtaining updates, and configuring clients to use WSUS to obtain updates.

http://www.windowsitpro.com/Article/ArticleID/46195

==== Resources and Events ====

Antispam product not working?

Many email administrators are experiencing increased frustration with their current antispam products as they battle new and more dangerous email threats. In-house software, appliances, and even some services may no longer work effectively and require too much IT staff time to update and maintain or to satisfy the needs of different users. In this free Web seminar, learn how you can search for a better way to protect your email systems and users.

http://www.windowsitpro.com/seminars/antispamsolutions/index.cfm?code=0608emailannc

Register For This Free Web Seminar--You Could Win a Windows IT Pro VIP Subscription!

In this free Web seminar, learn what the most common fax messaging challenges encountered in the workforce are and solutions for how to turn these common fax "headaches" into cost-effective, easy-to-use, business communications. You'll also receive a free, industry white paper on fax deployment and integration techniques. Register now and you'll receive a 30-day software trial and a Starbucks gift card for attending!

http://www.windowsitpro.com/seminars/applicationintegration/index.cfm?code=0608emailannc

Diagnose and Resolve Performance Problems

Maximizing application performance isn't easy, and database is only one component of today's complex, multi-tiered systems. In this free Essential Guide, learn how to follow a solid monitoring practice and troubleshoot issues before they get out of hand. You'll discover how you can ensure optimal SQL Server performance and satisfied users.

http://www.windowsitpro.com/essential/index.cfm?code=0608emailannc

Get Ready for SQL Server 2005 Roadshow in Europe

Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

http://www.windowsitpro.com/roadshows/sqlservereurope/index.cfm?code=0608emailannc

Recover Your Active Directory

Get answers to all your Active Directory recovery questions here! Join industry guru Darren Mar-Elia in this free Web Seminar and discover how to use native recovery tools and methods, how to implement a lag site to delay replication, limitations to native recovery approaches and more. Learn how you can develop an effective AD backup strategy – Register today!

http://www.windowsitpro.com/seminars/activedirectoryrecovery/index.cfm?code=0608emailannc

==== Featured White Paper ====

Antispam Product Not Working?

In-house software, appliances, and some services may no longer work effectively and require too much IT staff time to update and maintain or to satisfy the email security needs of different users. In this free white paper, learn how a managed service solution can lower overhead and administrative costs, get more flexible end-user controls, improve service and support, and more.

http://www.windowsitpro.com/whitepapers/postini/managedservice/index.cfm?code=0608emailannc

==== Hot Release ====

Converting a Microsoft Access Application to Oracle HTML DB

Get the most efficient, scaleable and secure approach to managing information using an Oracle Database with a Web application as the user interface. In this free white paper learn how you can use an Oracle HTML Database to convert a Microsoft Access application into a Web application that can be used by multiple users concurrently. You'll learn how to improve the original application by adding hit highlighting and an authorization scheme to provide access control to different types of users. Download this free white paper now!

http://www.windowsitpro.com/whitepapers/oracle/htmlaccess/index.cfm?code=sechot_608

==== 3. Security Toolkit ====

Security Matters Blog: TCPDUMP for Windows

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

If you've been looking for a Windows-based version of the popular tcpdump tool, MicroOLAP Technologies offers MicroOLAP TCPDUMP for Windows, which the company says reproduces all the features found in the original tcpdump for UNIX.

http://www.windowsitpro.com/Article/ArticleID/46555

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I enable the List Object security option in Active Directory (AD)?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/46572

==== 4. New and Improved ====

by Renee Munshi, [email protected]

Keep Your Windows PC Secure

WinKeeper Professional 4.85 is the most recent version of a suite of 12 Windows security utilities from WinKeeper Software. Spyware Doctor detects and cleans spyware, adware, Trojan horses, keyloggers, spybots, and other malware that might be on your PC. Security Task Manager lets you examine the processes that run on your computer and ensure that there are no intruders. BHO Cleaner lets you easily control the browser helper objects that have been installed on your computer. Other suite utilities can help you clear your IE history file, erase files, and manage passwords. WinKeeper Professional 4.85 runs under Windows 98/Me/NT 4.0/2000/XP and costs $34.95 for a single-user license. For more information, go to

http://www.winkeeper.net.

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Sponsored Links ====

Optimizing Disk-Based Backups for SMBs and Distributed Enterprises

Combine disk-based backup with automated backup technology. Download now!

http://www.windowsitpro.com/whitepapers/emcdantz/diskbasedbackup/index.cfm?code=nlsplink

Free Active Directory Recovery white paper

Recover data in minutes with Quest Recovery Manager for AD

http://ad.doubleclick.net/clk;17104003;8214395;v?http://wm.quest.com/WITPSponlink11ThingsRMAD0605

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]