Security UPDATE--Downgrading Application Privileges; More Spyware Solutions-—December 8, 2004

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Protecting Your Company by Managing Your Users' Internet Access

http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=1208SEC_P

Stop Malicious Email Threats Before They Harm Your Email System

http://www.windowsitpro.com/whitepapers/postini/emailintrusion/index.cfm?code=1208SEC_S

1. In Focus: Downgrading Application Privileges; More Spyware Solutions

2. Security News and Features

- Recent Security Vulnerabilities - Windows Server 2003 SP1 Release Candidate Available

- Security Hole in IE Add-ons, Disabled Accounts; a Hotfix Filter Problem; Wireless Connection Failures; and More

- Windows IT Prolympics Winners

3. Security Matters Blog

- Six Honeypots Reveal Intrusion Patterns

- Managing Wi-Fi with Frequency Selective Structures

4. Security Toolkit

- FAQ

- Security Forum Featured Thread

5. New and Improved

- New Integrated Security Appliance

==== Sponsor: Free White Paper from St. Bernard Software ====

Companies pay plenty of attention to hardening their servers and networks but pay little attention to how uncontrolled Internet access from within an organization can represent a significant legal and security risk. For example, users who browse a malicious Web site can become infected with a Trojan or other malware without their knowledge as a result of vulnerabilities in Internet Explorer. Internet filtering technology is a key player in mitigating these threats. This white paper discusses the various methods available for Internet filtering and how to use them to increase security and decrease legal exposure. Download this free white paper now!

http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=1208SEC_P

==== 1. In Focus: Downgrading Application Privileges; More Spyware Solutions ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

In the August 11 edition of this newsletter (at the URL below), I wrote about two tools, PrivBar and MakeMeAdmin, developed by Aaron Margosis. PrivBar is essentially an add-on to Microsoft Internet Explorer (IE) and Windows Explorer. When you install PrivBar, a toolbar is added to both those applications that shows what security context each browser is running under. The toolbar displays the domain and username as well as the group that the account belongs to. The toolbar is color-coded to grab your attention when you run an instance under a highly privileged account, such as an account in the Administrators group.

http://www.windowsitpro.com/Article/ArticleID/43652/43652.html

MakeMeAdmin is a command-line script for Windows that can help you run applications in a more privileged security context. MakeMeAdmin automates the process of using the RunAs command to elevate your privileges. The script performs three actions: Adds your current user account to the local Administrators group, launches a command shell and any other application you want to run, and removes your account from the local Administrators group.

MakeMeAdmin is a handy tool, particularly for those of you who don't want to expose your systems by performing all your tasks while logged on as a member of the Administrators group. But what about those instances in which you're logged on as an administrator (out of need) but don't want to run all your applications in the security context of an administrator account?

Michael Howard (senior security program manager at Microsoft and coauthor of the book "Writing Secure Code") developed a handy tool, DropMyRights, that can help in such instances, provided you use Windows Server 2003 or Windows XP. These two OSs support the Safer API. According to the Microsoft Developer Network (MSDN), "Safer API functions provide any application that launches programs from external sources the ability to query security policy for approval before an executable is launched. The Safer API functions can be called before loading and running an executable or active content. . . . applications where the Safer API is useful include applications that handle attachments (such as mail clients and instant messengers that can transfer files) and script interpreters."

http://msdn.microsoft.com/library/en-us/secmgmt/security/safer.asp

You can use DropMyRights to launch any application under the security context of a nonadministrative user, a restricted user, or an untrusted user. It's simple to install and operate by using a few command-line switches, and you can easily establish shortcuts to launch applications quickly. A sample DropMyRights command to launch IE as a typical user (the default, with no command-line options specified) is

c:\tools\dropmyrights "c:\program files\Internet Explorer\iexplore.exe"

To download a copy of DropMyRights and even see the source code, go to "Browsing the Web and Reading E-mail Safely as an Administrator" at

http://msdn.microsoft.com/library/en-us/dncode/html/secure11152004.asp

Last week, I wrote about enterprise-enabled antispyware solutions. I received numerous responses, and based on those responses, I'd say many of you really needed that sort of consolidated resource! Several people also wrote to tell me about a few other solutions that I didn't include on the list. I've now updated the article on the Web site with four additional products: DynaComm i:scan, Prevx Enterprise, Kaspersky Anti-Virus SuperSecure Database add-ons, and GFI DownloadSecurity for ISA Server, which integrates with the Kaspersky solution. So now a total of 18 solutions are listed.

I also moved the McAfee Anti-Spyware Enterprise Edition Module to the list of soon-to-be-released products because it's actually not available yet. And I added a link to another good list of standalone and enterprise-enabled solutions, which is hosted by one of our readers in the Netherlands. So if you're looking for enterprise-enabled antispyware solutions, re-read the article on the Web to get all the updated information.

http://www.windowsitpro.com/Article/ArticleID/44624/44624.html

Until next time, have a great week.

==== Sponsor: Postini ====

Stop Malicious Email Threats Before They Harm Your Email System

Many companies today are attempting to curb the growing amount of spam and email attacks by purchasing anti-spam appliances, software, or desktop products to implement an in-house email security solution. Yet, the incidence of spam and malicious emails carrying viruses and worms continues to increase. Conventional anti-spam content filtering using software and or appliances inside the firewall are all reactive technologies that cannot prevent these new attacks. In this free white paper, find out what you can do to stop these new techniques and protect your organization. Download this free white paper now!

http://www.windowsitpro.com/whitepapers/postini/emailintrusion/index.cfm?code=1208SEC_S

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Windows Server 2003 SP1 Release Candidate Available

Microsoft has made available Windows Server 2003 Service Pack 1 (SP1) Release Candidate (RC) for download at its Web site. SP1 provides several security enhancements that should catch the interest of most security administrators. In fact, all of the reasons listed in Microsoft's "Top 10 Reasons to Install Windows Server 2003 SP1 RC" relate directly to better security.

http://www.windowsitpro.com/article/articleid/44738/44738.html

Security Hole in IE Add-ons, Disabled Accounts; a Hotfix Filter Problem; Wireless Connection Failures; and More

In this summary article, Paula Sharick covers eight problems you need to know about to better manage your systems and network. Be sure to read it--it could save you a lot of headaches in troubleshooting!

http://www.windowsitpro.com/Article/ArticleID/44627/44627.html

Windows IT Prolympics Winners

Congratulations to the winners of the Windows IT Prolympics. Contestants tested and showed off their Active Directory (AD) prowess by taking a written exam and participating in a virtual-lab skills test.

The gold medal went to Steven Schullo, Hixson, Tennessee. He won a trip to TechEd, a subscription to Windows IT Pro, and an AD T-shirt. Michael Royer, West Hollywood, California, took home the silver medal. He won an iPod, a subscription to Windows IT Pro, and an AD T-shirt. And Nathan Casey, Santa Rosa, California, won the bronze medal and received an Xbox, a subscription to Windows IT Pro, and an AD T-shirt. You'll be able to read more about these IT Prolympians in the January issue of Windows IT Pro.

Even though the contest is over, you can still test your AD knowledge and see how you stack up against your peers. Simply go to http://www.windowsitpro.com/itprolympics , download the study guide, and take the written and virtual-lab exams. Challenge yourself and learn at the same time.

==== Announcements ====

(from Windows IT Pro and its partners)

Try a Sample Issue of Windows Scripting Solutions

Windows Scripting Solutions is the monthly newsletter that shows you how to automate time-consuming, administrative tasks by using our simple downloadable code and scripting techniques. Sign up for a sample issue right now, and find out how you can save both time and money. Plus, get online access to our popular "Shell Scripting 101" series--click here!

http://www.winscriptingsolutions.com/rd.cfm?code=fsep264cup

Get the Cliffs Notes to Migrating from Novell NDS to Windows Server 2003

Migrating from Novell NDS to Windows Server 2003 means moving from an established directory service to the latest version of Active Directory. Missing a step in the migrating process could mean real problems. Use our quick reference guide as a cheat-sheet to help you manage each step of the migration process. Download the guide now.

http://www.windowsitpro.com/essential/index.cfm?code=1206emailannc

Sarbanes Oxley: Race to the Finish Line

The deadline is looming for compliance with the final set of Sarbanes-Oxley requirements. Are you ready, or are you still struggling with Section 404 issues? In this free, on-demand Web seminar, let the experts of Ernst & Young LLP and NetIQ provide you with the tips and techniques required to maintain proper internal control frameworks. Register today!

http://www.windowsitpro.com/seminars/sarbanesoxley/index.cfm?code=1206emailannc

Are You a Hacker Target?

You are if you have an Internet connection faster than 384Kbps. In this free, live Web seminar on December 14, Alan Sugano will examine two attacks (an SMTP Auth Attack and a SQL Attack) that let spammers get into the network and relay spam. Find out how to keep the hackers out of your network, and what to do if your mail server is blacklisted as an open relay. Attend and you could win an Xbox. Register now!

http://www.windowsitpro.com/seminars/antispam/index.cfm?code=1206emailannc

==== Hot Release ====

The Unofficial Guide to IM for Executives

This free white paper will help managers, directors and executives in all types of businesses understand Instant Messaging and the powerful benefits it brings to the workplace when properly managed and controlled. Start protecting your organization and get the white paper now!

http://www.windowsitpro.com/whitepapers/akonix/im/index.cfm?code=1208sec_hr

==== 3. Security Matters Blog ====

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

Six Honeypots Reveal Intrusion Patterns

Six honeypots were placed on line for 2 weeks to gauge how intruders would try to penetrate the systems. The computers ran a variety of OSs. Read this blog entry to learn how they fared.

http://www.windowsitpro.com/Article/ArticleID/44640/44640.html

Managing Wi-Fi with Frequency Selective Structures

There are ways to better confine your Wi-Fi signals. A research paper is available that explains how. http://www.windowsitpro.com/Article/ArticleID/44633/44633.html

==== 4. Security Toolkit ====

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I use a script to uninstall a service pack?

Find the answer at

http://www.winnetmag.com/Article/ArticleID/44619/44619.html

Security Forum Featured Thread

A forum participant wants to know whether to place a SonicWALL firewall appliance in front of the router so it will be directly connected to the Internet or behind the router so the router is directly connected to the Internet. Join the discussion at

http://www.windowsitpro.com/Forums/messageview.cfm?catid=42&threadid=128165

==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro at http://www.windowsitpro.com/events )

Get a Free Windows IT Pro Subscription at the Server Consolidation Roadshow

Come and join us for this free event and find out how a more strategic and holistic approach to IT planning helps organizations increase operational efficiency and facilitate the implementation of new technology. Attend and get a free 6-month digital Windows IT Pro subscription. Plus, you could win an iPod! Sign up today.

http://www.windowsitpro.com/roadshows/serverconsolidation/index.cfm?code=1206emailannc

==== 5. New and Improved ====

by Mark Joseph Edwards, [email protected]

New Integrated Security Appliance

SonicWALL announced its new PRO 1260 integrated security and LAN switching appliance for small businesses and branch offices. The appliance includes a deep inspection firewall, IP Security (IPSec) VPN, gateway antivirus scanner, intrusion prevention system, content-filtering capabilities, dynamic DNS, a streamlined Web GUI, and a suite of configuration and management wizards, along with a 24-port auto-sensing MDIX Layer 2 switch. For more information, go to the following URLs

http://www.sonicwall.com

http://www.windowsitpro.com/Article/ArticleID/44639/44639.html

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]