Security UPDATE: Open Source Vulnerability

==== This Issue Sponsored By ====

Windows Scripting Solutions

http://www.winscriptingsolutions.com/rd.cfm?code=fsep264xup

New Web Seminar--Preemptive Email Security: How Enterprise Rent-A-Car Eliminates Spam

http://www.winnetmag.com/seminars/emailsecurity/index.cfm?code=emailannc

1. In Focus: Resources for Patch Management

2. Security News and Features

- Recent Security Vulnerabilities

- News: Open Source Vulnerability Database Online

- News: New Forensics Tool: Port Reporter

- News: WinBlox Monitors and Prevents I/O

- Feature: Honeypots for Windows

3. Instant Poll

4. Security Toolkit

5. New and Improved

- Prevent Identity Theft

==== Sponsor: Windows Scripting Solutions ====

Try a Sample Issue of Windows Scripting Solutions

Windows Scripting Solutions is the monthly newsletter from Windows & .NET Magazine that shows you how to automate time-consuming, administrative tasks by using our simple downloadable code and scripting techniques. Sign up for a sample issue right now, and find out how you can save both time and money. Click here!

http://www.winscriptingsolutions.com/rd.cfm?code=fsep264xup

==== 1. In Focus: Resources for Patch Management ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Keeping systems up to date and thus protected against various attack methods is sometimes difficult. You're aware that many patch-management solutions are available, including solutions from Microsoft as well as third-party software vendors. You need information about the available patch-management solutions to determine which might best fit your needs. In addition, you probably sometimes need to discuss your particular patch-management solution with other people to help better understand its problems or quirks. Numerous resources are available that can help.

If you're shopping for a patch-management solution, remember that Mark Burnett and some of his associates recently tested seven patch-management solutions to gauge their effectiveness. Those solutions include BigFix Patch Manager, Ecora Patch Manager, Gravity Storm Software's Service Pack Manager, PatchLink Update, SecurityProfiling's SysUpdate, Shavlik Technologies' HFNetChkPro, and St. Bernard Software's UpdateExpert. Burnett's findings are available in his article on our Web site.

http://www.winnetmag.com/article/articleid/40710/40710.html

Patch management is the primary focus of the April issue of Windows & .NET Magazine. Mark Burnett discusses advanced patch-management techniques and resources that can assist in your efforts. Of course, before you roll out a patch to your enterprise, you'll probably want to test it to ensure that it works properly in your environment. Jason Fossen discusses patch testing and offers tips and scripting ideas. You can read the articles in the print magazine, or if you subscribe to the print magazine or our VIP program, you can access the articles on our Web site.

http://www.winnetmag.com/windows/issues/issueid/688/index.html

http://www.winnetmag.com/article/articleid/41980/41980.html

http://www.winnetmag.com/article/articleid/41979/41979.html

Another April issue article you might find interesting is Michael Otey's commentary "Unreasonable Expectations." In Otey's opinion, Microsoft needs to fix its patching process. You don't need to be a subscriber to read what Otey has to say.

http://www.winnetmag.com/article/articleid/41987/41987.html

If you'd like to discuss patch-management solutions with other network administrators, a relatively new resource is available: the Patch Management mailing list. I've been a subscriber since its inception and can say that the list is a valuable resource. Shavlik Technologies hosts the related Web site, but the list is vendor neutral--there's no slant toward one product or another. Conversation about any topic regarding any Windows or Linux patch or any patch solution is welcome--regardless of the vendor. You can subscribe to the mailing list by going to the first URL below. At the Web site, you'll also find articles related to patch management, including a list of product comparisons from a variety of mainstream publishers. And be sure to check out Jason Chan's informative article "Essentials of Patch Management Policy and Practice" at the second URL below.

http://www.patchmanagement.org

http://www.patchmanagement.org/pmessentials.asp

==== Sponsor: New Web Seminar--Preemptive Email Security: How Enterprise Rent-A-Car Eliminates Spam ====

Get the inside scoop on how Enterprise Rent-A-Car eliminated spam and viruses, improved their email security, and increased productivity. Don't miss this opportunity to educate yourself and become a smarter customer when it comes to choosing an antispam solution that best fits your organization's needs. Sign up for this free Web seminar today!

http://www.winnetmag.com/seminars/emailsecurity/index.cfm?code=emailannc

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.winnetmag.com/departments/departmentid/752/752.html

News: Open Source Vulnerability Database Online

The Open Source Vulnerability Database (OSVDB), provided by the Open Security Foundation (OSF), is now online and available to the public. OSVDB is an archive of known vulnerabilities and includes vulnerability data pertaining to all platforms.

http://www.winnetmag.com/article/articleid/42218/42218.html

News: New Forensics Tool: Port Reporter

Can you ever have enough tools to assist with troubleshooting and forensic analysis? Probably not, and that's a good reason to add the new Port Reporter to your toolkit. Port Reporter is free from Microsoft and logs TCP and UDP port activity to a text file.

http://www.winnetmag.com/article/articleid/42212/42212.html

News: WinBlox Monitors and Prevents I/O

Liu Die Yu released source code for his WinBlox tool, a command-line utility that can record, filter, and prevent file I/O operations. Yu hopes people will download the source code and help find bugs. Although you can download WinBlox and test it, Yu cautions that the utility is still under development and might not be suitable for production environments.

http://www.winnetmag.com/article/articleid/42219/42219.html

Feature: Honeypots for Windows

Long thought of as toys for security administrators who have too much time on their hands, honeypots are gaining an increased presence on corporate networks. Honeypots are nonproduction computer assets set up for the express purpose of being a potential target for unauthorized activities. Roger A. Grimes offers a look at four honeypots (Honeyd-WIN32 0.5, KeyFocus's KFSensor, Network Security Software's SPECTER 7.0, and VMware Workstation 4.0) in this article on our Web site.

http://www.winnetmag.com/article/articleid/41976/41976.html

==== Announcements ====

(from Windows & .NET Magazine and its partners)

The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All!

With a VIP Web Site/Super CD subscription, you'll get online access to all of our publications, a print subscription to Windows & .NET Magazine, and a subscription to our VIP Web site, a banner-free resource loaded with articles you can't find anywhere else. Click here to find out how you can get it all:

http://www.winnetmag.com/rd.cfm?code=wvep274xup

Register today for Microsoft Tech Ed 2004

Don't miss Tech Ed 2004 -- May 23-28, 2004 in San Diego, CA -- the definitive Microsoft conference for building, deploying, securing and managing connected solutions. You'll find 11 conference tracks and over 400 sessions. Get answers to your technical questions, meet industry experts, evaluate new products, and take advantage of extensive networking opportunities. Register today.

http://clk.atdmt.com/DDB/go/wndwiit400100052ddb/direct/01/

==== 3. Instant Poll ====

Results of Previous Poll

The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Does your company use or intend to use Voice over IP (VoIP) technology?" Here are the results from the 89 votes.

- 40% Yes, we use it now

- 31% Yes, we intend to use it

- 22% No, we don't plan to use it

- 6% Not sure

(Deviations from 100 percent are due to rounding.)

New Instant Poll

The next Instant Poll question is, "If you're using Microsoft Software Update Services (SUS) or the new Windows Update Services (WUS), how satisfied with the product are you?" Go to the Security Web page and submit your vote for

- Very satisfied

- Somewhat satisified

- Not satisfied

http://www.winnetmag.com/windowssecurity

==== 4. Security Toolkit ====

Virus Alert: Netsky. R Netsky.R spreads through an email message with variable characteristics. However, the message subject always includes the text "Re: Document." The worm deletes several other worms, including Mydoom.A, Mydoom.B, and Mimail.T. Netsky.R will also attempt to launch Denial of Service (DoS) attacks against several Web pages between April 12 and 16.

http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=45991

Virus Alert: Netsky.Q

Netsky.Q spreads through an email message with variable characteristics. The worm exploits a Microsoft Internet Explorer (IE) vulnerability to automatically run a message attachment when a user views the message through Microsoft Outlook's preview pane.

Netsky.Q deletes several other worms including Mydoom.A, Mydoom.B, Mimail.T, and several Bagle variants. The worm will attempt to launch Denial of Service (DoS) attacks against several Web pages between April 8 and 11. When the system date and time is March 30, 2004 between 5:00 a.m. and 10:59 a.m., the worm emits random tones through the internal speakers.

http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=45926

FAQ: How can I use Group Policy to disable System Restore in Windows XP and later?

by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. System Restore is a systemwide setting. As a result, you must disable it at the Computer Configuration level by performing the following steps:

1. Load the Group Policy Object (GPO) that you want to modify. For example, go to Start, Programs, Administrative Tools, Active Directory Users and Computers; right-click a domain; select Properties; select the Group Policy tab; then create a new GPO or edit an existing GPO.

2. Navigate to Computer Configuration, Administrative Templates, System, System Restore.

3. Double-click "Turn off System Restore," set it to Enabled, then click OK.

4. Close the GPO.

The change will take effect at the next refresh.

Featured Thread: ISA Server SMTP Filter

(Three messages in this thread)

Jack is using ISA Server to reverse-cache some services for outside users at his organization. He also uses the SMTP filter so that he can prevent certain email messages and attachments from entering his organization. However, he's seeing errors in the ISA Server Event Viewer that indicate invalid SMTP commands, and the email filters don't seem to work when he applies them. Lend a hand or read the responses:

http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=118824

==== Events Central ====

(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )

New Web Seminar--The Spam Problem Solved: Hensel Phelps Construction Company Case Study

Find out how Hensel Phelps Construction, a multibillion-dollar national contractor, has implemented a multilayered antispam solution to increase user productivity and decrease the burden on IT staff resources, infrastructure, and budget. Sign up now for this free Web seminar!

http://www.winnetmag.com/seminars/solvingspam/index.cfm?code=emailannc

==== 5. New and Improved ====

by Jason Bovberg, [email protected]

Prevent Identity Theft

FSPro Lab announced Identity Knight, software that prevents the theft of personal information when users use Microsoft Internet Explorer (IE) 5.0's AutoComplete option to fill out online forms. Identity Knight deletes any data that users don't want to be stored in Windows Protected Storage, which AutoComplete uses for data storage. FSPro Lab also offers Credit Card Knight, which works exclusively with credit card numbers. You can download Identity Knight and Credit Card Knight from the company's Web site; free demo versions are available. Identity Knight costs $34.95, and Credit Card Knight costs $24.95. For more information about these products, contact FSPro Lab on the Web.

http://www.fspro.net

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==== Sponsored Links ====

Argent

Comparison Paper: The Argent Guardian Easily Beats Out MOM

http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink

Microsoft(R) TechNet

Microsoft(R) TechNet Webcasts: essential guidance, industry experts

http://ad.doubleclick.net/clk;7759917;8214395;c?http://www.microsoft.com/technet/community/webcasts/default.mspx

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.winnetmag.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]