Windows Client UPDATE--Are Your Users the Weakest Link in the Chain of Protection?--May 26, 2005

1. Commentary
- Are Your Users the Weakest Link in the Chain of Protection?

2. News & Views
- US Congress Takes on Spyware, Phishing

3. Peer to Peer
- Tip: Configuring Remote Print Notifications
- Featured Thread: Can an IT Manager Still Be a Technical Whiz?

4. New and Improved
- Protect Your Desktops Against Security Threats
- Tell Us About a Hot Product and Get a T-Shirt!

==== Sponsor: Download Your Risk-free Trial of UpdateEXPERT Now ====

UpdateEXPERT streamlines the tedious tasks of patching, allowing you to conserve IT resources. With UpdateEXPERT's centralized inventory and management, you can quickly and accurately patch every machine on your network, even those that are disconnected or remote. And you never have to worry about patch interdependencies because our engineers test every patch before it is released to you. UpdateEXPERT offers the most accurate and comprehensive patching available, allowing you to easily manage patching across any network topography and eliminate costly downtime. Be confident your business is completely secured. Test our powerful patch management solution for yourself today with a risk-free trial. Yes I want to try UpdateEXPERT! http://www.stbernard.com/forms/updateexpert_demo_form.asp?oc=65

==== 1. Commentary: Are Your Users the Weakest Link in the Chain of Protection? ====
by David Chernicoff, [email protected]

One interesting thing about being a columnist who has a publicly known email address is that my Inbox is a pretty good barometer for measuring how well people are implementing antivirus solutions. In the case of this month's attack of the Sober.P worm, the answer is "not very well."

Since the beginning of May, I've received about 4000 messages spawned by this attack. The messages are easy to spot--the subject line is in German. (That German subject line also helped my antispam software catch the messages.) At one point this month, antivirus vendor Sophos estimated that the Sober.P worm was generating 5 percent of all email traffic on the Internet. The implication is that tens of thousands of users must have been caught by this attack. Given my own experience, I'd say that a large portion of those users are in the corporate world because I was receiving the spam primarily on my business email accounts with almost no hits on my less well-known personal email account.

IT personnel need to step up their antivirus and antispam methods, but unfortunately, that job is becoming more difficult. During the past few weeks, two attacks that use IM systems gained prominence--one a straightforward phishing attack over Yahoo Messenger and the other a more subtle Trojan horse attack that uses AOL Instant Messenger (AIM).

The Yahoo attack pops up a message that attempts to entice users to go to a Web site that hosts Star Wars-related games. The site then prompts the user to enter his or her Yahoo credentials. This attack is strictly a social engineering one--the user must be a willing participant, giving up the requested information.

The AIM attack comes as a message from a user on the recipient's AIM buddy list and contains a message about a funny video on the Web and a link to that purported video. When the recipient clicks the link, the worm installs itself on that person's machine and sends itself to every user on that computer's AIM buddy list. The worm also connects itself to a public Internet Relay Chat (IRC) server. Antivirus vendors report that the worm could potentially open up an infected machine to remote access.

Businesses that use public IM services need to install as many software and hardware safeguards as possible and to thoroughly educate their users about the social-engineering aspects of these attacks. Users can become complacent about security when they presume their IT department is protecting them. Administrators need to remind users that the hand on the mouse is the final step in the chain of protection, and that when faced with suspicious communications, clicking "delete" is the best choice.

==== Sponsor: Managing and Securing IM in the Enterprise: Why It Should Be a Top Priority ====

With instant messaging virtually in all corporate environments, and expected to be as prevalent as email in the near future, it has rapidly become an indispensable business communication tool. Yet, IM growth within the enterprise brings an associated increase in security risks to both public and enterprise IM networks. In this free white paper, learn how you can take control of IM use on your network to ensure security and compliance. You'll learn how to protect yourself from Virus & worms attacks, Identity theft, Leakage of confidential information and more. Download now!
http://www.windowsitpro.com/whitepapers/akonix/securingim/index.cfm?code=wclientmid_526

==== 2. News & Views ====
by Paul Thurrott, [email protected]

US Congress Takes on Spyware, Phishing
The US House of Representatives voted overwhelmingly this week for two bills that seek massive fines and prison sentences for individuals who distribute spyware to computer users. The House passed one bill by a vote of 395 to 1 and the other by 393 to 4. The bills now move to the Senate, which has a few antispyware bills of its own. Read more at the following URL:
http://www. windowsitpro.com/articles/index.cfm?articleid=46511

==== Events and Resources ====
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )

Safeguard Your Exchange Servers--Plus Receive a Free eBook
Managing storage growth, providing application resiliency, and handling small errors and problems before they grow are all important aspects of boosting your Exchange Server uptime. In this free Web seminar, discover how storage and application management techniques for Exchange can be used to improve the resiliency and performance of your Exchange infrastructure. Register now and get a free eBook!
http://www.windowsitpro.com/seminars/exchangeapplicationavailability/index.cfm?code=0525emailannc

Streamline Desktop Deployments
Managing desktop software configurations doesn't have to be a manual process, resulting in unplanned costs, deployment delays, and client confusion. In this free Web seminar, find out how to manage the software package preparation process and increase your desktop reliability, user satisfaction, and IT cost effectiveness. You'll learn how to simplify the deployment and configuration process, starting with the new-application request, review, and approval process and progressing through software packaging and deployment.
http://www.windowsitpro.com/seminars/SoftwarePackagingWorkflow/index.cfm?code=0525

Get Ready for SQL Server 2005 Roadshow in Europe
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!
http://www.windowsitpro.com/roadshows/sqlservereurope/index.cfm?code=0525emailannc

Here's Your Chance To Earn $100!
If you're going to TechEd 2005, we want you! Now's the time to tell us what you think--click here to see if you qualify to participate in this exclusive focus group opportunity.
https://websurveyor.net/wsb.dll/12237/ScreeningQs.htm

Get on the 64-Bit Bandwagon
In this free, on-demand Web seminar, you'll learn the most important factors and best uses of 64-bit technology. Join industry expert Mike Otey as he compares 32-bit and 64-bit technology and reveals the best platform for high performance. You'll also learn how to successfully migrate and manage the two. Register now!
http://www.windowsitpro.com/seminars/integrityservers/index.cfm?code=0525emailannc

==== Featured White Paper ====

Test Your Security Configuration
Today, vulnerability-scanning hackers, Internet-traveling worms, and roving bots are common. You should conduct regular vulnerability and penetration testing audits to validate your security policy. In this free white paper, learn how to identify and fix vulnerabilities, discover and use vulnerability assessment tools, evaluate your security investment, and more. Download your free copy now!
http://www.windowsitpro.com/Whitepapers/microsoft/securityconfiguration/index.cfm?code=0525emailannc

==== 3. Peer to Peer ====

Tip: Configuring Remote Print Notifications
(contributed by David Chernicoff, [email protected])

People often asked me how to configure a Windows XP client to notify the user about print jobs that are being run on remote or network printers. This capability is part of XP, but users have a difficult time finding it--it's not located where they expect. Users expect to find printer information by going to Control Panel, Printers and Faxes, then right-clicking the printer and selecting Properties from the context menu. In reality, the information can be found in Printers and Faxes, File, Server Properties. At that location, the user can configure the spooler to provide information and warning alerts about their remote print jobs.

Featured Thread: Can an IT Manager Still Be a Technical Whiz?
Check out the latest post in the Talk About Women in IT blog at the following URL:
http://www.windowsitpro.com/Article/ArticleID/46521/46521.html

==== Announcements ====
(from Windows IT Pro and its partners)

Why Do You Need the Windows IT Pro Master CD?
There are three good reasons to order our latest Windows IT Pro Master CD. One, because it's a lightning-fast, portable tool that lets you search for solutions by topic, author, or issue. Two, because it includes our Top 100 Windows IT Pro Tips. Three, because you'll also receive exclusive, subscriber-only access to our entire online article database. Click here to discover even more reasons:
http://www.windowsitpro.com/rd.cfm?code=cdeu2255up

Nominate Yourself or a Friend for the MCP Hall of Fame
Are you a top-notch MCP who deserves to be a part of the first-ever MCP Hall of Fame? Get the fame you deserve by nominating yourself or a peer to become a part of this influential community of certified professionals. You could win a VIP trip to Microsoft and other valuable prizes. Enter now--it's easy:
http://www.windowsitpro.com/mcphalloffame/index.cfm?code=05emailannc

==== Hot Release ====

Saving Time and Money with Network Faxing
Despite the rise of e-mail and the Internet, fax continues to be an important means of business communication. Organizations can save significantly on long distance costs, increase worker productivity, and streamline their business processes simply by connecting a fax server to their local area network. In this free white paper, you'll understand the specific cost savings, security benefits, and productivity enhancements of implementing a fax server solution including the V.34 fax standard and how it can contribute to further productivity gains and cost reductions. Get this white paper now!
http://www.windowsitpro.com/whitepapers/esker/networkfaxing/index.cfm?code=clienthot_526

==== 4. New and Improved ====
by Gayle Rodcay, [email protected]

Protect Your Desktops Against Security Threats
ScriptLogic announces Desktop Authority 6.5, desktop management software that lets IT personnel combine the functionality of logon scripting, Group Policy, and user profiles to proactively secure, manage, and support desktops from a central location. Version 6.5 adds patch deployment and distribution, spyware detection and removal, improvements in file and registry security, Windows firewall control, and inactivity timers. The product is priced on a per-seat basis with volume discounts available through ScriptLogic's global network of reseller partners. The company also offers a free 30-day trial. For more information, visit the company's Web site.
http: www.scriptlogic.com

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows IT Pro T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==== Sponsored Link ====

Symantec and Gartner Present Client Resilience
Symantec Webcasts: Ensure devices are available and compliant.
http://ad.doubleclick.net/clk;16531043;8214395;c?http://sea.symantec.com/GWCWIPSL523

Converting a Microsoft Access Application to Oracle HTML DB
Convert MS Access into a Web application for multiple users. Download now!
http://ad.doubleclick.net/clk;15956147;8214395;r?http://www.windowsitpro.com/whitepapers/oracle/htmlaccess/index.cfm

Protecting Your Company by Managing Your Users' Internet Access
Internet access within an organization can represent a legal & security risk
http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=nlsplink

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring an UPDATE -- [email protected]