Skip navigation

Windows IT Pro UPDATE--Microsoft Takes Action Against Malware--March 8, 2005

Subscribe to Windows IT Pro: ============================

Make sure your copy of Windows IT Pro UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertiser's Web sites and show your support for Windows IT Pro UPDATE.

Heading to Exchange from Notes or GroupWise?

Free White Paper: Measuring the ROI of Systems Management Software


1. Commentary
- Microsoft Takes Action Against Malware

2. Hot Off the Press
- DOJ Snubs Microsoft, Adopts WordPerfect

3. Peer to Peer
- Featured Thread: Deploy Certificates
- How can I set the default browser on my computer back to Microsoft Internet Explorer (IE)?

4. New and Improved
- Recover Deleted Files

==== Sponsor: Heading to Exchange from Notes or GroupWise? ====

Moving to Exchange 2003 from Notes or GroupWise platform? Quest Software can help. Quest by provides a secure and reliable migration to Exchange. You can convert users' mail, calendars, tasks, personal address books and store them on users' new mailboxes on the Exchange server, ensuring coexistence between migrated and unmigrated users.

Other benefits include: Uninterrupted User Messaging and Collaboration Reduced Help Desk Calls Automated mailbox creation, quota setting, and appropriate mail routing. Moving multiple users at a time. Intelligent Log Analyzer – to easily identify issues and recommend resolutions.

Download Notes or GroupWise Migrator for Exchange today.


==== 1. Commentary: Microsoft Takes Action Against Malware ====
by Paul Thurrott, News Editor, [email protected]

Last week, I discussed malicious software (malware) and how enterprises and businesses of all sizes need to tackle this growing problem (see the first URL below). I received a lot of feedback about this crucial topic, much of it related to what actions Microsoft is taking to combat it. This week, I examine what Microsoft is doing both this year and next to deal with spyware, adware, and similar types of electronic attacks.

First, I want to address a few responses that seemed to suggest I was making a mountain out of a molehill. Some people believe that spyware's success is simply the result of user error. That is, if users follow good computing practices, they'll be safe. Not true. Much malware silently installs itself as you browse the Web with Microsoft Internet Explorer (IE). And the effects of such software can be devastating: Spyware can collect personal data, record keystrokes, or even auto-dial toll numbers. Therefore, spyware overlaps very nicely with phishing attacks, which malicious intruders often use for identity theft and fraud.

According to Microsoft, malware caused more than one-third of all Windows XP crashes in early 2004, and because that data is a year old, today's figure is probably much higher. IDC and TruSecure say that up to 80 percent of all consumer PCs have malware installed on them.

Microsoft realizes that it needs to protect users against these and similar threats. One might argue, as I have, that architectural weaknesses in Windows are at the heart of the malware threat--after all, one robs banks because that's where the money is--but no matter. In both the short term and long term, Microsoft is taking steps to eradicate malware.

In the short term, the company has implemented various security technologies in XP Service Pack 2 (SP2) that help mitigate spyware, has purchased GIANT Company Software to obtain its excellent GIANT AntiSpyware product, and will ship IE 7.0 later this year.

For now, XP SP2 includes a new version of IE that features a pop-up blocker, a Manage Add-ons UI for disabling unwanted Browser Help Objects (BHOs) and similar electronic programs, and better warnings to alert users who attempt to download potentially unsafe executables. XP SP2 also includes many new Group Policy Objects (GPOs) that make this release more manageable than previous XP versions. IE 7.0 will build on this functionality and include antiphishing capabilities, network traffic encryption, and more secure machine zone settings.

Microsoft Windows AntiSpyware--free to consumers, but eventually a subscription offering for businesses--is an excellent tool for helping to find, remove, and protect systems against spyware. But the current product--which is still in beta--is woefully inadequate for the enterprise, popping up potentially confusing and unwanted notifications every time there's a configuration change or threat. Microsoft recognizes the need for an enterprise version of Windows AntiSpyware and will ship such a product by the end of this year, although it might be just a beta version.

What will this product entail? The enterprise version of Windows AntiSpyware will feature central deployment of the client application, signatures, and settings and provide a centralized reporting engine that aggregates information from the clients and lets administrators drill down to specific PCs when needed. It will feature the ability to disable the client-side UI so that desktop users aren't surprised by notifications. And administrators will be able to control at a companywide level which software users can download and run.

These efforts are all stop-gap measures, of course. But by the time Longhorn ships in mid-2006, Microsoft will have begun to address some of the core security problems that have bedeviled Windows users for years. That sounds a bit vague, but we should know more by the time Longhorn Beta 1 ships in May.

First, Longhorn PCs will start and run in a known-good state that features secure startup protection and full-volume encryption to protect files when the system is offline. When Longhorn is running, code integrity technology will protect the OS against attacks. These two technologies will also attempt to prevent malicious intruders from physically taking a Longhorn-formatted hard disk and accessing it from another PC, via another OS. Longhorn will optionally support the Trusted Platform Module (TPM) technologies that are designed to help protect notebooks from theft-related data loss.

Second, Limited User accounts will finally work properly in Longhorn. All users--even those with administrative privileges--will run normally in Limited User mode. The system will force legacy Win32 applications to run under the lowest possible privilege level and prompt the user for administrative credentials when required. Longhorn-savvy applications will be written to follow this requirement by default, and Microsoft will include UI functionality (typically an Unlock/Unlocked button) in key places in Windows so that power users can unlock administrator-level functionality as needed. When you want to install an application, you'll be prompted for an Administrator password.

Third, Longhorn will optionally support the Palladium security technologies and will integrate with certain Longhorn Server features to provide an interesting Network Access Protection (NAP) service that many enterprises will want to take advantage of. For malware specifically, Longhorn will include integrated software resiliency for spyware detection and cleaning. This software will be based on the GIANT AntiSpyware technology that Microsoft purchased last year.

Related Resources

Spyware: the Greatest Threat Yet to the Corporate Desktop?

Updated: A Flurry of Enterprise Spyware Solutions

Microsoft Enters the War on Spyware


==== Sponsor: Free White Paper: Measuring the ROI of Systems Management Software ====
Argent delivers what a growing number of enterprises need today: flawless management of Windows, UNIX, and application servers; low total cost of ownership; flexible configuration; scalable architecture; modular products; positive ROI; and outstanding customer support. Every enterprise IT department wants value without sacrificing performance, and that describes Argent's value proposition. To read the entire paper, click here:


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

DOJ Snubs Microsoft, Adopts WordPerfect
The US Department of Justice (DOJ), which pursued an antitrust case against Microsoft for several years, has snubbed the software giant and signed a significant software deal with rival Corel. Under terms of the deal, the DOJ will purchase 50,000 licenses of Corel's WordPerfect Office 12, the latest version of the company's office productivity suite. The deal is worth $13.2 million over 5 years. To read the complete story, visit the following URL:

==== Events and Resources ====
(from Windows IT Pro and its partners)

Sensible Best Practices for Exchange Availability On-Demand Web Seminar
If you're discouraged about not having piles of money for improving the availability of your Exchange server, join Exchange MVP Paul Robichaux for this free Web seminar and learn how to maximize your existing configuration. Survive unexpected outages, plan for the unplannable, and evaluate what your real business requirements are without great expense. Register now!

Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

Windows Connections 2005 Conference
April 17-20, 2005, Hyatt Regency San Francisco. Microsoft and Windows experts present over 40 in-depth sessions with real-world solutions you can take back and apply today. Don't miss Mark Minasi's entertaining and insightful keynote presentation on "The State of Windows" and your chance to win a 7-night Caribbean cruise!

The Essential Guide to Active Directory Management
Migrating from NDS and/or eDirectory to AD means changes in the way you manage your network, users, and network resources. Download this Essential Guide to Active Directory Management and learn hands-on approaches that reduce management complexity, IT workload, and costs and improve security--all with minimal impact on your organization. Download this guide today.

Discover, Manage, and Archive Information Within Your Exchange Enterprise
Limit your legal exposure and protect corporate information. In this free Web seminar, Exchange MVP Paul Robichaux provides an overview of general retention and compliance issues, knowledge of pitfalls you may encounter when implementing your policy, insight into managing mail data for best-efforts compliance, and Exchange's built-in archiving and compliance features. Register now! emailannc

~~~~ Hot Release: (Advertisement) Sapien ~~~~

PrimalScript 3.1, "The" Scripting IDE
PrimalScript 3.1 is a professional scripting environment that adds significant efficiency to the scripting process. Ideal for web developers and system administrators, PrimalScript supports 30+ modern languages, in a code based tool that assures maximum control. PrimalScript streamlines a full range of other development tasks.

==== Instant Poll ====

Results of Previous Poll:
The voting has closed in Windows IT Pro's nonscientific Instant Poll for the question, "Have you implemented a corporate antispyware solution?" Here are the results from the 155 votes:
- 29% Yes
- 47% No, but we plan to soon
- 24% No, spyware is not a significant problem for us

New Instant Poll:
The next Instant Poll question is, "If you subscribe to Windows IT Pro magazine, how long do you keep your back issues for reference?" Go to the Windows IT Pro home page and submit your vote for a) 1 month or less, b) More than 1 month, but less than 1 year, c) More than 1 year, but less than 5 years, d) More than 5 years, or e) I never throw them away.

==== 3. Peer to Peer ====

Featured Thread: Deploy Certificates
Forum user antwilliams72 works for a company that uses certificates that require power user permissions or above to install. Some branch companies are in locked-down Citrix or Windows Terminal Services environments. He wants to know how to let the Administrator get the certificate to propagate down to each user without having to manually promote each ID, then log on and install the certificate for each user. If you can help, visit the following URL:

Tip: How can I set the default browser on my computer back to Microsoft Internet Explorer (IE)?
by John Savill,

Find the answer at the following URL:

==== Announcements ====
(A complete Web and live events directory brought to you by Windows IT Pro: )

Get Windows IT Pro at 44% Off!
Windows & .NET Magazine is now Windows IT Pro! Act now to get an entire year for just $39.95--that's 44% off the cover price! Our March issue shows you what you need to know about Windows Server 2003 SP1, how to get the best out of your IT staff, and how to fight spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0. This is a limited-time, risk-free offer, so click here now:

Chat About Event Logs
Randy Franklin Smith is one of the foremost authorities on the Windows Security Event Log and a respected trainer who teaches Monterey Technology Group's "Security Log Secrets" course. In his article in the March issue of Windows IT Pro, Randy shines a light on this dark and mysterious corner of cryptic event IDs and codes and inaccurate Microsoft documentation. Here's your chance to ask Randy your questions about the Event Log and get answers Microsoft doesn't provide. Join the chat on March 16th at 4:00 p.m. EST. Visit for details.

==== 4. New and Improved ====
by Angie Brew, [email protected]

Recover Deleted Files
O&O Software released O&O DiskRecovery 3.0, data-recovery software. The software can recognize and restore more than 300 file types, including Microsoft Word documents, Excel workbooks, Access databases, and many commonly used graphics, photo, movie, and music formats. O&O DiskRecovery scans hard disks, memory cards, or digital cameras to find deleted files and makes a list of found and recoverable files, then you can select the files you want to restore. The product features O&O RawScan, which makes data recovery possible on data volumes with damaged or destroyed file systems. For pricing, contact O&O Software at [email protected].

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:[email protected].

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!

View the Windows IT Pro Privacy policy at Windows IT Pro is a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2005, Penton Media, Inc. All Rights Reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.