Windows & .NET Magazine UPDATE--More Security Woes; Laptop of the Month--June 29, 2004

Make sure your copy of Windows & .NET Magazine UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This Issue Sponsored By

Sunbelt Software

Windows & .NET Magazine


1. Commentary: More Security Woes; Laptop of the Month

2. Hot Off the Press
- EU Temporarily Suspends Microsoft Sanctions

3. Keeping Up with Win2K and NT
- The Download.Ject Trojan and the MS04-011 Patch

4. Resource
- How can I enable a connection to a machine over RDP and through a firewall?

5. New and Improved
- Automate Patch Management
- Monitor and Test Your Network
- Tell Us About a Hot Product and Get a T-Shirt!

==== Sponsor: Sunbelt Software ====

Why are 4,000+ Sites Running iHateSpam for Exchange?
Exchange Admins choose it for its robust spam filtering for V5.5, 2K and 2K3. With a 95% spam detection rate right out of the box, it will save you - the admin - time and money, and your users will love you. A powerful, best-selling enterprise-wide spam filter at a great price. ANNOUNCING: Anti-Virus, Content Auditing & Filtering coming soon! Try it free for 30 days.


==== 1. Commentary: More Security Woes; Laptop of the Month ====
by Paul Thurrott, News Editor, [email protected]

It's been a wild week for Windows security, both globally and locally here in the mess I call my home office. On the global front, an insidious new electronic attack that targets vulnerabilities in both Microsoft Internet Explorer (IE) and Microsoft IIS portends a new breed of complex attack types. Meanwhile, my travails with the Limited user account in Windows XP continue, and I review this month's Laptop of the Month, IBM's ThinkPad T42.

New Hacker Ploy: Targeting Multiple Product Vulnerabilities
Last week, Mark Joseph Edwards wrote an excellent overview of a new attack type, which the Download.Ject attack in Russia started. (See "Vulnerable IIS Sites and IE Users Under Attack" for details about the attack.) In short, this attack involved multiple steps. As I wrote Monday in WinInfo Short Takes(, the attackers first compromised an IIS Web server by exploiting a previously patched vulnerability that hadn't been patched on that particular server. Then, they infected every page on the site with JavaScript code that redirected users to the malicious Russian Web site, which had been set up to imitate the original site. That site silently installed keystroke recorders and several backdoor entry applications onto each user's PC, potentially compromising user passwords and other private information.

What makes this attack insidious, of course, is that it targets multiple vulnerabilities, one each on the server and client side. The severity of this one-two punch was immediately clear to security researchers, who spent late last week in "the sky is falling" mode, worried that the attack wasn't isolated to one server. By the weekend, however, Microsoft announced that the offending Russian server had been taken offline, dramatically reducing the risk.

With a few days reflection, however, it's now clear that we've entered a new era of more sophisticated electronic attacks. And because the suspected group who launched this attack is known for launching multiple versions of previous attacks, we can assume that more attacks will follow. Likewise, we can expect imitators to foist related attacks on an unsuspecting public soon as well.

The lesson is obvious: We need to keep both our server and client systems as up-to-date as humanly possible (though I should note here that the IE vulnerability that Download.Ject exploits has yet to be fixed). This weekend, Microsoft Chairman and Chief Software Architect Bill Gates promised that Microsoft would dramatically lower the time it takes for his company to release patches, in an effort to keep up with the rapid decline in time between the discovery of a vulnerability and its exploit. But we need to do our job on the receiving end as well. I know you have valid concerns about installing Microsoft patches without sufficient testing, but a line in the sand has been drawn. Would you rather be an electronic attack victim or experience difficulties because of a poorly written Microsoft patch?

The Limitations of Limited User

Last week, I discussed my adventures with using a nonmanaged XP Limited user account and the difficulties I've had getting things to work. My general feeling at this point is that using a Limited user account is viable only for the types of highly technical people who read Windows & .NET Magazine UPDATE; it's not acceptable for most home users. And frankly, home users are the very people for whom this kind of account could be the most beneficial. There are huge gaps in functionality that typical users just can't get around. Perhaps the most egregious is from Microsoft, believe it or not. The company's otherwise excellent home-oriented Media Center software (part of XP Media Center Edition--MCE), for example, can't run under a Limited user account. And even if you use Run As to run Media Center, certain functionality won't work, including the software that updates the Media Guide information. For shame.

For those users interested in pursuing the Limited user option, I did receive a lot of helpful and much appreciated advice from readers. Some readers suggested completing all necessary software applications before reverting to a Limited account, which probably would work. Otherwise, you'll need to manually copy all applicable program shortcuts into the Limited user account's Start Menu.

Most games don't work properly with a Limited user account, so you might consider using a Power User or Administrator-type account for gaming only, which would require logging off (or switching users) to play games. Only serious gamers should consider this option.

Several users mentioned a GUI administrative workaround that I have some misgivings about. Because IE is integrated with the OS, you can actually launch IE under administrative privileges, then navigate to shell locations such as Control Panel to perform tasks as an administrator. It's nice to have that workaround, but doesn't it point to yet another potential source of problems courtesy of IE?

I'll report back in a few weeks about more of my experiences with the Limited account, but keep the advice coming: It's heartening to see I'm not alone in wanting this approach to work but feeling frustrated at its limitations (insert ironic remark here). Perhaps together we can put enough heat on Microsoft and third-party developers to make this solution satisfactory. Something tells me not to hold my breath.

Laptop of the Month: IBM's ThinkPad T42

IBM's legacy of near-perfect notebooks continues with its newest high-end model, the ThinkPad T42. Like earlier T Series notebooks, the T42 features a best-of-breed keyboard (though I still feel that IBM should give up the Redmond animosity and provide the Windows key I always miss so sorely on ThinkPads), an incredible screen, and a fairly complete range of ports and expansion options; still missing, sadly, is a FireWire port, which is inexcusable for a non-ultraportable machine these days. Part of the problem, I suspect, is space: Because most of the machine's back end is reserved for the battery, which you can swap out for a higher-capacity unit, the ports must straddle the left and right sides of the machine only. However, there's a parallel printer port on the back of the unit, which seems unnecessarily antiquated. I suspect IBM's corporate customers are more interested in parallel port printing than FireWire device compatibility.

That said, the T42 is an incredible performer. Powered by a 1.8GHz Pentium M Dothan-class processor, Linksys's Wireless-G and Gigabit Ethernet networking, ATI Technologies' MOBILITY RADEON 9600 graphics with 64MB of VRAM, and 512MB of RAM, the T42 outperformed my desktop machine in virtually all categories, handling performance-busting applications such as Adobe Systems' Adobe Photoshop CS and Macromedia Dreamweaver MX 2004 with ease. The unit also features a recordable DVD drive, a welcome addition that made pretrip backups possible without having to power on my desktop system. The unit also features a whopping 80GB hard disk, enough space for a local copy of all my documents, photos, and music. Astonishing.

The ThinkPad T42 product line is divided between 14" and 15" screens, and I tested the 15" version that had an eye-straining but beautiful 1400 x 1050 resolution. This configuration is fairly large but thin, and it weighs less than 6 pounds; I'm told the 14" version comes in at just 5 pounds. Thus, like earlier T Series ThinkPads I've tested, the T42 is lightweight for its size, thanks to the thinness of its chassis. But you might have difficulty opening it when you're flying coach class.

IBM's software bundle included a few surprises. In addition to the now-standard hard disk shock-protection utility and other stock ThinkPad management applications, IBM also bundled several recordable DVD-oriented utilities and software programs, including software to burn data and movie DVDs. Another surprise is the price. IBM's T Series has always commanded top dollar, but it's possible to grab a low-end T42 for less than $1600 these days. The system I tested, as configured, would set you back about $2500, however, so be sure to spend some time configuring the laptop before buying. Overall, the T42 is an incredible bit of engineering--a solid and well-made speed demon dressed up in unassuming black business attire. Highly recommended.


==== Sponsor: Windows & .NET Magazine ====

Get 2 Sample Issues of Windows & .NET Magazine!
Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month!


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

EU Temporarily Suspends Microsoft Sanctions Yesterday, the European Union (EU) announced that it will temporarily suspend its antitrust-related sanctions against Microsoft until an EU Court of First Instance in Luxembourg can rule on the company's appeal. The EU initially required that Microsoft offer a Windows version stripped of Windows Media Player (WMP), provide a wealth of server-interoperability information, and pay a $608 million fine by today. However, the temporary lifting of the sanctions will give Microsoft "some breathing room," according to EU officials, who contend that the ruling will withstand any appeals.

==== 3. Keeping Up with Win2K and NT ====
by Paula Sharick, [email protected]

The Download.Ject Trojan and the MS04-011 Patch
The airwaves are full of the latest attacker exploit, known as Download.Ject, JS.Scob.Trojan, and several other names. This Trojan horse plants a script on unsuspecting Microsoft Internet Information Services (IIS) 5.0 Web sites that, when executed by Windows XP and Windows 2000 systems, redirects the browser to a Web site that purportedly (according to the lay press) might scavenge the local system for personal information including credit card numbers. Read more about this attack and the associated patch at the following URL:

==== Announcements ====
(from Windows & .NET Magazine and its partners)

Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.

New--Best Practices for Managing Software Packaging and Pre-Deployment Preparation
In this free Web seminar, you'll learn best practices for managing software packaging and pre-deployment preparation. Discover how your organization can benefit from managing the workflow of the pre-deployment process to cut time and costs. Plus, you'll learn about different business scenarios that show ROI improvements from accurate workflow management. Register now!

Small Servers for Small Businesses Web Seminar
Today a small business can be as agile as a large business by understanding what technology can be leveraged to create a centralized server environment. In this free Web seminar, you'll learn the perils of peer-to-peer file sharing, backup and recovery, migration from desktop to servers, and Small Business Server basics. Register now!

~~~~ Hot Release: (Advertisement) Veritas Software ~~~~

Download the White Paper: "How to Reclaim 30 Percent of your Storage Space and Control Storage Growth." This free technical white paper is brought to you courtesy of Veritas Software and Windows & .NET Magazine's White Paper Central.;8652712;8469764;a?;8450690;9350453;m?

==== Instant Poll ====

Results of Previous Poll:
The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "How often do you require users in your organization to change their passwords?" Here are the results from the 426
- 14% Every 30 days or less
- 24% Every 30 to 60 days
- 31% Every 60 to 120 days
- 4% Every 120 days to 1 year
- 27% We don't enforce a password change policy

New Instant Poll: Download.Ject Trojan
The next Instant Poll question is, "Did the Download.Ject Trojan affect your home computers or your company's computers?" Go to the Windows & .NET Magazine home page and submit your vote for a) Yes, the Trojan hit my company's computers, b) Yes, the Trojan hit my home computers, c) Yes, the Trojan hit both my company's computers and my home computers, or d) No, the Trojan hit neither my home computer nor my company's computers.

==== 4. Resource ====

Tip: How can I enable a connection to a machine over RDP and through a firewall?
by John Savill,

RDP operates over TCP port 3389. Therefore, to enable connectivity to any machine on the network through a firewall you must open this port. Alternatively, if you have to connect to a particular system on a LAN, configure port forwarding on the firewall to send traffic from port 3389 to the specific computer to which you want to connect.

==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

Get Smart! Evaluate Your Options in the Entry-Level Server Market
Comparing the options in the server market, including the decision to purchase an OEM-supplied server versus building your own, can be a daunting task. This free Web seminar provides an introduction to entry-level servers, evaluates the current market of entry-level servers, and assesses the value of vendor-supplied service and support. Register now!

==== 5. New and Improved ====
by Angie Brew, [email protected]

Automate Patch Management
Ecora Software released Ecora Patch Manager 3.2, a patch-installation and restoring application that automatically identifies where patches are needed. The software patches workstation OSs, databases, and applications. Patch Manager features Sure-Scan, which updates the product's database with current patch information. The most recent version's host view displays summary information such as the number of products and patches installed and the number of patches waiting to be installed. Patch Manager 3.2 features the ability to select and load or unload multiple scans and support for French and Norwegian OS patches. For pricing, contact Ecora Software at 603-436-1616 or 877-923-2672.

Monitor and Test Your Network
MH Software released LetUknow 2.02, a network-monitoring application that lets you set tests to run at regular intervals and promptly notifies you by email or network messaging if any tests fail. When failure occurs, you can set the test to run more frequently until the job succeeds. You can set the software to ping each server, router, or other component on a network. You can set maximum size thresholds for files or folders and set free disk space thresholds for shared drives. The software logs all the performed tests and can export the log files into a spreadsheet or database application for reporting. LetUknow 2.02 costs $39 for a site license. Contact MH Software at [email protected]

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== Sponsored Links ====

Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?

CommVault - Free White Paper: Managing the Infinite Inbox;9133584;8214395;q?

VERITAS Software
VERITAS White Paper: Reclaim 30% of Your Windows Storage Space Now!;9081675;8214395;t?;8450687;9350443;r?


==== Contact Us ====

About the newsletter -- [email protected]
About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring UPDATE -- [email protected]


==== Contact Our Sponsors ====

Primary Sponsor: Sunbelt Software -- -- 1-888-688-8457

Hot Release:
Veritas Software -- -- 1-800-327-2232


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

View the Windows & .NET Magazine Privacy policy at Windows & .NET Magazine a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.