Security UPDATE--Tightening Software Restriction Policies--December 5, 2007


Crashed server? You have a need for speed!

Problems removing Admin Rights? Best practices

Migrating from Tape to Disk Backups



IN FOCUS: Tightening Software Restriction Policies


- Webroot Merges with Email Systems

- FBI Shut Down Botnets; Arrested Participants

- It's Official: Hormel Isn't a Spam Fighter

- Recent Security Vulnerabilities


- Security Matters Blog: Firefox Available

- FAQ: Certificates and Terminal Services

- Share Your Security Tips


- Block or Track Data Copied from PC to USB Device

- Product Evaluations from the Real World




=== SPONSOR: Kroll Ontrack


Crashed server? You have a need for speed!

Ontrack Data Recovery services provide the fastest, most cost-effective recovery solutions available utilizing the industry's only lab-quality, remote data recovery service.

* No need to ship any equipment

* Fast, secure connection allows engineers to begin data recovery work in minutes

Special Offer: For a limited time, if you need data recovery service on any server or RAID system, you will receive:

* Free initial consultation with a data recovery engineer to help you determine the fastest, most cost-effective course of action

* Free service upgrade to our Priority-level Service

* Free comprehensive, remote evaluation of your storage media

For immediate assistance, call 800 872 2599 - or visit:

=== IN FOCUS: Tightening Software Restriction Policies

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Group Policy is an excellent tool for controlling various aspects of client computers. However it's not foolproof. Users could circumvent various aspects of Group Policy, such as Software Restriction Policies (SRPs). Doing so is possible as a regular user without the need for administrator-level access, which of course means that you need to be on the lookout for such activity.

Back in early 2004, Kamal Shankar wrote an article (at the first URL below) about ways to bounce specific program function calls to a different function over which the developer has more control. The technique can be used as a way to bypass aspects of Group Policy, including SRPs. Interestingly enough, Shankar's method uses Microsoft's Detours API (at the second URL below), which is meant to let developers extend application functionality.

Then in late 2005, Mark Russinovich wrote an entry in his Sysinternals blog (at the URL below) that explains why and how it's possible to bypass aspects of Group Policy. As part of his research on the topic, Russinovich wrote a small tool called Gpdisable that demonstrated the technique. But the tool disappeared sometime after Microsoft bought Russinovich's company.

In April 2006, Russinovich wrote a bit more about the subject in an article on our Web site at the URL below. Russinovich wrote that "most of the settings in the Windows Components area of the Group Policy Editor's (GPE's) Administrative Templates node can be circumvented in environments in which end users can run arbitrary applications such as Gpdisable. Notably, IE configuration, including security zones, falls into this area, as do Windows Explorer, Windows Media Player (WMP), and Windows Messenger settings." He also pointed out that this isn't a bug in Windows; Windows was intentionally designed this way.

Well Gpdisable isn't available anymore, but last week another tool debuted that can be used to bypass Group Policy and SRPs. Eric Rachner released GPCul8r (at the URL below), which is a ready-to-use compiled executable that comes with two associated DLLs. The tool will undoubtedly be put into action on various corporate networks, so you should keep an eye out for it on your systems.

If you haven't done so already, check into tightening any SRPs you have in place. Microsoft has an article on Technet called "Using Software Restriction Policies to Protect Against Unauthorized Software" that applies to Windows XP, Windows Vista, and Windows Server 2003. The article is a good place to start when looking for ways to minimize the programs that can run on your desktops (at the first URL below). Another helpful reference is the Security Pro VIP article "Stay Safer with Software Restriction Policies" (at the second URL below).

=== SPONSOR: BeyondTrust


Problems removing Admin Rights? Best practices

Removing Admin Rights and applying the principle of least privilege will decrease security breaches by malicious users and malware, and reduce IT costs. However certain users require elevated rights in order to run required applications, ActiveX controls and more.

Read this white paper to discover best practices for removing admin rights.



Webroot Merges With Email Systems

Webroot has entered the software as a service (SaaS) market space by merging with Email Systems. The combined company will offer Web and email security solutions for businesses.

FBI Shut Down Botnets; Arrested Participants

The FBI said that the second phase of its operation Bot Roast resulted in the shutdown of more botnets and the indictment or conviction of eight men.

It's Official: Hormel Isn't a Spam Fighter

After years of court battles over trademark issues related to the name "SPAM," a ruling has been made that states the obvious: Consumers don't confuse Hormel's famous meat product with computer software that fights junk mail.

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

=== SPONSOR: Revinetix


Migrating from Tape to Disk Backups

Discover a Better Backup Strategy for Small to Medium-Sized Business. As backup software breaks away from its historically tight integration with tape, IT administrators are implementing disk-based backup products that are optimized to address new priorities. The new disk-based backup products geared to SMBs are being enhanced with enterprise-class product features and come with prices that are getting less and less expensive, making it feasible to back up from disk to removable disks and do away with tape backups altogether. Download this free white paper today and learn how you can break away from tape and move to disk-based data protection.




by Mark Joseph Edwards,

Mozilla released Firefox to fix three dangerous vulnerabilities. Read this blog item on our site to learn more.

FAQ: Certificates and Terminal Services

by John Savill,

Q: Can I use wildcard certificates with Terminal Services?

Find the answer at


Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.



by Renee Munshi, [email protected]

Block or Track Data Copied from PC to USB Device

CoSoSys announces Secure it Easy 1.2, which ensures that external devices such as USB thumb drives, portable drives, and iPods can't be connected to a PC unless they're authorized by an administrator. Unauthorized devices are blocked from reading or writing data. New in version 1.2 is the ability to trace files copied between a PC and a storage device. Secure it Easy is recommended for small office/home office (SOHO) use. The new version is available for a free 30-day trial from


Share your product experience with your peers. Have you discovered a great product that saves you time and money? Do you use something you wouldn't wish on anyone? Tell the world! If we publish your opinion, we'll send you a Best Buy gift card! Send information about a product you use and whether it helps or hinders you to [email protected]



For more security-related resources, visit

Attend the Power Up! With Virtualization online conference on Dec. 12. Learn how to take virtualization to another level. Whether you're just getting started or need to more effectively optimize your current virtual environment, discover how you can take the promise of virtualization and turn it into reality. Join Windows IT Pro and key independent virtualization experts for powerful tips, such as how to create a virtual machine (VM), ways to properly size VMs for server consolidation, and system factors that affect performance.

Today's hackers are after your enterprise data, and the tools and services they employ to get at it are provided by a sophisticated, fast-growing criminal support industry. Even more surprising--and worrying--is how ineffective today's standard enterprise security practices are at stopping these sophisticated attacks. Attend this Web seminar to learn how high-tech criminals compromise your computers and profit from your data by putting confidential info up for sale.

With more than 75% of business-critical information residing in email today, you're more likely to find evidence in users' inboxes than in filing cabinets or on a file share--a fact that hasn't been lost on lawyers, courts, or government regulators. Do you know what the email retention, discovery, and recovery requirements are for your business? Applications that archive mail are an invaluable resource for complying with those requirements. Download this essential guide about retention, discovery, and recovery for email and IM.



Unified Communications: What Is It? Why Should You Care? And How to Get There

Unified communications (UC) helps you manage voice, email, fax, and phone communications from one set of management controls. But from a practical standpoint, how do you get started? This white paper breaks the move to UC down into a manageable 3-phase process that starts with unified messaging (UM). Learn practical tips and a phased approach for getting started with UM as the first step toward a UC environment in the future.



Exchange 2007 Mastery Series: January 28, 2008

Three info-packed eLearning seminars for only $99 ($79 before December 15)!

Hosted by Windows IT Pro

Mark Arnold--MCSE+M, Microsoft MVP--will coach you through Exchange 2007 storage solutions: planning for archiving and compliance, optimizing your iSCSI network storage, and finding the sweet spot between memory and spindles.

Packed with thousands of articles, bonus content, and loads of expert advice, the Windows IT Pro Master CD is like having your very own team of professional Windows consultants in your pocket. Get real-world solutions lightning-fast--order the Windows IT Pro Master CD today. Includes a one-year subscription to all online content at!


Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below).

Subscribe to Security UPDATE at

Unsubscribe by clicking

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions --

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.