Security UPDATE--Get a Head Start To Prevent Vista Headaches--May 31, 2006

1. In Focus: Get a Head Start To Prevent Vista Headaches

2. Security News and Features

- Recent Security Vulnerabilities

- Microsoft Readies Patch for Zero-Day Word Attack

- Coalition Roots Out Sony BMG Settlement

- Auditing Folder Permission Changes

3. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

- Share Your Security Tips

4. New and Improved

- Protect and Maintain PCs

==== Sponsor: CrossTec ====

Try it Free: Access & Control PCs from your USB

NetOp Remote Control provides the most complete, scalable, and secure remote control software available. Access PCs from your desktop, PocketPC or USB! NEW On Demand option provides tiny, temporary, download with no user installation or firewall configuration and NO per session charges. Free evaluation & support.

http://www.crossteccorp.com/tryNRC/?utm_source=hot042606&utm_medium=newsletter&utm_campaign=form

==== 1. In Focus: Get a Head Start To Prevent Vista Headaches ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

I'm sure many of you are very much looking forward to Windows Vista, with its promising new security features. On the other hand, I bet very few of you are ready for the new OS. If beta versions are any sort of indicator, you might want to stock up on aspirin before you tackle Vista because current reports indicate that adapting to it isn't going to be nearly as simple as moving from Windows 2000 to Windows XP was.

First of all, there will be hardware issues. Each new OS demands more resources. To get a good idea of the evolution in requirements for Windows over time, head over to TechWeb and read "Windows System Reqs. 1990-2006: More For Less."

http://news.yahoo.com/s/cmp/20060520/tc_cmp/188100630

Don't think you'll be able to take all your older 32-bit Pentium III systems and upgrade the OS to Vista. You'll need at least an 800MHz CPU, 1GB of system RAM, and 128MB of video RAM. I'm guessing that even with those minimum requirements, the system will run at a snail's pace when you have several applications and browser tabs open. You might have to buy new hardware if you want to take full advantage of Windows Vista's spiffy new features, including the new UI.

Another problem you might encounter is that some of your hardware might not work because Vista might not ship with compatible drivers, vendors might not make drivers available until some date later than when Vista ships, or some vendors might not provide Vista-compatible drivers at all because they might retire a given device model. This is especially true for laptops, which tend to use unique hardware components. For one man's perspective on this sort of headache with a recent Vista beta, read Gary Krakow's "Windows Vista Beta 2: The key word is 'Beta'."

http://www.msnbc.msn.com/id/12932382

Assuming you get past the hardware concerns, you'll then be confronted with security issues. Right up front, you can expect to see lots of vulnerabilities exposed. It never fails to happen when Microsoft releases a new OS. You can bet people are already looking for holes, and many of those people won't say a word about or move to exploit the holes they find until Vista is in widespread use.

Then of course there is the new User Access Control (UAC). If you haven't tested Windows Vista yet, you're in for quite a surprise with UAC. Unless Microsoft makes some significant changes before the final release of Vista, it will offer a far different user experience than we're used to. Granted, UAC brings much needed control over the OS (which probably should have been built in starting with Windows NT), but UAC introduces a level of tediousness that will test your users' tolerance.

To learn about the potential user experience with UAC in the current version of Vista, be sure to read Paul Thurrott's "Windows Vista February 2006 CTP (Build 5308/5342) Review, Part 5: Where Vista Fails" (at the first URL below) and "Biting the Security Bullet" (at the second URL below). You can also learn a bit more about the end user experience of UAC by reading the Microsoft UACBlog article "User Account Control Prompts on the Secure Desktop" (at the third URL below).

http://www.itprotoday.com/reviews/winvista_5308_05.asp

http://www.windowsitpro.com/Article/ArticleID/50361/50361.html

http://blogs.msdn.com/uac/archive/2006/05/03/589561.aspx

And let's not forget training. Vista will probably require considerable training for your Help desk personnel, your end users, and of course IT staff.

I hope I don't sound too cynical, but implementing a new Windows OS is a challenge. If you intend to use Vista sooner rather than later, get started learning about it now. The head start might relieve a lot of headaches later.

==== Sponsor: SPI Dynamics ====

Easy Targets: Hacking Web Applications--A Step-by-Step Attack Analysis

The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/web.asp?cs1_ContSupRef=70130000000CSEf

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Microsoft Readies Patch for Zero-Day Word Attack

Microsoft is readying a security update for Word to help stop a zero-day attack. The original attack emailed a tailored message with an attached document to a target company. A few days after the initial attack was exposed, new exploits, subsequently named GinWui, began to appear.

http://www.windowsitpro.com/Article/ArticleID/50399

Coalition Roots Out Sony BMG Settlement

A coalition of plaintiffs reached a settlement with Sony BMG in a case that began after Mark Russinovich discovered that Sony BMG had included Digital Rights Management (DRM) with stealth technology in some of its music CDs.

http://www.windowsitpro.com/Article/ArticleID/50397

Auditing Folder Permission Changes

Here's how to configure Windows to record alterations of folder permissions in the Security log.

http://www.windowsitpro.com/Article/ArticleID/50067

==== Resources and Events ====

Are you depending on anti-virus software to protect you against spyware? Learn the key differences between anti-virus and anti-spyware products and protect yourself against a false sense of security. Live Event: Thursday, June 8

http://www.windowsitpro.com/go/seminars/sunbelt/antivirus/?partnerref=0531winevents

Learn to differentiate between alternative solutions to disaster recovery for your Windows-based applications and how to ensure seamless recovery of your key systems whether a disaster strikes just one server or the whole site. On-demand Web seminar

http://www.windowsitpro.com/go/seminars/neverfail/disasterrecovery/?code=0531emailannc

In this free podcast, Randy Franklin Smith outlines five evaluation points to consider when choosing your anti-spyware solution. Download it today, and you could win an iPod!

http://www.windowsitpro.com/go/podcasts/pctools/antispyware/index.cfm?code=0531emailannc

Make sure that your DR systems are up to the challenge of a real natural disaster by learning from messaging survivors of Hurricanes Katrina and Rita. On-demand Web seminar

http://www.windowsitpro.com/go/seminars/mimosa/drlessons/?partnerref=0531emailannc

Implement real-time processes in your email and data systems--you could also win an iPod Nano!

http://www.windowsitpro.com/go/toolkits/xosoft/disasterrecovery/?code=0531emailannc

==== Featured White Paper ====

Identify the appropriate tools to help you manage your mobile workforce effectively, avoid increases in TCO, and more.

http://www.windowsitpro.com/go/whitepapers/ianywhere/enterprisemgmt?code=0531featwp

==== Hot Spot ====

Lost Data Destruction (LDD) from Beachhead Solutions

LDD provides enterprise-controlled PC data security through encryption and an ability to destroy data on a lost/stolen PC--on or off the net. LDD is engineered to protect against many different threats, is easy to deploy and eliminates the requirements for end-user compliance.

http://www.beachheadsolutions.com/lp2.php

==== 3. Security Toolkit ====

Security Matters Blog: Biggest Known Targets

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Cybercrime is running rampant. Take a closer look at some known cybercriminals, but keep in mind that some of the worst offenders go undetected.

http://www.windowsitpro.com/Article/ArticleID/50380

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I stress test my Microsoft Exchange Server 2003 installation?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/50374

Security Forum Featured Thread: Quickly Enable Windows Firewall

A forum participant is looking for a way to quickly enable Windows Firewall to lock down client machines in the event of a virus outbreak. He knows how to do this through Group Policy but wonders how fast the change can be deployed to all the client machines. He's also interested in any third-party solutions. Join the discussion at

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=47719&enterthread=y

Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Announcements ====

(from Windows IT Pro and its partners)

Summer Special--Save 58% off SQL Server Magazine

Subscribe to SQL Server Magazine today and SAVE 58%! Along with your 12 issues, you'll get FREE access to the entire SQL Server Magazine online article archive, which houses more than 2,300 helpful articles. This is a limited-time offer, so order now:

https://store.pentontech.com/index.cfm?s=1&promocode=eu2166us

Access 26,000 IT Articles

Become a VIP subscriber and get continuous access to ALL content ever published in Windows IT Pro, SQL Server Magazine, and the Exchange & Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters. That's more than 26,000 articles at your fingertips. You'll also get a valuable one-year print subscription to Windows IT Pro and biannual VIP CDs that contain the entire article database. Order now:

https://store.pentontech.com/index.cfm?s=1&promocode=eu2765uv

==== 4. New and Improved ====

by Renee Munshi, [email protected]

Protect and Maintain PCs

iolo technologies announced System Mechanic 6 Mobile Toolkit, designed to help IT professionals protect and maintain multiple computers. The new one-click PC TotalCare wizard consolidates system security, optimization, and critical maintenance functions into one interface. A new Security Optimizer Wizard finds and repairs Windows security flaws. The improved Spython software effectively eliminates and prevents spyware infections. System Shield Pro protects against identity theft. For more information about these and other Mobile Toolkit tools, go to

http://www.iolo.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]