Security UPDATE--OS Haste Makes Waste--July 19, 2006




St. Bernard Software



IN FOCUS: OS Haste Makes Waste


- Microsoft Offers Partners a Piece of the Pie

- Secure Computing Expands Offerings with CipherTrust Acquisition

- SurfControl Reels In BlackSpider

- Recent Security Vulnerabilities


- Security Matters Blog: Virtual PC Now Free

- FAQ: Saving Server Credentials To Reuse on a Net Use Command

- Instant Poll: Logon Password Security

- Share Your Security Tips


- Free Firewall Protection

- Tell Us About a Hot Product




=== SPONSOR: PatchLink


Automatically analyze, deploy and track security patches

Does your patch management solution automatically track and re-deploy to ensure network security? 20% of patches unknowingly become un-patched. Learn more about automating the analysis, distribution and tracking of security patches using PatchLink's security patch & vulnerability management solution -- the world's largest repository of tested patches. Request a free trial disk.

=== IN FOCUS: OS Haste Makes Waste


by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week, Microsoft CEO Steve Ballmer said, "Rest assured we will never have a gap between Windows releases as long as the one between XP and Windows Vista. Count on it. I could go through the history of how we got here. Just count on it, we will never have this kind of gap again."

When I read that quote, I thought, "Oh no, here we go again." In the past, Microsoft's hasty OS release schedule led to a lot of security problems, which of course cost companies and individuals all over the world huge amounts of time, money, frustration, and in many cases, embarrassment.

How Microsoft got to the point it's currently at is this: Windows 3.x, released in 1990, was in widespread use on desktops when, in 1993, Microsoft released Windows NT. In 1995, the company released Windows 95, and in 1996, the company released NT Workstation. In 1998, the company released Windows 98, and in 2000, Microsoft released Windows Me and Windows 2000. In October 2001, the company released Windows XP.

Microsoft was criticized more harshly as time went by about the poor design of the OSs and the huge number of security holes, but the company didn't do a lot about the inherent security problems other than releasing fixes left and right and downplaying impacts when it could.

About a year after the release of XP, in September 2002, Microsoft released XP Service Pack 1 (SP1). Microsoft then put the brakes on its relatively rapid development and release schedule and conducted a massive security audit of its code to find and fix as many security problems as it could.

The results were Windows Server 2003 (released in 2003) and XP SP2, released nearly two years after XP SP1, in August 2004. It was my opinion at the time that XP SP2 brought so many significant changes, including security-related changes, to the desktop OS that the new release could have been called Windows XP2. The time line suggests to me that security is one of the major reasons for the delay between the release of XP and Windows Vista.

Microsoft currently plans to release Vista sometime in early 2007. If it does so, the time between the original release of XP and Vista will be roughly 5.5 years. That's a long time in the computer industry these days, but in my opinion, it was worth it to create a much safer product (which incidentally still isn't safe enough.) Time is indeed a cost of doing business prudently.

But let's also not forget that in August 2004, Microsoft released a major upgrade in XP SP2, so effectively only 2.5 years will have passed when Vista is released. That's not a long time when it comes to OS development.

I hope Microsoft has learned from its past experience with security. If the company falls back into a hasty OS release schedule without keeping security front and center and slowing down when security matters indicate such action, then we're all undoubtedly going to suffer the consequences.

=== SPONSOR: Thawte


Test the Starter PKI Program to benefit your company with timesaving convenience and secure multiple domains and host names.



Microsoft Offers Partners a Piece of the Pie

Microsoft's Security Software Advisor program will pay partners a percentage when they assist companies with acquisition and deployment of Microsoft's security solutions.

Secure Computing Expands Offerings with CipherTrust Acquisition

Secure Computing's latest acquisition will bring the company new capabilities to defend against spam, malware, and spyware, as well as the ability to protect against outbound policy and compliance violations.

SurfControl Reels In BlackSpider

SurfControl announced that it has completed the acquisition of security solution provider BlackSpider Technologies. BlackSpider's solutions offer protection against spam, viruses, spyware, phishing and pharming attacks, and other unwanted content, and allow control over employees' Web access. The solutions also include email encryption technologies.

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

=== SPONSOR: St. Bernard Software


Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P.




by Mark Joseph Edwards,

Microsoft released its Virtual PC as a free download. It runs on Windows 2000 Professional Service Pack 4 (SP4), Windows XP Professional Edition, and Windows XP Tablet PC Edition. With Virtual PC installed, you can load Win2K, XP, and Windows Server 2003 as virtual machines.

FAQ: Saving Server Credentials To Reuse on a Net Use Command

by John Savill,

Q: How can I force a net use command to remember the credentials to use for a server?

Find the answer at

INSTANT POLL: Logon Password Security

How often does your organization force users to change their logon passwords?

- At least once per month

- Every two to three months

- Every four to six months

- Every six months or longer

- We don't force password changes

Submit your vote at


Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.



by Renee Munshi, [email protected]

Free Firewall Protection

Comodo offers Comodo Personal Firewall 2.2 , free firewall software that performs inbound and outbound packet filtering and outbound application filtering at the network layer. New features and functionality include advanced network, application, and application component monitoring; a redesigned interface that has "smart" pop-up alerts; and a more powerful and intuitive security rules interface. For more information, go to

Tell Us About a Hot Product and Get a Best Buy Gift Card!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Best Buy Gift Card if we write about the product in a Windows IT Pro What's Hot column. Send your product suggestion with information about how the product has helped you to [email protected]



Calling all Mythbusters! Do you know what is fact and what is fiction about Linux? Take the quiz and find out--you could win a $150 MSN Music gift card!

Are you protected company-wide against spyware, keyloggers, adware, and backdoor Trojans? Test the state-of-the-art scanning engine that uses threat signatures from multiple sources to track down the culprits that antivirus solutions alone can't protect you against. Download your free 30-day trial of CounterSpy Enterprise today!

Expert Ben Smith describes the benefits of using server virtualization to make computers more efficient. Download this exclusive podcast today!

Make sure that your DR systems are up to the challenge of a real natural disaster by learning from messaging survivors of Hurricanes Katrina and Rita. On-demand Web seminar

When disaster strikes your Windows, SQL, or Exchange servers, you need answers. Make sure that if an emergency occurs, you're prepared. Get the full eBook and get started on your recovery plan today!



Learn how to make email truly available 24x7x365, secure your systems against viruses, comprehensively back up email data, and more. Download the white paper today!



Discounted Offer for the Windows IT Pro Master CD

Save 50% off the Windows IT Pro Master CD! Order now and get portable, high-speed access to the entire Windows IT Pro article database on CD--a searchable library that includes every issue ever published. The newest issue also includes BONUS Windows IT Tips. Order now and save 50%:

Save $80 off the Windows Scripting Solutions newsletter

Get endless scripting techniques and expert-reviewed code. Subscribe to Windows Scripting Solutions today and save $80:


Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

Subscribe to Security UPDATE at

Unsubscribe by clicking

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions --

About your product news -- [email protected]

About your subscription -- windows[email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.