|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
INTRODUCTION — news about your newsletter Joy to the world — no Dec. 30 issue The end of December is a time when most people leave their offices and celebrate together with their loved ones. Windows power users, however, are expected to remain available in case the network goes down. So have as happy a holiday as is humanly possible for you, wherever you may be and whoever may call. We're changing our publication schedule of the Windows Secrets Newsletter slightly so we can give you more timely information:
We publish the Windows Secrets Newsletter twice a month on alternating Thursdays. We skip an issue at the end of July and December so we can get some much-needed rest. That was the plan, anyway — we actually came out with two issues this December, on the 2nd and the 16th. Maybe now we can cool our heels for the rest of the month. Next year: the Thursday after Patch Tuesday Since November 2003, Microsoft has tried to release new Windows patches in groups on the 2nd Tuesday of each month, which is called Patch Tuesday. (The company sometimes releases patches off that schedule, in urgent situations.) Starting early in 2004, we began scheduling each Windows Secrets Newsletter to come out five days before and nine days after Patch Tuesday. We reasoned that most Internet threats appeared well over 30 days after Microsoft announced a newfound weakness and released a patch. Nine days, therefore, didn't seem too long for our readers to wait for our analysis of a batch of patches. That's no longer true. Attacks that are inspired by a new patch sometimes now get "into the wild" within just a few days after Microsoft makes a flaw known. From now on, we're going to push ourselves to come out with a newsletter evaluating each patch only two days after Patch Tuesday. We'll then publish another newsletter 14 days later that same month. Readers who take the time to test and evaluate new patches before rolling them out can examine our second newsletter, 16 days after Patch Tuesday. Our second newsletter each month will report any negative side-effects that have been discovered since a patch was released. If you can't wait, you can read our initial views just two days after Patch Tuesday and decide to upgrade or not upgrade, right then and there. |
WINDOWS SECRETS NEWSLETTER (formerly Woody's Windows Watch and Brian's Buzz on Windows)  ISSUE 44 — 2004.12.16 • No issue on Dec. 30 • The Thursday after Patch Tuesday • Next issues: Jan. 13 and 27 • Newsletter update on Jan. 6 • Where in the world are you? • How to verify genuine e-mail • Top Story: IMAP Secrets • Recommended Reading • XP SP2 firewall open to dial-up hackers • ASP.NET can let hackers bypass authentication • Updated bulletin re-re-patches JPEG hole • .Wri files can hack you via WordPad • NT is vulnerable to DHCP attack • HyperTerminal flaw affects NT, 2000, XP SP2, 2003 • Windows kernel is open to intrusion • WINS security hole is patched • The Index of Reviews • The best Webcomics of 2004 • Useful Links NEWSLETTER CONTROL PANEL • Windows Secrets home page • How to subscribe • Change your delivery address • Change your preferences • Access past free issues • Access past paid issues • Submit a Windows tip • Get subscription help • How to unsubscribe CIRCULATION: over 145,000 |
|
Our next issues will be sent out on Jan. 13 and 27 The first newsletters to be published on the new schedule will come out on Jan. 13 and 27. The newsletter will generally come out 2 and 16 days after each Patch Tuesday. Watch for our Jan. 6 newsletter update The new schedule will cause a full four weeks to elapse between this newsletter and the next. That's a rather long time, if some urgent news arises that affects Windows users. For that reason, we plan to send you a short "newsletter update" on Jan. 6, 2005. This will contain a short description of any Windows threats that you need to know about. If the "script kiddies" take a break over the holidays, we'll have no patches to report on. So the newsletter update will also contain some important information about your newsletter subscription. Allow us to explain... Where in the world is Carmen Newsletter Reader? We're planning a series of free seminars to be held in 2005 or 2006. We'll decide which cities and countries to visit based on the location of Windows Secrets subscribers around the world. This is one reason why we've always let subscribers enter their telephone area code or country code on their preferences page. We promise never to use this information except to develop localized content. So most Windows Secrets readers have freely typed in this little bit of data. Not everyone knows their "country code," however. So the preferences page now contains a drop-down list of country names. We've converted the old area code/country code numbers into the full name of the country that we think is represented for each reader. We're only human, so we may have made some mistakes in this conversion process. In the Jan. 6 newsletter update, we'll show you the area code and/or country name that corresponds to the numbers that you previously entered on your preferences page. If the name or number we show you is wrong or blank, you can easily change it with a couple of clicks. We'll use the updated location information to start planning our free seminars in as many cities and countries as we feel we can visit. How to verify that any e-mail message from "Windows Secrets" is genuine Anyone can generate an e-mail that claims to be from "Editor at Windows Secrets dot com." How do you know that a message you receive from us is really from us and not from someone trying to trick you into clicking a bogus link? E-mail messages that are genuinely from us — such as the full newsletter and any newsletter updates — will always show your reader number. Spammers operate by sending out millions of messages a day. They couldn't possibly spend their time trying to guess something like your reader number. Your reader number appears at the bottom of every newsletter you receive from us via e-mail, and somewhere in the body of any newsletter update. This guarantees that the message is from us and not from someone trying to abuse our good name. We'll have more news for you in the coming year. In the meantime, please enjoy the holiday season — and here's hoping your pager doesn't go off. —Brian Livingston, Editor ^ TOP STORY — info you need to make Windows work IMAP secrets — what you need to know By Paul Thurrott Sometimes described as the best-kept secret on the Internet, the IMAP e-mail protocol might more accurately be thought of as "Exchange Server for the rest of us." IMAP, which stands for Internet Message Access Protocol, is a more modern protocol than POP3 (POP stands for Post Office Protocol). POP3 is far more commonly used, but is also far less versatile. POP3 more or less assumes you will only access your e-mail from a single machine. When you check a POP3 e-mail account, your mail is typically downloaded to the PC and the messages are then removed from the server. In this sense, POP3 is essentially a client-side e-mail solution. But if you experience any problems with the client machine, your e-mail data could be lost forever because the server-based copies were deleted. The benefits of IMAP over POP3 IMAP is a superset of POP3. For example, both standards support offline mail access and are based on open standards. But IMAP offers many advantages over POP3. First, it's a server-side solution, similar to Microsoft's proprietary Exchange Server. Your mail store is maintained by an Internet service provider (ISP), or a Web server you manage, that supports IMAP. You can then access your e-mail from any location — home, work, an Internet terminal — and not have to worry about permanently downloading messages. This arrangement also lets you access the same IMAP mailbox from multiple machines at the same time. IMAP also saves bandwidth by only downloading e-mail message headers — and not the entire message — until you select individual messages. This is also handy for manual spam filtering. If you see a message you know is spam, which might contain dangerous content, you can delete it before the message body is downloaded to your client. If you want to read your e-mail offline, however, you can optionally download a copy of each IMAP message locally. This is especially handy if you want to respond to e-mail when you're going to be offline for a while. Server-side management vs. client-side IMAP is more versatile than POP3 in other ways as well. For example, you can create any number of server-side hierarchical folders to better organize your e-mail. This is particularly useful for spam filters. Such filters often move suspect mail into special folders, which you can check like any other e-mail folder. Furthermore, IMAP folders can be individually configured, using the proper e-mail client. You might specify which folders the client should poll for new e-mail on a regular basis. Using POP3, you can typically only check your local Inbox folder. IMAP's feature set makes it a perfect solution for people who use multiple PCs and don't want to have to worry about where certain batches of e-mail are located. It's also excellent for mobile users, including Blackberry and PDA users, who like to check e-mail from non-PC clients and keep it all synchronized. When you mark a message as read from one client, it's marked as read on all clients that hit the IMAP server. POP3 still rules the behavior of most downloaders Given these and other advantages, it's unclear why IMAP hasn't unseated POP3 as the dominant e-mail type. We have a few theories. First, many e-mail users are now utilizing Web-based e-mail servers, such as Hotmail and Yahoo Mail. Services with this design are easier for ISPs to host and administer. Webmail is actually pretty convenient, and offers many of the server-side benefits of IMAP. But only some Webmail accounts are accessible via dedicated e-mail clients, which limits their usefulness. Second, corporate users are increasingly turning to Exchange. This program is supported by the world's largest software company, which is more interested in pushing its own proprietary solutions than open standards like IMAP. (Ironically, Exchange does support IMAP, but Exchange is a resource-heavy server with complicated administration requirements). Ways to improve on the IMAP protocol IMAP isn't perfect, of course, and it may require some training if you're used to POP3 e-mail. Our biggest complaint is the "delete" model. When you delete an IMAP-based e-mail with most e-mail clients, the e-mail isn't actually deleted, but is rather marked for deletion. To actually permanently delete, or purge, that e-mail, you'll need to take an extra step. In Outlook, you can permanently delete e-mail that's been marked for deletion by choosing Edit and then Purged Deleted Messages. This may not be obvious to many people. Many e-mail clients, including Outlook and Outlook Express, have IMAP capabilities but support IMAP poorly. As a strong new contender for the e-mail crown, the 1.0 version of Thunderbird, a standalone e-mail client, which offers excellent IMAP support, was recently released by the Mozilla Foundation. A Microsoft developer raves about Thunderbird and Entourage Even Microsoft's Omar Shahine, a lead program manager on the Hotmail Front Door team, recently described Thunderbird as "almost the perfect client for IMAP." He gives Outlook Express a C and Outlook a D+ for their IMAP support. Thunderbird rates a B+, whereas Microsoft's Mac-based e-mail client Entourage — which Shahine himself developed the IMAP support for — not surprisingly rates an A- for that capability. Now that it's finally released, we'll be testing Thunderbird over the coming weeks and publishing our findings. Unless you're using Exchange Server, which offers similar features to IMAP — albeit with heavier system resource requirements and addition collaboration options — you should really look into IMAP. There's little doubt that e-mail is the "killer app" of the Internet. But so many people are hobbled by the limitations of Webmail or POP3 mail that e-mail has become more drudgery than convenience. How to get started with IMAP You can learn more online about the design and goals of IMAP. Some good resources include the IMAP Connection, an excellent introduction to the topic, and Infinite Ink, a site that maintains a gigantic list of IMAP-compatible service providers. To send us more information about IMAP vs. POP3, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You'll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print. ^ RECOMMENDED READING — our book reviews of tech topics 
Point & Click LinuxIf you're stumped for a last-minute Christmas gift for that Windows guru on your list, perhaps he or she would like to wile away a vacation week fantasizing about how easy life would be if everyone ran Linux and had a perfect experience. "Point & Click Linux" includes SimplyMEPIS Linux on a CD-ROM, so any PC that can boot from a CD can run Linux without installing anything to the hard drive. Ah, if life were only this simple... More info: United States / Canada / Elsewhere ^ FORWARDING INSTRUCTIONS — news gains value when it's shared Please share this information with your friends You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/041216. ^ HERE'S A TIP — you'll get a better newsletter if you choose the paid version You're reading the free version of the Windows Secrets Newsletter Subscribers to the paid version receive additional information in each issue. Some of the extras this week are:
At least four times a year, we license a special bonus for our paying subscribers. If you upgrade by Jan. 2, 2005, you're entitled to download two full chapters from Windows XP Home Networking, 2nd Ed., by Windows Secrets associate editor Paul Thurrott (see cover photo, below). 
The two chapters in our bonus PDF e-book are "Sharing an Internet Connection"
and "Wireless Networking." With Microsoft's recent release of Service Pack 2
(SP2) for Windows XP, connection sharing and Wi-Fi support have substantially
changed.Our exclusive e-book excerpt, unavailable from any other source, details everything a home user needs to know about the new Windows behavior. The printed book has a value of $29.99 in the U.S. More info: United States / Canada / Elsewhere Paid subscribers gain access to all past paid newsletter content Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for them at least once every calendar quarter. To upgrade, simply make a contribution of any amount that you choose If you do this by January 12, 2005, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of Windows Secrets, please visit WindowsSecrets.com/upgrade. Thanks in advance. ^ ELECTRONIC BOOKSHELF — new e-books from the editors 
Spam-Proof Your E-Mail AddressThis 27-page e-book by Brian Livingston gives you step-by-step instructions that can eliminate 97% of the spam that would otherwise clog your e-mail account. You could call it "Livingston's Spam Secrets." The PDF-format e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can actually reduce your volume of spam to practically nothing, not just battle an unstoppable and ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info WACKY WEB WEEK — playing for you the Internet's greatest bits 
The best Webcomics of 2004If you're not reading any of the comic strips that are coming out of the Web every day, you're missing some of the funniest, strangest, and most creative illustrated work available. The Webcomics Examiner published on Dec. 13 its list of "The Best Webcomics of 2004," which is a helpful way to narrow down the riot of pictorial story lines to a relative handful. Whether you like your comics in the action-adventure vein, like Athena Voltaire (shown at left), manga-ish, or classically cartoony, you have a lot to choose from here. More info ^ USEFUL LINKS — more stuff that's good to know Hello "Certified Server," Goodbye Spam Have you ever agonized over a seemingly unsolvable problem, only to realize at the last moment that a simple solution was staring you right in the face? Something like that is happening in the battle to eradicate spam. (By Brian Livingston, Datamation) More info MSN Toolbar Suite preview The new MSN Toolbar Suite is quite a bit more accomplished than its predecessor, the MSN Toolbar for Internet Explorer that was first issued in March 2004. The suite offers a number of useful, toolbar-based entry points to both local and Web searching. (By Paul Thurrott, SuperSite for Windows) More info Protect your passwords — part 1 The plunging cost of memory has given rise to a possible solution to the password-recall problem that plagues nearly all computer users. You can now store your user names and passwords on a removable USB Flash drive. All you have to do is remember one code to access all the passwords you've stored. (By Brian Livingston, Datamation) More info ^ ABOUT YOUR SUBSCRIPTION — we're here to serve you The Windows Secrets Newsletter (formerly Woody's Windows Watch and Brian's Buzz on Windows) is published twice a month, except for breaks in August and December. The newsletter is published on the Thursday one week before and one week after Microsoft releases its new Windows patches on the 2nd Tuesday of each month. Publisher: The newsletter publisher is WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston is the co-author of Windows 2000 Secrets, Windows Me Secrets, and eight other books. Associate Editor: Paul Thurrott is the author of Windows XP Home Networking and Great Digital Media with Windows XP and the author or co-author of several other books. Research Director: Vickie Stevens. Program Director: Ian Maddox. Trademarks: "Windows" is a registered trademark of Microsoft Corporation. The "Windows Secrets" series of books is published by Wiley Publishing Inc. "The Windows Secrets Newsletter," "WindowsSecrets.com," "WinFind," "Windows Gizmos," "Index of Reviews," and "Wacky Web Week" are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting WindowsSecrets.com/signup. How to change your delivery address: To change your delivery address, log in at WindowsSecrets.com/prefs/?a=cP. How to change your other preferences: To change from HTML format to a plain-text notification and to set other preferences, log in at WindowsSecrets.com/prefs. How to get subscription help by e-mail (fastest method): Visit WindowsSecrets.com/contact. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours). How to unsubscribe: To unsubscribe from the Windows Secrets Newsletter, • Use this Unsubscribe link; or • Visit WindowsSecrets.com/unsubscribe. All subscribers are covered by our Ironclad Privacy Guarantee: (1) We will never sell, rent, or give away your address to any outside party, ever; (2) We will never send you any unrequested e-mail, besides newsletter updates; and (3) All unsubscribe requests are always honored immediately, period. Privacy policy Copyright © 2004 by WindowsSecrets.com LLC. All rights reserved. ^ |