2006

Yearly Archives: 2006

Date Issue Summaries
2006-12-29 89 Beware of unexpected holiday gifts
- Watch out for end-of-year exploits
  
  Posted on December 29, 2006 by Brian Livingston in Introduction
  
  The week between Christmas and New Year’s Day, when Microsoft and many
  security companies take several days off, is a time when some hackers think they can
  take advantage of the season.
  
  I’m sending out today’s short news update solely to alert you in case some
  threat starts spreading rapidly on the Internet this week.
  Read More »
- Beware of unexpected holiday gifts
  
  Posted on December 29, 2006 by Susan Bradley in Top Story
  
  now you’ve opened your presents and you’re playing with your new tech
  toys — but don’t let the Grinch spoil your holiday season.
  
  Let’s take a quick look at some flaws that Microsoft hasn’t yet patched,
  and which people may use to try to scam you this season.
  Read More »
- = Paid content
2006-11-02 85 LangaList is merging with Windows Secrets
- LangaList joins with Windows Secrets
  
  Posted on November 7, 2006 by Fred Langa in Introduction
  
  Here’s my new look! As I announced in the Oct. 30 issue of the LangaList,
  I’m merging with the Windows Secrets Newsletter to bring you even better
  content. The combined newsletter will reach more than a quarter million
  subscribers. And it gives me access to features that my newsletter didn’t
  previously have.
  Read More »
- LangaList is merging with Windows Secrets
  
  Posted on November 2, 2006 by Brian Livingston in Top Story
  
  I have important news for everyone who uses Windows. The LangaList — a respected e-mail newsletter that’s uncovered the tips and tricks
  of Microsoft’s operating system for nine years — is merging with the
  Windows Secrets Newsletter.
  Read More »
- = Paid content
2006-10-26 85 IE 7 needs tweaking for safety
- IE 7 needs tweaking for safety
  
  Posted on October 26, 2006 by Brian Livingston in Top Story
  
  Microsoft’s new Internet Explorer 7.0 browser, which was released to the
  public last week, includes several security improvements but still has weaknesses
  inherited from IE 6.
  
  I’ll show you an easy way to “harden” IE 7 so you’re protected against
  hacker threats that haven’t even been invented yet.
  Read More »
- Do you have HIPS in your future?
  
  Posted on October 26, 2006 by Ryan Russell in Perimeter Scan
  
  One of the newer buzzphrases in the security industry is Host-based Intrusion
  Prevention System, or HIPS, which is something you may want to look at.
  
  It can be difficult, however, to separate the actual innovation from the
  traditional vendors trying to ride the buzzword wave.
  Read More »
- Top timesaving tips in IE 7 and Firefox 2
  
  Posted on October 26, 2006 by Woody Leonhard in Woody's Windows
  
  With IE 7 out the door and Firefox 2 being released this week, it’s time to retrain
  your fingers and teach those old dogs new tricks.
  
  Check out my favorites — these are the tricks I use every day.
  Read More »
- Old flaws still plague Internet Explorer
  
  Posted on October 26, 2006 by Chris Mosby in Over the Horizon
  
  The Internet is buzzing about the release of Internet Explorer 7. The
  Internet is also buzzing about flaws in IE 7 that are left over from IE 6.
  
  I first wrote about one IE 6 flaw in the
  May
  11, 2006, issue
  of the newsletter — and it still hasn’t been patched yet. I wonder how many other
  holes remain active in Microsoft’s “new” browser?
  Read More »
- Patches have problems as IE 7 seeks deployment
  
  Posted on October 26, 2006 by Susan Bradley in Patch Watch
  
  While everyone was in a tizzy over IE7 hitting the streets, the rest of us
  mortals were still tracking issues with the patches we got earlier this month.
  
  There are times IT folks overreact to technology changes, such as IE 7 —
  but I guess that’s what makes us human.
  Read More »
- = Paid content
2006-10-23 84 Vista changes lock out antivirus makers
- The battle over the Vista kernel
  
  Posted on October 23, 2006 by Brian Livingston in Introduction
  
  I’m publishing a special news update today. Why? Because Microsoft substantially
  changed the debate over the security of Windows Vista just after our
  Oct.
  12 issue appeared.
  Read More »
- Vista changes lock out antivirus makers
  
  Posted on October 23, 2006 by Ryan Russell in Top Story
  
  Microsoft is making
  
  statements claiming it’s going to let security
  vendors such as Symantec and McAfee
  have access to the Vista kernel. I don’t believe it.
  Read More »
- = Paid content
2006-10-12 84 MS OneCare halts flow of antivirus info
- MS OneCare halts flow of antivirus info
  
  Posted on October 12, 2006 by Woody Leonhard in Top Story
  
  When Microsoft
  announced it was entering the antivirus biz, the usual nattering nabobs of
  negativism moaned and groaned about unfair competition and unlevel playing
  fields.
  
  But several recent events seem to confirm the worst: Microsoft may well be using its
  desktop monopoly to trump its AV competitors. What do you think?
  Read More »
- You’ll love IE 7′s tabs or hate ‘em
  
  Posted on October 12, 2006 by Brian Livingston in Hot Tips
  
  Microsoft’s updated browser, Internet Explorer 7.0, is about to go gold and
  the debate about its behavior is just beginning.
  
  Besides IE 7, this week I have readers’ comments on Spy Sweeper, NetChk Protect,
  AVG Antivirus, and how to speed up browsing in the beta of Windows Vista.
  Read More »
- Is Vista locking out security competitors?
  
  Posted on October 12, 2006 by Ryan Russell in Perimeter Scan
  
  Security vendors are complaining about what they call anticompetitive
  features coming up in
  Vista. Are their complaints valid, or are they simply worried about
  competition?.
  
  I also have additional advice for those of you who are still experiencing Java install
  troubles.
  Read More »
- Microsoft skips some critical IE patches
  
  Posted on October 12, 2006 by Chris Mosby in Over the Horizon
  
  The "squeaky wheel gets the grease" seems to be Microsoft’s motto
  lately, as
  several patches for Internet Explorer (and components used IE) were released
  out-of-cycle last month and on this
  week’s Patch Tuesday.
  
  Meanwhile, flaws in IE that are equally severe — but were getting less media
  attention — were left unpatched.
  Read More »
- Goodbye old friends, hello Office patches
  
  Posted on October 12, 2006 by Susan Bradley in Patch Watch
  
  This month, we say a fond farewell to MS support for Windows XP SP1, pay tribute
  to Ray Noorda, and get ready for IE 7.
  
  We also find that the servers at Microsoft Update have taken a page out of Woody
  Leonhard’s "you should wait to patch" handbook and decided
  to make you do just that.
  Read More »
- = Paid content
2006-09-28 83 Readers reveal the secrets of IE 7
- Readers reveal the secrets of IE 7
  
  Posted on September 28, 2006 by Brian Livingston in Top Story
  
  Microsoft’s new browser, Internet Explorer version 7.0, will ship sometime
  soon with updated features and better security — so of course our contributing
  editor Woody Leonhard explained on
  Sept. 14 how to
  prevent version 7 from automatically downloading to your PC.
  
  It’s not that there’s anything wrong with IE 7, mind you. Woody just thinks
  other people, not you, should be the first to get bitten any point-oh bugs.
  Read More »
- Protect yourself before and after patching
  
  Posted on September 28, 2006 by Susan Bradley in Patch Watch
  
  I’m flattered when folks say they don’t patch their systems until they read
  my column, but this
  month I’d rather you read Chris Mosby’s column first.
  
  With all the unpatched issues that arise with IE,
  it’s not enough to be “fully patched” with Microsoft’s latest fix (MS06-055), you also need
  to install workarounds when you hear of them. Fixing recent Microsoft patches —
  for example, the two-week-old MS06-049 — is also essential, as I describe below.
  Read More »
- Keep your PCs running smoothly
  
  Posted on September 28, 2006 by Brian Livingston in Hot Tips
  
  Until we all have Star Trek computers — which operate perfectly on
  incomplete information when the captain simply barks,
  “Speculate!” — staying on top of the latest conflicts is part of
  our jobs.
  
  In today’s column, I bring you the latest on Microsoft’s Live OneCare, concerns
  about wininet.dll, more glitches with the IE 7 beta, and yet another way
  to get around Windows Genuine Advantage.
  Read More »
- Sun plans fixes for Java update problems
  
  Posted on September 28, 2006 by Ryan Russell in Perimeter Scan
  
  My Sept. 14 column on
  the broken Java update process has generated the biggest response I’ve received
  while writing for Windows Secrets.
  
  I’m happy to report that I’ve gained some useful info from Sun about some of the Java issues
  I documented. Read on.
  Read More »
- Phishing filters can hurt your privacy
  
  Posted on September 28, 2006 by Woody Leonhard in Woody's Windows
  
  Internet Explorer 7, due out later this year, sports a new phishing filter
  that effectively blocks bogus sites from tricking you into entering personal information.
  
  One little problem. If you enable the phishing filter, Microsoft keeps
  records about you and every single Web site you visit.
  Read More »
- IE flaws are back in the spotlight
  
  Posted on September 28, 2006 by Chris Mosby in Over the Horizon
  
  It didn’t take long before IE was back in my sights, and as usual the flaws that have come up are serious.
  
  I’m rather tired of Microsoft acting like newfound flaws in IE are no big deal, no matter how
  critical the holes may be. I wish the company
  would quickly admit the problem, take responsibility, and just fix it.
  Read More »
- = Paid content
2006-09-22 82 Workaround needed for IE hole
- Workaround needed for IE hole
  
  Posted on September 22, 2006 by Brian Livingston in Top Story
  
  Microsoft acknowledged this week a new weakness that allows hacked
  Web sites to infect PCs merely displaying specific images in the Internet Explorer
  browser.
  Read More »
- = Paid content
2006-09-14 82 Internet Explorer 7 looms — be prepared
- Internet Explorer 7 looms — be prepared
  
  Posted on September 14, 2006 by Woody Leonhard in Top Story
  
  Long the poster boy of Microsoft complacency, Internet Explorer 6 has finally
  reached the end of the line.
  
  the end of this year, Internet Explorer 7 will be “pushed” onto tens of
  millions of desktops. You’d better be ready.
  Read More »
- Don’t ignore two critical, reissued patches
  
  Posted on September 14, 2006 by Susan Bradley in Patch Watch
  
  I thought all I needed to worry about this Patch Tuesday
  was a Windows patch or two and an Office patch.
  
  But it turns out to be essential that you redo August’s critical Internet Explorer and Server
  Service patches on Windows 2003 and XP SP1.
  Read More »
- Java update process is broken
  
  Posted on September 14, 2006 by Ryan Russell in Perimeter Scan
  
  I’ve been researching some problems with Java updates. It turns out that the
  issues are so extensive that they’re going to take up my
  entire column.
  
  I wrote in my
  Dec. 15, 2005, column
  about some Java update issues. Those don’t even come close to the collection of
  mistakes I’ve just spent an entire evening dealing with.
  Read More »
- How bad are Microsoft’s patch lead times?
  
  Posted on September 14, 2006 by Woody Leonhard in Woody's Windows
  
  How long does it take Microsoft to fix holes in its programs? Three months?
  Six months? Two years?
  
  When a music-file-cracking program called
  FairUse4WM surfaced
  a few weeks ago, Microsoft patched the hole in just nine days. There’s a good reason
  why. Money.
  Read More »
- Yes, Firefox has some flaws, too
  
  Posted on September 14, 2006 by Chris Mosby in Over the Horizon
  
  If you’re a frequent reader of my column, then you know that I usually have
  a lot to say about the security of Microsoft’s Web browser, Internet Explorer. This time, my focus will
  include Mozilla’s
  Firefox.
  
  Even though I still consider Firefox to be a much safer
  browser than IE, I wouldn’t be doing my job if I just ignored
  flaws that affect the Mozilla browser and didn’t report them.
  Read More »
- = Paid content
2006-08-24 81 How fast does Windows Update update?
- Watch for our new logo
  
  Posted on August 24, 2006 by Brian Livingston in Introduction
  
  Our newsletter and Web site will sport a new logo, shown above,
  beginning with our next regular issue on Sept. 14.
  
  We wanted to surprise you, but we figured we’d better give you some warning. We didn’t
  want you to open your e-mail next month and think unknown people were sending you some
  new, weird newsletter. Nope, it’s just the same old weird
  newsletter.
  Read More »
- How fast does Windows Update update?
  
  Posted on August 24, 2006 by Brian Livingston in Top Story
  
  Readers have asked me, “How quickly is my computer protected after Patch
  Tuesday, if I have auto-updates turned on?”
  
  The question arises because most of the patches that Microsoft posted on
  Aug. 8 took a lot longer than
  usual to download. It appears that Windows Update, when configured to
  download and install patches automatically, didn’t start downloading most
  patches until three days after Patch Tuesday. Some PCs didn’t auto-install all
  of the security patches until nine days had passed.
  Read More »
- Be careful what you discover
  
  Posted on August 24, 2006 by Tony Johnston in Wacky Web Week
  
  In a hilarious film short, a prisoner makes a surprising discovery —
  one that may turn out to be life-changing.
  Read More »
- = Paid content
2006-08-10 81 Questions arise on PC World tests
- Questions arise on PC World tests
  
  Posted on August 10, 2006 by Brian Livingston in Top Story
  
  A sweeping review of 10 security suites published in a major computer magazine
  last month featured some very unlikely rankings for this crucial category of products.
  After examining the evidence, I’ve found that some material facts were omitted from
  the article, rendering its ratings useless.
  Read More »
- PowerPoint is still a big security risk
  
  Posted on August 10, 2006 by Chris Mosby in Over the Horizon
  
  Even with a barrage of patches coming out from Microsoft this month, computer
  users are still vulnerable to exploits of PowerPoint.
  
  Microsoft did make an effort to address flaws that are actively being exploited, but
  left others unpatched that could be exploited later.
  Read More »
- Install MS06-040 to avoid the Next Big One
  
  Posted on August 10, 2006 by Susan Bradley in Patch Watch
  
  I feel like telling everyone to print out today’s
  Windows Secrets Newsletter and read it while you’re deploying this month’s patches.
  
  Not only do we have a busy patch month, but the very first patch has many in the
  industry thinking that we might see a full-scale, MSBLAST-like incident again.
  Read More »
- MS software leads to new headaches
  
  Posted on August 10, 2006 by Brian Livingston in Hot Tips
  
  As though we didn’t have enough to worry about with viruses and worms, my
  readers are reporting all kinds of trouble with the IE7 beta, Windows Update,
  and Microsoft’s little-known dumprep.exe program.
  
  I’ll show you how to get over these and other software gotchas in the tips
  below.
  Read More »
- The report from Black Hat and Defcon
  
  Posted on August 10, 2006 by Ryan Russell in Perimeter Scan
  
  I just got back from my annual trip to Las Vegas to attend the Black Hat
  Briefings and Defcon conferences. This is my tenth year in a row for both.
  
  In this relatively small
  amount of space, I can’t possibly cover everything that went on. So I’ll stick
  to the topics that I think are of the most interest to Windows Secrets
  readers.
  Read More »
- The best ways to surf anonymously
  
  Posted on August 10, 2006 by Woody Leonhard in Woody's Windows
  
  "You have zero privacy anyway. Get over it."
  
  Scott McNealy, chairman of Sun Microsystems, uttered those infamous words in
  1999. Incredibly smart people have been working overtime since then to prove him
  wrong.
  Read More »
- = Paid content
2006-07-27 80 Should you use Windows Live Messenger?
- Should you use Windows Live Messenger?
  
  Posted on July 27, 2006 by Woody Leonhard in Top Story
  
  Windows Live Messenger — the successor to MSN Messenger — hit the stands
  a week ago on
  Wednesday. That was version 8.0.0787. Ancient history.
  
  Less than two days later, Microsoft released a new version, 8.0.0792. Hooo boy.
  Here we go again.
  Read More »
- IE bugs not fun for users
  
  Posted on July 27, 2006 by Chris Mosby in Over the Horizon
  
  As I mentioned in my last
  column, the Metasploit project has been holding a
  
  Month of Browser Bugs. Every day, a new vulnerability is published, the
  majority affecting Internet Explorer.
  
  Releasing these flaws may be fun for Metasploit, but it certainly
  isn’t for the rest of us, who are forced to wait
  while Microsoft catches up on its patches.
  Read More »
- Patching isn’t just about Microsoft
  
  Posted on July 27, 2006 by Susan Bradley in Patch Watch
  
  There are products that need major patching this week, but they aren’t all from Microsoft.
  
  We’re so used to Microsoft programs having security implications
  if we don’t patch that we forget the many other software programs that can impact our systems.
  Read More »
- Readers review alternatives to Windows Update
  
  Posted on July 27, 2006 by Brian Livingston in Hot Tips
  
  The shock waves caused Microsoft’s decision to quietly install Windows Genuine
  Advantage through its security update mechanism are still being felt my
  readers.
  
  The marketplace for non-Microsoft antivirus packages, security suites, and the
  like is
  crowded with well-known competitors. contrast, the field of Windows Update alternatives is new and
  the players are little-known. Until more reviews have been published major
  test labs, I’ll keep bringing you my findings and the comments of Windows users
  who are doing their own analyses.
  Read More »
- A bad month for Microsoft products
  
  Posted on July 27, 2006 by Ryan Russell in Perimeter Scan
  
  This is, of course, a Windows-centric newsletter. That means that sometimes it can be
  difficult writing about security issues without picking on Microsoft.
  
  Drive-downloads still mostly affect Internet Explorer, not other browsers,
  and Microsoft Office
  products are showing cracks in the
  foundation.I’ll explain below.
  Read More »
- = Paid content
2006-07-20 79 Shavlik will lift download restrictions
- Shavlik will lift download restrictions
  
  Posted on July 20, 2006 by Brian Livingston in Top Story
  
  I announced in the July 13 newsletter that Shavlik Technologies, a well-known
  patch-management vendor, had released a free and capable
  replacement for Microsoft’s Windows Update (WU) service.
  
  The Shavlik program, known as NetChk Protect, is free for
  up to one year, can remotely update 1 to 10 PCs from a single PC on a network, and
  supports far more programs than Microsoft’s offering does.
  Read More »
- Human space invaders geek the place up
  
  Posted on July 20, 2006 by Tony Johnston in Wacky Web Week
  
  You’ve seen the old Space Invaders arcade game — but have you seen it played
  with live bodies?
  Read More »
- = Paid content
2006-07-13 79 Free Windows Update alternative is released
- Free Windows Update alternative is released
  
  Posted on July 13, 2006 by Brian Livingston in Top Story
  
  In my last issue, I reported that Microsoft’s in-house Windows Update routine
  is now likely to download marketing gimmicks such as Windows Genuine Advantage to your
  PC. I advised all Windows users, other than novices, to turn off Automatic
  Updates.
  Read More »
- Internet Explorer back under the microscope
  
  Posted on July 13, 2006 by Chris Mosby in Over the Horizon
  
  With all of the Microsoft Office
  vulnerabilities that have been popping up lately, I almost missed the discovery
  of more holes in my favorite insecure browser.
  
  With that in mind, let’s jump right in and get started. It looks like Internet
  Explorer needs another good once-over.
  Read More »
- Two patches you should jump on
  
  Posted on July 13, 2006 by Susan Bradley in Patch Watch
  
  If I were a gambler, there are two July 11 announcements (MS06-035 and MS06-036)
  that I’d bet will bite people who fail to patch, generating headlines that you’ll
  start seeing soon.
  
  This month is also our last chance to say goodbye to Windows 98, 98SE, and Me. As of July 11, these Windows versions are no longer supported
  Microsoft.
  Read More »
- Readers write a book on WGA problems
  
  Posted on July 13, 2006 by Brian Livingston in Hot Tips
  
  I can’t remember a time when the newsletter has received more heartfelt tips
  from readers than the controversy of the last two months over Microsoft’s
  automatic downloading of Windows Genuine Advantage, which phoned home every 24
  hours.
  
  More than 300 well-thought-out comments streamed in. We’ll never be able to respond in full to everyone individually, but we hope
  this section will serve to recognize everyone’s help while giving you the useful info you need.
  Read More »
- Live Safety Center: does it work?
  
  Posted on July 13, 2006 by Woody Leonhard in Woody's Windows
  
  My last column explained why Microsoft needs the free Windows Live Safety Center to keep antitrust lawyers off its butt.
  
  A few days ago I tested Windows Live Safety Center on a real zero-day Excel exploit. Does it work? Or is Microsoft blowing smoke? Frankly, I was amazed.
  Read More »
- New-style rootkits are on the horizon
  
  Posted on July 13, 2006 by Ryan Russell in Perimeter Scan
  
  Portions of the security community have been abuzz lately with talk of a
  new rootkit technology dubbed “Blue Pill.”
  
  The name is an obvious Matrix reference, especially given that the same
  researcher named an earlier rootkit detector that she wrote “Red Pill.” The
  latest buzz started with an
  eWeek article
  on her work.
  Read More »
- = Paid content
2006-06-29 78 Dump Windows Update, use alternatives
- Dump Windows Update, use alternatives
  
  Posted on June 29, 2006 by Brian Livingston in Top Story
  
  The Internet interprets Microsoft as damage and routes around it.
  
  My apologies to John Gilmore for tweaking his famous 1993
  
  quote about censorship. But the above statement just happens to sum up the
  alternatives Windows users are adopting ever since Microsoft’s “Windows Genuine
  Advantage” (WGA) debacle.
  Read More »
- Live Safety Center is good and free
  
  Posted on June 29, 2006 by Woody Leonhard in Woody's Windows
  
  When Microsoft first announced Windows Live OneCare, I figured
  Redmond had a lot of cojones to charge consumers for protection against
  flaws in its own products.
  
  In OneCare’s first month, however, it appears to my jaundiced eye that MS has responded
  admirably
  to two real, in-the-wild, zero-day attacks — first in Word, then in Excel — via a little-known
  free service called the Windows Live
  Safety Center. Never heard of it? Read on.
  Read More »
- How to disable unexpected attacks
  
  Posted on June 29, 2006 by Ryan Russell in Perimeter Scan
  
  There are a lot of ways your machines can be attacked. Not all of them are
  via the Internet.
  
  Some attack vectors require physical access, but many others can hit you without
  notice when you do something as simple as accessing an external device.
  Read More »
- Excel flaws pose a triple threat
  
  Posted on June 29, 2006 by Chris Mosby in Over the Horizon
  
  The last few weeks haven’t been good
  for Microsoft Excel. Three serious vulnerabilities affecting the popular
  spreadsheet program have been revealed. Two of these are already being actively exploited in the
  wild.
  
  This is a serious concern, as
  there currently isn’t a patch for any of the three holes. But I’ll arm you with
  workarounds that should keep
  hackers from storming your computer.
  Read More »
- June patches break dial-up scripts, etc.
  
  Posted on June 29, 2006 by Susan Bradley in Patch Watch
  
  With the June patches being so numerous
  this month, even some folks who ordinarily patch quickly are just now getting around to patching.
  
  But with proof-of-concept code and live exploits already on the Net for many of the
  flaws announced on June 13, if you haven’t
  yet updated, now’s the time to test and patch.
  Read More »
- = Paid content
2006-06-15 77 Genuine Advantage is Microsoft spyware
- Genuine Advantage is Microsoft spyware
  
  Posted on June 15, 2006 by Brian Livingston in Top Story
  
  Windows Genuine Advantage — the controversial program Microsoft
  auto-installed as a "critical security update" on many PCs starting on Apr. 25 —
  not only causes problems for many users but has now been proven to send
  personally identifiable information back to Redmond every 24 hours.
  
  This behavior clearly fits any plausible definition of "spyware." Some tech
  writers have said categorizing WGA as spyware is arguable. But I have no
  hesitation in calling the program a security nightmare that Microsoft should
  never have distributed in its present form.
  Read More »
- Just say no to one patch this month
  
  Posted on June 15, 2006 by Susan Bradley in Patch Watch
  
  I believe in patching, sometimes even
  if things get broken — because it points out that the software that broke was
  probably written poorly in the first place.
  
  But this time, there’s one patch I want you to make sure you select not to
  install this month.
  Read More »
- User Account Control: Vista cries, ‘Wolf!’
  
  Posted on June 15, 2006 by Woody Leonhard in Woody's Windows
  
  Windows Vista Beta 2 may be the most-downloaded program in history — but
  heaven help ya if you use it for real work.
  
  Bugs and lock-ups come with the territory
  
  —
  it’s beta software, after all, and you’d be crazy to run Vista Beta 2 on a
  production machine. (Or go crazy trying.) Having spent months struggling with
  various incarnations of the Vista beast, I’m worried about something more
  fundamental than bugs. More insidious. One Vista feature, User Account Control,
  just keeps getting in the way.
  Read More »
- MS updates and a new USB threat
  
  Posted on June 15, 2006 by Ryan Russell in Perimeter Scan
  
  With the large number of Microsoft patches this week, I don’t want you to forget about
  the third-party programs that you and probably all of your users have. These
  apps need
  updates too, and there are some security updates that need to be installed.
  
  I’ve also taken note of what I think is a novel "attack" based on USB
  Flash
  drives. I thought I was too smart to fall for this one, but I was wrong.
  Read More »
- IE patches are close but not complete
  
  Posted on June 15, 2006 by Chris Mosby in Over the Horizon
  
  If you’re like me and the other
  writers of this newsletter, you were probably overwhelmed the number of
  patches Microsoft released on Patch Tuesday.
  Microsoft released yet another cumulative rollup for IE, which fixed eight open holes
  — but once
  again, there are plenty left open to talk about.
  
  I wrote about the last IE patch in my
  Apr. 13th
  column. Comparing that column to what was patched in Tuesday’s release shows
  that only 1 out of the 3 flaws I talked about then have been patched in the latest
  IE rollup.
  Read More »
- = Paid content
2006-05-25 76 To auto-update or not to auto-update
- To auto-update or not to auto-update
  
  Posted on May 25, 2006 by Brian Livingston in Top Story
  
  I published a Woody Leonhard column as the top story
  last issue while I
  was traveling, knowing that he’s opinionated and always gets strong reactions.
  Well, he didn’t disappoint me.
  
  Reacting to several mistakes Microsoft made in its Automatic Updates downloads
  in April, Woody railed against Redmond’s patching strategy, saying, “Windows
  auto-update is for chumps.”
  Read More »
- Recovering from the April patches
  
  Posted on May 25, 2006 by Susan Bradley in Patch Watch
  
  After our battle scars from the April
  patches, Microsoft’s May patches were a bit of a breather for consumers.
  
  While the Exchange patch meant homework for administrators, home users at least
  had a break after the “double patch” bout we had in April. But
  lest you think everything is rosy on the other side of the operating
  system, even Apple folks had to deal with their share of patch pain this month.
  Read More »
- WinXP networking — too much, too little
  
  Posted on May 25, 2006 by Woody Leonhard in Woody's Windows
  
  It was the best of times, it was the worst of times, it was the age of
  wisdom, it was the age of foolishness, it was… Nawww… It was just Windows XP
  playing tricks.
  
  This past week, Windows XP networking surprised me twice. The first shocker
  magically solved a long-standing problem (dare I say a “bug”?) in my office
  peer-to-peer network. The other event scared the, uh, Dickens out of me.
  Read More »
- The exploit market is heating up
  
  Posted on May 25, 2006 by Ryan Russell in Perimeter Scan
  
  There’s more evidence to suggest that vulnerabilities are going back
  underground. Or at least, going to the highest bidder.
  
  I believe
  it’s fortunate that there are a few above-board high bidders that are snapping
  up these exploits and keeping them off the market. Otherwise, I
  think things could be much worse.
  Read More »
- Word zero-day exploit causes concern
  
  Posted on May 25, 2006 by Chris Mosby in Over the Horizon
  
  It used to be
  that the term “zero-day”
  exploit was just a concept that companies like Microsoft treated as a myth. The
  idea of a vulnerability being found in one of their products and the exploit for that vulnerability coming out at the same time is something that no one wanted
  to believe could happen.
  
  Now, however, zero-day exploits do happen — but only sporadically. When
  these exploits do surface, it’s a cause for concern for everyone. There is
  usually no defense against them until they can be understood and patches or
  workarounds can be made available. Such is the case with the Word zero-day
  vulnerability that was discovered recently.
  Read More »
- = Paid content
2006-05-11 75 When Automatic Updates can be harmful
- When Automatic Updates can be harmful
  
  Posted on May 11, 2006 by Woody Leonhard in Top Story
  
  For years I’ve been advising Windows consumers to disable Automatic Updates:
  Keep Microsoft’s mitts off your machine until you’re darn sure the
  proffered patches do more good than harm.
  
  I’ve taken a lot of flak for that heretical stance, vilified for intimating that
  Microsoft’s patching process leaves consumers in the lurch. Bah. Recent events
  have proved my point conclusively: Windows auto-update is for chumps.
  Read More »
- Patch one and find two more
  
  Posted on May 11, 2006 by Chris Mosby in Over the Horizon
  
  That’s the way it seems to go these
  days: Microsoft — or any software vendor for that matter — patches a piece of
  software, and someone goes and finds some other flaw that can be
  exploited. I guess that’s become the price we all have to pay for
  working with technology; we all have to try to be one step ahead of the hackers
  out there.
  
  While Microsoft is no means perfect in the area of security, it is at
  least trying to do better. This has become clear to me after attending the
  Microsoft Management
  Summit a few weeks ago — at the same time as I’ve just start scratching the surface in my
  role as a newly awarded MVP. Don’t think you can get rid of me anytime soon, though; there are still
  plenty of unpatched vulnerabilities out there to tell you about.
  Read More »
- Flash causes headaches for home patchers
  
  Posted on May 11, 2006 by Susan Bradley in Patch Watch
  
  Last month was rough for home patchers — and this month isn’t looking much
  better.
  
  It seems like only a few days ago we were dealing with issues with Outlook
  Express and Windows Shell. Here we are this month with another patch that so far
  looks a bit tricky to get on our boxes, especially for home users without a patch-management adminstrator.
  Read More »
- Some excellent reasons to update Firefox
  
  Posted on May 11, 2006 by Ryan Russell in Perimeter Scan
  
  There are some interesting issues with Firefox this time around.
  
  While they do represent genuine problems with Mozilla’s open-source browser,
  some of the details still make me happy with my decision to recommend
  Firefox.
  Read More »
- = Paid content
2006-04-27 74 April 11 patch re-released with fixes
- April 11 patch re-released with fixes
  
  Posted on April 27, 2006 by Brian Livingston in Top Story
  
  Microsoft re-released on Apr. 25 a security patch that had been issued 14
  days earlier in the company’s monthly Patch Tuesday schedule.
  
  The original version of security bulletin MS06-015 causes problems with Microsoft
  Office and other apps when you try to open or save files in the My Documents
  folder; with Internet Explorer when you type Web addresses into the Address Bar;
  and with an untold number of other programs.
  
  The Redmond company says the problems are being caused older versions of HP
  Share-to-Web software, nVidia graphics drivers, and Kerio Personal Firewall. But
  I believe there may be other conflicts at work, as I discuss below.
  Read More »
- Were you a victim of Patch Tuesday?
  
  Posted on April 27, 2006 by Susan Bradley in Patch Watch
  
  Here I was, looking for fallout from Microsoft’s Eolas/Internet Explorer patch
  – but most of the issues came instead from other patches.
  
  Just like everyone else, I was expecting most of the problems from Patch Tuesday
  would be from 06-013. This is the cumulative Internet Explorer patch, which
  changes the way Active X works. I wasn’t expecting to see issues in the Window
  Shell patch, the Outlook Express patch, nor in OE’s Junk Mail Filter. These
  issues, because they mostly affect consumers, have raised a concern about online
  communities and self-help sites. I think they’re masking the real magnitude of
  issues.
  Read More »
- How to check that sites are safe
  
  Posted on April 27, 2006 by Woody Leonhard in Woody's Windows
  
  I don’t gush over new software very often. Most of what I see looks like
  same-old, same-old, maybe with a burnished bell here or a twisted whistle there.
  
  But I recently found something new — something exciting — on the Web, and it’s
  saved my tail a couple of times. If you haven’t seen SiteAdvisor, you should
  look. If you don’t use SiteAdvisor, you should try.
  Read More »
- There they go again — slipstreaming patches
  
  Posted on April 27, 2006 by Ryan Russell in Perimeter Scan
  
  For as long as people have been finding security vulnerabilities, software
  vendors have been trying to "slipstream" security fixes. What’s surprised me in
  the past few weeks is that a couple of big vendors have admitted to it and are
  trying to justify the practice.
  Read More »
- Deeper problems emerge with April patches
  
  Posted on April 27, 2006 by Brian Livingston in Hot Tips
  
  As you’ve seen in the top story in this issue, the patches Microsoft
  released via its regular Patch Tuesday schedule on April 11 caused serious grief
  for many people. Unfortunately, I believe there are still other software conflicts
  that Microsoft hasn’t yet confirmed.
  
  I’ve seen reports of problems with AOL, the Windows version of iTunes, and other
  popular software — all related somehow to the April 11 patches.
  Read More »
- = Paid content
2006-04-13 73 More ways to use disposable addresses
- More ways to use disposable addresses
  
  Posted on April 13, 2006 by Brian Livingston in Top Story
  
  I described in the
  Mar. 30
  newsletter how to use "disposable" e-mail addresses. These are
  unique addresses that you give to Web sites and other
  people who want to send you mail. If they happen to reveal your address to spammers,
  you simply turn off that one address rather than trying to filter out a wave
  of spam.
  
  My readers, it turns out, have a lot of ideas about using disposable addresses.
  Follow along with me as we hear about some great tricks, many of which cost little
  or nothing.
  Read More »
- Fix Outlook daylight savings time headaches
  
  Posted on April 13, 2006 by Brian Livingston in Hot Tips
  
  It’s amazing how Microsoft finds ways to get us to spend a little extra time
  with Windows now and then. If it isn’t a patch we have to install, it’s a
  workaround for the change to daylight savings time.
  
  Susan Bradley provided some good tips on dealing with DST pains-in-the-butt in her
  Mar. 30, 2006,
  column.
  
  Apparently, that wasn’t the end of it. Follow along as my readers provide tips
  on this and other topics from the last issue.
  
  Read More »
- Internet Explorer still has holes left
  
  Posted on April 13, 2006 by Chris Mosby in Over the Horizon
  
  Microsoft did a pretty good job of patching
  some serious security holes in Internet Explorer with the release of
  
  MS06-013 on Patch Tuesday. (See Susan’s Patch Watch column,
  below.) It’s been a while since I’ve seen that many security fixes in an IE patch.
  If it weren’t for the file size, I’d almost think this was a service pack.
  
  While Microsoft eliminated some serious holes this
  month, the job is far from done. There are several older IE holes that are yet
  to be taken care of.
  Read More »
- April showers bring April patches
  
  Posted on April 13, 2006 by Susan Bradley in Patch Watch
  
  The Pacific Coast has been showered on
  this week and now we’re being showered with security patches.
  
  While the total number of security patches is not that large, it’s still a bit
  of a downpour. This
  month’s patch release includes not only a cumulative Internet Explorer patch,
  but a change in browser behavior due to a patent dispute.
  Read More »
- Pinning a tail on the Start menu donkey
  
  Posted on April 13, 2006 by Woody Leonhard in Woody's Windows
  
  You’re a savvy Windows XP insider. You already know that you can pin programs
  on the Start menu. Cool. Hanging your most-used programs on Start makes
  it easy to get them cranked up, even when you’re bleary-eyed and blue-toothed,
  and your mouse has a mind of its own.
  
  But did you know that you can also pin folders, files, documents —
  even Web pages — to the Start menu? Check out these tricks to
  make the most of that prime piece of real estate.
  Read More »
- Do virtual machines make you safe?
  
  Posted on April 13, 2006 by Ryan Russell in Perimeter Scan
  
  I’ve been thinking a lot this week about virtual machine technology. I
  have to admit it’s because of the Mac. As you’re no doubt aware, the new Apple
  Macs have Intel x86-family processors. This makes them, just about any
  measure, PCs.
  
  It’s not just the CPU, but also the chipset. Apple is using an Intel
  chipset, like almost every motherboard vendor who makes Intel-compatible motherboards. That’s not to take any style points away from Apple;
  they still win big in that area. It’s not like Apple is shipping putty-colored
  plain boxes all of a sudden.
  Read More »
- = Paid content
2006-03-30 72 Get a disposable e-mail address
- Get a disposable e-mail address
  
  Posted on March 30, 2006 by Brian Livingston in Top Story
  
  Every time you give out your e-mail address, you take a risk that your address will
  get on spammers’ lists and you’ll be bombarded with junk mail.
  
  As a test (which I’ll describe in my
  Datamation column in a few weeks), I entered an e-mail address into a signup box at one of
  those “get a free laptop” promotional sites. In less than six weeks, the address
  I provided was hit with more than 1,000 junk messages — over 23 per day — and they
  show no sign of slowing down.
  Read More »
- Unsafe at any speed?
  
  Posted on March 30, 2006 by Ryan Russell in Perimeter Scan
  
  Are you an Internet Explorer user? that I mean, do you use it for your
  daily Web browsing? I like Internet Explorer, I think it’s a very capable
  browser. But, as you are probably aware, there seem to be some safety issues.
  What do you do when there’s blood on the information superhighway?
  
  Alright, I’ll stop with the car analogies. But I do want to discuss what
  to do, now that it looks like we’re in for a long road of unpatched IE
  vulnerabilities. This last week, two unpatched IE vulnerabilities were published.
  And at least one of them has been proven to be highly exploitable.
  Read More »
- Internet Explorer has triple security threat
  
  Posted on March 30, 2006 by Chris Mosby in Over the Horizon
  
  This month has been pretty rough on the people at the Microsoft
  Security Response Center (MSRC). There’ve been three new vulnerabilities
  discovered for my favorite insecure browser — Internet Explorer —
  in just the last two weeks.
  
  Of those three vulnerabilities, one will cause IE to crash at worst. But the others
  are severe enough to allow infected code to run that could very well take over
  your computer. Here we go again. The race for a patch begins.
  Read More »
- Gentlemen, and women too, start your testing
  
  Posted on March 30, 2006 by Susan Bradley in Patch Watch
  
  Normally before there’s a patch, we don’t get quite the advance notice that we did this time. An Internet Explorer
  upgrade is coming that can impact your
  Web-based applications. You need to know now how this may affect you, well before Microsoft
  releases the patch on Apr. 11.
  
  Why is this patch different? Because it’s not a security patch — it’s a
  reaction to a patent lawsuit.
  Read More »
- Changing registered owner in Windows and Office
  
  Posted on March 30, 2006 by Woody Leonhard in Woody's Windows
  
  Does Office think your name is “Satisfied Dell Customer”? When you install
  new programs, do they want to send a confirmation e-mail to “OEM User”?
  
  Or — raise your hand if this sounds familiar — when you first installed
  Windows, did you misspell your own name? Hey, it’s happened to me. More than
  once. If you’ve ever wanted to turn back the clock and tell Windows or Office
  that the name or organization permanently emblazoned in your PC’s memory is all
  wet, this secret’s for you.
  Read More »
- = Paid content
2006-03-16 71 Readers respond on controlling reboots
- Readers respond on controlling reboots
  
  Posted on March 16, 2006 by Brian Livingston in Top Story
  
  Patching Windows is good, and rebooting right after you’ve patched is good,
  too. But if you’re right in the middle of something, seeing Windows reboot
  when you didn’t expect it can be very bad.
  Read More »
- Vista 5308: through a glass, darkly
  
  Posted on March 16, 2006 by Woody Leonhard in Woody's Windows
  
  I’ve spent most of the past
  three weeks slogging through the “February
  Community Technology Preview” of the next version of Windows — Vista Build
  5308, to the tech-savvy.
  
  For the first time in a very, very long time, I’m excited about a new product
  from Microsoft. Vista holds tremendous promise. Whether the final product will
  live up to the promise, though, is anyone’s guess.
  Read More »
- Perfect your patch process
  
  Posted on March 16, 2006 by Ryan Russell in Perimeter Scan
  
  If you’re responsible for more computers
  than you can personally lay hands
  on in a short period of time, then you probably have a patching
  process that includes some kind of cost/benefit analysis. This doesn’t
  necessarily require a spreadsheet with salaries and downtime costs.
  It can be as simple as answering the question, “How much trouble am I in if I crash
  the server in the middle of the day?”
  
  The answer to that last question is probably, “I guess I’ll be staying late,
  and applying the patches after everyone goes home.
  
  That’s a perfectly acceptable strategy — if you can get all the
  machines done manually in a reasonable amount of time. But it doesn’t scale well
  at all.
  
  I’d like to present some tips that I’ve learned to make your life
  easier when dealing with patches and updates. Most of these tips come from my
  co-moderation of the patchmanagement.org
  mailing lists, and my job at BigFix, a company that sells a patch-management product.
  Read More »
- Windows flaws from server to client
  
  Posted on March 16, 2006 by Chris Mosby in Over the Horizon
  
  We all know that using a computer is a dangerous business these days. Design flaws and vulnerabilities can come from anywhere, from any server, all the way down to the client accessing it — and everywhere in-between.
  
  The best we can do these days is to be aware of what is out there, protect your
  computer as best you can, and practice safe computing practices. The only thing
  else you can do is hope that a hacker doesn’t think you’re a tempting target.
  Read More »
- More than just two patches this week
  
  Posted on March 16, 2006 by Susan Bradley in Patch Watch
  
  The bulletins came to my inbox. Two patches. One for Office, one for DACLs.
  (What’s a DACL?) But that isn’t all. Microsoft Update has a few more patches it wants me to
  install.
  
  In addition to the ever-present Windows Malicious Software Removal Tool for
  March (KB
  890830),
  and the monthly update for the Outlook 2003 Junk E-Mail
  Filter (KB
  913161), we have a few other patches in Microsoft Update’s “high
  priority patches” list. It reminds me that it’s not just security patches
  that are up there in the top section.
  Read More »
- = Paid content
2006-03-02 70 Stop Windows’ 10-minute reboot reminders
- Stop Windows’ 10-minute reboot reminders
  
  Posted on March 2, 2006 by Brian Livingston in Top Story
  
  A raging controversy over whether Windows patches ever reboot a PC without
  permission has been solved. Reboots can happen when you’re not expecting
  it — but you can minimize the problem or eliminate it entirely.
  
  This subject sparked a debate when reader Evan Katz wrote in to ask whether
  Microsoft patches had started rebooting Windows automatically, even when the
  Automatic Updates control panel is configured to notify the user of downloads
  instead of installing them without notice. His comments were printed in the paid
  version of our Dec. 15, 2005,
  newsletter.
  Read More »
- Has Microsoft’s patching earned your trust?
  
  Posted on March 2, 2006 by Susan Bradley in Patch Watch
  
  With the patch issues that arose last week, and folks asking if Microsoft
  tests patches before releasing them, it reminds us that Redmond still has a
  long way to go in the trust department.
  
  But Redmond wasn’t the only one with vulnerability and software issues this time
  around. Apple has joined in the browser vulnerability battle with its Safari browser this
  week. Sophos didn’t help much with its software giving off false positives.
  It’s been more of a battle to clean up after our security tools than it was to
  deal with patching issues this month.
  Read More »
- My list of must-have Windows utilities
  
  Posted on March 2, 2006 by Woody Leonhard in Woody's Windows
  
  I’ve seen (and reviewed) enough Windows XP utilities to bust a billion
  bottomless bit buckets. The world’s full of ‘em.
  
  But when a good friend recently asked, “What utilities do you really
  use, Woody?”, I had to stop for a while and think. You see, truth be told,
  I keep very few utilities on my main machine. Too much
  headache. Too little benefit. Hard to keep them all straight.
  Read More »
- Exploiting the discovery of exploits
  
  Posted on March 2, 2006 by Ryan Russell in Perimeter Scan
  
  What’s the exploit you’ve found worth?
  
  Have you ever stumbled across a security problem in a major software vendor’s
  product? You weren’t just going to tell them for free, were you?
  Read More »
- More flaws emerge in Internet Explorer
  
  Posted on March 2, 2006 by Chris Mosby in Over the Horizon
  
  In this column, I once again tackle security in Microsoft’s Internet
  Explorer browser.
  
  It never ceases to amaze me how Microsoft praises the security of its flagship
  browser, while at the same time ignoring obvious flaws that go unpatched.
  
  Read More »
- = Paid content
2006-02-16 69 Readers respond on Deep Six spamwall
- Readers respond on Deep Six spamwall
  
  Posted on February 16, 2006 by Brian Livingston in Top Story
  
  Our tests of antispam appliances in the
  Jan. 26 newsletter made a definite impression on our readers. The article received
  a reader rating of 4.15
  out of a possible 5,
  our highest-rated article so far (well, in all two of the issues that’ve
  supported reader
  ratings to date). And several subscribers
  sent us their own results from testing the least-expensive appliance in our
  review: the Deep Six Technologies DS200 Spamwall, which we found to be highly effective.
  Read More »
- I’m a little 0×80242006 today
  
  Posted on February 16, 2006 by Susan Bradley in Patch Watch
  
  The date on the calendar as Microsoft’s patches came out this week said St. Valentine’s
  Day, the day for love and romance. But if you’re a patchaholic like me, a guy
  who offered to patch my computers for me would be even more romantic than roses
  and chocolate.
  
  Especially in a week like this, when he’d have to use some extra manual labor
  to get my machines fully patched.
  Read More »
- How to restore with confidence
  
  Posted on February 16, 2006 by Woody Leonhard in Woody's Windows
  
  Windows XP’s System Restore can save your bacon. But it wallows in disk space
  like a hog.
  
  If you understand the secrets of System Restore, you can save yourself untold
  headaches when things inevitably go bump in the night. And you can reclaim a few
  zillion megabytes of pure Windows pork while you’re at it.
  Read More »
- Judging third-party patch practices
  
  Posted on February 16, 2006 by Ryan Russell in Perimeter Scan
  
  What does a vendor’s patch-release schedule tell you?
  
  Have you thought much about how and when your software providers release their
  patches? Are patches provided in a convenient format for centralized updates? Do
  patches take years, months, or only weeks to deliver? If you’re paying attention,
  this will help your security stance in the future.
  Read More »
- Unpatched flaws threaten Windows users
  
  Posted on February 16, 2006 by Chris Mosby in Over the Horizon
  
  Microsoft didn’t have a very good Valentine’s Day this week.
  
  Even after releasing seven patches for various security vulnerabilities this
  month, Microsoft still has plenty of flaws that the company could profitably spend
  some time fixing.
  Read More »
- = Paid content
2006-01-26 68 Connection scoring beats spam filtering
- Connection scoring beats spam filtering
  
  Posted on January 26, 2006 by Brian Livingston in Top Story
  
  A simple device that prevents spammers from delivering junk to your mail server
  outperforms complex spam filtering appliances costing up to seven times as much,
  according to tests the Windows Secrets Newsletter.
  
  If your company is suffering from onslaughts of spam, our tests indicate that this new approach
  can halt more than 99% of your unwanted flow without blocking legitimate e-mail. Best of all,
  the new technology does this without creating a large “quarantine” of suspected spam that you or
  your employees must manually comb through.
  Read More »
- Wireless ‘flaw’ could leave computers open
  
  Posted on January 26, 2006 by Chris Mosby in Over the Horizon
  
  There’s been a lot of talk about the Windows Wi-Fi “flaw” that was revealed recently.
  
  Some security professionals call it a high-risk vulnerability. Meanwhile, Microsoft
  and other security professionals call it a feature — one that can only be exploited under
  the right circumstances. Let’s take a closer look, so you can be the judge.
  Read More »
- When does ‘not critical’ mean ‘critical’?
  
  Posted on January 26, 2006 by Susan Bradley in Patch Watch
  
  You are at risk. No, seriously. Every time you turn on any kind of
  technology, you turn on risk.
  
  The question for today is this: Exactly how do you know what risk you are taking when
  you use that technology? Some argue that “old code” is secure code, under the
  assumption that the older the code, the more “eyes” have
  reviewed it. But is that true? Let’s revisit the Windows Metafile issue with
  this in mind, shall we?
  Read More »
- How to slim down your porky pics
  
  Posted on January 26, 2006 by Woody Leonhard in Woody's Windows
  
  Those 8-megapixel cameras take great pictures, don’t they? Faaaaaaat. In
  more ways than one.
  
  The top complaint I’ve heard since the holidays has nothing to do with
  rootkits, WMF files, or patches of patches. Nope. The people I know who scream
  the loudest got expensive new cameras, and they’ve learned that they can’t do
  much with their pictures.
  Read More »
- When is a flaw really a back door?
  
  Posted on January 26, 2006 by Ryan Russell in Perimeter Scan
  
  How quickly do your vendors release patches? If they take 15 years, does that
  mean the problem was an intentional backdoor?
  
  There are, to be sure, some still-outstanding questions regarding how the now-infamous Windows
  Metafile flaw affects the Windown 9x/Me platform (as discussed my fellow columnist, Susan).
  One bit of controversy that arose over this problem since our last newsletter deserves
  clarification here.
  Read More »
- = Paid content
2006-01-12 67 WMF hole still reverbrates with users
- WMF hole still reverbrates with users
  
  Posted on January 12, 2006 by Brian Livingston in Top Story
  
  What a way to start the year! The now-well-known WMF vulnerability, which allows an infected
  image to silently take over your PC, was first publicized just before New Year’s
  Eve. It resulted in a frantic week for Microsoft and millions of Windows
  users who wanted to protect themselves.
  
  I considered the risk of infection from hacked Windows metafiles (.wmf
  files) to be so dire that I published an unprecedented
  two news updates in the same week. (In the past 12 months, I’d felt the need to
  release only 5 news updates.)
  Read More »
- New Year brings new security woes
  
  Posted on January 12, 2006 by Chris Mosby in Over the Horizon
  
  The year 2006 started with a bang for security professionals as we scrambled
  to deploy patches for zero-day exploits.
  
  Even as old security holes were closed software vendors, more holes were
  discovered with exploits-to-go. They seem to be arriving at an ever-increasing rate.
  Read More »
- Malicious pictures, fonts, and attachments
  
  Posted on January 12, 2006 by Susan Bradley in Patch Watch
  
  The ball dropped in New York, ushering in the New Year. But we network admins
  were scrambling because of a zero-day
  exploit for which no patch was available, other than hoping our antivirus
  vendors would catch it.
  
  Little did we know at that time that the ‘bug’ was perhaps a wakeup call for us
  to have
  better procedures to handle a zero-day event in the future (as InfoWorld’s Roger
  Grimes
  
  reports).
  Read More »
- How to protect yourself against autoplay discs
  
  Posted on January 12, 2006 by Woody Leonhard in Woody's Windows
  
  If your holiday season was anything like mine, you probably received a fair amount of
  software, either off the shelf, or bundled with a new PC. Seems that CDs have replaced
  silk ties as the gift of choice when trying to buy for someone who has
  everything.
  
  But CDs and DVDs today can hold dangers that you should avoid. Let’s look at how
  one simple change can make you immune to those headaches.
  Read More »
- MS patch doesn’t end WMF issues
  
  Posted on January 12, 2006 by Ryan Russell in Perimeter Scan
  
  When there’s blood in the water, don’t go swimming. I hope you didn’t think we were all done with our WMF problems.
  
  I’m not going to go over all the details of the WMF vulnerability and patch here.
  My fellow columnists have that well covered. I do wish to point out that it’s
  an important example of what the patch lifecycle now looks like for a special
  case.
  Read More »
- = Paid content
2006-01-06 66 Install Microsoft’s WMF patch
- Install Microsoft’s WMF patch
  
  Posted on January 6, 2006 by Brian Livingston in Top Story
  
  Microsoft released on Jan. 5 an emergency patch, named MS06-001, which corrects
  Windows’ so-called WMF (Windows metafile) vulnerability. A WMF exploit can silently infect
  a PC when it merely displays an image in any browser, instant
  messaging, P2P, e-mail, or in a directory listing in Windows Explorer; when
  desktop-search applications index an infected image file; and in other ways.
  
  I published a special
  news update earlier
  in the week urging readers to install an unofficial patch for this problem. This
  workaround was also strongly recommended F-Secure, the SANS Institute’s Internet Storm
  Center (ISC), and several other security sites.
  Read More »
- = Paid content
2006-01-04 66 Windows metafile hole requires unofficial patch
- Windows metafile hole requires unofficial patch
  
  Posted on January 4, 2006 by Brian Livingston in Top Story
  
  A weakness in the way Windows renders images is being
  exploited on the Internet and affects any browser you may be using, not just
  Internet Explorer.
  
  Microsoft has no patch for the problem at this writing. An official patch may
  appear at any time, or it may take days or weeks. I recommend that you
  immediately run a small,
  unofficial patch that was developed white-hat security researchers to make
  your PCs immune to the problem.
  Read More »
- = Paid content

Yearly Archives: 2006

Top-scoring articles in the past 12 months