|
|
INTRODUCTION — news about your newsletter
Major improvements are coming to Brian's Buzz on Windows
I think
you'll be pleased to read the announcements I'll be making in the next issue of
this newsletter. Thanks to my readers' generous contributions, major names in
Windows expertise will be joining me to bring you new and improved content. And
I'll be able to unveil a much stronger search-engine technology for
WinFind, my
free service that unearths Windows tips and tricks for you in respected
high-techn Web sites.
IMPORTANT: Please add our new "From" address to your whitelist
These developments will require one small adjustment on your part. My improved
publishing system will e-mail the newsletter to you using a new
"From" address. Your e-mail system will need to recognize this address so
the newsletter isn't deleted by "junk mail" filters.
To make sure you receive the next newsletter, you must add this new e-mail
address to your e-mail program's Address Book and any
"whitelist" or "approved senders list" it uses:
|
|
You'll receive the next newsletter on July 8, not July 1
I'm concerned about the speed with which computer worms are taking advantage
of new security weaknesses that are announced by Microsoft. In some cases,
a hacker's exploit has appeared "in the wild" within 30 days.
Last November, the Redmond software giant began routinely releasing its
announcements and the related patches (if any)
on the 2nd Tuesday of each month. In the past, I published
Brian's Buzz twice a month and then switched it to every two weeks on
alternating Thursdays. But this every-two-weeks schedule
means that now the newsletter sometimes comes out only two days
after an announcement (too soon for me to analyze a new patch) and
then 16 days after the announcement (too long for you to wait for advice
on whether installing the patch would cause other problems).
For this reason, I'm changing my publication schedule back to twice a
month — on the Thursday the week before Microsoft's
announcement and the Thursday the week after. This means a newsletter will
always come out within nine days after the company's scheduled announcement of
new security weaknesses. (Additionally, I'll publish a special "newsletter update" if an
urgent problem suddenly requires your attention.)
The next two issues of Brian's Buzz, therefore, won't be e-mailed to you on
July 1 and 15 but on July 8 and 22.
I appreciate your understanding as all of the above changes are implemented.
I look forward to your feedback as the improvements I've worked on during the
past several months are revealed to you in the next two issues. Stay tuned,
and thanks for your support. —Brian Livingston
TOP STORY — info you need to make Windows work
The promise of XP Service Pack 2
By Brian Livingston
After many agonizing months of development, Microsoft issued on
June 14 its Release Candidate 2 of the major new upgrade, Service Pack 2 (SP2)
for Windows XP. As a "release candidate," the update is not yet a
supported package that can be installed en masse by Windows users.
(For one thing, it's never recommended that you install the final software
over a release candidate, even if there's an uninstall feature for the
beta version.) But it's getting very close to the "gold" version of the
software that Microsoft will soon be urging all XP users to install.
Many observers have commented that XP SP2 isn't really an upgrade to the
operating system. It's more like an entirely new version of Windows, which
Microsoft is giving away free in order to squelch Internet viruses and worms
that otherwise would continue to erode support for its cash cow.
In this sense, an update from Windows XP to XP SP2 is on the order of the
upgrade from Windows 98 to Windows Me. The new operating system almost deserves
its own new name. Instead of XP, perhaps we should bump the name up in the
alphabet one letter and call the result Y-Me ("why me?").
But in an important way, XP SP2 will be a much bigger shift than the one
from Windows 98 to Me. Microsoft has finally gotten really tired of being
the butt of jokes for the almost-weekly new attacks launched on its products
by teenagers. So the Redmond company has decided to break some significant
behaviors that Windows users have come to rely upon.
As regular readers know, I'm not one to delve into the features of "vaporware"
that you can't buy and use, such as most beta versions of programs. I prefer
to wait until you can actually put a product to work. At that point, it's
fair game to be analyzed and its secrets revealed to a worldwide audience.
XP SP2, however, is worth looking at well before it comes out. If you
haven't downloaded and tested a previous release candidate of SP2 on a
sacrificial PC, there's still time. Microsoft has scrapped its previous
confidence that the final release of SP2 will become available by late
July, according to an eWeek
article. That means it might make an appearance
by the end of July, but it's more likely to age in Microosft's oaken barrels
until August, September, or even later.
I'll write more about XP SP2 in future issues of Brian's Buzz as the upgrade
gets closer to final distribution and, of course, as soon as millions of XP
users are actually installing it and learning about its quirks.
But in the meantime, XP SP2 will change so many relationships between Windows,
third-party applications, and the Internet that you should know about (and
start considering your response to) at least the following concerns:
Web sites need to check their technology
SP2 will include a new version of Internet Explorer. The new IE will
include some of the security limitations of the browser found in Windows
Server 2003, although not as many user restrictions. The new browser,
however, will block ActiveX controls, downloadable add-ins, pop-up
windows, and other features commonly used in many Web sites. If you or
your company maintain a site, you owe it to yourself to check Microsoft's
list of changes and adjust your technology accordingly.
More info
SQL Server and other MS apps require changes
Microsoft warns that its SQL Server 2000 database package and many other
similar programs that are accessed across a network will have problems in
certain cases. The biggest change is that SP2's "Internet Firewall" will
be turned on by default and may block users. This affects not just SQL Server
but also MSDE (Microsoft SQL Server Desktop Engine), which is used by Visio,
SharePoint Team Services, and numerous other applications. The Redmond
company describes several workarounds for this in its FAQ, "How Windows XP
Service Pack 2 (SP2) Affects SQL Server and MSDE," dated May 24.
More info
That's just the beginning...
There are far too many changes wrought by XP SP2 to even start to list them
here. For its part, Microsoft has already documented the known issues
in an 8-part document, "Changes to Functionality in Microsoft Windows XP
Service Pack 2." If you support Windows XP in your business or home,
at least perusing this explanation of the issues will give you a
heads-up — before you're forced to learn about them the hard way.
More info
XP SP2 holds out the promise to Windows users that their PCs will be
safer against Internet break-ins, without so much urgency about installing
patches for individual threats. But this promised land won't come without a
cost. As soon as SP2 is released, we'll all inevitably learn about
side-effects and gotchas that hadn't previously been well publicized.
To obtain RC2 of XP SP2, and for more information about its behavior,
visit Microsoft's
Windows XP home page.
Finally, for really, really exhaustive details on the beta stages of XP SP2 and
the upgrade's potential impacts on users, Neowin.net has posted a gigantic
list of articles and discussion-forum threads on the subject.
More info
To send me more information about XP SP2, or to send me a tip on any other
subject, visit
WindowsSecrets.com/contact. You'll receive a gift certificate for a book,
CD, or DVD of your choice if you send me a comment that I print.
RECOMMENDED READING — my book reviews of tech topics
Microsoft Windows Server 2003 Administrator's Companion
Good books on Microsoft's Windows Server 2003 product have been arriving for
months. Sharon Crawford, Charlie Russel, and Jason Gerend are the co-authors of
this tome, which was released last year by Microsoft Press and is still
one of the standards. It doesn't cover 2003's Web Edition or Small Business
Server (SBS), but the latter subject is handled in the book below. For
those who are facing Windows 2003 (or will face it soon), a massive 1,632
pages of material is offered up here for you.
More info:
United States /
Canada /
Elsewhere
Microsoft Windows Small Business Server 2003 Administrator's Companion
SBS 2003, the subject of the
Jan. 29 and
Feb. 12 issues
of Brian's Buzz, is the focus of this new book by the same three writers
as the volume above. If you're now running SBS or considering it, you're
probably better off starting with this book rather than the co-authors'
earlier work on Server 2003 itself.
More info:
United States /
Canada /
Elsewhere
Search Engine Optimization For Dummies
The Dummies series has finally got around to releasing a book on how to
set up your Web site to make it rank well in search engines. Although this
book, by SEO consultant Peter Kent, doesn't include all the latest tweaks
in Google's algorithm (covered in the Apr. 8 issue of Brian's Buzz), that's not a real complaint.
Bound books aren't expected to be up-to-the-minute, they're expected to teach
you the basics, and SEO for Dummies certainly does that.
More info:
United States /
Canada /
Elsewhere
FORWARDING INSTRUCTIONS — news gains value when
it's shared
Please share this information with your friends
You're encouraged to refer your friends and colleagues to this free
newsletter. Because most e-mail programs don't correctly display a formatted
message that's been forwarded, simply call people's attention to
the permanent Web address of this issue:
BriansBuzz.com/w/040617.
HERE'S A TIP — you'll get a better newsletter if you choose the
paid version
You're reading the free version of Brian's Buzz on Windows
Subscribers to the paid version receive additional information in each issue.
Some of the extras this week are:
- SPECIAL REPORT: Web sites infect IE, no patch yet.
A new menace, called the I-Lookup vulnerability, allows a Web site to
silently infect your PC with malware when you merely visit. Microsoft
doesn't have a patch at this writing, but I'll show you ways to make
yourself immune to the hole.
- DirectX poses a moderate security threat.
Microsoft has announced a patch for a denial-of-service attack that can
crash an application on a PC when it's running a game. That's not a huge
problem, so I recommend that you not install the patch but
instead use my workaround.
- Crystal Reports gives hackers remote file access.
Even though Microsoft doesn't make Crystal Reports, the Redmond company is
distributing needed patches to close security holes in the third-party software, some
which is a component of several Microsoft applications. I tell you whether you
need the patch and, if so, why you should install it as soon as possible.
- How Microsoft lost the API war.
A software developer reveals a little-known battle between two camps
within Microsoft — and the fact that one side has won big-time.
Unfortunately, it's the wrong side. An essential read.
Paid subscribers are also entitled to freely download valuable, content that I
license for them at least once every calendar quarter. And you can immediately
view and search all past paid newsletter content.
To upgrade, simply make a contribution of any amount that you choose.
If you do this by July 7, 2004, you'll instantly be sent the full, paid version of
this week's newsletter.
To upgrade to the paid version, please visit
WindowsSecrets.com/upgrade.
Thanks in advance.
BRIAN'S BOOKSHELF — new e-books from the author
Spam-Proof Your E-Mail Address
This 27-page e-book in PDF format gives you step-by-step instructions
that can eliminate 97% of the spam that would otherwise clog your e-mail
account. You could call it "Brian Livingston's Spam Secrets." The book
is the result of months of experiments and tests I conducted, and I now
receive little or no spam to the addresses I used as guinea pigs. These tests
show that you can actually reduce your volume of spam to practically nothing,
not just battle an unstoppable and ever-growing flood. The methods I describe
work with Windows, Apple, and Linux and don't require any filters or block
lists — but you can use those in addition to the book's techniques, if you wish.
More info
WACKY WEB WEEK — playing for you the Internet's greatest bits
USDA classifies frozen French fries as fresh vegetables
Wait! Don't dump that fast food! You can now eat French fries without
guilt because the U.S. Dept. of Agriculture classifies them as "fresh
vegetables" — and the government agency is winning court decisions when
the idea is challenged.
"As bizarre as it may sound, a federal judge in Texas last week endorsed the
USDA's rules in a court case, saying the term 'fresh vegetables' was ambiguous,"
writes the Sun-Sentinel, a Florida newspaper.
"The USDA quietly changed the regulations last year at the behest of the
french fry industry, which has spent the past five decades pushing for a
revision to the Perishable Agricultural Commodities Act (PACA). The law
was passed by Congress in 1930 to protect fruit and vegetable farmers."
Wait! It gets even better! Chocolate-covered cherries may now qualify as fresh
fruit (seriously)...
More info
USEFUL LINKS — more stuff that's good to know
In this section, I provide links to columns I've published recently that you
might find useful.
Datamation: Immunize your servers against attack
A security company is shipping a new software release that it claims will better
protect your servers against hacker attacks — whether or not you've
installed the latest patches from Microsoft.
More info
PC Magazine: Spam-proof your e-mail address
Professional spammers constantly scan the Web using high-speed programs known as
harvesters to capture visible e-mail addresses. But if you use the right
methods, you can let people know how to get in touch with you — and still
keep spammers from harvesting your address.
More info
Datamation: Has Julian Haight gone straight?
One of the most famous, or infamous, groups that try to "block" spam-sending
servers is SpamCop.net, directed by Julian Haight. Because SpamCop was purchased
last year by IronPort Systems, I thought it would be interesting to see whether
any of the controversies that swirled around Haight in the past have been worked
out.
More info
|
|
