|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
TOP STORY Free Windows Update alternative is released By Brian Livingston In my last issue, I reported that Microsoft's in-house Windows Update routine is now likely to download marketing gimmicks such as Windows Genuine Advantage to your PC. I advised all Windows users, other than novices, to turn off Automatic Updates. Because promptly patching Windows is vitally important to your security, however, I recommended a trusted, third-party replacement: Shavlik Technologies' HFNetChkPro, which supports a much wider variety of programs than does Windows Update. The only downside is that the HFNetChkPro software, while priced reasonably at $25 USD per PC, requires a license for a minimum of 5 PCs. After that newsletter appeared, Shavlik released a stunning improvement on this frustrating situation. The company's NetChk Protect — which offers antispyware scanning in addition to patch-management — is now completely free for 1 to 10 PCs for one year. I wish the firm had made this free offer available before my last newsletter was published. But the new offer removes the last obstacle some readers had to replacing Windows Update with superior, independent, patch-management software. NetChk Protect, when installed on a single PC, scans across a peer-to-peer network or a server domain to determine which machines need updates for Windows, Microsoft Office, Firefox, Adobe Reader, WinZip, RealPlayer, Macromedia Flash, and other programs. The application can then deploy (install) the updates you determine. There's no need to preinstall an "agent" program to those other machines or visit them one-by-one to run the installs. An antispyware disk and memory scan can also be conducted by NetChk Protect upon demand. This scan shouldn't interfere with other antispyware programs' scans, if they aren't carried out at the same time. NetChk Protect also offers real-time spyware protection, calling it Active Protection. This possibly could conflict with the real-time features of Webroot Spy Sweeper and similar antispyware utilities. But Active Protection isn't turned on unless you specifically configure the program that way. Just don't do so and NetChkProtect shouldn't bump heads with your main antispyware app. With all of NetChk Protect's free download goodness, there's one small fly in the ointment. The software was designed to be used by knowledgeable network administrators. It wasn't developed with a simple, 1-2-3 wizard-style interface that even novices can understand. After testing NetChk Protect, however, I believe its power-tools character can be mastered easily by any Windows user, no matter how nontechnical. All that's required is a short, introductory tutorial with pictures. That's what I'll give you in my story today. (story continues below) |
Windows Secrets NewsletterIssue 79 2006-07-13 Contents (Scroll down to Index) TOP STORY Free Windows Update alternative is released SECURITY BASELINE The Security Baseline as it stands HOT TIPS Readers write a book on WGA problems WOODY'S WINDOWS Live Safety Center: does it work? OVER THE HORIZON Internet Explorer back under the microscope PATCH WATCH Two patches you should jump on PERIMETER SCAN New-style rootkits are on the horizon USEFUL LINKS CSS support is poor in RSS feed readers WACKY WEB WEEK When available, your IM buddies salute you YOUR PREFERENCES About your subscription Newsletter Control Panel Windows Secrets home page How to subscribe Change your delivery address Change your preferences Access past free issues Access past paid issues Upgrade to paid version Search for info (WinFind) Submit a Windows tip Get subscription help How to unsubscribe Circulation: over 140,000 |
|
ADS
|
|
(story continues from above) Installing NetChk Protect from the Internet Shavlik Technologies released three free programs after Microsoft announced that it would discontinue its Microsoft Baseline Security Analyzer (MBSA) version 1.2.1 soon after releasing version 2.0. The 1.2.1 product had originally been developed by Shavlik for Microsoft. It supports the update of apps such as Office 2000, Exchange 5.0 and 5.5, SQL Server 7.0 and 2000, in addition to Windows 2000 and higher. Release 2.0, developed by Microsoft, supports only Office XP, Exchange 2000, SQL Server 2000 and later. Shavlik released its three free programs to give customers support for all the older software they still use. A huge side-benefit of this for individual Windows users is that a 10-PC version of NetChk Protect is one of the free downloads: • NetChk Analyzer for Microsoft is a graphical program that scans drives for Microsoft applications only (without deploying any patches). It's free for an unlimited time. • NetChk Analyzer is a command-line utility that scans drives for both Microsoft and non-Microsoft applications (without deploying any patches). It's free for one year for 1 to 25 PCs, then $4 per seat per year. • NetChk Protect (the subject of my article today) is a graphical program that scans drives for both Microsoft and non-Microsoft applications and deploys needed patches. It's free for one year for 1 to 25 PCs, then $25/PC for the second year and about $6/PC for later years, with a minimum license of 5 PCs. The first free year of NetChk Protect is all that home users of 1 or 2 PCs will ever need. The company will launch remote disk scanning and patch deployment on a special Web page in mid-October, Shavlik CTO Rick Greenwood told me in a telephone interview. This service, which will compete with Microsoft's own Windows Update site, will range in price from free to $39.95 per year. (Shavlik's executives haven't yet decided on the fee but say they want it to be affordable.) To get the free download of NetChk Protect and start using it to find and install security patches for you, visit Shavlik's download page and click the Download Now button. To get its free downloads, Shavlik asks that you enter e-mail, telephone, and postal contact information. You need to enter a valid e-mail address to receive the software license key Shavlik will send you, but I found that all the other fields can be filled with bogus info if you prefer not to provide your personal details.  Figure 1: The NetChk Protect setup routine shows with an X or a check mark whether your PC has four Microsoft support files that are needed. After you download NetChk Protect to a folder on your PC, run its setup program. The welcome screen (Figure 1) shows you whether four required MS support files are present. These include .NET Framework 1.1 or higher, MDAC, MSJET, and MSXML. If any are not found, the setup routine offers to download and install them for you. Important: If you use a personal firewall program such as ZoneAlarm (as you should), you must instruct it to allow all of the download and installation actions that NetChk Protect attempts. This includes installing the Microsoft support files, installing itself, and then installing your patches. If your firewall blocks NetChk Protect from connecting to the Internet or installing upgrades, you won't get any benefits. Scanning one PC, a workgroup, or a domain After NetChk Protect is successfully installed, including the download of Shavlik's latest patch signature files, use the Start menu to run the program. The opening screen (Figure 2) is filled with options, including IP ranges and named domains to scan. Ignore these options for now. To scan the PC that NetChk Protect is installed on, click the large Scan My Computer button. To scan PCs in a peer-to-peer workgroup or a network domain, click the Scan My Domain button. (The PCs you wish to scan for needed patches must be turned on, of course.) By default, NetChk Protect scans PCs only for needed patches. To also scan for possible spyware, you must turn on an advanced option. For your first time, just try a patch scan. This may take several minutes.  Figure 2: In NetChk Protect's complex opening screen, new users need to select only one of the two large buttons to start a patch scan. After the scan is complete, NetChk Protect displays a statistics window (Figure 3). Find the results of your scan The results of a patch scan of a single PC or an entire set of PCs are shown in a somewhat bewildering display of charts and graphs.  Figure 3: After scanning is completed, click the 'View Scan Results' link (indicated here with a red arrow) to get to a list of scanned PCs and relevant patches. For the moment, ignore everything else in the window and scroll down to a link entitled View Scan Results. Click this link to show a list of the PCs you scanned and any patches that were found to be installed or needed. Deploy patches to one or many PCs NetChk Protect displays the names of the PCs, peer-to-peer workgroups, or network domains you scanned. The right-most pane lists the patches the program found, patches that are missing, and other informational messages. Ignore these details for now (if you can control your curiosity) and simply deploy the needed patches.  Figure 4: Click the name of the computer, workgroup, or domain that was scanned to select it. (In this example, the computer name is FAITHFUL.) Right-click the selected name, click Deploy Patches To {name}, then click All Missing Patches. Right-clicking the name of the computer or group you scanned opens a context menu. Click Deploy Patches To {name}, then click All Missing Patches. In the dialog box that appears, click the Deploy button to install the needed patches for all products. (As before, the PCs you deploy patches to must be turned on.) This process can easily take an hour if you selected several PCs and there are many patches to download and install. Shavlik consults the same authoritative files that are used by Microsoft, Firefox, Adobe, and the other supported vendors to determine which patches are available and which are needed by individual PCs. The patches are securely obtained directly from the vendors' own sites. (Windows Genuine Advantage isn't classified as a security patch, an operating system service pack, or an application update. So it won't show up as a needed patch to be deployed by NetChk Protect, Shavlik's chief security architect Eric Schultze told me in a telephone interview.) NetChk Protect completes its deployment task with no big flourish. It runs and then it's simply done. If any patches require a PC to reboot, however, a dialog box will appear that notifies anyone who's watching that a restart will soon begin. A countdown timer shows the time remaining, which can be extended in 1-minute increments by clicking a button. The reboot, however, cannot be extended for more than about 15 minutes, so make sure no work will be lost before starting the deployment process. That's it. There are a jillion options and configuration settings you can tweak in NetChk Protect, but you'll need to read the online help to learn about those. The product is obviously designed for businesses ranging from small-scale to enterprise that wish to have fine-grained control over as much of the upgrade process as possible (for as many different products as is feasible). For more than 10 PCs, the commercial version of NetChk Protect can be purchased for $38 per machine for the first year for up to 100 PCs, with discounts for larger numbers. Declare your independence from Windows Update Discontinuing the use of Windows Update and Microsoft Update may be an uncomfortable decision. For those who are confident enough to take the step, products like NetChk Pro are stronger than Microsoft's own consumer offerings and support far more vendors' products. The decision of Microsoft to allow its critical security update infrastructure to be used to download Windows Genuine Advantage (and possibly other marketingware in the future) makes it necessary for security-minded individuals to adopt third-party products. Civilized countries don't allow doctors to sell prescription medicines, because physicians would be tempted to overbill patients for unneeded medications. Instead, patients receive a written prescription and go to a pharmacist to buy our pills, knowing that this step reduces any conflict of interest. In a similar way, it's too much to expect Microsoft to have the power to download software automatically to hundreds of millions of Windows users — and then never use that power to install revenue-enhancing applications for itself. I now advise all Windows users, except novices, to open the Automatic Updates control panel and select Notify me but don't automatically download or install updates. When Windows notifies you that updates are available, read the free and paid sections of the Windows Secrets Newsletter to learn of any patches that have problems and shouldn't be installed. Then run NetChk Protect or other patch-management software. We publish our issues only two days after Patch Tuesday and (except in August and December) two weeks later to help you stay informed. Upgrading to the paid version of the newsletter has no fixed cost. We accept a contribution of any amount that it's worth to you. We just want as many people as possible to have the information. How to upgrade I'm slightly revising the Security Baseline today. The revision changes the recommended update-management software from Shavlik's HFNetChkPro ($125 for 5 PCs) to the free NetChk Protect. If and when a free or low-cost (and trustworthy) Web site can perform the same service — or test labs give their top ratings to some other competing product — I'll revise the Security Baseline to include the newcomer instead. We've received more reader feedback on Windows Genuine Advantage and the shift to alternatives to Windows Update than any other topic in months. More than 300 meaningful comments poured in, and we want to thank everyone who gave us ideas and tips. This issue's paid section collects the best information that was sent in. The following readers will receive gift certificates for a book, CD, or DVD of their choice for sending us tips we printed: Michael Klein, Ken Schwartzreich, David Doucette, Donald Smith, Trevor Hardy, and Chris Farr. To send us more information about update management, or to send us a tip on any other subject, visit the Winodwssecrets.com contact page. You'll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print. Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books. |
|
THE SECURITY BASELINE The Security Baseline as it stands By Brian Livingston My main story, above, explains why the free, 1-year trial version of Shavlik Technologies' NetChk Protect is replacing the company's HFNetChkPro in this section today. The company's new, free offer is an unbelievable deal, with capabilities that outperform Microsoft's own, now-mistrusted Windows Update. Based on the latest published tests, the best four products to give your PC comprehensive protection against hackers are (1) a Linksys hardware firewall, (2) ZoneAlarm Security Suite 6 (or Panda Platinum Internet Security 2005, which recently received a high rating in PC World tests), (3) Webroot Spy Sweeper for antispyware protection, and (4) Shavlik NetChk Protect or another update-management tool of your choice. See details below.
|
|
HERE'S A TIP You're reading the free version of the Windows Secrets Newsletter Subscribers to the paid version receive additional information in each issue. Some of the extras this week are: 
Brian Livingston / Hot Tips. The best information available on making Windows
work the way you want it to:• Readers write a book on WGA problems • AutoPatcher: another Windows Update alternative • WGA sneaks around Outpost Pro firewall • Some PCs with WGA won't even boot 
Woody Leonhard / Woody's Windows. You get a pointed look at Microsoft's
operating system through our guru's flat screen:• Live Safety Center: does it work? • The Windows Live Safety Center shtick • Stopping the zero-day contender: Nanika.xls • I run the actual torture test 
Chris Mosby / Over the Horizon.
The steps you need to take NOW to protect yourself, because patches aren't yet available for some known threats:• Internet Explorer back under the microscope • New IE info-disclosure flaw discovered • Hacked links could hide infected programs • HTML Help is exploitable again 
Susan Bradley / Patch Watch. We tell you which official patches have problems and,
more importantly, how you can work around them:• Two patches you should jump on • Your Linksys could "hack" your computer • Alerter and Messenger in the spotlight again • Excel gets an awaited patch 
Ryan Russell / Perimeter Scan.
How you can use free or commercial software to automate patching and upgrading,
whether you're responsible for 5 PCs or 50,000:• New-style rootkits are on the horizon • The new "Blue Pill" rootkit technique • The rise of 100% undetectable malware • The ethics of rootkit research Paid subscribers can access all old and new paid newsletter content Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for you at least once every calendar quarter. To upgrade, simply make a contribution of any amount you choose If you do this by July 26, 2006, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of Windows Secrets, please visit WindowsSecrets.com/upgrade. Thanks in advance. |
|
ELECTRONIC BOOKSHELF — new e-books from the editors 
Spam-Proof Your E-Mail Address, 2nd Ed.This 32-page e-book by Brian Livingston gives you step-by-step instructions that can eliminate 97% of the spam that would otherwise clog your e-mail account. You could call it "Livingston's Spam Secrets." The PDF-format e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can actually reduce your volume of spam to practically nothing, not just battle an unstoppable and ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info |
|
USEFUL LINKS CSS support is poor in RSS feed readers RSS aggregators currently render HTML fairly well. But they have almost no support for cascading style sheets, known more familiarly as "styles." (By Brian Livingston, Datamation) More info Will IE 7.0 be capable of secure RSS? RSS may get a dramatic boost if Microsoft's Internet Explorer 7.0 supports feeds when it's released later this year. But the stimulus for the new technology will be hindered if IE is unable to handle what's known as "secure RSS." (By Brian Livingston, Datamation) More info |
|
WACKY WEB WEEK
|
|
ABOUT YOUR SUBSCRIPTION The Windows Secrets Newsletter is published twice a month on alternating Thursdays. Issues appear 2 days and 16 days after Microsoft Patch Tuesday (the 2nd Tuesday of each month). Only the first issue of the month is published in August and December to allow vacation breaks. A short "news update" is sometimes published between regular newletters. Publisher: WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston. Contributing Editors: Susan Bradley, Woody Leonhard, Chris Mosby, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Security Baseline, Briefing Session, Windows Patch Watch, Perimeter Scan, Update Management, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting our free signup page.
|
