|
|
|
|
Windows Secrets Newsletter • Issue 129 • 2007-11-01 • Circulation: over 275,000
|
|
Contents TOP STORY: Free software finds your security flaws KNOWN ISSUES: Microsoft is "revisiting" warnings in OneCare WACKY WEB WEEK: Playing with your food? Paint with it instead! LANGALIST PLUS: Part six: schedule tasks without constant logons PC TUNE-UP: Lock down USB ports on your computers PATCH WATCH: Microsoft server installs unwanted Desktop Search YOUR SUBSCRIPTION: How to change your address or unsubscribe |
|
For links to every topic in this issue, scroll down to the
Index |
|
ADS
|
|
TOP STORY Free software finds your security flaws
Get an analyst's findings without the analyst These days, no one who cares about their system and data can afford to be without a security plan. But most small business and home users are not in a position to hire a security expert to analyze their setup and tell them what to fix. Fortunately, you can find a number of free tools online that will analyze your system and produce a detailed report of your security strengths and weaknesses. The best ones will even point you to a solution. I tested each of the following products: • Microsoft Baseline Security Analyzer • Belarc Advisor • Securable • AOL Active Security Monitor • xp-AntiSpy Bonus tip: None of the tools listed above check the patch status of all your software (Flash, Acrobat, Java, and so on). This means you should also use the Online Software Inspector at Secunia.com to learn which applications on your system need patching. I described the benefits of this free service in articles on Aug. 16 and Sept. 6. MBSA bests Belarc for useful info Based on my testing of the five free security-analysis tools, I recommend the Microsoft Baseline Security Analyzer as by far the best product I worked with. It covers a variety of areas important to security and provides solutions wherever a weakness is found. It's simple enough for intermediate computer users, but sophisticated enough for professionals. Belarc Advisor won second place in my tests. This program is most useful for highly knowledgeable IT professionals who want a summary of the minutiae of their hardware and software settings. Microsoft Security Baseline Analyzer is tops The free MBSA program can be downloaded from Microsoft.com or sites like File Hippo. In either case, the installation of MBSA (unfortunately, for some) requires validation via Windows Genuine Advantage.  Figure 1. Microsoft Security Baseline Analyzer comes out No. 1 in tests. Once installed, MBSA can analyze a single computer or multiple computers on your network. It saves each scan as a report that you can print or copy to the Clipboard. Brightly colored icons make it easy to spot safe (green), questionable (yellow) or problem (red) areas, along with additional info (blue). Each entry in the report links to HTML help text, explaining what was scanned and (in many cases) giving details on the results. If a problem is found, a "How to correct this" link is also available. The help files, in turn, often link to additional files online, such as Microsoft Knowledge Base articles. It's this at-a-glance approach to presenting information, combined with easy-to-access resources, that makes MBSA a winner. Belarc Advisor provides detail without advice Belarc Advisor is another tool chock full of information on your system — perhaps too much. On the up side, Belarc checks whether you have the latest Windows patches and virus protection and provides a highly detailed picture of your computer hardware. It also lists all your software programs and their versions, but it fails to tell you which apps need updating. If you have Windows 2000, XP Pro, or 2003, Belarc Advisor also rates your computer using the Center for Internet Security benchmark (providing a score from 1 to 10). This is based on an exhaustive list that covers many of the same areas as MBSA, but in mind-numbing detail. Included is a lengthy list of Registry settings relating to permission levels. These are best configured using Windows' own control panels and administrative tools, rather than dabbling in the Registry directly. Consequently, the detail level is not very helpful to the vast majority of users. Like MBSA, Belarc Advisor's detailed reports are linked to a help file of explanations. But, unlike MBSA, the program's explanations are often inadequate and have no further links to online resources. Although Belarc's level of detail might be useful for IT pros, the free version is intended only for noncommercial use. You can find its licensed, commercial version at the Belarc site. Other analyzers don't match the competition The other programs I tested didn't match the results obtained from MBSA or Belarc Advisor. SecurAble is a free tool from Gibson Research that doesn't try to do very much and succeeds at that very well. Its only purpose is to check for three security features common to computer processors and tell you the status of those features on your machine. Explanatory info is provided at the SecurAble Web site. Unfortunately, the program doesn't look at any other security aspects of your computer. Active Security Monitor (ASM) from AOL has the most attractive interface of all the products I considered. Unfortunately, its recommendations are somewhat suspect. ASM gives you a security score from 1 to 100 based on your firewall; virus and spyware protection; whether Windows and IE are fully patched; and more. Unlike many such scanners, it also looks at wireless security (if your system has a Wi-Fi connection) as well as file-sharing software. The product looks for utilities, such as backup software, but it failed to detect Windows own built-in backup application. Instead, it suggested I try AOL's backup service, suggesting that the entire utility is nothing more than a sales gimmick. Fortunately, the link to "other file backup solutions" did send me to non-AOL products, but did little more than open a search page for backup utilities at CNET's Download.com site. Like SecurAble, xp-AntiSpy doesn't pretend to analyze your whole system, only those settings specific to Windows XP that may affect your security. The program presents a list of checkboxes showing the state of these settings (for example, whether Automatic Updates is on or off) and lets you change the setting immediately without opening any other control panel or Windows tool. As you hover over each setting in the list, text in the bottom pane provides you with brief but usually helpful information. Especially useful are the modes available via the Preview menu. For example, you can choose the System Defaults profile to color-code the controls by their default setting (green for on, red for off). Or you can choose the Suggested profile to see color codes for the product's own recommended settings for maximum security. The nice thing about free software is that you don't have to choose just one product. As long as you're using tools that mainly diagnose and don't change settings on their own (which describes all the applications here), you're not out of pocket if you want to run several different system analyses. But if you're short on time and serious about security, Microsoft Baseline Security Analyzer is the best tool, providing serious scanning and smart solutions. Have a tip about Windows? Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page. Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the magazine's Here's How section. |
|
ADS
|
|
KNOWN ISSUES Microsoft is 'revisiting' warnings in OneCare 
By
Brian Livingston
Associate editor Scott Dunn reported on Oct. 25 that Microsoft's OneCare security suite turns on "auto-install" without notifying users, causing some machines to unexpectedly install patches and reboot at 3:00 a.m. Microsoft's OneCare team has officially confirmed the behavior, saying, "We are evaluating user feedback and will be revisiting how we communicate the installation details of Windows Live OneCare as we are continually working to improve that experience." The statement wasn't exactly an apology, since the team defended OneCare, stating: "we have gone to great lengths to disclose that OneCare may automatically effect changes to user settings in order to help best protect the user." This position was based on OneCare displaying the following at the bottom of its "Select your language" dialog box during installation:
Many businesses and individuals have good reasons for wanting to investigate all patches and be present when any installed patches are rebooting PCs. In my opinion, the wording mentioned by the OneCare team is a long way from advising people that the Automatic Updates settings they carefully configured were going to be wiped out and reset to fully automatic. Many other publications followed up on Scott's story. Jabulani Leffall, writing on the Web site of Microsoft Certified Professional Magazine, an independent publication, said, "Microsoft does a poor job of informing users of the action." Other follow-ups included those in Computerworld (on Oct. 25 and Oct. 29), VNUnet, and IT News. Xplorer² does have a free version Contributing editor Woody Leonhard wrote in his Oct. 25 column that Xplorer² is a free file manager "that puts Microsoft's offering to shame." That article, unfortunately, linked to the home page of the software's publisher, Zabkat.com, which prominently displays information on the U.S. $29.95 commercial version of Xplorer². A blurb on the free, "lite" version appears farther down, but it wasn't large enough for many of our readers to notice it. The article should have linked to Zabcat's page describing just the Xplorer² free version. That page clearly explains that the "lite" version is free for use by individuals and educational institutions. Only commercial users (corporate, government, etc.) are required to pay the $29.95 license fee. How can we best serve your information needs? In our Oct. 25 newsletter, we asked you the size of the organization you work for, if any. More than 9,000 subscribers answered our poll. It turns out that 64% of you work in companies with fewer than 100 employees, which is a common definition of "small business." At the same time, 22% of you work in companies with more than 1,000 employees, which tend to be large corporations. The remaining 14% of subscribers work in medium-sized companies. Voting is now closed in that poll, but you can see a breakdown of the responses on our results page. Admittedly, asking about your company size is only a first step to help us learn your interests. I wrote that we'd ask additional questions to fill in our understanding. Today, we'd like to know whether you're a manager or an administrator where you work — or perhaps you have some other title, or you aren't currently employed at all! In addition, we'd like to know whether you influence the purchase of a lot of computer equipment or only a little. Select from the options shown below.
Which best describes your job title?
Annually, what is the dollar value of computer/network-related hardware and software you will purchase, recommend or sell? Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books. |
|
EDITOR'S BOOKSHELF
|
|
WACKY WEB WEEK Playing with your food? Paint with it instead!
|
|
YOUR SUBSCRIPTION The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, plus the week of Thanksgiving and the last two weeks of August and December. Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editorial Director: Brian Livingston. Editor-at-Large: Fred Langa. Associate Editor: Scott Dunn. Contributing Editors: Susan Bradley, Mark Edwards, Woody Leonhard, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page. WE GUARANTEE YOUR PRIVACY: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
|
