Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Practice "safe surfing" with public Wi-Fi signals

Windows Secrets Newsletter • Issue 111 • 2007-06-14 • Circulation: over 400,000

Table of contents 
  • Top Story: Practice ‘safe surfing’ with public Wi-Fi signals
  • Known Issues: Connecticut teacher gets a second chance
  • Wacky Web Week: E-cards for any odd occasion
  • PC Tune-Up: VMware is a superior alternative to Virtual PC
  • Windows Secrets: IE patched again, but is still insecure
  • Patch Watch: MS slyly installs WGA via updates, again
 
Top Story

Practice ‘safe surfing’ with public Wi-Fi signals

Scott dunn By Scott Dunn

You see them everywhere your Wi-Fi laptop goes: unprotected wireless signals offering "Free Internet Access" or "Free Public Wi-Fi."

But connect to them and you’ll be disappointed. In a few cases, you may even have your computer hacked. Here’s the scoop on how to protect yourself.

What are these mystery wireless networks?

Many laptop users have seen unsecured access points like "Free Internet Service" show up in their list of available wireless networks. They appear to be especially common at airports. Attempts to connect to these networks usually don’t result in any Internet access. What is the source of these cyber chimeras?

The answer is that the majority of these access points are not Internet-accessible networks, but merely peer-to-peer or "ad-hoc" networks connecting one computer to another. Their ubiquity stems from the fact that when a Windows wireless computer connects to a network, it remembers the name or Service Set Identifier (SSID) of that network. The next time you use your laptop, your computer will broadcast that same SSID to other computers, and the users may confuse your signal for a legitimate Internet access point. In this way, names like "Linksys" or "Free Public Wi-Fi" are pollinated from user to user.

In most cases, attempts to connect to these networks only result in the user getting frustrated at the lack of an Internet connection and disconnecting. But, according to an advisory paper from Nomad Mobile Research Centre, the feature can be used by attackers to learn a victim’s IP address and directly access the computer. The risk is especially high if you have file sharing turned on. In addition, if an attacker uses this method to plant malware on your laptop, you could place your company’s network at risk the next time you connect to the network at your job.

Another hacker ploy is to set up an "evil twin" signal that broadcasts a site resembling a respectable hotspot such as an airport Wi-Fi service. You may enter credit-card information — thinking you’re only buying a few hours of Internet access — but you are actually turning over your account numbers to a cyber criminal.

How to protect your wireless laptop

So, how can those of us with wireless laptops and networks protect ourselves from the kind of mistakes the security pros were making? Fortunately, you can take several steps to avoid undesired peer-to-peer access and limit your risks when connecting to a wireless hotspot in a public place.

Before going any further, however, make sure your own Wi-Fi system is using the latest encryption standard, WPA2 (Wi-Fi Protected Access 2). For details on these and other basics of Wi-Fi security, see Brian Livingston’s Top Story in the May 26, 2005, issue.

1. Turn off Wi-Fi when not in use

The first and most basic way to limit your risk is to turn off your system’s Wi-Fi feature when you’re not using it. Many laptop computers have a physical switch to toggle the wireless capabilities.

If you don’t have a physical switch, you can turn off Wi-Fi in XP by right-clicking the wireless icon in the taskbar "tray" (the area near the clock) and choosing Disable. To turn it back on, go to Control Panel and open the Network Connections window. Right-click the Wireless Network Connection icon and choose Enable.

In Vista, go to Control Panel and launch the Network and Sharing Center. Click Manage network connections on the left. Then, right-click the Wireless Network Connection icon and choose Disable. Click Continue if prompted by User Account Control. To reverse this setting, return to this window, right-click the same icon, and choose Enable. As before, click Continue if prompted by User Account Control. Then use the Network and Sharing Center to connect to a network.

2. Install and enable a firewall

Make sure you have a firewall enabled on your laptop. If you don’t have a third-party firewall, you can turn on Windows built-in firewall by opening Control Panel and launching Windows Firewall. If you have XP Service Pack 2 or Vista, the firewall should be enabled by default.

3. Know the difference

The best way to avoid potential attacks via peer-to-peer connections is simply to refuse to connect to an unknown ad-hoc network. Fortunately for XP users, the Wireless Network Connection window clearly distinguishes between the two types of networks. Each ad-hoc network is labeled as a "computer-to-computer network." Infrastructure networks are labeled as "wireless networks."

In addition, XP uses distinctive icons to differentiate between the two types of networks: Ad-hoc network icons show two computers, while infrastructure network icons show an antenna (see Figure 1).

XP network icon Figure 1: XP shows peer-to-peer networks as two computers, but access points as an antenna.

Vista, however, is a lot less clear on this point. The display of available networks doesn’t offer any description to distinguish between ad-hoc and infrastructure networks. The user is forced to rely solely on inscrutable icons. Ad-hoc networks are depicted with three computers connected by green lines, while infrastructure networks are shown as two computers sitting on a network cable (see Figure 2).

Vista network icon Figure 2: In Vista, peer-to-peer network icons show three computers, while access point network icons show only two.

4. Clean up your network list

In XP, use Windows Control Panel to open the Network Connections window. Right-click Wireless Network Connection and choose Properties. Click the Wireless Networks tab, which displays (among other things) a list of preferred networks (those you have connected to in the past). While you’re there, select any suspicious-looking networks (like "Free Public Wi-Fi") and click Remove.

In Vista, use Control Panel to open the Network and Sharing Center. Click Manage Wireless Networks in the task pane on the left. Right-click any suspect networks and choose Remove Network.

In addition, you should set all of your preferred networks to manual so your system doesn’t automatically connect to a rogue network with a matching name. To do that, follow these steps:

Step 1. Select any network in the list with "(Automatic)" after its name (XP) or displaying Automatic mode (Vista).

Step 2. Click Properties.

Step 3. Click the Connection tab.

Step 4. Uncheck Connect when this network is in range.

Step 5. Click OK.

Step 6. Repeat for each automatic connection in the list.

5. Turn off ad-hoc networking in XP

While you’re in the Wireless Network Connection dialog box (XP only), you may want to take the advice of the Nomad advisory paper, which recommends that users turn off ad-hoc networking:

Step 1. In the Wireless Network Connection Properties dialog box, with the Wireless Networks tab selected, click the Advanced button near the bottom of the dialog.

Step 2. In the Advanced dialog box, select Access points (infrastructure) networks only. Also, make sure there is no checkmark next to Automatically connect to non-preferred networks.

Step 3. Click Close.

Unfortunately, changing this setting does not stop ad-hoc networks from appearing in the list of available wireless networks in the Wireless Network Connection window. Nor does it prevent you from connecting to them manually. It does, however, filter out ad-hoc networks from appearing in the list of preferred networks.

This setting is not in Vista, which always requires manual connections to ad-hoc networks.

6. Turn off file sharing

If you’re going to be connected to a public network, such as an airport hotspot, you can reduce the risk of mischief by turning off file sharing:

Step 1. In XP, launch Windows Explorer and right-click the folder or drive that’s shared.

Step 2. Choose Sharing and Security, and turn off sharing for that folder.

Step 3. Click OK.

Things are much easier in Vista. When you connect to a Wi-Fi network for the first time, you are prompted to designate the network as private or public. Selecting Public automatically turns off file sharing. If you have already connected to the network, you can change this setting by going to Control Panel and launching Network and Sharing Center. Click Customize on the right. Select Public, click Apply, and follow the remaining prompts on screen.

7. Turn off network discovery in Vista

Another risk-reducer with public Internet connections is to make your computer invisible on the network you joined. If you designated the connection in Vista as Public, as described above, that’s already done for you. If not, you can change that setting independently in the same Network and Sharing Center window. Under Sharing and Discovery, click the On button or the down arrow to the right to display more options. Select Turn off network discovery and click Apply.

8. Use a Virtual Private Network (VPN)

Perhaps the best way to protect your wireless communications when using a public network or hotspot is through virtual private networking. For tips on doing so, see the discussion of VPNs in our May 26, 2005, issue.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.
 
Known Issues

Connecticut teacher gets a second chance


By Scott Dunn

You all know the story of how adult pop-ups almost sent a substitute teacher to jail for 40 years.

In a follow-up to his original Feb. 22 story, our contributing editor Ryan Russell reports on a possible reprieve.

New trial ordered for Julie Amero

Russell gives us this update on Connecticut teaching assistant Julie Amero, who was convicted in January of four counts of "risk of injury to a minor" because adult material kept popping up on a computer in her classroom:
  • "I am extremely pleased to be able to bring you good news. After several sentencing delays, on June 6 Judge Strackbein granted Julie a new trial. As quoted by Greg Smith in his article for the Norwich Bulletin, the judge said, ‘The jury may have relied, at least in part, on that false information,’ referring to the evidence presented by the prosecution’s expert. In short, as I had said in my original article, the prosecution had bad evidence. Smith’s article has a PDF of the motion, if you would like to read the whole thing.

    "She’s not out of the woods yet. A new trial could go the wrong way as well. However, Rick Green, writing for the Hartford Courant, speculates that she may not be tried again. He writes, ‘Today, [prosecutor] Smith said state would take no position on [defense attorney] Dow’s motion for a new trial, making it unlikely she will be tried again.’ I hope that will be the outcome.

    "I have had some limited contact with Julie’s family, and when I asked specifically, I was told that they are still accepting donations for her defense fund. You can find the link to donate on the Julie Amero blog.
Windows Secrets will continue to report on this story as it develops.

Many users never have a chance to see a EULA

Regarding my June 7 story on EULAs (end-user license agreements) and interview with expert Ed Foster, reader Chip Burkitt indicates that many software users never even get to read the EULA:
  • "My experience is that most people installing software pay no attention to the EULA. It is merely an extra click on the way to installing the software. I don’t know much about legal challenges to the enforceability of EULAs, but I know that often the end user never even sees it.

    "For example, I work for a software and services company as a field services technician. One part of my job is to install our software on our clients’ systems. Do you think I pause the installation when I get to the EULA and invite the user to read through and agree to it before continuing? Of course not. I just do what most users do. I click ‘Agree’ and continue with the installation.

    "So precisely who has agreed to the EULA in this case? I represent the company whose software is being installed. So, the company agrees to its own EULA, and the client never sees it. I doubt very much that any provisions of a EULA agreed to under such circumstances would be legally enforceable."
It does seem odd that the user should be saddled with one-sided requirements simply because they, or someone they hire, clicks an "I Agree" radio button. Unfortunately, as Ed Foster has pointed out in his column, at least some courts these days are doing just that.

Reader Jay Garden points out another common problem with EULAs:
  • "One aspect of some EULAs that I particularly hate is when you cannot print, copy, or otherwise access them later on (but of course the vendor can). You rarely get a chance to see the EULA until you have paid for the product and have it half-installed.

    "Maybe they should have to put the EULA on the outside of the box (or in clear sight on the e-shop Web page) in 100 words or less (and reasonable font size) for it to be legal? That way we could make an informed choice before we select and buy."
Jay isn’t the only reader to suggest the EULA appear outside the packaging. Reader Marat Bandemer makes the same suggestion, adding, "Who wants to pay $50 to $500 (or more) for software only to find that they disagree with the EULA, but now the box has been opened and they can’t return the software?"

Reader A.B. Di Cyan has a similar complaint:
  • "Can we see a list of known good and known bad EULAs for programs people may be likely to download? I use the EULAlyzer too and I agree it is not enough, but the alternative is to spend all one’s time reading legalese.

    "For example, browsers: There are differences among the EULAs of IE, Netscape, Opera, and Firefox. I’m suspicious enough of Netscape’s not to download their browser. Are my suspicions justified? How about QuickTime or products from Adobe or Real Networks? What media players, weather programs, toolbars carry snakes in the grass? Experts know the answers, and we need to hear from them."
For now, your best bet for checking out EULAs before purchase remains a Web browser and a search engine. For example, many major software companies have EULAs available on their Web sites, including Netscape, Adobe, and others.

For another reader (who asked to remain anonymous), the article on EULAs brought to mind a legendary EULA from many years back. The following is an alleged excerpt from the HavenTree Software Company’s EasyFlow program, as found in a Word document on the Candadian Department of Justice Web site:
  • "If EasyFlow doesn’t work: tough. If you lose millions because EasyFlow messes up, it’s you that’s out the millions, not us. If you don’t like this disclaimer: tough. We reserve the right to do the absolute minimum provided by the law, up to and including nothing. This is basically the same disclaimer that comes with all software packages, but ours is written in plain English and theirs is in legalese. We didn’t want to include any disclaimer at all, but our lawyers insisted."
This bit of candor is so memorable that someone enshrined the story in a Wikipedia entry.

ZoneAlarm’s ‘Vista Ready’ label is criticized

The newsletter’s WSN Security Baseline recognizes the ZoneAlarm Internet Security Suite as the security package currently holding the greatest number of editor’s choice awards, as described in our May 4 issue. More than one reader, however, was dismayed at the product’s misleading label. Here’s reader Jack Freeman’s experience:
  • "I purchased ZA Internet Security Suite (retail) because it clearly stated ‘Vista Ready’ on the packaging. Yet when I tried to install it, I got an error message that the product is not supported by the OS. When I tried to take it back, the retail store refused to refund the price but did state that the phrase on the package meant it would install on Vista OS.

    "I then tried ZA support. All I got there was a referral to customer service, who stated they would ‘consider’ a refund only if I returned all packaging with the product and sales receipt. If I do that, then I have no proof of the false advertising on the package. I had to go with another antivirus suite or use no antivirus at all, which left me no choice but to buy another suite."
Sorry to hear of your bad experience, Jack. If you are considering legal action, you may want to hang onto the box, receipts, and any other documentation you have. Otherwise, keeping a photocopy of these materials should be a sufficient backup when pursuing a refund.

Another reader, Lance Druger, had a similar experience. In his case, however, the ZA rep offered to extend his subscription free of charge for five months in deference to the delay in updating the product for Windows Vista.

When is a repair an upgrade?

In our last issue, we reported that users of OEM software don’t need to obtain a new license if they replace a defective computer component, but must do so if they upgrade their systems with newer parts. Reader Leisha Wharfield finds this disturbing:
  • "Who would actually acquire a new Windows license just for a simple upgrade like more memory? We would go broke if we did that. I’m shocked by this requirement, even for system builders."
As it turns out, this is one of those areas in which Microsoft has given contradictory advice. Microsoft’s PDF document on the subject, called the Channel Discussion Guide, clearly includes "adding to the memory" as a change that requires a new license (see page 2). Yet a number of postings from the Microsoft OEM System Builder Licensing Team (compiled on the Michael Stevens Tech Web site) indicate that the only upgrade that requires a new software license is the replacement of the motherboard. Even a new hard drive does not require a new license, as long as the software is removed from the old hard drive before being installed on the new one, according to this source. So the answer apparently depends on which source you believe.

A stickier question comes from reader Mike, who points out that if a component fails after a few years, it may not be possible to get an identical replacement. And, the new replacement may be faster and possibly considered an upgrade or a "refurbishing." In that case, are you obligated to buy a new copy of your OEM software? Or can you consider it covered by the defect policy?

One could always attempt to contact the Microsoft legal department in these cases. But, I suspect most users just follow their own judgment on whether to keep or reinstall their OEM product.

 
Wacky Web Week

E-cards for any odd occasion

image Everybody needs a way to mark those special occasions — birthdays, weddings, graduations, nervous breakdowns… And, of course, there are plenty of e-card Web sites to help you send just the right message, usually for a fee.

But sometimes you yearn for something a little edgier that you just can’t find in the standard Hallmark offerings. Check out the free e-card site, SomeEcards.com. You’ll find just the right (or wrong) message to convey whatever bizarre, offbeat, or kinky mood you’re in. Please be aware that some cards at this site use adult language. More info
 
PC Tune-Up

VMware is a superior alternative to Virtual PC

Mark edwards By Mark Joseph Edwards

Virtual machine (VM) technology lets you run more than one OS on the same system at the same time.

Eventually, VM technology will become commonplace on desktops. You can get ahead of the pack by learning to use it right now.

VMware Player goes where Virtual PC doesn’t

In the May 24 edition of this newsletter, I wrote about safer Web surfing using virtual machines. I explained how you can use Microsoft Virtual PC to run a second copy of Windows XP — as a virtual machine (VM) — on top of your current operating system. This lets you use the VM as an isolated environment, in which whatever happens won’t affect the underlying primary copy of Windows.

Now, a far superior alternative is VMware Inc.’s VMware Player, which is similar to Microsoft Virtual PC but more mature, more flexible, and more robust. VMware Player 2.0, released this month, now supports Windows Vista, USB 2.0, and shared folders. It even has experimental support for virtual Symmetric Multiprocessing (SMP).

One of the biggest benefits of VMware Player is that while it’s running on Windows, you can run a variety of other operating systems, including Windows, Linux, Solaris, and Netware. That feature alone opens up an entire universe of software that you wouldn’t otherwise be able to use. Plus, VMware Player can run Microsoft virtual machines (made with Virtual PC) as well as Symantec LiveState Recovery disks.

The selection of available VMs (sometimes called VM appliances) that you can download and plug into VMware Player is vast, and many of them are incredibly useful to have around, just in case. For example, you can download Janus VM, which is an Internet privacy appliance that “encrypts your Internet traffic, hides your IP address, [has] easy setup, and by-passes most types of censorship.” There are other browser appliances available, too.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Windows Secrets

IE patched again, but is still insecure

Chris mosby By Chris Mosby

This Patch Tuesday, Microsoft has once again fixed several flaws in IE — but, as usual, there are other holes still unpatched.

As discovered earlier this month, IE is wide open to a pretty severe cross-domain flaw that can allow a hacker to do just about anything to your computer.

IE is vulnerable to cross-domain attacks

Versions 6 and 7 of Internet Explorer have a flaw in their “cross-domain” security models. This can allow, among other things, one Web site to access information from another Web site when you transition from one page to another.

This poses a large threat to corporations that allow their users to freely surf the Internet. A user might visit a hacked Web site that could carry out various attacks, including setting or reading browser cookies, reading or modifying form submissions, and executing hacker programs, which would have administrative rights. This flaw has been confirmed on fully patched versions of IE in multiple versions of Windows.

Strangely, the FrSIRT (French Security Incident Response Team) listing of this flaw states that the vulnerability has been fixed by Microsoft’s June 12 MS07-033 patch for IE. However, Microsoft’s bulletin doesn’t claim this flaw as part of the fix list for that patch. (The MS bulletin doesn’t include the problem’s CVE number, a tracking system for threats that is hosted and defined by the MITRE Corp.

No other security sources make the same claim as FrSIRT, at the time of this writing. Testing I’ve done on a fully patched XP system with the demo page that’s provided by Michal Zalewski, the person who discovered this flaw, doesn’t support FrSIRT’s claim either.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Patch Watch

MS slyly installs WGA via updates, again

Susan bradley By Susan Bradley

Microsoft was roundly criticized last year for downloading its Windows Genuine Advantage (WGA) program, which tests for valid licenses, as though the software was a “critical security upgrade.”

I’ve just found that MS has started doing this again — this time, even if you’re simply checking manually for new patches.

Manually patch and you get WGA update

I always use a test machine to manually visit Microsoft Update to confirm new patches and test them. This time, I was prompted to install a Windows Genuine Advantage update in order to manually check for patches. Yet, as this newsgroup posting describes, the download isn’t labeled as a WGA update, but rather is described as an improvement on Microsoft Update itself. Ultimately, what installs is KB892130, an update to WGA.

That’s a bit like a classic bait-and-switch, in my book. I’m starting to feel the same way as many Windows Secrets readers who want Microsoft to straighten up and stop using its security-update mechanism to install marketing promotions. At the very least, Microsoft should be honest about what it’s doing and indicate that what’s being installed is a WGA update.

I was thinking about WGA during a power outage at my home while I was writing this week’s article. I had to set up a crude workstation in my backyard, using my battery-powered laptop and a slower-than-DSL cell-phone connection, in order to write. It occurred to me then that I’d rather be bitten by mosquitoes and attacked by June bugs than be continually insulted by WGA’s nagging about my “genuine” status. If you are as annoyed as I am, let me know by using Windows Secrets’ contact page.

MS07-033 (933566)
IE cumulative update may have fewer problems

As Chris Mosby explains in his Over the Horizon column (above), Internet Explorer needs to be patched again this month. The good news is that it’s a much easier patch to deploy than last month’s.

Similar to MS07-027 (931768), last month’s IE cumulative update — which I wrote about on May 10 — MS07-033 (933566) this month includes some nonsecurity fixes. However, unlike last month, these apparently don’t need any special tweaks to be installed.

Last month, you had to follow the instructions linked to in KB article 931768 to install the nonsecurity hotfixes. These instructions directed you to run the security patch manually and type in character-mode switches like /b:SP2QFE.

This month, it appears that all 11 nonsecurity fixes install without additional work on your part. That’s good news.

I’m still tracking an issue in Microsoft Outlook 2003 that may be caused by last month’s MS07-027. With that IE rollup installed, if antispyware programs place too many Web sites into IE’s Restricted Sites zone, it reportedly greatly slows down the composing of HTML e-mail messages in Outlook. This behavior, with some suggested workarounds, has been described in the A Man Alone blog.

The problem hasn’t been officially documented by Microsoft yet, and this week’s MS07-033 doesn’t fix it. So, since the fixes in this week’s update don’t appear to be critical, I’m going to hold back on recommending that you widely deploy the patch immediately.

On the bright side, I haven’t seen anything in the testing of the IE cumulative update to lead me to believe that we’ll see any of the issues we saw last month with IE 7′s Phishing Filter permission problems. Still, you might want to install this update on only a single machine, waiting before installing it on all machines for now.

MS07-033 is quite large on Vista machines and x64-based systems, so be prepared for a longer than normal download, if and when you do install it. The patch impacts Windows 2000, XP, Server 2003, and Vista.

MS07-034 (929123)
Outlook Express patch causes .mht warnings

It’s not unusual to have to patch Outlook Express for issues. What is interesting in this month’s Outlook Express/Windows Mail patch is the type of known issues that have to be dealt with in MS07-034 (929123).

If you install this patch and then use IE to browse to a Web page, you may get warned by a dialog box if the site contains files with .mht filename extensions. (This extension indicates MIME Hypertext, a standard method of storing all of a Web page’s text and images into a single file.) Microsoft informs Web developers in Knowledge Base article 937912 that they need to add a line to their server configurations to make sure .mht files are recognized.

I, like many Windows users, don’t have much control over the content of the Web pages that I surf to, other than my own blog. Until this issue gets some much-needed clarification, I advise you to only install MS07-034 on one test computer for now.

This patch impacts Windows 2000, XP, Server 2003, and Vista.

MS07-031 (935840)
SSL connections can be used for attacks

When you browse to a Web site that requires extra security, you’ll see a padlock show up in the browser’s status bar, indicating that you’re visiting a site that uses encryption. MS07-031 (935840) corrects a serious flaw in Windows 2000, XP, and Server 2003 that allows this same SSL (Secure Sockets Layer) technology to be used to attack your system.

The worst situation exists in Windows XP, which can allow a hacked Web site to use SSL to run code on a victim’s system. On Windows 2003 and Server 2003, Microsoft says affected systems would merely be unable to connect to additional secure Web pages or would simply reboot.

Until you have MS07-031 installed, if you surf to a Web page and you get a warning about the security of the digital certificate of a Web site, don’t proceed to that Web site. The only exception would be if, as in my case, it’s the certificate of a Small Business Server that you yourself set up.

The interesting thing about one proof of concept, which I’ve already seen published on the Web, is that the flaw impacts XP SP2 systems more than XP SP1. At this time, I’ve only seen proof of concepts for attacks that cause denial of service or disruption to a system — none that allow someone to take control of a system. But the Microsoft guidance indicates that this, too, could be possible.

I’d say play it safe and apply this patch immediately.

MS07-035 (935839)
Windows API routines cause security issues

Unless you’re a Windows developer, the next security patch is a bit puzzling. Windows APIs (Application Programming Interfaces) are, in layman’s terms, routines that developers use to interact with the OS.

MS says in its bulletin for MS07-035 (935839) that the Win32 API, found in all recent versions of Windows, can be used by Web pages, HTML e-mails, and application programs to silently run infected code. That’s a bad thing, so this is a patch you should put a priority on.

MS07-030 (927051)
Visio diagrams can threaten your networks

Typically, Microsoft’s Visio program is used by network administrators to diagram and document their networks. Now a vulnerability in Visio means that it can be used to attack those same networks.

MS07-030 (927051) patches an issue in which an infected Visio document, when opened by a user, can be used to attack a computer. The patch impacts Visio 2002 and 2003. If you don’t have Visio installed, you won’t even see this patch offered to you.

MS07-032 (931213)
Vista permissions need patching

The last security patch I’d like to discuss with you this month fixes permissions in Vista.

The vulnerability, which is dealt with by MS07-032 (931213), most often shows up when more than one person has access to a computer system. Once logged in, each person has access to parts of the Registry that shouldn’t be accessed by other people.

This permission problem is even greater on systems that were upgraded to Vista from Windows XP. This is another illustration of why I generally recommend that you do a clean install to a new operating system rather than upgrading over an older version.

Server 2003 SP2 is now on auto-updates

On Patch Tuesday in March, server administrators like myself were shocked to find the massive Service Pack 2 (SP2) for Windows Server 2003 on our list of downloads for that day.

This month’s Patch Tuesday, June 12, is the day when that service pack was set to be automatically download, for those who have Automatic Updates turned on. If you’re a savvy network administrator, however, downloading SP2 via auto-update is the last thing you should do. You always want to manually download service packs, so you can monitor them for issues.

I’ve been tracking several problems with SP2 that affect ISA (Internet Security and Acceleration Server) and SBS (Small Business Server) 2003, as well as some affecting the base server platform itself. The official SBS blog recaps the bulk of the issues for you. But none of these problems are yet listed in Microsoft’s release notes for SP2. I advise caution.

Svchost fixes should now be on your systems

By now, you may have installed KB 927891 and the latest Windows Update Agent client, version 3.0, to fix the so-called Svchost issue. As those who’ve been reading my columns know — most recently my May 24 article — the svchost.exe service, which is used by Microsoft Update, can suddenly consume 100% of CPU resources, slowing a PC to a crawl.

Installing 927891 and the new agent improves this situation somewhat. Svchost.exe may still grab 100% of your CPU, but it will yield to other applications that ask for processing time, making the computer more responsive than it would be without the upgrades. Windows Secrets associate editor Scott Dunn is planning a more in-depth analysis of this issue for next week’s newsletter.

You can check to see if you have the new agent by clicking Start, Run, and entering windowsupdate.log. (In Vista, search for that file name.) The new agent is variously known by Microsoft as Build .0374 or wuaueng.dll 7.0.6000.374. Scroll to the bottom of the log file and look for traces of the new version 7 .dll in the log file.

If you see them, you already have the new WU client. If, instead, you are still seeing version 5.8 listed, I’d recommend that you manually install the WU client update. It’s linked to from an official WSUS (Windows Software Update Services) blog posting.

One windowsupdate.log file in a system in my office shows the workstation checking to see if it needs the new update. The presence of “7.0.6000.374″ indicates that the agent has been updated to version 7.0:

2007-06-12 17:18:09:259 1140 f64 Setup
Setup: Checking whether self-update is required
2007-06-12 17:18:09:259 1140 f64 Setup * Inf file:
C: WINDOWS  SoftwareDistribution  SelfUpdate  Default  wsus3setup.inf
2007-06-12 17:18:09:415 1140 f64
Setup Update NOT required for C: WINDOWS  system32  cdm.dll:
target version = 7.0.6000.374, required version = 7.0.6000.374

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.
YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb