Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Strengthen your security baseline

Windows Secrets Newsletter • Issue 45 • 2005-01-13 • Circulation: over 400,000

Table of contents 
  • Top Story: Strengthen your security baseline
  • Briefing Session: Are Microsoft’s new tools what you need?
  • Patch Watch: Unpatched security holes still plague users
  • Hot Tips: Infected PDFs force Adobe Readerupgrade
  • Wacky Web Week: Gates gives the demo from Hell at CES
 
Top Story

Strengthen your security baseline

It’s always darkest before the dawn.

That’s why I believe we have a hope of correcting the terrible mess that Windows users are facing from constant patching to combat viruses, spam, and identity theft.

I wrote in the Sept. 23 issue of the Windows Secrets Newsletter that an astonishly high 30% of American consumers had experienced online identity theft, according to Gartner Inc. This is just one of the many unacceptable, lawless assaults that we face, including ever-expanding waves of viruses, worms, spam, and phishing attacks.

I described in the June 3 issue five essential components of what I called the "security baseline." I now feel that a sixth component, upgrade-management software, must be added to my definition of the security baseline.

These are the minimum hardware devices and software applications, therefore, that are currently needed by any individual or company that connects a PC to the Internet:

  • Hardware firewall to make your systems invisible to "port scans" by hackers;
  • Software firewall to prevent worms from sneaking in or communicating out via your Internet connection;
  • Antivirus program to detect and eliminate infected files and e-mail attachments;
  • Antispam filter to prevent obviously bogus e-mail messages from reaching your Inbox and tempting you to click links to crooked Web sites; and
  • Anti-adware scanner to delete adware, spyware, and browser hijackers in your system and prevent them from getting control in the future.
  • Update-management software to handle today’s constant stream of patches and upgrades, whether the choice is Windows Update for individuals or a small-business or corporate package to handle 5 to 5,000 PCs.
    • Despite the undeniable value of all of the above, a majority of PC users don’t yet know what a firewall is, much less have one installed and properly configured.

    WindowsSecrets.com, therefore, plans to redesign its content and dedicate itself to two goals this year:

    1. Explain the security baseline to consumers and executives alike; and

    2. Pressure retailers and ISPs to fix the PCs they sold or linked to theNet.

    These are ambitious goals. But the current takeover of the Internet by thieves is extremely frightening and borders on making our cherished public resource too much of a hassle to use. We have to make computing safe again, and you can help.

    Building a sea change in safe computing

    As described at the top of this issue of the newsletter, we’re planning a series of free seminars in 2005 or 2006 in various countries and cities where we have a large number of readers. We’ll keep you informed in the coming months about our plans and the locales of these events.

    Until then, we’re reorganizing the newsleter to make it pithier, tighter, and (at the same time) more useful to you.

    It’s ironic that today’s wave of attacks is not just overwhelming Windows users with security assaults. It’s also overwhelming them with "security bulletins" they’re supposed to read and understand.

    It’s great for security consultants to spend 40 hours a week studying these bulletins. But consumers and business executives simply can’t. One respected firm, Secunia, issued more than 350 security advisories in December 2004 alone.

    There are scores of companies that generate an analysis of every threat and a summary of every Windows patch. The Windows Secrets Newsletter is taking a different approach.

    We’re committing ourselves to give you information you can read in 10 minutes, twice a month, that will tell you primarily about those threats that would penetrate your security baseline. You can read more about these threats if you like. But if not, at least you’ll know what steps to take to protect yourself against the newest and most novel attacks for which no patches yet exist.

    This approach makes the following assumption: You have your security baseline installed and constantly updated. (Be sure to see the June 3 newsletter for expert recommendations on products you need to install.)

    To that end, we plan to add a sidebar that will appear in every issue (starting Jan. 27), summarizing the security baseline. The sidebar will link to the latest recommendations of top experts on the best free and inexpensive products in each of the requiredcategories.

    New sections for our most dedicated readers

    In addition to the new sidebar, we’re adding four concise sections to the newsletter. Each will be written by experts who are dedicated to helping you understand the latest information at a glance.

    These four new features are:

    • Briefing Session. What you need to know about the latest Windows tools and utilities, both free and commercial. (This feature, written by our associate editor Paul Thurrott, starts in this issue.)
    • Windows Patch Watch. Everyone’s aware that Microsoft releases a lot of patches. But what you really need to know is the negative side-effects of the patches and how to work around them. (Susan Bradley leads off this feature for the first time in this issue.)
    • Over the Horizon. How you can guard against known threats that patches are not yet available for. (This feature starts Jan. 27.)
    • Upgrade Management. Whether you’re responsible for a small home network or a corporate server farm, you can benefit from software that automates the upgrade process for you. (Starts Feb. 10.)
    Turning today’s morass of warnings, alerts, and bulletins into a "need to know" section that you can skim in 10 minutes is going to cost us money. For this reason, the four new sections will appear in the longer, paid version of the newsletter. In this area, they can be supported by readers who’ve financially contributed to make this type of work possible.

    We have no set fee for the extra information. Any subscriber to the free version can get the longer, paid version by making a contribution of any amount. We want this service to be available to anyone, whatever monetary value they may feel it has. If this effort is worth something to you, see the Here’s a Tip section below or use this link to upgrade.

    As always, we’ll continue to put as much information as we can in the free version of the newsletter. We’ll continue to keep you up-to-date on whatever free sources of information we can find.

    We’re all in this together, and we PC users need to support each other in every way we can to overcome the perps that are now running riot over the Net.

    To send us more information about the security baseline, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You’ll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print.

 
Briefing Session

Are Microsoft’s new tools what you need?

Paul thurrott Microsoft released last week a public beta version of Windows AntiSpyware, a program based on the AntiSpyware application from Giant Company Software of New York, N.Y. Microsoft purchased Giant in December 2004.

A more intriguing announcement, perhaps, was the fact that Microsoft would also be releasing something it called Malicious Software Removal Tools. News reports have described these tools, somewhat erroneously, as being an antivirus solution. In this issue of Windows Secrets, I’ll examine both of these software releases.

‘Tools’ don’t substitute for real antivirus apps

Microsoft’s Malicious Software Removal Tools is actually a single wizard-like tool designed to scan a Windows 2000, XP, or Server 2003 PC and remove a few specific known threats. Instead of being a general-purpose antivirus solution, the tool instead rolls up, or aggregates, separate scanners and malware removal tools Microsoft previously released.

Microsoft says it will put out new versions of its Malicious Software Removal Tools every month going forward. The new versions will be issued on the second Tuesday of each month, alongside the company’s regularly scheduled monthly security bulletins.

The first version of the utility scans your system for various versions of eight threats. These are the Blaster, Sasser, MyDoom, DoomJuice, Zindos, Berweb (Download.Ject), Gailbot, and Nachi viruses and worms. If any of this malware is found by the utility, it will then remove the problems from your system.

Because Microsoft’s new removal tool is merely based on previously issued and known good malware removal tools, Windows Secrets readers will likely experience few problems with the new utility bundle. However, don’t mistake Microsoft’s tools for a complete antivirus solution, as some in the tech press have done. You still need an up-to-date antivirus solution to completely protect your system from attack.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Patch Watch

Unpatched security holes still plague users

Susan bradley Microsoft released three security bulletins this week, two of them rated critical, one rated merely important.

While installing these security patches is advisable, it’s equally important for you to guard yourself against several vulnerabilities that as yet have no patches atall.

XP SP2 and other versions vulnerable to hacking
IE 6 allows a hacked Web site that a user visits to silently take control of the user’s PC, even if Service Pack 2 (SP2) has been installed on Windows XP, according to security firm Secunia. This threat, which emerged in December 2004, is as yet unpatched by Microsoft.

What to do: I recommend that, if you use IE 6, you configure the Internet Zone to High security. (In IE 6, click Tools, Internet Options, Security, Internet, Custom Level, High, OK, OK.) Only add those Web sites that you trust with active scripting to your Trusted Sites zone. Running IE with security on High will disable ActiveX and other techniques that some legitimate sites may use.

Secunia has posted a complete description of the problem and a useful Web-based test. The test allows you to check whether your browser isaffected. More info

Almost all browsers at risk of pop-up takeovers
Another threat that emerged in December allows pop-up windows from legitimate Web sites to be taken over by hackers, according to Secunia. If a hacked Web site is visited first, pop-ups opened by a legitimate site visited by a user can be hijacked.

This problem leaves at least the following browsers wide open:

• Internet Explo

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Hot Tips

Infected PDFs force Adobe Readerupgrade

PDF (Page Description Format) files are usually considered harmless to open. Unfortunately, a flaw has been found in PDFs, requiring an update to Adobe Reader and Acrobat software. This is apparently the first security vulnerability in PDFs since November 2000, when a hole was found in Adobe’s version 4 software.

To eliminate the risk, take one of the following three steps. (1) Rename Adobe’s eBook.api file, if you don’t use Adobe eBooks; (2) Install the Reader 6.0.2 upgrade; or (3) Upgrade Reader and Acrobat to version 7.0. We recommend upgrading to Reader 7, just released last month, which is reportedly much faster than Reader 6. How to upgrade

Security firm iDefense has posted a description of the problem and workarounds for it. More info

Blogger Jonathan Hardwick has posted an excellent guide to speeding up Reader 7.0 even more, including deleting a memory-resident file it installs. More info

Finally, AcroPDF.com released on Jan. 1 its new PDF Speedup 1.42, an excellent utility that supercharges Adobe Reader for you automatically. More info



This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Wacky Web Week

Gates gives the demo from Hell at CES

image   The Consumer Electronics Show, the largest tech event in America, just ended in Las Vegas last week. The buzz, however, wasn’t about the latest widescreen TV. It was about Bill Gates’ keynote speech, during which several Microsoft technologies crashed or utterly fell apart. One demo failed not once but during three separate segments of the speech, as Gates (photo, left) helplessly pressed buttons on his remote control.

The keynote stage had been set up to match the set from NBC’s "Late Night," complete with Conan O’Brien — and the comedian didn’t disappoint. Addressing the audience, he said after several failures, "Have we mentioned there’s gambling in this town? Feel free to hit the tables, you can come back when we get this thing working." News.com has a hilarious 2-minute video with the highlights. See Gates video
YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb