| || LARGE-LCD DIGITALCAMERAS|
CNET puts Minolta at top of list
You no longer have to settle for a tiny LCD when you’re looking for a compact camera. CNET compares six compact camera models that offer large, 2- to 2.5-inch LCD displays.
Konica Minolta Dimage X50 (Score: 7.6/10.0)
This article is part of our premium content. Join Now.
Already a paid subscriber? Click here to login.
By Chris Mosby
In some of the various online communities I take part in, you’ll see a pattern among staunch Microsoft supporters. They continue to categorize Mozilla’s Firefox browser as nothing more than a "hobbyist toy" and adamantly declare that it is just a "matter of time" before hackers start targeting Firefox users as much as users of Internet Explorer.
While this may be the case in the future, it certainly is not the case now. Firefox does have its share of vulnerabilities, but their number is nowhere near the number plaguing IE. And compare Mozilla’s response time when dealing with problems in Firefox, as opposed to Microsoft’s response time when dealing with issues in IE. The difference is days or weeks as opposed to months or years (if ever). The question you have to ask yourself is: Do you want a more secure browser now or later, when Microsoft gets around to it?
MS browser has 19 critical, unpatched holes
To illustrate this point, take a look at Secunia’s information pages on Internet Explorer and Mozilla Firefox. IE has 19 unpatched vulnerabilities, some of them rated “highly critical,” whereas Firefox currently has only five, the most severe of which is rated “moderately critical.”
The following two exploits that affect Internet Explorer 6 are a perfect example of this, as they both were initially reported in 2003, and have yet to be patched.
Visual Studio 6 plug-in allows IE 6 takeover
The Mciwndx.ocx ActiveX plug-in — which is part of Visual Studio 6 (Enterprise or Professional) — has a flawed property that can allow infected Web sites or HTML e-mails to install programs on your computer without your knowledge.
This might not seem like a problem if you don’t have Visual Studio 6. Unfortunately, since the plug-in is digitally signed by Microsoft, it can also be installed silently through IE by any Web site, if your settings are not configured properly.
What to do: The most obvious thing to do is delete this ActiveX plug-in if you find it on your computer. To keep the file from getting installed on your computer again through IE, you can follow the IE hardening guidelines detailed in the Nov. 18, 2004, issue of the Windows Secrets Newsletter.
For more information, check out the Secunia advisory on this issue.
IE flaw discloses software on your PC
There’s a flaw in Internet Explorer 6 that could allow an infected Web site or HTML e-mail to detect what components and versions are installed on a computer.
By itself, this flaw is not that dangerous. Used with other vulnerabilities and exploits, however, it can very well increase the success rate of a hacker attack. The exposure allows the hacker to know exactly what exploits can be used on an intended victim.
What to do: Once again, the IE hardening guidelines outlined in the Nov. 11, 2004, issue of the Windows Secrets Newsletter are an effective deterrent to this flaw. One of the steps will disable Active Scripting, which is required for this flaw to work.
For details, the Secunia advisory on this flaw provides specifics.
Chris Mosby is a contributor to Configuring Symantec Antivirus Corporate Edition and is the Systems Management Server administrator for a regional bank. In his spare time, he runs the SMS Admin Store.
By Susan Bradley
After a month with no security bulletins in March, it’s back to our normal evaluation process. This month, in addition to eight security bulletins available via Windows Update, we’ve got two nonsecurity patches, Windows 98 and Me re-releases — and, oh, did I happen to mention some newfound browser insecurities?
Of the eight bulletins, five are labeled "critical" and three merely "important." I recommend that you put a very high priority on the two patches that do not install via Windows Update. These are MS05-021, which affects Exchange 2000, particularly on the Small Business Server platform, and MS05-023, which prevents Word 2000, 2002, and 2003 from giving up your PC to an infected .doc file.
I’ll deal with these two urgent patches first, and then advise you of problems that have become known so far with Microsoft’s other April 12 patches.
Urgent: Exchange 2000 Server needs critical update
MS05-021 (894549): This patch for Exchange 2000 and 2003 servers probably worries me the most. Many people urgently need this patch, but there is no supported, free patch-management tool that deploys Exchange patches at this time. (Third-party, commercial patch-management tools do deploy this patch.)
This security update requires, if you’re updating Exchange 2000, that you first have Exchange 2000 Server Service Pack 3 as well as the Exchange 2000 Post-Service Pack 3 Rollup Patch (KB 870540).
What to do: If you have an Exchange 2000 server that accepts e-mail with merely an open port 25, ensure that you manually download and install MS05-021. For Exchange 2003, it’s much less of a concern.
Urgent: Word 2000 through 2003 open to hackers
MS05-023 (890169): This fix is probably the biggest concern for Word users, due to the lack of an easy, automatic patch. The buffer overrun that this patch corrects affects Word 2000, 2002 and 2003. If you’re running with administrative rights, someone sending you a document using this buffer-overrun exploit would be able to take control of your system.
What to do: I don’t recommend at this time that you block .doc email attachments. Instead, visit Office Update and then keep a close eye on this subject for possible issues in the future.
TCP/IP patch eliminates older workaround
MS05-019 (893066): There’s one bit of very good news with MS05-019. This download includes within it a TCP/IP workaround I’ve been installing on all of my XP SP2 machines. I call this the loopback patch. The fix was previously included in KB 884020, but it’s no longer necessary after you install MS05-019.
The patch also changes a value in some versions of the Windows Registry known as TCPWindowSize and adds a new value called MaxIcmpHostRoutes.
What to do: You should read KB articles 896350 and 890345 before installing this patch. The first article explains the Registry changes, which can affect some companies. The second article describes ways to work around performance issues that’ll be felt by those running Windows 2000 with Service Pack 3 after installing the patch.
IE patch removes previous hotfixes
MS05-020 (890923): This is another set of critical, cumulative updates for Internet Explorer 5 and 6. The flaws fixed by this bulletin have already had sample exploits posted to listserves.
What to do: These cumulative updates, while important to install, may remove specialized hotfixes you received for Internet Explorer after MS04-004 (which was released in Feb. 2004) but before MS04-038 (Oct. 2004). Before installing MS05-020, review the information in KB 890923 and 897225 for more details.
Patch is missing in Add/Remove order
MS05-016 (893086): Microsoft is closing a flaw in all versions of Windows (even XP SP2) that runs executable HTA files (HTML applications) even if a file has been renamed to some innocent-looking extension that normally isn’t executable, such as .G1F (where a numeric "1" instead of the letter "I" is used).
If you have some good reason not to install MS05-016, you can defeat the attack by temporarily disabling HTA files in the Registry. Instructions for this are provided by iDefense, a security research firm.
This patch bears no “installed on” date in the Add/Remove Software control panel. That means it won’t show up in the correct order of installation in that dialog box. Instead, it’ll show up at the beginning of the Windows XP – Software Updates list. See KB 893086.
Icon patch re-released for Win9x and Me
MS05-002 (KB 891711): Last month, while not being a "new bulletin" month for the NT family of operating system, Microsoft did provide some patches for the 9x family. MS 05-002 was finally re-released to provide fixes for these platforms. As was reported earlier, we saw reports with video drivers that have ended up with blue screens. This patch was re-released on Tuesday and should be installed (or reinstalled) on all Windows 98/ME machines.
PNG fix re-released for Messenger on XP SP1
MS05-009 (KB 890261): Also re-released was MS05-009, a patch that fixes a security hole when loading a PNG image file, which is now updated for those running Windows Messenger 184.108.40.2069 on Windows XP SP1.
Giant images crash IE and Firefox
We just can’t have a month go by without comparing Web browsers. This newsletter is no exception, but this time we’re not comparing Firefox to Internet Explorer. Instead, a interesting post to a security listserve points out that there’s another browser out there named Opera. This browser has some detractors, because you must pay to get a no-ad version, but it’s specifically being lauded as being unaffected by an image-rendering denial-of-service attack.
The flaw allows a hacker Web site to crash both IE and Firefox by displaying an image with huge height and width attributes. There’s no workaround for Internet Explorer. But you can prevent the problem from affecting Firefox by installing an extension named Grease Monkey. In the words of Andrew, the poster, you then use the extension program to write a DHTML user script and set a height and width limit for images to 5000 pixels.
What to do: Because Firefox will probably release a fix for this soon, I haven’t tried to write such a script. If you’re familiar with DHTML, you could use Grease Monkey’s authoring guidelines to develop a way to limit image sizes. If you do so, let me know via the newsletter’s contact page.
In the meantime, this isn’t a bug that allows a hacker to take over a PC. It merely crashes the browser. So I’ll simply say (in the immortal words of Sgt. Phil Esteraus from Hill Street Blues), just be careful out there, will you?
New blog and RSS security alert service
Last but not least, on Apr. 12 the Microsoft Security Resource Center moved its blog to its new location on the TechNet Blog property and announced a new security alert service that expands its RSS feeds to Instant Messenger Alerts as well.
As a final note, I cannot stress enough how important it is to call into Microsoft Product Support Services if you find issues with any patch or service pack. This is how these issues get corrected. In the United States, call 866-PCSafety (866-727-2338). Non-U.S. readers can call the local MS subsidiary using the number found at support.microsoft.com/security.
Susan Bradley is a Small Business Server and Security MVP — Most Valuable Professional — a title bestowed by Microsoft on independent experts who do not work for the company. Known as the “SBS Diva” for her extensive command of the bundled version of Windows Server 2003, she’s a partner in a CPA firm and spends her days cajoling vendors into coding more securely.
By Susan Bradley The past week brought us a passle of work. Some of it is very worthwhile, to be sure, but all of it is a bit more effort to add to our already-overburdened schedules.
This includes the new Windows Server 2003 service pack, a new opportunity to get pre-announcements of important but “nonsecurity” patches, and a decision to make about XP SP2. Windows 2003 SP1 hits the streets
Windows Server 2003 SP1 hit the streets on Apr. 6. Already we have reports of a few issues. Some of these were already covered by Brian in a special newsletter update
on Apr. 7.
The known issues described in our update at that time included the large amount of disk space required to install the service pack (up to 1,340 MB if installing from a CD), problems
installing it on Small Business Server 2003 (don’t do it), and patches for ISA 2000 and 2004 that are essential to install before upgrading to SP1.
This week, we found several more news items. Be sure to read Microsoft’s known issues regarding 2003 SP1 in KB 889101
, the latter of which lists several incompatibilities. Also, there is a strong
This article is part of our premium content. Join Now.
Already a paid subscriber? Click here to login.
By Ian Maddox
As much as we think we know about Windows and the Internet, there are still surprises out there awaiting us. This week, our readers reveal little-known tricks to restore lost Internet connectivity, eliminate Internet Explorer pests, and avoid the latest brand of phishing attacks.
Scott Rissinger writes in with this tale of malware removal gone wrong:
- “I just found a Windows problem I wanted to share with your readers. This has happened twice recently while working on two different computers.
"Both systems had multiple spyware issues on XP SP2. After I downloaded and ran MS AntiSpyware, removed all threats, and rebooted, I got a “limited or no connectivity” error on one system. On the other, I could not connect at all.
"I could not see how the spyware program would do this, so I ran a virus scan, tried to repair the errors with a boot CD, and started in Safe Mode with Networking, to no avail.
“On a whim, I downloaded and ran WinsockXPfix.exe, and it worked on both machines. Still not sure how anti-spyware messed up TCP/IP, other than removing files marked as threats. I was to the point of reloading both machines and losing all data, but this fix worked. Hope it helps some others pulling their hair out over connectivity issues.”
It’s becoming increasingly common for spyware and viruses to take control of your networking connection once they infect your computer. Often, their goal is to silently insert themselves into the data path so they can alter, inject, or sniff out any traffic that passes through the connection. Due to the architecture of Windows, this connection doesn’t have to be an Internet connection but could just as easily be an Ethernet connection, wireless LAN, PPP dial-up, or even a FireWire network.
All too often, antispyware and antivirus tools remove such malware imperfectly. Sometimes, this means deleting Registry keys and files that the hacker created to tap into your communications. Doing so ham-handedly can break your networking connection. The utility mentioned by reader Rissinger is designed to find these broken links and rejoin them, as if the malware had never been there.
If you find yourself in this position after removing a PC threat, download WinsockXPfix.exe from SnapFiles or some other software site. If your connection is down and your PC has no means of downloading files, you might have to actually restore the disabled malware from quarantine or use a Windows XP restore point to return your machine to its previous, infected state before removing the malware. Then, download the utility, remove the malware, and run the tool to restore your connection
Wacky Web Week
| || || Windows users who downloaded and ran Microsoft’s beta security program, MS AntiSpyware, got a big surprise — the utility detected Internet Explorer as spyware and removed it. In related news, Symantec Antivirus Research was quoted as reporting that “virus sightings were down 95%.”|
These are the kinds of hilarious scenarios that are constantly being dreamed up at BBspot.com, a humor site. Whether it’s Random Geek Horoscopes or a new Feng Shui Motherboard, you can always count on these guys for a laugh. More info: AntiSpyware removes IE
The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.
Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited
packages to this address (readers' letters are fine).
Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by
Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.
HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our
free signup page.
WE GUARANTEE YOUR PRIVACY:
1. We will never sell, rent, or give away your address to any outside
2. We will never send you any unrequested e-mail, besides
3. All unsubscribe requests are honored immediately, period.
HOW TO UNSUBSCRIBE: To unsubscribe
from the Windows Secrets Newsletter,
Copyright © 2016 by WindowsSecrets.com. All rights reserved.
Table of contents
Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc.
The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.