1.26.2005
Funny: Microsoft = giantcompany.com
I've been testing Microsoft's new AntiSpyware beta for the last few weeks. You can get your own copy of this public beta at http://www.microsoft.com/spyware. The software is pretty well behaved, mostly because it really isn't a beta at all. Microsoft purchased AntiSpyware from a company called Giant, which had been selling AntiSpyware for quite some time. Immediately after purchasing Giant's assets, Microsoft re-branded the Giant product and launched it as Microsoft AntiSpyware Beta. The only noticeable changes between Giant's version, and the beta released by Microsoft, are the removal of all references to Giant, and the removal of a cool utility called a secure file shredder. This utility was able to integrate directly into Windows Explorer, allowing you to right-click on a folder or a file and have it securely deleted (i.e. not moved to the recycle bin). For some reason Microsoft chose to remove this feature. Hmmm...
Anyway, now for the funny part of my post. I was running Microsoft AntiSpyware yesterday and encountered my first bug. The screen shot below was presented for my information.
I guess they didn't remove every reference to Giant after all. Giant's former website was www.giantcompany.com. I find this funny because of all the grief people give Microsoft for being an 800-pound gorilla. So, if you have problems with any Microsoft software - just e-mail support@giantcompany.com. It'll make it to the right place ;)
I've been testing Microsoft's new AntiSpyware beta for the last few weeks. You can get your own copy of this public beta at http://www.microsoft.com/spyware. The software is pretty well behaved, mostly because it really isn't a beta at all. Microsoft purchased AntiSpyware from a company called Giant, which had been selling AntiSpyware for quite some time. Immediately after purchasing Giant's assets, Microsoft re-branded the Giant product and launched it as Microsoft AntiSpyware Beta. The only noticeable changes between Giant's version, and the beta released by Microsoft, are the removal of all references to Giant, and the removal of a cool utility called a secure file shredder. This utility was able to integrate directly into Windows Explorer, allowing you to right-click on a folder or a file and have it securely deleted (i.e. not moved to the recycle bin). For some reason Microsoft chose to remove this feature. Hmmm...
Anyway, now for the funny part of my post. I was running Microsoft AntiSpyware yesterday and encountered my first bug. The screen shot below was presented for my information.
I guess they didn't remove every reference to Giant after all. Giant's former website was www.giantcompany.com. I find this funny because of all the grief people give Microsoft for being an 800-pound gorilla. So, if you have problems with any Microsoft software - just e-mail support@giantcompany.com. It'll make it to the right place ;)
1.11.2005
January 2005 Patch Day
I have a headache... and surprisingly it's not Microsoft's January 2005 security bulletins. I just finished driving from my home in eastern Kansas to Jefferson City, Missouri in dense fog and rain. Lots of 18-wheelers, and some idiot that passed me doing 100MPH. Needless to say, I'm really not in the mood for Patch Day.
The good news is that this month (while having two critical vulnerabilities) isn't really a bad month. Three total vulnerabilities, and none of them "wormable". In my vocabulary, "wormable" vulnerabilities are ones that can be exploited remotely with no user intervention, using commonly open ports/services. These are the Blaster/Sasser variety vulnerabilities. January 2005 holds no such vulnerabilities. Guess that means I can knock off early, take two aspirin, and update my patch baseline spreadsheet in the morning.
Update: The Excel and web version of my patch baseline spreadsheet are current. Enjoy!
I have a headache... and surprisingly it's not Microsoft's January 2005 security bulletins. I just finished driving from my home in eastern Kansas to Jefferson City, Missouri in dense fog and rain. Lots of 18-wheelers, and some idiot that passed me doing 100MPH. Needless to say, I'm really not in the mood for Patch Day.
The good news is that this month (while having two critical vulnerabilities) isn't really a bad month. Three total vulnerabilities, and none of them "wormable". In my vocabulary, "wormable" vulnerabilities are ones that can be exploited remotely with no user intervention, using commonly open ports/services. These are the Blaster/Sasser variety vulnerabilities. January 2005 holds no such vulnerabilities. Guess that means I can knock off early, take two aspirin, and update my patch baseline spreadsheet in the morning.
Update: The Excel and web version of my patch baseline spreadsheet are current. Enjoy!
12.23.2004
2005: The Year of Safe Computing
I wrote the following article specifically for my non-technical friends and family. Most of you who read this blog are savvy enough to skip over this entry. However, if you have an uncle, mother, or grandpa who just can't seem to make sense out of computer security, maybe you can forward this blog entry to them. Merry Christmas!
In lieu of sending Christmas cards, I've decided to invest my time writing an article on how to make 2005 the Year of Safe Computing. As most of you know, I work as a consultant in the IT industry. My job requires that I stay on top of several technology areas, and one of these areas is computer security. My goal with this article is to demystify computer security so you can better protect and maintain your home computer. I am focusing on three security topics that I feel will provide improved security without requiring too much effort to implement. So, grab a cup of coffee or hot chocolate and read on.
The three focus areas for this article are as follows:
1. Armor Your PC: Firewalls
Simply put, a firewall is a software program or hardware device that protects your PC from unsolicited communication. Such unsolicited communication often comes from hackers who prey on unsuspecting Internet-connected PCs. Hackers can send data to your PC over the Internet that will cause it to crash, or worse, they can install programs called "back-doors" that give them full control over your PC and all the data on your hard drive.
There are several ways you can protect yourself from being attacked. The easiest way is to install a software firewall program, which can be purchased at any major electronics retailer. A software firewall instructs Windows to stop listening for communication from other PCs, and instead only allows outgoing communication such as web surfing, or checking e-mail. Most people are surprised to learn that their PC is actively listening for other PCs, which it readily responds to by default. Another option is to purchase a hardware firewall device, often called a broadband router. This may be a good solution if you have more than one PC in your home and you want to share Internet access. In this scenario, the hardware device acts as a firewall protecting the home PCs from inbound Internet traffic. With a hardware firewall you can safely share files between two or more home PCs without the fear that you are sharing your data with everyone on the Internet.
Below is a list of some popular software and hardware firewalls:
Note: If you are running Windows XP, make sure you upgrade to Service Pack 2 using the Windows Update feature (windowsupdate.microsoft.com). Service Pack 2 includes a software firewall that does an excellent job of protecting your PC. If you are running an older version of Windows, you need to invest some money in one of the solutions above. Regardless of the solution you choose, a firewall makes an excellent New Years resolution for 2005.
2. Clean and Innoculate Your PC: Viruses, Spyware, Etc.
Our second area of focus is malicious software, often called viruses, spyware, malware, and adware. Unless you've hidden under a rock the last few years you probably know that computer viruses can wreak havoc on computers, and sometimes the entire Internet. Big-name viruses such as Melissa, Slammer, Blaster, and Sobig have even made the prime-time news. Similar to the firewall advice above, you should install and run software that protects you from malicious software found in e-mail, floppy-disks, or Internet downloads.
There are plenty of antivirus software vendors for you to choose from. Here is a list of the most popular consumer packages:
You may also want to check out a subscription to MSN Premium, which offers both antivirus software and a software firewall as part of the subscriber benefits. I wrote an entire article on this service over at my MSN blog, which you can find by clicking here. Check it out if you are interested in an alternative approach to securing your PC while getting more enjoyment out of the Internet at the same time. Regardless of which antivirus software program you choose, please be aware that you need to keep your virus definitions updated on a daily or weekly basis. Virus definitions are lists of current viruses, which help the antivirus software recognize newly discovered threats. Most off-the-shelf antivirus software comes with a 1-year virus definition subscription at no charge, but anything beyond the first year will cost you between $15 and $30 dollars. This might seem like a racket, but it is a small price to pay to stay ahead of the bad guys.
A new type of malicious software is spreading like wildfire throughout the Internet. This new threat is known as spyware. Spyware is software that tracks your PC activities with the goal of sending you targeted advertising. Some of you may be infected with spyware right now and not even realize it. A more dangerous form of spyware is designed to capture your keystrokes, e-mail messages, and important data files, which are then used for illegal purposes. One reason spyware is such a problem is due to its distribution method. Spyware often rides "shotgun" alongside free software you might find on the Internet. If you have downloaded software such as Kazaa, or other file sharing programs, there is a good chance you have spyware on your computer. There are also numerous Internet Explorer toolbars that claim to offer enhanced search features, but instead simply track your web surfing habits to let advertisers know your interests.
Below is part of an e-mail I received from a friend who was infected with spyware.
"A massive number of pop up windows appeared on my computer, and I couldn't close them fast enough ... they just kept coming. I discovered on my computer a number of programs that I did not deliberately download, and several are preventing me from removing them. In addition, I'm very sorry to say, that under my "favorites" section in Internet Explorer have been added, without my knowledge, links to various websites, including several that are, let's say, very bad."
Does the above situation sound familiar? Has your PC been getting slower and slower over the years? This could be caused by many factors, but quite often it is due to spyware being installed without your consent. A new type of software known as anti-spyware is needed to fight this threat, since antivirus software does not protect you from spyware the same way it protects you from viruses. Isn't technology wonderful!?!?
Earlier this month Microsoft purchased Giant Software, maker of the premier anti-spyware product on the market. This purchase, along with the 2003 purchase of GeCAD, means Microsoft now has both antivirus and anti-spyware software expertise. The rumor mills are aflutter with speculation about Microsoft's plans for both technologies. I can assure you of one thing, Microsoft is getting serious about security. We won't likely see any of this technology directly integrated into Windows until 2006 at the earliest; however, Microsoft has promised a test version of their anti-spyware product sometime in January. Until an integrated antivirus and anti-spyware solution exists, other companies offer free and low-cost software to help you win the battle against spyware. My personal favorites are listed below:
Following the links above will take you to a page where you can download each product and read more about the installation process. I recommend running both Ad-Aware and Spybot Search & Destroy to get the best results. Anti-spyware solutions are not 100% successful at deleting all spyware, which is why it's a good idea to run more than one utility. Keep an eye on Microsoft's spyware page throughout the year for details on their anti-spyware offering.
3. Protect Your Privacy: SPAM and Phishing
The final topic for this article deals with a major annoyance for all users of Internet e-mail; SPAM and phishing. While SPAM is simply annoying junkmail, phishing attacks are SPAM e-mails with a deceptive message. Phishing messages often claim to come from your bank, brokerage firm, or other popular sites such as eBay, and implore you to quickly reset your password or divulge other important personal information. Unfortunately, those that fall for these scams often find that their information is later used for fraudulent purposes.
How can you spot a phishing attack?
Conclusion
Please consider the information above my Christmas present to each of you. I want to do whatever I can to help make your PC experience as safe and enjoyable as possible. Computers and the Internet are amazing tools that have changed our lives for the better. However, without the proper protection and safe computing practices, your PC could cause more harm than good. I strongly recommend you compare your current computing environment against my recommendations and implement any necessary upgrades to make 2005 the Year of Safe Computing.
I wrote the following article specifically for my non-technical friends and family. Most of you who read this blog are savvy enough to skip over this entry. However, if you have an uncle, mother, or grandpa who just can't seem to make sense out of computer security, maybe you can forward this blog entry to them. Merry Christmas!
In lieu of sending Christmas cards, I've decided to invest my time writing an article on how to make 2005 the Year of Safe Computing. As most of you know, I work as a consultant in the IT industry. My job requires that I stay on top of several technology areas, and one of these areas is computer security. My goal with this article is to demystify computer security so you can better protect and maintain your home computer. I am focusing on three security topics that I feel will provide improved security without requiring too much effort to implement. So, grab a cup of coffee or hot chocolate and read on.
The three focus areas for this article are as follows:
- Armor Your PC: Firewalls
- Clean and Inoculate Your PC: Viruses, Spyware, Etc.
- Protect Your Privacy: SPAM and Phishing
1. Armor Your PC: Firewalls
Simply put, a firewall is a software program or hardware device that protects your PC from unsolicited communication. Such unsolicited communication often comes from hackers who prey on unsuspecting Internet-connected PCs. Hackers can send data to your PC over the Internet that will cause it to crash, or worse, they can install programs called "back-doors" that give them full control over your PC and all the data on your hard drive.
There are several ways you can protect yourself from being attacked. The easiest way is to install a software firewall program, which can be purchased at any major electronics retailer. A software firewall instructs Windows to stop listening for communication from other PCs, and instead only allows outgoing communication such as web surfing, or checking e-mail. Most people are surprised to learn that their PC is actively listening for other PCs, which it readily responds to by default. Another option is to purchase a hardware firewall device, often called a broadband router. This may be a good solution if you have more than one PC in your home and you want to share Internet access. In this scenario, the hardware device acts as a firewall protecting the home PCs from inbound Internet traffic. With a hardware firewall you can safely share files between two or more home PCs without the fear that you are sharing your data with everyone on the Internet.
Below is a list of some popular software and hardware firewalls:
Note: If you are running Windows XP, make sure you upgrade to Service Pack 2 using the Windows Update feature (windowsupdate.microsoft.com). Service Pack 2 includes a software firewall that does an excellent job of protecting your PC. If you are running an older version of Windows, you need to invest some money in one of the solutions above. Regardless of the solution you choose, a firewall makes an excellent New Years resolution for 2005.
2. Clean and Innoculate Your PC: Viruses, Spyware, Etc.
Our second area of focus is malicious software, often called viruses, spyware, malware, and adware. Unless you've hidden under a rock the last few years you probably know that computer viruses can wreak havoc on computers, and sometimes the entire Internet. Big-name viruses such as Melissa, Slammer, Blaster, and Sobig have even made the prime-time news. Similar to the firewall advice above, you should install and run software that protects you from malicious software found in e-mail, floppy-disks, or Internet downloads.
There are plenty of antivirus software vendors for you to choose from. Here is a list of the most popular consumer packages:
You may also want to check out a subscription to MSN Premium, which offers both antivirus software and a software firewall as part of the subscriber benefits. I wrote an entire article on this service over at my MSN blog, which you can find by clicking here. Check it out if you are interested in an alternative approach to securing your PC while getting more enjoyment out of the Internet at the same time. Regardless of which antivirus software program you choose, please be aware that you need to keep your virus definitions updated on a daily or weekly basis. Virus definitions are lists of current viruses, which help the antivirus software recognize newly discovered threats. Most off-the-shelf antivirus software comes with a 1-year virus definition subscription at no charge, but anything beyond the first year will cost you between $15 and $30 dollars. This might seem like a racket, but it is a small price to pay to stay ahead of the bad guys.
A new type of malicious software is spreading like wildfire throughout the Internet. This new threat is known as spyware. Spyware is software that tracks your PC activities with the goal of sending you targeted advertising. Some of you may be infected with spyware right now and not even realize it. A more dangerous form of spyware is designed to capture your keystrokes, e-mail messages, and important data files, which are then used for illegal purposes. One reason spyware is such a problem is due to its distribution method. Spyware often rides "shotgun" alongside free software you might find on the Internet. If you have downloaded software such as Kazaa, or other file sharing programs, there is a good chance you have spyware on your computer. There are also numerous Internet Explorer toolbars that claim to offer enhanced search features, but instead simply track your web surfing habits to let advertisers know your interests.
Below is part of an e-mail I received from a friend who was infected with spyware.
"A massive number of pop up windows appeared on my computer, and I couldn't close them fast enough ... they just kept coming. I discovered on my computer a number of programs that I did not deliberately download, and several are preventing me from removing them. In addition, I'm very sorry to say, that under my "favorites" section in Internet Explorer have been added, without my knowledge, links to various websites, including several that are, let's say, very bad."
Does the above situation sound familiar? Has your PC been getting slower and slower over the years? This could be caused by many factors, but quite often it is due to spyware being installed without your consent. A new type of software known as anti-spyware is needed to fight this threat, since antivirus software does not protect you from spyware the same way it protects you from viruses. Isn't technology wonderful!?!?
Earlier this month Microsoft purchased Giant Software, maker of the premier anti-spyware product on the market. This purchase, along with the 2003 purchase of GeCAD, means Microsoft now has both antivirus and anti-spyware software expertise. The rumor mills are aflutter with speculation about Microsoft's plans for both technologies. I can assure you of one thing, Microsoft is getting serious about security. We won't likely see any of this technology directly integrated into Windows until 2006 at the earliest; however, Microsoft has promised a test version of their anti-spyware product sometime in January. Until an integrated antivirus and anti-spyware solution exists, other companies offer free and low-cost software to help you win the battle against spyware. My personal favorites are listed below:
Following the links above will take you to a page where you can download each product and read more about the installation process. I recommend running both Ad-Aware and Spybot Search & Destroy to get the best results. Anti-spyware solutions are not 100% successful at deleting all spyware, which is why it's a good idea to run more than one utility. Keep an eye on Microsoft's spyware page throughout the year for details on their anti-spyware offering.
3. Protect Your Privacy: SPAM and Phishing
The final topic for this article deals with a major annoyance for all users of Internet e-mail; SPAM and phishing. While SPAM is simply annoying junkmail, phishing attacks are SPAM e-mails with a deceptive message. Phishing messages often claim to come from your bank, brokerage firm, or other popular sites such as eBay, and implore you to quickly reset your password or divulge other important personal information. Unfortunately, those that fall for these scams often find that their information is later used for fraudulent purposes.
How can you spot a phishing attack?
- Look for spelling mistakes, or poor grammar
- If the message has an unusually urgent tone
- If the web site address you are sent to is not legitimate, or is not secure
- Be suspicious of requests for financial data or personal information
Conclusion
Please consider the information above my Christmas present to each of you. I want to do whatever I can to help make your PC experience as safe and enjoyable as possible. Computers and the Internet are amazing tools that have changed our lives for the better. However, without the proper protection and safe computing practices, your PC could cause more harm than good. I strongly recommend you compare your current computing environment against my recommendations and implement any necessary upgrades to make 2005 the Year of Safe Computing.
12.14.2004
Microsoft December Security Updates
This month brings us 6 vulnerabilities, 5 of which were announced today, and one (a critical IE vulnerability) which was announced on December 1st. Of these 6 vulnerabilities the IE critical vulnerability is the one that should be on everyone's radar screen. Those of you running Windows XP SP2 and Windows 2003 are not affected by this critical vulnerability. However, anyone running Windows 2000 or Windows XP with SP1 should investigate the December IE patch immediately.
The only other item of interest this month is the WINS vulnerability detailed in MS04-045. This vulnerability could allow remote code execution in certain circumstances, most likely on Windows 2000 servers. I added this patch to my recommended patch baseline list due to this fact. However, if you are not running the WINS service on a particular server, then you do not need to worry about this vulnerability. In some situations with smaller clients, I have installed WINS on AD domain controllers since those servers are typically under-utilized. If your network fits this scenario, it is imperative that you apply the WINS patch. Remote compromise of a WINS server is one thing-remote compromise of an AD domain controller is another.
Have a happy holiday season...
This month brings us 6 vulnerabilities, 5 of which were announced today, and one (a critical IE vulnerability) which was announced on December 1st. Of these 6 vulnerabilities the IE critical vulnerability is the one that should be on everyone's radar screen. Those of you running Windows XP SP2 and Windows 2003 are not affected by this critical vulnerability. However, anyone running Windows 2000 or Windows XP with SP1 should investigate the December IE patch immediately.
The only other item of interest this month is the WINS vulnerability detailed in MS04-045. This vulnerability could allow remote code execution in certain circumstances, most likely on Windows 2000 servers. I added this patch to my recommended patch baseline list due to this fact. However, if you are not running the WINS service on a particular server, then you do not need to worry about this vulnerability. In some situations with smaller clients, I have installed WINS on AD domain controllers since those servers are typically under-utilized. If your network fits this scenario, it is imperative that you apply the WINS patch. Remote compromise of a WINS server is one thing-remote compromise of an AD domain controller is another.
Have a happy holiday season...
12.4.2004
New MSN-Focused Blog over at MSN Spaces
I have decided to split my blogging efforts across two separate services. This site will remain the source for general IT information, while my new blog over at spaces.msn.com will be focused specifically on MSN. I decided to do this for a couple reasons:
I have decided to split my blogging efforts across two separate services. This site will remain the source for general IT information, while my new blog over at spaces.msn.com will be focused specifically on MSN. I decided to do this for a couple reasons:
- I am an MSN MVP, and I want to show my support for MSN Spaces
- MSN Spaces has some cool features that BlogSpot does not (isn't competition great!)
- Those of you with no interest in MSN won't have to wade through posts on this site to find what you are looking for (which, at the moment is mostly people looking for info on W32.spybot.worm)
My new blog, I mean "space" can be found at http://spaces.msn.com/members/kcmvp
Enjoy!
11.27.2004
No More Service Packs for Windows 2000
I just read the official announcement concerning Windows 2000 SP5, or the lack thereof. I'm wondering about the "many customers" who told Microsoft they would prefer to leave Win2000 on SP4 until 2010, which is when support officially retires. Seriously--this is how long Win2000 will be in circulation given Microsoft's extended support lifecycle.
Here are some of my favorite quotes from the announcement FAQ:
"Because every update to Windows introduces the possibility of system instability at the customer's site (for example, an update to one part of the system causes some other part of the system--or an application--to fail), an Update Rollup will provide the maximum utility at the minimum risk of instability at this point in the Windows 2000 life-cycle."
**JC** Wait until the Linux zealots get a hold of this quote. Classic!
Q. Is this the first time Microsoft has done a rollup instead of a service pack?
A. No. Microsoft has done update rollups before. For information on previous rollups, visit the following links:
"Windows 2000 systems with SP4 deployed will be 'up to date' from a life-cycle policy perspective until the end of life (EOL) date of Windows 2000. The EOL date will be no sooner than January 1, 2010."
**JC** Again, where is the logic in this?
I can understand that Microsoft wants to move their "Sustained Engineering" resources onward and upward--but I believe this decision will rub a lot of customers the wrong way. Many customers I work with (mid-market, 1000-10,000 desktops) are planning to maintain their Windows 2000 Servers (mostly application servers) for quite some time. Granted, I see excellent momentum behind Windows 2003, especially for Active Directory domain controllers and Microsoft Exchange servers, just to name a few. However, I also know many customers who only recently migrated off NT 4.0 (which released in 1996).
Please don't think this is a Microsoft-bashing post, but instead just the honest opinion of someone who works in the trenches with techs and IT Managers on a daily basis. I can't think of one of them who would have said to Microsoft, "Sure, don't release any more service packs for Windows 2000".
I just read the official announcement concerning Windows 2000 SP5, or the lack thereof. I'm wondering about the "many customers" who told Microsoft they would prefer to leave Win2000 on SP4 until 2010, which is when support officially retires. Seriously--this is how long Win2000 will be in circulation given Microsoft's extended support lifecycle.
Here are some of my favorite quotes from the announcement FAQ:
"Because every update to Windows introduces the possibility of system instability at the customer's site (for example, an update to one part of the system causes some other part of the system--or an application--to fail), an Update Rollup will provide the maximum utility at the minimum risk of instability at this point in the Windows 2000 life-cycle."
**JC** Wait until the Linux zealots get a hold of this quote. Classic!
Q. Is this the first time Microsoft has done a rollup instead of a service pack?
A. No. Microsoft has done update rollups before. For information on previous rollups, visit the following links:
a. Windows NT 4.0 Post-Service Pack 6a Security Rollup Package**JC** Nice--we're comparing the forthcoming Windows 2000 rollup to these other earth shattering releases. I could understand if this was 2008 and we were discussing the end of Windows 2000 service packs. However, the last time I checked the calendar is just about to roll to 2005.
b. Windows 2000 Security Rollup Package 1 (SRP1)
c. Windows XP Update Rollup 1
"Windows 2000 systems with SP4 deployed will be 'up to date' from a life-cycle policy perspective until the end of life (EOL) date of Windows 2000. The EOL date will be no sooner than January 1, 2010."
**JC** Again, where is the logic in this?
I can understand that Microsoft wants to move their "Sustained Engineering" resources onward and upward--but I believe this decision will rub a lot of customers the wrong way. Many customers I work with (mid-market, 1000-10,000 desktops) are planning to maintain their Windows 2000 Servers (mostly application servers) for quite some time. Granted, I see excellent momentum behind Windows 2003, especially for Active Directory domain controllers and Microsoft Exchange servers, just to name a few. However, I also know many customers who only recently migrated off NT 4.0 (which released in 1996).
Please don't think this is a Microsoft-bashing post, but instead just the honest opinion of someone who works in the trenches with techs and IT Managers on a daily basis. I can't think of one of them who would have said to Microsoft, "Sure, don't release any more service packs for Windows 2000".
11.18.2004
Windows Update Services Beta 2
Earlier this week Microsoft released Windows Update Services (WUS) Beta 2 to customers and private testers. WUS is Microsoft's second-generation security patch distribution software. Microsoft anticipates a spring 2005 release for the final version of WUS.
The only difference between the private and public WUS betas is the fact that private beta testers have a direct line of communications with WUS developers at Microsoft. Other than that, the code is identical. You can register to download WUS Beta 2 at this Microsoft web site.
Here are some early screen shots from my dev/test lab (a.k.a. my home network). Click each image for a full-size screen shot. Machine names have been hidden to protect the innocent.
Screen Shot 1: WUS Administration Home Page
Screen Shot 2: WUS Update Catalog
Screen Shot 3: Example Status Report
Screen Shot 4: Detailed Computer Status
Earlier this week Microsoft released Windows Update Services (WUS) Beta 2 to customers and private testers. WUS is Microsoft's second-generation security patch distribution software. Microsoft anticipates a spring 2005 release for the final version of WUS.
The only difference between the private and public WUS betas is the fact that private beta testers have a direct line of communications with WUS developers at Microsoft. Other than that, the code is identical. You can register to download WUS Beta 2 at this Microsoft web site.
Here are some early screen shots from my dev/test lab (a.k.a. my home network). Click each image for a full-size screen shot. Machine names have been hidden to protect the innocent.
Screen Shot 1: WUS Administration Home Page
Screen Shot 2: WUS Update Catalog
Screen Shot 3: Example Status Report
Screen Shot 4: Detailed Computer Status
11.16.2004
Check out the Windows Marketplace
Microsoft recently launched a new web site to showcase all the products and services that compliment Windows-based systems. Each product you find will have links to various online and brick & mortar retailers--including price comparisons. As a Microsoft MVP I've been writing reviews for numerous hardware and software products from Microsoft and 3rd party companies. Click on over to the Windows Marketplace and look for my reviews under the nickname KC_MVP. The Windows Marketplace should make holiday shopping easier for all the geeks in your family.
Microsoft recently launched a new web site to showcase all the products and services that compliment Windows-based systems. Each product you find will have links to various online and brick & mortar retailers--including price comparisons. As a Microsoft MVP I've been writing reviews for numerous hardware and software products from Microsoft and 3rd party companies. Click on over to the Windows Marketplace and look for my reviews under the nickname KC_MVP. The Windows Marketplace should make holiday shopping easier for all the geeks in your family.
11.7.2004
More Info on W32.Spybot.Worm
I've noticed several visitors are reaching this blog after searching for help with W32.Spybot.Worm. I am posting a few more knowledge gems with the hope that my experience can lessen the effect of this virus on other networks. Click here for my previous W32.Spybot.Worm blog entry.
Tools
We relied on a couple tools to gain an understanding of what W32.Spybot.Worm was doing on the network. The first tool is Autoruns from Sysinternals. Autoruns will search all relevant registry keys and startup folders for programs that are set to run at boot time. This is how we discovered that malicious files named WinUSB2 and bling.exe were executing at startup.
Another utility from Sysinternals that came in handy was PSKill (part of the PSTools Suite). This little command-line utility allowed us to kill the WinUSB2 and bling.exe processes on all infected workstations. We needed this tool because simply trying to end the task via Task Manager wouldn't work. PSKill can kill tasks on the local system, or it can be run across the network to kill processes on remote machines. We wrote a quick and dirty batch file which called PSKill to stop WinUSB2 and bling.exe. This helped ease network traffic, which had been overwhelming the edge router.
Machine Repair
We ended up using the updated Symantec AV definition files to let SAV repair the machines. However, if Symantec had taken any longer to get the defs uploaded (it took them almost 24 hours) we would have taken matters into our own hands. Possible options for removing the offending registry keys and files remotely would have been Kixtart, or maybe just WMI (since all desktops are 2000 or XP). I'm glad we didn't need to go down this path.
I've noticed several visitors are reaching this blog after searching for help with W32.Spybot.Worm. I am posting a few more knowledge gems with the hope that my experience can lessen the effect of this virus on other networks. Click here for my previous W32.Spybot.Worm blog entry.
Tools
We relied on a couple tools to gain an understanding of what W32.Spybot.Worm was doing on the network. The first tool is Autoruns from Sysinternals. Autoruns will search all relevant registry keys and startup folders for programs that are set to run at boot time. This is how we discovered that malicious files named WinUSB2 and bling.exe were executing at startup.
Another utility from Sysinternals that came in handy was PSKill (part of the PSTools Suite). This little command-line utility allowed us to kill the WinUSB2 and bling.exe processes on all infected workstations. We needed this tool because simply trying to end the task via Task Manager wouldn't work. PSKill can kill tasks on the local system, or it can be run across the network to kill processes on remote machines. We wrote a quick and dirty batch file which called PSKill to stop WinUSB2 and bling.exe. This helped ease network traffic, which had been overwhelming the edge router.
Machine Repair
We ended up using the updated Symantec AV definition files to let SAV repair the machines. However, if Symantec had taken any longer to get the defs uploaded (it took them almost 24 hours) we would have taken matters into our own hands. Possible options for removing the offending registry keys and files remotely would have been Kixtart, or maybe just WMI (since all desktops are 2000 or XP). I'm glad we didn't need to go down this path.
10.31.2004
Firefox Use on the Rise
I thought I'd share my blog usage statistics with everyone to illustrate a point about browser usage.
As you can see from the above graph, Firefox 1.0 (which is still in testing) has reached 11% market share. I've been watching this number rise over the last couple weeks and figured now was a good time to bring this trend to light. What do you think about this new browser? Why are you using it? Do you still use Microsoft Internet Explorer for banking, Outlook Web Access?
I thought I'd share my blog usage statistics with everyone to illustrate a point about browser usage.
As you can see from the above graph, Firefox 1.0 (which is still in testing) has reached 11% market share. I've been watching this number rise over the last couple weeks and figured now was a good time to bring this trend to light. What do you think about this new browser? Why are you using it? Do you still use Microsoft Internet Explorer for banking, Outlook Web Access?
10.29.2004
Symantec Client Security Best Practices
I'm going to be posting a few blog entries about a recent experience implementing Symantec Client Security (the corporate version of Symantec/Norton antivirus). This first entry is dedicated to a problem with the default installation options when implemented on Exchange servers.
I was working with a client this week and one of my tasks was to assist them with an upgrade from Exchange 2000 to Exchange 2003. Given that this is a single server swing upgrade I knew it would be a slam dunk. Basically we would install the new server on new hardware, move the mailboxes during a maintenance window, then decommission the old server. Boy was I wrong.
Once the new server was in place we started by migrating a few pilot mailboxes. We immediately noticed that mail was not flowing reliably between the old and new servers. We were also getting some ambiguous errors in the event log. To make a long blog entry short, the problem was with Symantec Client Security's advanced e-mail scanning component. Here are the exact error messages we received in the event logs.
Event Type: Warning
Event Source: MSExchangeMTA
Event Category: Interface
Event ID: 9318
Date: 10/27/2004
Time: 11:06:54 AM
User: N/A
Computer: SERVERNAME
Description:An RPC communications error occurred. Unable to bind over RPC. Locality Table (LTAB) index: 7, Windows 2000/MTA error code: 9297. Comms error 9297, Bind error 9297, Remote Server Name MAIL [MAIN BASE 1 500 %10] (14)
Event Type: Warning
Event Source: MSExchangeMTA
Event Category: Security
Event ID: 9297
Date: 10/27/2004
Time: 11:06:54 AM
User: N/A
Computer: SERVERNAME
Description:Calling client thread does not have permission to use MTA RPCs. Windows 2000 error code: 0X80070005. Client user account: NT AUTHORITY\ANONYMOUS LOGON. [BASE IL INCOMING RPC 25 237] (14)
It turns out that the default install of Symantec Client Security 9 also installs and activates a component which should only be used on 2000/XP client machines. This component, referred to in the install routine as POP3 Scanner, was intercepting all mail to and from our Exchange server and basically messing up the mail flow. We simply re-ran the install routine and de-selected this component (as well as the Outlook scanning piece which was also installed by default) and after a reboot the server was back to normal. The above event log messages were also gone once the server rebooted--and they haven't come back since.
I'll write a future blog entry on the steps required to create a custom Symantec Client Security package. It is wise to have a separate package for desktops, laptops, and servers. I sincerely hope the search engines pick up this blog entry so that any other individuals who may be fighting this issue can find my solution. We burned about 3 hours fighting this issue--and believe me it wasn't an enjoyable few hours.
One more thing... while we were already aware of the necessary file exclusions for Exchange servers (in other words, this had nothing to do with the above problem) you may want to check out this Microsoft article for full details. There are quite a few do's/don'ts regarding file system antivirus scanners running on Exchange servers.
I'm going to be posting a few blog entries about a recent experience implementing Symantec Client Security (the corporate version of Symantec/Norton antivirus). This first entry is dedicated to a problem with the default installation options when implemented on Exchange servers.
I was working with a client this week and one of my tasks was to assist them with an upgrade from Exchange 2000 to Exchange 2003. Given that this is a single server swing upgrade I knew it would be a slam dunk. Basically we would install the new server on new hardware, move the mailboxes during a maintenance window, then decommission the old server. Boy was I wrong.
Once the new server was in place we started by migrating a few pilot mailboxes. We immediately noticed that mail was not flowing reliably between the old and new servers. We were also getting some ambiguous errors in the event log. To make a long blog entry short, the problem was with Symantec Client Security's advanced e-mail scanning component. Here are the exact error messages we received in the event logs.
Event Type: Warning
Event Source: MSExchangeMTA
Event Category: Interface
Event ID: 9318
Date: 10/27/2004
Time: 11:06:54 AM
User: N/A
Computer: SERVERNAME
Description:An RPC communications error occurred. Unable to bind over RPC. Locality Table (LTAB) index: 7, Windows 2000/MTA error code: 9297. Comms error 9297, Bind error 9297, Remote Server Name MAIL [MAIN BASE 1 500 %10] (14)
Event Type: Warning
Event Source: MSExchangeMTA
Event Category: Security
Event ID: 9297
Date: 10/27/2004
Time: 11:06:54 AM
User: N/A
Computer: SERVERNAME
Description:Calling client thread does not have permission to use MTA RPCs. Windows 2000 error code: 0X80070005. Client user account: NT AUTHORITY\ANONYMOUS LOGON. [BASE IL INCOMING RPC 25 237] (14)
It turns out that the default install of Symantec Client Security 9 also installs and activates a component which should only be used on 2000/XP client machines. This component, referred to in the install routine as POP3 Scanner, was intercepting all mail to and from our Exchange server and basically messing up the mail flow. We simply re-ran the install routine and de-selected this component (as well as the Outlook scanning piece which was also installed by default) and after a reboot the server was back to normal. The above event log messages were also gone once the server rebooted--and they haven't come back since.
I'll write a future blog entry on the steps required to create a custom Symantec Client Security package. It is wise to have a separate package for desktops, laptops, and servers. I sincerely hope the search engines pick up this blog entry so that any other individuals who may be fighting this issue can find my solution. We burned about 3 hours fighting this issue--and believe me it wasn't an enjoyable few hours.
One more thing... while we were already aware of the necessary file exclusions for Exchange servers (in other words, this had nothing to do with the above problem) you may want to check out this Microsoft article for full details. There are quite a few do's/don'ts regarding file system antivirus scanners running on Exchange servers.
10.27.2004
TechNet Magazine is Online!
If you can't wait for your printed copy of TechNet Magazine--head on over to this web site where you can read all the content online. This edition of TechNet magazine has excellent information on how to secure your Windows environment from the bad guys. There's also a cool article on integrating Cisco Unity and Microsoft Exchange ;)
If you can't wait for your printed copy of TechNet Magazine--head on over to this web site where you can read all the content online. This edition of TechNet magazine has excellent information on how to secure your Windows environment from the bad guys. There's also a cool article on integrating Cisco Unity and Microsoft Exchange ;)
10.25.2004
Free Software for Windows XP Users
The following link will take you to a site where you can download some cool *free* software for Windows XP. I've tried some of the software already--and I can vouch for the "coolness" of the USB Flash Drive Manager and Post-it Software Notes. As for the rest, you're on your own.
Note: if you don't already have anti-virus software on all your PCs, or if your antivirus software is out of warranty and no longer receiving updates, download the CA eTrust antivirus product. The core product is free and offers 1 year of free updates as well.
http://www.microsoft.com/windows/partnerpack/default.aspx?prereq=true
Enjoy!
The following link will take you to a site where you can download some cool *free* software for Windows XP. I've tried some of the software already--and I can vouch for the "coolness" of the USB Flash Drive Manager and Post-it Software Notes. As for the rest, you're on your own.
Note: if you don't already have anti-virus software on all your PCs, or if your antivirus software is out of warranty and no longer receiving updates, download the CA eTrust antivirus product. The core product is free and offers 1 year of free updates as well.
http://www.microsoft.com/windows/partnerpack/default.aspx?prereq=true
Enjoy!
10.23.2004
Premier Issue of TechNet Magazine is Ready!
Check out this link to order a free copy of the premier issue of TechNet Magazine. TechNet Magazine is targeted at IT Professionals and is published by the same team that publishes MSDN Magazine.
Once you get your hands on the magazine, turn to page 78. That's where you will find my article on Cisco Unity and Microsoft Exchange. This is my first published work--so I'm pretty excited. Check it out and let me know what you think.
Check out this link to order a free copy of the premier issue of TechNet Magazine. TechNet Magazine is targeted at IT Professionals and is published by the same team that publishes MSDN Magazine.
Once you get your hands on the magazine, turn to page 78. That's where you will find my article on Cisco Unity and Microsoft Exchange. This is my first published work--so I'm pretty excited. Check it out and let me know what you think.
