Windows & .NET Magazine Security UPDATE--December 10, 2003

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====
Shavlik: Free Security Patch Management Software
   http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BDoF0AJ

Microsoft Security Solutions
   http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BDoI0AM

====================

1. In Focus: Another Way to Approach IE Security

2. Announcements
     - Try a Sample Issue of Security Administrator
     - 2004 Dates Announced: Windows & .NET Magazine Connections
     - Take Our Print Publications Survey!

3. Security News and Features
     - Recent Security Vulnerabilities
     - News: Microsoft Opens Security Beta for Older Windows Versions
     - Feature: Filtering Messages in Exchange 2003

4. Instant Poll
     - Results of Previous Poll: Processor-Based Security
     - New Instant Poll: Your Web Browser

5. Security Toolkit
     - Virus Center
     - FAQ: How can I configure my Microsoft Remote Installation
       Services (RIS) server to respond only to known clients?
     - Featured Thread: S/MIME Encryption

6. Event
     - New--3 Microsoft Security Road Shows!

7. New and Improved
     - Password-Protect Your Windows Programs
     - Hide Folders to Protect Sensitive Data
     - Tell Us About a Hot Product and Get a T-Shirt

8. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Shavlik: Free Security Patch Management Software ====
   Install the latest critical Microsoft security patches MS03-048
through MS03-051 today with HFNetChkPro. A free, fully functional, no
time-out version of HFNetChkPro is available to help you automate the
delivery and testing of these critical patches. HFNetChkPro offers
unlimited scanning, a complete GUI and Shavlik's exclusive PatchPush
capabilities. Save time on patch deployment, ensure systems are fully
protected and safeguard your systems from remote code execution,
identity spoofing, arbitrary code execution and other attacks. It's
free, and it simplifies patch management without agents. Learn more
and download the free version of HFNetChkPro at
   http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BDoF0AJ

====================

==== 1. In Focus: Another Way to Approach IE Security ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

If you use Windows, you have Microsoft Internet Explorer (IE)
installed. You might choose not to use it and instead use some other
Web browser such as Mozilla or Opera, but IE is still installed, and
some of your Web activity might require its use. For example, you
can't download patches from Microsoft's Windows Update Web site
without using IE. In addition, some Web sites are designed exclusively
for IE and might not function properly with other browsers.

A lot of security bugs have been discovered in IE--several, recently.
You're probably aware that a few exploits take advantage of multiple
IE vulnerabilities to penetrate various levels of network and system
security. Almost invariably, such exploits are designed to somehow
gain access to local system resources. Using IE's built-in security
zones to help control Web functionality is a good way to protect your
network.

You might lock down the Internet Zone by disallowing ActiveX controls,
scripting, and cookie functionality. And you or your users might
loosen access for the Local Intranet zone because that zone should be
a trusted network for all users. You can also instruct users to add
appropriate Internet-based Web sites to the Trusted Sites zone, which
you've adjusted to allow the desired functionality.

That sort of configuration strategy is probably typical, and it makes
some sense. However, an attacker can exploit various security holes in
IE to circumvent even strict security that uses that model to gain
access to the My Computer zone, whose security is by default set
rather loosely.

Thor Larholm, senior security researcher at PivX Solutions, recently
posted a message to the NTBugtraq mailing list that points out another
way to strengthen IE security. Larholm said that he uses IE with
confidence even when a vulnerability is known and a patch isn't yet
available. Instead of leaving the My Computer zone configured with
loose security, he locks it down to some extent. He also loosens the
Internet Zone configuration to let components such as ActiveX controls
and Javascript operate to improve the Web browsing experience.
   http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0312&L=ntbugtraq&P=396

The My Computer zone isn't listed when you view zone security in
IE--you must edit the registry to adjust its security. However, be
aware that when doing so, you could make mistakes that cause problems
on the desktop and might even prevent the system from booting. You can
find a detailed explanation of IE's security zone settings and how to
edit them in the registry in the Microsoft article "Description of
Internet Explorer Security Zones Registry Entries" 
( http://support.microsoft.com/?kbid=182569 ).

I think Larholm's approach makes good sense. You might consider trying
it, but instead of manually adjusting the My Computer registry
settings, you might consider using a utility to help automate the
tasks to reduce your chances of error. PivX is beta testing a new
utility called Qwik-Fix, which automates registry adjustments and
strengthens the security of other subsystems, settings, and software
such as remote procedure call (RPC)/Distributed COM (DCOM), MIME
types, Windows Messenger, and Adobe streams. You can learn more about
it at the URL below.
   http://www.pivx.com/qwikfix

====================

==== Sponsor: Microsoft Security Solutions ====
   Invest in the best network protection: Readiness.
   Introducing the Microsoft(R) Security Readiness Kit: This is your
source for creating an enhanced risk-management plan. Visit
http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BDoI0AM
to order your free kit.

====================

==== 2. Announcements ====
   (from Windows & .NET Magazine and its partners)

Try a Sample Issue of Security Administrator
   Security Administrator is the monthly newsletter from Windows &
.NET Magazine that shows you how to protect your network from external
intruders and control access for internal users. But don't just take
our word for it. Sign up for a sample issue right now. You'll feel
more secure just knowing you did. Click here!
   http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw08XJ0Ag

2004 Dates Announced: Windows & .NET Magazine Connections
   Windows & .NET Magazine Connections will be held April 4 to 7,
2004, in Las Vegas at the new Hyatt Lake Las Vegas Resort. Be sure to
save these dates on your calendar. Early registrants will receive the
greatest possible discount. For more information, call 203-268-3204 or
800-505-1201 or go online at
   http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0KXQ0A7

Take Our Print Publications Survey!
   To help us improve the hardware and software product coverage in
the Windows & .NET Magazine print publications, we need your opinion
about what products matter most to you and your organization. The
survey takes only a few minutes to finish, so share your thoughts with
us at
   http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BEE10AH

====================

==== Sponsor: Virus Update from Panda Software ====
   Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware device
installed at the Internet gateway to block viruses before they
contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
GateDefender 7200 (500 seats+) provide the highest scalability with
native load balancing that transparently adapts to traffic volume.
   Visit "Panda's GateDefender Stands Guard!" at
http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BEGa0A6 
for more information.

====================

==== 3. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: Microsoft Opens Security Beta for Older Windows Versions
   To aid customers who have older Windows versions and who don't have
broadband access to the Internet, Microsoft is considering releasing a
CD-ROM-based security update product that would bulk install the
security updates the company offers on Windows Update. A beta test of
the potential product, dubbed the Windows Security Update CD beta,
will start soon, according to an email message that the software giant
sent to testers, and will be aimed at Windows Me, Windows 98 Second
Edition (Win98SE), and Windows 98 users.
   http://secadministrator.com/articles/index.cfm?articleid=40999

Feature: Filtering Messages in Exchange 2003
   In Exchange Server 2003, Microsoft introduces several new features
that have become necessary in today's enterprise messaging
environment, including a set of filtering capabilities designed to
protect Exchange against spam. Exchange 2003's recipient filtering,
sender filtering, restricted groups, and restricted recipients
features let you specify which senders and receivers can exchange
messages across your Exchange environment. To get the most out of
these features, you need to understand how they work, when to apply
them, and how to configure them. Donald Livengood explains how in this
article.
   http://secadministrator.com/articles/index.cfm?articleid=40756

====================

==== Hot Release: Ecora Software ====
   Are you struggling to keep up with patching your systems? Ecora can
help. Patch Manager 3.0 automates the process of patching your
systems.
   - Discover    - Analyze    - Alerts    - Research
   - Test        - Install    - Report
   Patch Manager saves time and money, often paying for itself in just
one use!
   Download Patch Manager from
http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BEGb0A7 
and be home in time for dinner!

====================

==== 4. Instant Poll ====

Results of Previous Poll: Processor-Based Security
   The voting has closed in the Windows & .NET Magazine Network
Security Web page nonscientific Instant Poll for the question, "Does
your company intend to implement computers and OSs that provide
processor-based security?" Here are the results from the 28 votes.
   - 4% Yes, as soon as possible
   - 7% Yes, sometime in the near future
   - 14% Yes, sometime in the distant future
   - 68% No
   - 7% Don't know

New Instant Poll: Your Web Browser
   The next Instant Poll question is, "Which browser does your company
use as its primary Web interface?" Go to the Security Web page and
submit your vote for
   - Microsoft Internet Explorer (IE)
   - Mozilla
   - Opera
   - Other
   http://www.winnetmag.com/windowssecurity

==== 5. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.winnetmag.com/windowssecurity/panda

FAQ: How can I configure my Microsoft Remote Installation Services
(RIS) server to respond only to known clients?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. By default, RIS servers respond to any client. To configure a RIS
server to respond only to known computers, open the Microsoft
Management Console (MMC) Active Directory Users and Computers snap-in,
right-click the RIS server, select Properties from the context menu,
then select the Remote Install tab. Select the "Do not respond to
unknown client computers" check box, then click OK.

Featured Thread: S/MIME Encryption
   (One message in this thread)
   Rob writes that he's using a VeriSign digital ID for encrypting
email messages he sends from Microsoft Outlook to various other email
clients such as Lotus Notes. He wonders what settings he needs to
adjust to ensure that his messages are using at least 128-bit
encryption. Lend a hand or read the responses:
   http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=65809

==== 6. Event ====

New--3 Microsoft Security Road Shows!
   Don't miss out on three new Security Road Show events in December.
Join industry guru Mark Minasi, and learn more about tips to secure
your Windows Server 2003 and Windows 2000 network. There is no charge
for this event, but space is limited, so register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BDuO0AY

==== 7. New and Improved ====
   by Jason Bovberg, products () winnetmag com

Password-Protect Your Windows Programs
   WinGuard Pro announced WinGuard Pro 5.0, security software that
prevents data loss, unauthorized system changes, and rogue
applications on your system. WinGuard Pro Free Edition
password-protects 25 Windows programs. WinGuard Pro Premium Edition
(which costs $19.95) protects 50 programs and lets you add protection
for other programs and files. WinGuard Pro can also protect other
areas of the system and specialized applications (e.g., Control
Panel). WinGuard Pro runs automatically at system startup on Windows
XP/2000/NT/Me/9x and sits in the background, monitoring any open
programs and files. For more information about WinGuard Pro, go to
   http://www.winguardpro.com

Hide Folders to Protect Sensitive Data
   FSPro Labs announced Hide Folders XP, security software that lets
you hide important folders from others and make them visible only to
you. Hide Folders XP protects files on NTFS, FAT32, and FAT volumes so
that other users can't access, edit, or delete them. Network
searching, browsing, and even removing upper-level folders won't
unearth hidden files. You can make as many as 64 folders invisible
simultaneously. The program can run in a stealth mode, so Windows Task
Manager can't detect it. Hide Folders XP costs $24.95. For a free
demonstration version, contact FSPro on the Web.
   http://www.fspro.net

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

===================

==== Sponsored Link ====

Sybari Software
   Free! "Admins Shortcut Guide to Email Protection" from Sybari
   http://list.winnetmag.com/cgi-bin3/DM/y/eduE0CJgSH0CBw0BDkY0AY

===================

==== 8. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

This email newsletter is brought to you by Security Administrator, the
print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
today.
   https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.