[ISN] Windows & .NET Magazine Security UPDATE--Patch Management Resources--April 7, 2004

InfoSec News isn at c4i.org
Wed Apr 7 10:06:23 EDT 2004


====================

==== This Issue Sponsored By ====

Windows Scripting Solutions
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BFyu0AO

New Web Seminar--Preemptive Email Security: How Enterprise Rent-A-Car
Eliminates Spam
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGhc0Ao

====================

1. In Focus: Resources for Patch Management

2. Security News and Features
   - Recent Security Vulnerabilities
   - News: Open Source Vulnerability Database Online
   - News: New Forensics Tool: Port Reporter
   - News: WinBlox Monitors and Prevents I/O
   - Feature: Honeypots for Windows

3. Instant Poll

4. Security Toolkit

5. New and Improved
   - Prevent Identity Theft

====================

==== Sponsor: Windows Scripting Solutions ====
   Try a Sample Issue of Windows Scripting Solutions
   Windows Scripting Solutions is the monthly newsletter from Windows
& .NET Magazine that shows you how to automate time-consuming,
administrative tasks by using our simple downloadable code and
scripting techniques. Sign up for a sample issue right now, and find
out how you can save both time and money. Click here!
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BFyu0AO

====================

==== 1. In Focus: Resources for Patch Management ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Keeping systems up to date and thus protected against various attack
methods is sometimes difficult. You're aware that many
patch-management solutions are available, including solutions from
Microsoft as well as third-party software vendors. You need
information about the available patch-management solutions to
determine which might best fit your needs. In addition, you probably
sometimes need to discuss your particular patch-management solution
with other people to help better understand its problems or quirks.
Numerous resources are available that can help.

If you're shopping for a patch-management solution, remember that Mark
Burnett and some of his associates recently tested seven
patch-management solutions to gauge their effectiveness. Those
solutions include BigFix Patch Manager, Ecora Patch Manager, Gravity
Storm Software's Service Pack Manager, PatchLink Update,
SecurityProfiling's SysUpdate, Shavlik Technologies' HFNetChkPro, and
St. Bernard Software's UpdateExpert. Burnett's findings are available
in his article on our Web site.
   http://www.winnetmag.com/article/articleid/40710/40710.html

Patch management is the primary focus of the April issue of Windows &
.NET Magazine. Mark Burnett discusses advanced patch-management
techniques and resources that can assist in your efforts. Of course,
before you roll out a patch to your enterprise, you'll probably want
to test it to ensure that it works properly in your environment. Jason
Fossen discusses patch testing and offers tips and scripting ideas.
You can read the articles in the print magazine, or if you subscribe
to the print magazine or our VIP program, you can access the articles
on our Web site.
   http://www.winnetmag.com/windows/issues/issueid/688/index.html
   http://www.winnetmag.com/article/articleid/41980/41980.html
   http://www.winnetmag.com/article/articleid/41979/41979.html

Another April issue article you might find interesting is Michael
Otey's commentary "Unreasonable Expectations." In Otey's opinion,
Microsoft needs to fix its patching process. You don't need to be a
subscriber to read what Otey has to say.
   http://www.winnetmag.com/article/articleid/41987/41987.html

If you'd like to discuss patch-management solutions with other network
administrators, a relatively new resource is available: the Patch
Management mailing list. I've been a subscriber since its inception
and can say that the list is a valuable resource. Shavlik Technologies
hosts the related Web site, but the list is vendor neutral--there's no
slant toward one product or another. Conversation about any topic
regarding any Windows or Linux patch or any patch solution is
welcome--regardless of the vendor. You can subscribe to the mailing
list by going to the first URL below. At the Web site, you'll also
find articles related to patch management, including a list of product
comparisons from a variety of mainstream publishers. And be sure to
check out Jason Chan's informative article "Essentials of Patch
Management Policy and Practice" at the second URL below.
   http://www.patchmanagement.org
   http://www.patchmanagement.org/pmessentials.asp

====================

==== Sponsor: New Web Seminar--Preemptive Email Security: How
Enterprise Rent-A-Car Eliminates Spam ====
   Get the inside scoop on how Enterprise Rent-A-Car eliminated spam
and viruses, improved their email security, and increased
productivity. Don't miss this opportunity to educate yourself and
become a smarter customer when it comes to choosing an antispam
solution that best fits your organization's needs. Sign up for this
free Web seminar today!
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGhc0Ao

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: Open Source Vulnerability Database Online
   The Open Source Vulnerability Database (OSVDB), provided by the
Open Security Foundation (OSF), is now online and available to the
public. OSVDB is an archive of known vulnerabilities and includes
vulnerability data pertaining to all platforms.
   http://www.winnetmag.com/article/articleid/42218/42218.html

News: New Forensics Tool: Port Reporter
   Can you ever have enough tools to assist with troubleshooting and
forensic analysis? Probably not, and that's a good reason to add the
new Port Reporter to your toolkit. Port Reporter is free from
Microsoft and logs TCP and UDP port activity to a text file.
   http://www.winnetmag.com/article/articleid/42212/42212.html

News: WinBlox Monitors and Prevents I/O
   Liu Die Yu released source code for his WinBlox tool, a
command-line utility that can record, filter, and prevent file I/O
operations. Yu hopes people will download the source code and help
find bugs. Although you can download WinBlox and test it, Yu cautions
that the utility is still under development and might not be suitable
for production environments.
   http://www.winnetmag.com/article/articleid/42219/42219.html

Feature: Honeypots for Windows
   Long thought of as toys for security administrators who have too
much time on their hands, honeypots are gaining an increased presence
on corporate networks. Honeypots are nonproduction computer assets set
up for the express purpose of being a potential target for
unauthorized activities. Roger A. Grimes offers a look at four
honeypots (Honeyd-WIN32 0.5, KeyFocus's KFSensor, Network Security
Software's SPECTER 7.0, and VMware Workstation 4.0) in this article on
our Web site.
   http://www.winnetmag.com/article/articleid/41976/41976.html

==== Announcements ====
   (from Windows & .NET Magazine and its partners)

The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All!
   With a VIP Web Site/Super CD subscription, you'll get online access
to all of our publications, a print subscription to Windows & .NET
Magazine, and a subscription to our VIP Web site, a banner-free
resource loaded with articles you can't find anywhere else. Click here
to find out how you can get it all:
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGza0A5

Register today for Microsoft Tech Ed 2004
   Don't miss Tech Ed 2004 -- May 23-28, 2004 in San Diego, CA -- the
definitive Microsoft conference for building, deploying, securing and
managing connected solutions. You'll find 11 conference tracks and
over 400 sessions. Get answers to your technical questions, meet
industry experts, evaluate new products, and take advantage of
extensive networking opportunities. Register today.
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGE40AS

==== 3. Instant Poll ====

Results of Previous Poll
   The voting has closed in the Windows & .NET Magazine Network
Security Web page nonscientific Instant Poll for the question, "Does
your company use or intend to use Voice over IP (VoIP) technology?"
Here are the results from the 89 votes.
   - 40% Yes, we use it now
   - 31% Yes, we intend to use it
   - 22% No, we don't plan to use it
   -  6% Not sure
   (Deviations from 100 percent are due to rounding.)

New Instant Poll
   The next Instant Poll question is, "If you're using Microsoft
Software Update Services (SUS) or the new Windows Update Services
(WUS), how satisfied with the product are you?" Go to the Security Web
page and submit your vote for
   - Very satisfied
   - Somewhat satisfied
   - Not satisfied
   http://www.winnetmag.com/windowssecurity

==== 4. Security Toolkit ====

Virus Alert: Netsky.R
   Netsky.R spreads through an email message with variable
characteristics. However, the message subject always includes the text
"Re: Document." The worm deletes several other worms, including
Mydoom.A, Mydoom.B, and Mimail.T. Netsky.R will also attempt to launch
Denial of Service (DoS) attacks against several Web pages between
April 12 and 16.
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=45991

Virus Alert: Netsky.Q
   Netsky.Q spreads through an email message with variable
characteristics. The worm exploits a Microsoft Internet Explorer (IE)
vulnerability to automatically run a message attachment when a user
views the message through Microsoft Outlook's preview pane.
   Netsky.Q deletes several other worms including Mydoom.A, Mydoom.B,
Mimail.T, and several Bagle variants. The worm will attempt to launch
Denial of Service (DoS) attacks against several Web pages between
April 8 and 11. When the system date and time is March 30, 2004
between 5:00 a.m. and 10:59 a.m., the worm emits random tones through
the internal speakers.
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=45926

FAQ: How can I use Group Policy to disable System Restore in Windows
XP and later?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. System Restore is a systemwide setting. As a result, you must
disable it at the Computer Configuration level by performing the
following steps:

   1. Load the Group Policy Object (GPO) that you want to modify. For
example, go to Start, Programs, Administrative Tools, Active Directory
Users and Computers; right-click a domain; select Properties; select
the Group Policy tab; then create a new GPO or edit an existing GPO.
   2. Navigate to Computer Configuration, Administrative Templates,
System, System Restore.
   3. Double-click "Turn off System Restore," set it to Enabled, then
click OK.
   4. Close the GPO.

The change will take effect at the next refresh.

Featured Thread: ISA Server SMTP Filter
   (Three messages in this thread)
   Jack is using ISA Server to reverse-cache some services for outside
users at his organization. He also uses the SMTP filter so that he can
prevent certain email messages and attachments from entering his
organization. However, he's seeing errors in the ISA Server Event
Viewer that indicate invalid SMTP commands, and the email filters
don't seem to work when he applies them. Lend a hand or read the
responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=118824

==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )

New Web Seminar--The Spam Problem Solved: Hensel Phelps Construction
Company Case Study
   Find out how Hensel Phelps Construction, a multibillion-dollar
national contractor, has implemented a multilayered antispam solution
to increase user productivity and decrease the burden on IT staff
resources, infrastructure, and budget. Sign up now for this free Web
seminar!
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BGzb0A6

==== 5. New and Improved ====
   by Jason Bovberg, products at winnetmag.com

Prevent Identity Theft
   FSPro Lab announced Identity Knight, software that prevents the
theft of personal information when users use Microsoft Internet
Explorer (IE) 5.0's AutoComplete option to fill out online forms.
Identity Knight deletes any data that users don't want to be stored in
Windows Protected Storage, which AutoComplete uses for data storage.
FSPro Lab also offers Credit Card Knight, which works exclusively with
credit card numbers. You can download Identity Knight and Credit Card
Knight from the company's Web site; free demo versions are available.
Identity Knight costs $34.95, and Credit Card Knight costs $24.95. For
more information about these products, contact FSPro Lab on the Web.
   http://www.fspro.net

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot at winnetmag.com.

===================

==== Sponsored Links ====

Argent
   Comparison Paper: The Argent Guardian Easily Beats Out MOM
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BDWV0AH

Microsoft(R) TechNet
   Microsoft(R) TechNet Webcasts: essential guidance, industry experts
   http://list.winnetmag.com/cgi-bin3/DM/y/efMq0CJgSH0CBw0BG360AC

===================

==== Contact Us ====

About the newsletter -- letters at winnetmag.com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products at winnetmag.com
About your subscription -- securityupdate at winnetmag.com
About sponsoring Security UPDATE -- emedia_opps at winnetmag.com

====================

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z

You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub at list.winnetmag.com. Thank you!

View the Windows & .NET Magazine privacy policy at
http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.





More information about the ISN mailing list