Symantec Security Alert & Patch March 30, 2006
Posted by peewitsol in Technical.add a comment
VERITAS NetBackup Vulnerable to Multiple Buffer Overflows
Symantec's VERITAS NetBackup contains critical buffer overflow vulnerabilities that could result in elevated privilege access to an affected system. Affected product components include NetBackup Master, Media Servers, and clients. Symantec posted an advisory along with patches to correct the problems.
Security Alert 22-03-06 March 23, 2006
Posted by peewitsol in Technical.add a comment
Security Alert, March 22, 2006
Vulnerability in IE Could Allow Remote Intruders to Execute Code
An unpatched vulnerability in Microsoft Internet Explorer (IE) might allow a remote intruder to execute code on a user’s system without the user’s knowledge. Complete details of the exploit are not yet available, however the problem relates to HTML Application (HTA) files.
Microsoft is aware of the problem, is investigating, and will release a patch for the problem, possibly in April.
I would suggest that as an extra precaution that emails be opened in text format only first, rather than HTML or Rich Text format when using OE or Office Outlook.
Microsoft’s Big Push: People-Ready or Not? March 22, 2006
Posted by peewitsol in Technical.add a comment
An interesting read from Paul Thurrott, News Editor, thurrott@windowsitpro.com
With the releases of Windows Vista and Microsoft Office 2007 bearing down on us like a comet ready to collide with Earth, it should come as no surprise that Microsoft considers this to be one of the biggest and most potentially lucrative years in the history of the company. Last week, we found out how big: At an event in New York aimed at presenting the business value of these software products, Microsoft revealed that it will spend $500 million marketing Vista and Office 2007.
The marketing push, which Microsoft refers to as its “people-ready”
vision, represents Microsoft’s biggest-ever attempt to get its business customers excited about upgrading. Based on my experience testing both products, however, the company is facing a tough sell. Neither Vista nor Office 2007 appears to offer anything compelling for businesses.
Indeed, both have serious adoption barriers that will likely limit their appeal in this market.
Let’s examine why this is the case. In Microsoft marketing parlance, businesses succeed when their employees are empowered to be the best they can be, and the software giant believes it can empower people through better software. The idea is simple: Give people software that lets them be more productive and everyone benefits. But as software gets more and more complex, hiding that complexity becomes ever more difficult. And Vista and Office 2007 are the most complex versions of Windows and Office yet.
Consider Vista. It features a high-end UI that requires correspondingly high-end hardware and rewards customers with a glass-like UI in which it is almost impossible to discern the front-most window from other open windows. Legacy software and hardware compatibility is dreadful.
And a new security feature called User Account Protection (UAP), which attempts to make it possible for all users, even administrators, to run with restricted rights, is so painful to use that it’s almost comical.
You’ll quickly find yourself awash in a never-ending sea of dialog boxes asking you to allow certain actions. It’s infuriating.
Office 2007 suffers from different problems. Though I applaud Microsoft for creating an inarguably innovative new UI, which drops the menus and toolbars from previous versions, Office 2007 looks cartoonish and fails to reward the millions of users who are familiar with the way the application suite used to work: Because virtually everything in the UI has changed, experienced users will have to start all over again.
Indeed, experienced Office users may actually have an easier time switching to Corel WordPerfect Office X3, Sun Microsystems StarOffice 8, or OpenOffice 2.
To be clear, Office 2007 will indeed make inexperienced users more productive almost immediately because they’ll see functionality exposed in new and visual ways. However, it’s unclear to me why a Classic Mode UI wasn’t included for the rest of us. Shouldn’t experienced users be rewarded, not punished?
But back to “people ready.” If Vista users are constantly fighting with UAP and using a UI that makes it unclear which window has the focus, and experienced Office users are constantly fighting with the Office
2007 UI, where are all the productivity gains coming from? Microsoft says that these products will make it easier to accomplish specific tasks, such as collaborating with others, and that the biggest gains will be seen in situations in which information workers are interacting with one or more coworkers.
My fear is that these products are usurping personal productivity, which is a known quantity, in favor of collaboration features, which most definitely are not a known quantity. It’s still unclear whether the typical information worker–and yes, I hate that term as much as you–will ever use, let alone take advantage of, these features. I’d be happy to be proven wrong, of course. But I have concerns. What do you think?
As an Adendum to this article, Microsoft have just announced that the roll-out date for Windows Vista has been put back until January 2007 for consumers. Although it is still thought that November 2006 it will be rolled out to big business.
http://www.rasterwerks.com/game/phosphor/beta1.htm March 18, 2006
Posted by peewitsol in Technical.add a comment
http://www.rasterwerks.com/game/phosphor/beta1.htm
Extremely cool – runs well in IE7……
Security Alert 16th March 2006 March 16, 2006
Posted by peewitsol in Technical.add a comment
Security Alert, March 16, 2006
Adobe Flash, Shockwave, and Breeze Might Allow System Compromise
Critical vulnerabilities were discovered in Adobe Flash Player, Shockwave Player, and Breeze that could allow a remote intruder to take complete control of an affected system. The exact cause of the vulnerability hasn’t been disclosed at this time, but an intruder could exploit the weakness by causing the user’s browser to load a malicious Flash file (.swf). Adobe recommends that users upgrade to the latest version of the products (see the first URL below). Information on workarounds, including one to prevent Flash files from loading into the browser, is available from Microsoft (second URL below).
http://list.windowsitpro.com/t?ctl=24238:3943B9
http://list.windowsitpro.com/t?ctl=24239:3943B9
Evidence of a website that appears to be hosting a malicious keylogger trojan horse March 15, 2006
Posted by peewitsol in Technical.add a comment
Trojan horses (software that includes “features” that may work against the user’s intentions) are hardly new, nor are keyloggers. I find it interesting that the “My Anti Spyware” blog includes a post detailing reports of an apparently malicious website that’s hosting a trojan keylogger. Click here to read the details for yourself.
Recommendation: keep patched and use least privilege wherever possible.
My Thanks to Steve Lambs Blog for the initial link and bringing it to our attention.
Two Security Bulletins for March March 15, 2006
Posted by peewitsol in Technical.add a comment
Microsoft released two security bulletins for March, one related to Microsoft Office and another about certain Windows versions that have weak permissions defined for certain services.
The security update for MS06-012–Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) involves specially formed Office documents and is a bigger risk because it allows remote code execution and targets the more difficult- to-control workstation environment.
This security update patches a number of vulnerabilities associated with various Office and Microsoft Works Suite programs, and you should be concerned if you have systems with Office 2003/XP/2000 or Microsoft Works Suite 2006/2005/2004/2003/2002/2001/2000 or even Microsoft Excel for Mac.
With regard to the other bulletin, users of Windows Server
2003 Service Pack 1 (SP1), Windows XP SP2, and Windows 2000 SP4 can relax.
Only individuals or organizations that have systems with XP SP1 and Windows 2003 without SP1 are vulnerable to the exposure described in MS06-011–Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798).
Peewitsol I.T. Pro Services recommend applying this security update only repeat only to highly sensitive servers on which you’ve already made a commitment to full overall hardening.
Still getting Pop-ups even with Blocker enabled March 13, 2006
Posted by peewitsol in Technical.add a comment
On last Friday, I held a security seminar for young executives, regarding surfing the net safely and different types of browsers and the best security settings for them. Some Internet Explorer users amongst them were asking why they still get pop-ups even though they have turned on the Pop-up Blocker.
Barring user error, there are three possible reasons that we discussed indepth below.
Note:
These settings can be accessed from Tools->Pop-up Blocker->Pop-up Blocker Settings.
Reason: They clicked (or otherwise initiated a user action) on the page and your Pop-up Blocker Filter Level is set to Medium.
Solution: To set the Filter Level to High; make use of the Allow List and the override key (CTRL) to allow desired pop-ups.
Reason: You have spyware or other malware installed, either with or without your knowledge.
Solution: Acquire and use reputable anti-spyware software. Microsoft has a Beta version of Windows Defender available for download. A few minutes spent researching on the web should lead you to several other popular packages as well. Keep the computer up-to-date with regard to the latest security patches by visiting Microsoft Update on a regular basis and enabling automatic downloads of security patches.
Reason: The web site is making use of a Pop-up Blocker unaware Active X control that provides a mechanism for opening a new Internet Explorer window.
Solution: Use Tools->Manage Add-ons to disable suspect controls. When you visit a web site and get unwanted pop-ups, open Manage Add-ons and see what controls are currently loaded by Internet Explorer. Through a process of elimination, you should be able to disable controls that are being used to open Pop-ups. This may cause legitimate sites to stop working correctly and you will need to re-enable the control when you want to use it. (A balloon tip and blocked-control icon will appear on the status bar in Internet Explorer when a control is blocked. You can click the icon to quickly access Manage Add-ons and re-enable the control.)
Furthermore, do not install Active X controls from sites you do not trust 100%.
Making the Windows XP Favourites menu more useful in Windows Explorer March 9, 2006
Posted by peewitsol in Technical.add a comment
Your favourite menu just got better at dealing with your Favourites! I’m going to tell you about a shortcut through the maze of folders on your Windows XP machine running Windows Explorer
Similar to Internet Explorer, the Favourites menu in Windows XP appears in Windows Explorer. This makes it easy for you to access the Internet from within Windows Explorer. However, it really serves no other purpose in Windows Explorer—even though it has the potential to do so much more.
You can make hard disk and network navigation much easier and more efficient if you use the Favourites menu as a place to keep shortcuts to deeply nested folders on your hard disk, as well as to network drives that you access frequently. Doing so just takes a bit of rethinking about how you use and organize the Favourites menu.
Here’s how:
Press [Windows]R to access the Run dialog box, type Favourites in the Open text box, and click OK to open the “Favorites folder in Windows Explorer”.
Use the “Make a New Folder” command in the File and Folder Tasks pane to create three new folders naming them Internet, Local Folders, and Network Folders.
Move all of your Internet links, except the folder titled Links into the newly created Internet folder.
Navigate to some of the deeply nested folders on your hard disk that you access frequently and use the Add to Favourites command on the Favourites menu to create links in the Local Folders folder.
Navigate to some of the network shares that you access frequently and use the Add to Favourites command to create links in the Network Folders folder.
Now, when you’re in Windows Explorer you can use the Local Folders and Network Folders shortcuts on the Favourites menu to make quick work of your regular hard disk and network navigation.
Note: This tip applies to both Windows XP Professional and Home.
Free New Microsoft Windows Defender (Beta 2) March 2, 2006
Posted by peewitsol in Technical.add a comment
I have had some requests to put up the Defender link by Colleagues & clients….. so!!
Download Here ==> Windows Defender (Beta 2) is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software.
NEW! ==> Now available for Windows 64 Bit Version!
Support Resources
Peewitsol 