Bill Gates: Security in a Connected World
by Arie Slob
Hello Windows users,
In the fourth installment of Microsoft Executive E-mail, Microsoft's Chairman Bill Gates said in an e-mail last Thursday that the software giant has taken great strides to secure its products, but acknowledged that the company still faces challenges in the security area.
According to Gates, a recent computer crime and security survey by the Computer Security Institute and the Federal Bureau of Investigation estimated the damage from cyberattacks around $455 million in quantified financial losses in the United States alone in 2001. Of those surveyed, 74 percent cited their Internet connection as a key point of attack.
Bill Gates also commented on the forthcoming Windows Server 2003, the replacement of Windows 2000 Server, and the way that it would be (more?) secure by default: services such as Content Indexing Service, Messenger and NetDDE will be turned off by default. Also in Office XP, macros are turned off by default. VBScript is turned off by default in Office XP SP1. And Internet Explorer frame display is disabled in the "restricted sites" zone, which reduces the opportunity for the frames mechanism in HTML email to be used as an attack vector.
Gates finishes his email with: "While we've accomplished a lot in the past year, there is still more to do – at Microsoft and across our industry. We invested more than $200 million in 2002 improving Windows security, and significantly more on our security work with other products. In the coming year, we will continue to work with customers, government officials and industry partners to deliver more secure products, and to share our findings and knowledge about security. In the meantime, there are three things customers can do to help: 1) stay up to date on patches, 2) use anti-virus software and keep it up to date with the latest signatures, and 3) use firewalls."
You can read the full email on the Microsoft Web site.
Microsoft Debuts wmplugins.com
Offering Over 100 Cool New Enhancements For Windows Media Player 9 Series
Yesterday Microsoft announced the launch of wmplugins.com, a premier resource and catalog of enhancements from 20 different companies and Microsoft for extending the Windows Media® Player 9 Series experience for Windows® XP. Plug-ins are a key new capability in Windows Media Player 9 Series for Windows XP that allow any developer to customize and add great new enhancements to the player. More than 100 enhancements are available today on the Web site. These new add-ons offer enthusiasts the ultimate customizations of music playlists, new audio and CD-burning features, new visualizations with personal photos that the user can enjoy while listening to music, new Xbox skins and powertoys to adjust advanced settings for Windows Media Player 9 Series.
"We are incredibly impressed with the quality and range of plug-ins already available from the development community for Windows Media Player 9 Series," said Dave Fester, general manager of the Windows Digital Media Division at Microsoft. "Now Windows XP customers have one easy place to find out how they can get the most out of these exciting new enhancements."
Also on the site are a series of new enhancements for Windows Media Player 9 Series from Microsoft, including: Tweak MP Plug-in Powertoy, new official Xbox Live skins, new themed visualizations including a new interactive equalizer set on a 3-D liquid pool that moves to the music, new Picture It!® Visualization II turns your media player into a picture galleryand new Softie the Snowman II visualizations in a wintry mood with 3-D enhancements and more animation.
Flaw in SMB Signing Could Enable Group Policy to be Modified
On January 22, 2003 Microsoft announced that it has determined that the fix for this December 11, 2002 flaw was not included in Microsoft Windows XP Service Pack 1 (as announced at that time). The patch has been updated so that it installs on Windows XP Service Pack 1 systems. Customers who are currently running XP Service Pack 1 should apply the patch.
Affected Software Versions
Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure
A security issue has been identified that could lead some e-mails sent using Microsoft® Outlook® not to be encrypted, even if encryption had been selected. This issue is present only when Outlook is being used to connect to a Microsoft Exchange e-mail server, which is a configuration most likely to be found in a corporate network environment.
Severity Rating: Moderate
Affected Software Versions
- Microsoft Outlook 2002 (a component of Office XP)
Unchecked Buffer in Locator Service Could Lead to Code Execution
A security issue has been identified that could allow an attacker to compromise a computer running Microsoft® Windows® and gain control over it. This issue is most likely to affect computers used as servers.
- Windows NT 4.0 (Workstations and Member Servers): Moderate; (Domain Controllers Only): Critical
- Windows NT 4.0, Terminal Server Edition: Moderate
- Windows 2000 (Workstations and Member Servers): Moderate; Domain Controllers Only): Critical
- Windows XP: Moderate
Affected Software Versions
- Microsoft Windows NT 4.0 & NT 4.0 Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP
Recent Support BBS Postings
What will you do when MS ends support for Win98? POLL
Just reinstalled XP and now have 2 to choose from - Windows XP
Best Trojan Horse detector? - Security / Virus
New windows won't open?? - Internet Explorer
Problem viewing some web sites when accessing through ICS - Networking
Restricting my kid's access as a user - Windows XP
Web Site Updates
These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.
Added: Technology and Industry -- Part 2
Added: Technology and Industry -- Part 1
Added: Microsoft Debuts wmplugins.com Offering Over 100 Cool New Enhancements For Windows Media Player 9 Series
Added: Microsoft Security: Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure
Added: Microsoft Security: Unchecked Buffer in Locator Service Could Lead to Code Execution
Added: Windows XP Updates
Updated: Microsoft Security: Flaw in SMB Signing Could Enable Group Policy to be Modified
Technology and Industry
Part 1: Intel in the 90's
Part 2: Nvidia Takes Pole Position
Windows XP Updates
Microsoft recently released 3 patches for Windows XP:
Hard Disk May Become Corrupted When Entering Standby or Hibernation
Panasonic DV Camera May Not Enumerate
USB Devices May Not Work After You Unplug a Downstream USB Hub from the Host Controller
For more information and download locations see this page on the Windows-Help.NET Web site.
Windows Server 2003
Microsoft has set the official launch date of Windows Server 2003 to April 24, 2003. The successor to Windows 2000 Server, recently renamed from Windows .NET Server 2003, will launch in San Francisco alongside Visual Studio 2003, according to Microsoft sources.
Sprint DSL's Gaping Security Hole
Sprint DSL customers are at risk of having their e-mail addresses and passwords stolen -- even when their computers are powered off -- due to weak security controls on their DSL modems.
Read Full Article
Slipstreaming Windows XP Service Pack 1 and Create Bootable CD
Slipstreaming a Service Pack is the process to integrate the Service Pack into the installation so that with every new installation the OS and Service Pack are installed at the same time.
Slipstreaming is usually done on network shares on corporate systems. But with the advent of CD burners, it does actually make some sense for the home user or small business user to do the same.
Microsoft added the ability to Slipstream a Service Pack to Windows 2000 and Windows XP. It not only has the advantage that when you (re)install your OS, you'll don't have to apply the Service Pack later, also if you update any Windows component later, you'll be sure that you get the correct installation files if Windows needs any.
Read Full Article
You can use NetworkActiv Sniffer to receive and analyze IP packets from your network or the Internet. You can filter packets by IP address, port, size, protocol or a sub-string search of content. You can search for a sub-string within the current list of packets, save lists as text and view the contents of each packet.
A second mode collects, analyzes and constructs files from HTTP packets. The files are automatically saved to a user-specified directory. The files can be Web pages, pictures, videos or downloads, and you can filter the saving process by IP address, port or file size.
Windows 2000/XP - Freeware
Tell a friend about this Newsletter!
Need Help with Windows? Ask questions here!
Our Web Sites
Rose City Software