 |
| | |
Brian's Buzz on Windows has changed its name to the Windows
Secrets Newsletter. Get the latest high-tech tricks with a free
subscription. Click here to subscribe
|
|
|
 |
|
|
|
JULY 24, 2003 - Issue 10
Dude, you're gettin' an award
BriansBuzz.com has been named one of the
101 Internet sites with the "Best Free Stuff on the Web." It's all in the
cover
story of the August 2003 PC World magazine, which is on newsstands
now. Besides praising our twice-monthly newsletter, the editors liked our
Windows Tips Search Engine,
"which scans over a dozen top-notch tech sites." I have to give the
credit to you, my readers, who always send me the best new secrets. Thanks
for your support. --Brian Livingston
TOP STORY - info you need to make Windows work
Critical flaw affects almost all Windows versions
By Brian Livingston
Every time Microsoft releases "the most secure operating system ever,"
the security flaws just keep on coming. Last week, Microsoft
notified users that a hole rated "critical" (the most severe rating)
affects not only Windows XP, 2000, and NT 4.0, but also its new, much-vaunted
Windows Server 2003 product. Microsoft says Windows Me is not
vulnerable, but it didn't test Windows 9x, which the company no longer
supports.
This problem is especially explosive because an attacker can run a rogue
program by merely sending packets to a remote machine using any one of
various ports. One of these, port 135, is commonly used to send pop-up messages
across a network. This feature has been notably exploited in recent months by
some spammers, who started sending irritating - but otherwise harmless - ads
directly to desktops. Now such payloads threaten to escalate wildly.
Corporations ordinarily block such port access if it originates from outside
the firewall. But a malicious person inside the firewall could use the
flaw to gain complete control over certain systems. And, of course, not
all vulnerable systems are effectively protected by firewalls.
This situation is so dire that I've included more information in the paid
version of this week's newsletter; but if you don't get that version,
you should just go directly to Microsoft bulletin
MS03-026 and download patches for your affected PCs. (Microsoft
revised this bulletin as recently as July 21, so you should re-visit the
document if you originally read it before that date.)
I haven't learned of any negative side-effects of installing the patches,
and in any event they would pale in comparison to the threat of your
vulnerable machines remaining unpatched. If unexpected
gotchas do arise, I'll alert you in a future Brian's Buzz.
To send me more information about this, or to send me a tip on any other
subject, visit
WindowsSecrets.com/contact.
THIS WEEK'S HOT TIPS - news of the world of Windows
More on Service Pack 4 for Windows 2000
In my July 10 issue
of Brian's Buzz, I reported that installing SP4 on Windows 2000
had various unexpected behaviors. My readers have added new findings of
previously unknown quirks.
SP4 doesn't install Java and bars it later. Reader Patrick
Slattery explains:
-
"One interesting new feature of SP4 is that on slipstreamed installs it
will no longer install the Microsoft JVM [Java Virtual Machine] and will
not allow the JVM to be installed afterwards. This is partially
documented at
Microsoft.com.
"On my new server installs that will run Java services that were written
in J++, I have to build the system with a slipstreamed SP3 install, and then
install SP4. That's messy, to say the least.
"Microsoft are acting like spoiled brats in this Java spat. I for one am
ready to spank them!"
SP4 hoses Autodesk VIZ files. The CAD company
acknowledges that W2K SP4 wipes out the ability of Autodesk's
VIZ applications to open MAX and DRF files that are saved after the service
pack is installed. The firm, however, has no fix as yet, except to
recommend that SP4 be uninstalled. (But don't do this until you
read the next item, below.) Reader Mike Herman comments:
-
"Service Pack 4 on Windows 2000 kills VIZ 4 deader than dead. Any files
created by VIZ after W2K has been upgraded crash Windows Explorer as well
as VIZ when VIZ tries to reopen them. This means that the new files cannot
be deleted because they crash Explorer, and they cannot be reopened to do
further work on them."
Uninstalling W2K SP4 makes your scheduled tasks not run. If you
try to solve the above problems by reversing the install of SP4, any
specified tasks will simply fail to occur. A description of the
problem and its workarounds are in
FAQ 6901 at
JSIinc.com:
-
"When you install SP4, the credentials database is converted to a
SP4-compatible format. When you uninstall SP4, the database is not re-converted
to pre-SP4 format, causing housekeeping code, which starts 10 minutes after the
Task Scheduler service starts, to remove the tasks' credentials. To work around
this behavior, re-enter each task's credentials."
|
|
SPONSORED LINKS
Price Watch
Powered by Amazon.com. Prices fluctuate daily.
Top 10 Bestselling Computer Books This Week
1.
The Photoshop Book for Digital Photographers,
Mar 2003, List: $39.99, Price: $27.99
2.
Starting an eBay Business for Dummies,
Dec 2001, List: $24.99, Price: $16.18
3.
Mac OS X: The Missing Manual, Second Edition,
Oct 2002, List: $29.95, Price: $20.97
4.
Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition,
Feb 2003, List: $49.99, Price: $34.99
5.
Macromedia Dreamweaver MX Hands-On Training,
Nov 2002, List: $44.99, Price: $30.70
6.
Adobe Photoshop 7.0 Classroom in a Book,
Jun 2002, List: $45.00, Price: $31.50
7.
Newton's Telecom Dictionary, 19th Edition: Covering Telecommunications,
Networking, Information Technology, Computing and the Internet,
Mar 2003, List: $34.95, Price: $24.47
8.
CISSP All-in-One Exam Guide, Second Edition (All-in-One),
Jun 2003, List: $79.99, Price: $55.99
9.
Red Hat Linux 9 Bible,
May 2003, List: $49.99, Price: $34.99
10.
Pokemon Ruby & Sapphire: Prima's Official Strategy Guide,
Mar 2003, List: $14.99, Price: $10.49
Search Amazon.com
Proposals made fast and easy
Why write all your proposals from scratch? Proposal Kit
produces documents that make technical professionals like you
look good. Includes materials for the
Interview, Design, Estimate, Proposal, Contract, and Development stages
of almost any project. Available for immediate use.
Info on Proposal Kit
Get a powerful e-mail publishing platform
ActionMessage.com powers the publishing of Brian's Buzz, and it can power your
newsletters, too. Our full-color charts give you immediate feedback on the
delivery and results of your e-mail newsletter campaigns. Contact us for a
quote and a free 30-day trial account.
ActionMessage.com
Advertise in Brian's Buzz
Circulation: over 42,000. Cost per 1000: $5 per 50 words.
Text-only ads get results.
Contact us now
|
|
|
|
FORWARDING INSTRUCTIONS - news gains value when it's shared
Please share this information with your colleagues
You're encouraged to refer your friends and colleagues to this free
newsletter. Because most e-mail programs don't correctly display a formatted
message that's been forwarded, simply call people's attention to
the permanent Web address of this issue:
BriansBuzz.com/w/030724.
HERE'S A TIP - you'll get a better newsletter if you choose the paid version
You're reading the free version of Brian's Buzz on Windows
Subscribers to the paid version receive additional information in each issue.
Some of the extras this week are:
- Details and workarounds on the newest critical
flaw. Users of Windows NT, XP, 2000, and 2003 are all affected by this
serious, newly-discovered vulnerability.
- A new TweakUI from Microsoft. The Redmond software giant has
posted a new version of everyone's favorite free utility.
- Windows Future Storage (WinFS). We take an in-depth
look at what Microsoft has planned for us.
Plus: Downloads for paid subscribers
At least once in each calendar quarter, I license some
useful content and allow my paid newsletter subscribers to
download it at no additional cost. This quarter, the bonus content is
Lockergnome's Windows XP Training Manual, a book in downloadable
form that contains 50 of the top tips from Windows expert Chris
Pirillo.
If you make a contribution before August 6, 2003,
you'll be sent the full, paid version of this week's newsletter,
including the secret code for the download.
To upgrade to the paid version, please visit
WindowsSecrets.com/upgrade.
Thanks in advance.
WACKY WEB WEEK - playing for you the Internet's greatest bits
Internet Explorer error message for WMD
You've probably seen IE's famous "404" error message every time you've made a
typo when entering a Web address. Now Anthony Cox,
a British blogger, has created an error message for our times: "These
Weapons of Mass Destruction Cannot Be Displayed."
For anyone who has a sense
of humor left, the text goes on and on like this, with hilarious effect.
"The weapons you are looking for are currently unavailable. The country may be
experiencing technical difficulties, or you may need to adjust your weapons
inspectors' mandate." Republicans and Democrats alike will find something here
to chuckle at. My thanks to reader Bob Bailin.
More info
Correction: Iranian language is Farsi
In the Wacky Web Week for July 10, I linked to a spoof showing the face of
bearded actor Sean Connery (in ayatollah garb) inserted onto the front of a
proposed new currency for Iran. I said the enscription on the bill was in
Arabic, but everyone knows the written language of Iran is Farsi. Silly me.
The first reader to remind me of this was Brian Goodhart.
|
|
|
|
|
| |
|
|
|
 | |