 |
| | |
Brian's Buzz on Windows has changed its name to the Windows
Secrets Newsletter. Get the latest high-tech tricks with a free
subscription. Click here to subscribe
|
|
|
 |
|
|
|
AUGUST 7, 2003 - Issue 11
I have an announcement to make this eWeek
I'm pleased to say that eWeek, the computer enterprise newsweekly,
has asked me to start a regular column in its pages.
My new feature, entitled Known Issues, isn't strictly limited
to Microsoft Windows but allows me to opine on a variety of important
issues facing computer pros. The new venue offers me an increase in readership.
InfoWorld, where my old Window Manager column appeared, has a
circulation base of 220,000, whereas eWeek's circ is over 400,000.
You can read Known Issues in print or online, starting with my
July 28
installment. See
BrianLivingston.com for links
to future columns. Thanks for your support. --Brian Livingston
TOP STORY - info you need to make Windows work
Worms shut down thousands of Windows PCs
By Brian Livingston
I reported in the last issue
of Brian's Buzz on the "port 135" security hole that Microsoft recently
described as critical. This flaw affects not only Windows XP, 2000, and NT 4.0,
but also the much-hyped new Windows Server 2003. Microsoft has released a
patch, but most people haven't installed it yet. Well, time's running out -
worms that exploit the flaw started making attempts to hit every PC on the
Internet just a couple of weeks after the vulnerability became publicly known.
As I write this, Stanford University has reported that 2,400 of its
roughly 20,000 campus PCs were infected in a matter of days by worms
that took advantage of this hole. Malicious "Trojan"
code that was deposited onto the machines' disks may take weeks to clean out of
the systems, said Cedric Bennett, Stanford's director of information
security services in a
statement.
Even worse, the University of California at Berkeley announced that,
due to the same attacks, it was being forced to shut down all access
from outside the campus to its Windows-based file sharing and Exchange servers
for a period of
four days.
If you haven't yet secured your own systems against this hole, jump to my
July 24 issue
and read about the steps you need to take.
To send me more information about this, or to send me a tip on any other
subject, visit
WindowsSecrets.com/contact.
One critical patch you probably don't know you need
Aside from the worms described above, Microsoft recently started
warning Windows users about a separate threat that would allow a malicious
person within your intranet to gain system privileges.
A snag in this alert, however, is that fact that Microsoft's Windows Update
service will not notify users of Windows XP, 2000, Me, or 9x that
an update even exists. Only those few installations that
are currently running Windows Server 2003 will receive a notice from
Windows Update about the problem and the availability of its patch.
The security hole involves Microsoft's SQL Server program. Many people
who are affected, however, are totally unaware that they have an instance
of SQL Server present. That's because SQL Server is silently installed
as part of other applications, including the Microsoft Data Engine 1.0 and
Microsoft Desktop Engine (MSDE).
To determine whether a machine has a copy of SQL Server that may need
patching, search all drives and folders for a file named sqlservr.exe.
If that file is present, it should be considered for upgrading.
For details on the upgrade procedures for the different program
versions that are vulnerable, read Microsoft security bulletin
MS03-031 and Knowledge Base article
815495.
THIS WEEK'S HOT TIPS - news of the world of Windows
How to upgrade the Java VM on Windows 2000 SP4
I reported in the July 24
issue of Brian's Buzz that a slipstream install of Windows 2000 with
Service Pack 4 (such as installing Windows 2000 SP4 from a CD-ROM) doesn't
install the Microsoft JVM (Java Virtual Machine).
W2K SP4 also won't allow an updated version of the VM
to be installed, as advised by the "critical" security bulletin
MS03-011, if the VM was never installed in the first place.
Reader Patrick Slattery explained that he has to first install Windows 2000
with Service Pack 3 - then upgrade the VM, then upgrade to SP4 - in order to
run Java services that are written in J++. That's a lot of work.
Reader Michael Calabrese points out that Microsoft has released an
updated hotfix for the VM that can be installed after W2K SP4.
As far as I can determine, you can use the following procedure to
upgrade the VM on W2K SP4 so it's immune to the security problem:
-
Step 1. You must first ensure that the Microsoft VM is installed. In
Windows 2000 (any service pack level), click Start, Run, and then type cmd
in the Open box. Click OK. In the DOS box that appears, type jview
and press Enter.
- Step 2. If you see an error message that begins, "jview is not
recognized...", then the VM is not installed. You need to install it
from an earlier version of Windows or from a redistributable version
provided by a third party.
- Step 3. If the JM is installed, you can now upgrade it on
W2K SP4 by using Windows Update, according to Microsoft Knowledge Base article
820101.
- Step 4. A better way is to download a file that can be distributed
to multiple computers in your organization that have the VM installed.
To do this, visit the
Windows Update Catalog page. (The catalog is not compatible with
Windows NT 4.0, so a later Windows version must be used.)
- Step 5. In the left-hand navigation bar of the page, click "Find
Microsoft Windows Updates." Select Windows 2000 SP4, then click the
Search button. In the list of categories of downloads that appears,
click "Critical Updates and Service Packs." A list of downloads will be
generated.
- Step 6. Scroll down to the item named 816093. Click the Add button
to add this to your Download Basket. Click "Go to download basket." Click
the Browse button to specify a location on your drive to download the file.
Click the Download Now button. Click the Accept button to accept the license
agreement. Use the downloaded file to install the VM upgrade.
Be sure to read Knowledge Base articles
820101,
816093, and
163637 for complete information about this process.
|
|
SPONSORED LINKS
Price Watch
Powered by Amazon.com. Prices fluctuate daily.
Top 10 Bestselling Computer Books This Week
1.
The Career Programmer: Guerilla Tactics for an Imperfect World,
Jan 2002, List: $29.95, Price: $20.97
2.
iMovie3 & iDVD: The Missing Manual,
Jun 2003, List: $24.95, Price: $17.47
3.
Windows XP Timesaving Techniques for Dummies,
Aug 2003, List: $24.99, Price: $17.49
4.
The Photoshop Book for Digital Photographers,
Mar 2003, List: $39.99, Price: $27.99
5.
Photoshop Restoration & Retouching, Second Edition,
Jul 2003, List: $49.99, Price: $34.99
6.
ActionScript Cookbook,
Jun 2003, List: $49.95, Price: $34.97
7.
Starting an eBay Business for Dummies,
Dec 2001, List: $24.99, Price: $17.49
8.
Adobe Photoshop 7.0 Classroom in a Book,
Jun 2002, List: $45.00, Price: $31.50
9.
Mac OS X: The Missing Manual, Second Edition,
Oct 2002, List: $29.95, Price: $20.97
10.
Macromedia Dreamweaver MX Hands-On Training,
Nov 2002, List: $44.99, Price: $31.49
Search Amazon.com
Proposals made fast and easy
Why write all your proposals from scratch? Proposal Kit
produces documents that make technical professionals like you
look good. Includes materials for the
Interview, Design, Estimate, Proposal, Contract, and Development stages
of almost any project. Available for immediate use.
Info on Proposal Kit
Get a powerful e-mail publishing platform
ActionMessage.com powers the publishing of Brian's Buzz, and it can power your
newsletters, too. Our full-color charts give you immediate feedback on the
delivery and results of your e-mail newsletter campaigns. Contact us for a
quote and a free 30-day trial account.
ActionMessage.com
Advertise in Brian's Buzz
Circulation: over 44,000. Cost per 1000: $5 per 50 words.
Text-only ads get results.
Contact us now
|
|
|
|
RECOMMENDED READING - my book reviews of tech topics
Stealing the Network: you want to know, but you don't
This is possibly the most important work of horror fiction you'll read
this year. And computer pros will find it scarier than any Stephen King novel.
Each chapter of Stealing the Network describes
in technical detail an imaginary scenario that would allow black hats to
gain control of your servers. You never want these scenarios to come to pass,
of course, which is why studying this book is a good idea. It's written by
some legendary names in hackerdom: Dan Kaminsky (also known as Effugas),
a security consultant for Avaya; Tim Mullen (Thor), a Security Focus
columnist; Ryan Russell (Blue Boar), founder of the vuln-dev list; and
six others. Learn about this stuff before it's too late.
More info
Hacker Disassembling Uncovered: an essential toolkit
If you have anything to do with programming or looking at programming code,
you'll probably learn a lot from Hacker Disassembling Uncovered,
a new book by Kris Kaspersky. If you need to know how a compiled program
works, you often must disassemble it. But making the resulting code readable
is a major challenge. The author, who's written several other programming
reference books and articles, describes methods that restore almost
perfect source code. That includes C++, one of the most difficult
languages to disassemble. A bonus is Kaspersky's tips on optimizing programs
for today's modern compilers. Certain of his disassembly methods may violate
some "nondecompilation" licenses and practices, but when ya gotta know,
ya gotta know.
More info
WINDOWS GIZMOS - my product reviews of new stuff
Find Wi-Fi without booting up
Is there a Wi-Fi hotspot near you now? How far can you sit outside of that
Starbucks Café before you lose its 802.11b signal? Now you can stop
booting up your laptop to answer these and other questions. The new Kensington
WiFi Finder is billed as the first and only "b" and "g" detector on the market
today. If it finds a signal, it displays one to three lights. If it finds none,
it displays no lights, so you can save yourself from getting out your portable.
With a street price around $22, this is one inexpensive gizmo that may save
you a lot of time.
More info
Now hear this: a disk case with built-in speakers
If you occasionally want to listen to some music
away from the office, but the idea
of carrying audio speakers around has always seemed ridiculous, salvation is
at hand. The TDK I'MASPEAKER Soft Case has two flat-panel NXT speakers
in its front and back covers, and still has enough room inside the satchel
for 24 CDs plus a CD player, MP3 device, portable FM radio, or whatnot.
The case's 1/8-inch stereo
mini-plug fits almost all players. This is by no means a boom box, since
it has no subwoofer (although I suppose you could add one). But for around
$29.99, it's a nice way for you and your friends to listen to some tunes
or the news.
More info
FORWARDING INSTRUCTIONS - news gains value when it's shared
Please share this information with your colleagues
You're encouraged to refer your friends and colleagues to this free
newsletter. Because most e-mail programs don't correctly display a formatted
message that's been forwarded, simply call people's attention to
the permanent Web address of this issue:
BriansBuzz.com/w/030807.
HERE'S A TIP - you'll get a better newsletter if you choose the paid version
You're reading the free version of Brian's Buzz on Windows
Subscribers to the paid version receive additional information in each issue.
Some of the extras this week are:
- Microsoft bulletins. A Redmond representative
confirms many new kinds of "gotchas" that can totally confuse the Windows
Update process.
- Free software. Just in time to ward off hacker threats, there's a
much-improved free Web service that remotely scans your computers for weaknesses,
with uncanny accuracy. Plus an all-new utility that eliminates 100% of
that "network messaging spam" that's starting to grow like a weed.
- Personal service. If a Brian's Buzz newsletter to a paid
subscriber bounces
for some reason (an ISP's junk filter, perhaps), I make at least one
personal attempt to contact the subscriber and help him or her correct
the problem - something that isn't possible for free subscribers.
If you make a contribution before August 20, 2003,
you'll be sent the full, paid version of this week's newsletter.
In addition, you'll receive access to all previous paid content, so you
can look up the code for that e-book we previously announced we're giving
away until August 15.
To upgrade to the paid version, please visit
WindowsSecrets.com/upgrade.
Thanks in advance.
WACKY WEB WEEK - playing for you the Internet's greatest bits
A celebration of political moderation
Reader Larry Best nominated as this week's wacky site a Web project that
he himself helped put together. It's "Sherman P. Wright's Celebration of
Political Moderation." It's billed as Republicans poking fun at the
"Big-C Conservatives" of their own party. But I found that the site takes a few
pot shots at liberals for good measure, too.
The site's obviously just getting started, but a few funny pages are
already there, and more material is solicited with open arms. "Moderate
comments are welcome," is I think the way they put it. Take a look for
yourself. You might even be able to submit some moderately amusing
thoughts. It's at
Sherwright.com (you're sure right, get it?).
|
|
|
|
|
| |
|
|
|
 | |