Internet Security update 0610
Internet Security update 0610
Security Through ObscurityIn a recent survey performed by Opera Software, approximately 32
percent of respondents had no idea whether the browser they choose
affects their system's overall security (see the news item below). It's
probably safe to assume that those people don't know how any
application might affect their system's overall security.
Some people might argue that using any browser other than Microsoft
Internet Explorer (IE) is far safer. That might not be true depending
on how someone uses IE. For example, if you load the latest patches,
stay on top of the latest vulnerabilities and exploits, use add-on
tools that increase security, and possibly modify certain registry
settings, then IE can become much safer to use than it is in its
default configuration. Plus, if you use Windows XP with Service Pack 2
(SP2), IE is much safer.
If you subscribe to our WinInfo Daily UPDATE newsletter, you probably
read last Friday's Short Takes edition in which Paul Thurrott mentioned
that IE 7.0 is in development. It will undoubtedly be more secure than
previous versions, but there's a catch: It will be available only for
Windows XP and Windows Server 2003. At this time, it seems that
Microsoft won't make the new browser version available for Windows
2000. Mainstream support for that OS ends June 30, but that doesn't
mean that no security patches will be available. Since the company will
provide free security patches until June 2010, I think we can assume
that includes security patches for IE on Win2K.
It's certainly possible to switch from IE to another browser on any
Windows platform, but of course doing so presents problems because some
application interfaces rely on the use of IE. This means that in many
cases, you'll have to use two browsers, which isn't a big deal, but you
do incur the added work of managing an additional application on your
desktops.
Last week, I wrote about security through obscurity. One reader wrote
to say that in his opinion I completely missed the point of what the
phrase "security through obscurity" really means. There's no sense
arguing semantics. I'll just say that I was advocating adding as much
security as possible even if the added amount is trivial. Another
reader wrote with a comment that illustrates this point. He said that
even though he knows a thief can quickly unlock his car door and steal
the vehicle, he locks the car anyway.
That about sums it up. However, there is the notion of cost, which I
didn't cover last week. Some might argue that the cost of managing
something like MAC address filtering on wireless Access Points (APs) is
excessively expensive for the amount of security gained. This could be
true depending on the size of your environment, the size of your budget
and your ideas about where that money is best spent, and the manner in
which you implement network management. Obviously, you have to decide
that for yourself.
A feature item below mentions a feature article about Windows Server
Update Services (WSUS). You can read the complete feature article on
our Web site and chat about WSUS with Doug Toombs today at 12 P.M.
Eastern (9 A.M. Pacific). Learn more about the "WSUS Is Not for
Wussies!" Web chat at
Security News and Features
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities.
Does Web Browser Choice Affect Security?
A recent survey revealed that many people still don't realize how
applications might affect overall system security. The survey revealed
that 17 percent of respondents thought that the browser played no role
in overall system security and 32 percent said they didn't know one way
or the other.
Setting Up Windows Server Update Services
Patch management is a headache for security administrators at most
organizations. Windows Server Updates Services (WSUS) offers benefits
for organizations of all sizes. In this article, John Howie walks you
through the process of installing and configuring WSUS for your
organization, obtaining updates, and configuring clients to use WSUS to
obtain updates.
Resources and Events
Antispam product not working?
Many email administrators are experiencing increased frustration
with their current antispam products as they battle new and more
dangerous email threats. In-house software, appliances, and even some
services may no longer work effectively and require too much IT staff
time to update and maintain or to satisfy the needs of different users.
In this free Web seminar, learn how you can search for a better way to
protect your email systems and users.
Register For This Free Web SeminarYou Could Win a Windows IT Pro VIP
Subscription!
In this free Web seminar, learn what the most common fax messaging
challenges encountered in the workforce are and solutions for how to
turn these common fax "headaches" into cost-effective, easy-to-use,
business communications. You'll also receive a free, industry white
paper on fax deployment and integration techniques. Register now and
you'll receive a 30-day software trial and a Starbucks gift card for
attending!
Diagnose and Resolve Performance Problems
Maximizing application performance isn't easy, and database is only
one component of today's complex, multi-tiered systems. In this free
Essential Guide, learn how to follow a solid monitoring practice and
troubleshoot issues before they get out of hand. You'll discover how
you can ensure optimal SQL Server performance and satisfied users.
Get Ready for SQL Server 2005 Roadshow in Europe
Get the facts about migrating to SQL Server 2005. SQL Server experts
will present real-world information about administration, development,
and business intelligence to help you implement a best-practices
migration to SQL Server 2005 and improve your database computing
environment. Receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine.
Recover Your Active Directory
Get answers to all your Active Directory recovery questions here!
Join industry guru Darren Mar-Elia in this free Web Seminar and
discover how to use native recovery tools and methods, how to implement
a lag site to delay replication, limitations to native recovery
approaches and more.
Featured
Antispam Product Not Working?
In-house software, appliances, and some services may no longer work
effectively and require too much IT staff time to update and maintain
or to satisfy the email security needs of different users. In this free
white paper, learn how a managed service solution can lower overhead
and administrative costs, get more flexible end-user controls, improve
service and support, and more.
Hot Release
Converting a Microsoft Access Application to Oracle HTML DB
Get the most efficient, scaleable and secure approach to managing
information using an Oracle Database with a Web application as the user
interface. In this free white paper learn how you can use an Oracle
HTML Database to convert a Microsoft Access application into a Web
application that can be used by multiple users concurrently. You'll
learn how to improve the original application by adding hit
highlighting and an authorization scheme to provide access control to
different types of users.
Security Toolkit
If you've been looking for a Windows-based version of the popular
tcpdump tool, MicroOLAP Technologies offers MicroOLAP TCPDUMP for
Windows, which the company says reproduces all the features found in
the original tcpdump for UNIX.
New and Improved
Keep Your Windows PC Secure
WinKeeper Professional 4.85 is the most recent version of a suite of
12 Windows security utilities from WinKeeper Software. Spyware Doctor
detects and cleans spyware, adware, Trojan horses, keyloggers, spybots,
and other malware that might be on your PC. Security Task Manager lets
you examine the processes that run on your computer and ensure that
there are no intruders. BHO Cleaner lets you easily control the browser
helper objects that have been installed on your computer. Other suite
utilities can help you clear your IE history file, erase files, and
manage passwords. WinKeeper Professional 4.85 runs under Windows
98/Me/NT 4.0/2000/XP and costs $34.95 for a single-user license.
