DavidOverton.com
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
David Overton's Blog » All Tags » Security » Windows 7, Vista and XP (RSS)

Browse by Tags

  • Internet Explorer security vulnerability fix now available – think of it as an early Christmas present… now about Firefox’s 3 issues this week…

    I think everyone knows that an urgent security issue has arisen in IE this week and Microsoft has taken the (wise) decision to publish a fix outside the normal 2nd Tuesday release cycle. Some have said switch browser because of this issue, but not only can that be complex, but most browsers suffer security issues so once again the only real protection is to wrap in cotton wool and hide. Or, use the built in features of Vista and IE7/8 which means protected mode and NOT running as admin. You might ask why a Christmas present? Well, if this continued un-patched then your information is seriously at risk and that would make for a very bad Christmas if your credit card information was stolen!! Either way, if you have IE on your systems then you will need to update your systems urgently. Of course, my Hyper-V server (or Windows Core for that matter) don’t have IE, so no updates for them!!! Just for completeness, here is the information from the Technet newsletter Internet Explorer Security Update I wanted to...

  • Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC

    This is another question I was recently asked. One particular user noticed that the certificate they saw when accessing their server from the internet did not match that when accessing from the LAN. The certificate looked something like this: This was a little strange as when the system was accessed from the intranet, all things appeared fine. The culprit for them was the SBS 2003 self signed certificate on the same machine. By removing the certificate and then installing the correct new one things got better. To remove the old certificate, start MMC.exe and accept the UAC prompt. Now press Ctrl+M to add a new snap-in and select Certificates and when asked, add for the user account . The do the same again, but select Certificates and Computer Account and hit OK to accept the current computer. Now expand out Personal Certificates and remove any SBS 2003 self signed certificates. To load the new certificates open a browser inside your SBS 2008 network and point to http://companyweb/Lists/Announcements/DispForm.aspx...

  • Important Microsoft security update – update your machines now!

    DavidOverton.com rebooted today due to an emergency security update – an “out of band” release from the normal “patch Tuesday” process.  It is worth considering updating and reboot your computers and servers asap.   More information on this can be found at http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx .  Impacted systems below:   Operating System Maximum Security Impact Aggregate Severity Rating Bulletins Replaced by this Update Microsoft Windows 2000 Service Pack 4 Remote Code Execution Critical MS06-040 Windows XP Service Pack 2 Remote Code Execution Critical MS06-040 Windows XP Service Pack 3 Remote Code Execution Critical None Windows XP Professional x64 Edition Remote Code Execution Critical MS06-040 Windows XP Professional x64 Edition Service Pack 2 Remote Code Execution Critical None Windows Server 2003 Service Pack 1 Remote Code Execution Critical MS06-040 Windows Server 2003 Service Pack 2 Remote Code Execution Critical None Windows Server 2003 x64 Edition Remote...

  • Latest news, events and downloads in the Security world from Microsoft - Windows Server 2008, Mobile, employee habits, Antigen, IPSEC, ForeFront, NAP, XP Firewall, System Center

    Each month the TRM blog product this great summary of the Microsoft world in various product areas. The blog can be found here http://blogs.technet.com/trm/ News Help your customers securely deploy Windows Server 2008 with the Windows Server 2008 Security Guide! http://go.microsoft.com/fwlink/?LinkId=92550 Every day, adversaries attempt to invade your customers’ networks and access their servers—to bring them down, infect them with viruses, or steal information about customers or employees. Your customers are looking to Microsoft and Windows Server® 2008 to help them address these threats. To assist customers in taking full advantage of the rich security features in Windows Server 2008, Microsoft has developed the Windows Server 2008 Security Guide. The Windows Server 2008 Security Guide provides IT professionals with best practices, predefined security templates, and an automated deployment tool to help strengthen the security of servers running Windows Server 2008. Supporting Your Family, Friends, and Neighbours...

  • Windows is now getting too difficult to hack, so the hackers sights are moving elsewhere, but that does not mean security is now easier.

    I have heard many times how Windows is the big target for virus and phishing nasty people in general, but more and more people are showing that Windows is just too hard to hack when applications and other platforms offer so much more opportunity. From the article at eBay: Phishers getting better organized, attacking Linux Dave Cullinane, eBay's chief information and security officer said that in his previous job protecting a bank from phishers "The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes. Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected. Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured...

  • Tool to modify UAC behaviour in Vista using Group Policy - BeyondTrust Privilege Manager

    I am one of those people who always leaves UAC enabled - I like to see when something (*cough* - Adobe Update - *cough*) wants to execute with admin privilege on my system and then get the choice as to whether to allow it or not. However, not everyone likes the choices that are presented by default with the GPOs ( Group Policy Objects ). Coming to the rescue are tools to help enhance these offerings, such as the Privilege Manager from BeyondTrust. Sometimes people forget that Microsoft is a platform for others to build on and this is no different. Their product enables pre-defining the responses to UAC based on a number of variables. While I have NOT tried the product, it is getting good reviews. You can however download an eval copy for free if you so desire. One thing to bear in mind is that when a tool like this is used, you weaken security - why, well, even if you use a SHA1 hash to work out if an application is safe or not, a clever hacker will use plugins, dll's etc to attack that product - it does not...

  • Windows Client (Vista and XP) - Active X installer service, Volume Activation Tool, Diagnosing XP crashes, modifying the boot configuration parameters

    If you use volume licensing with Windows Vista then you need to be aware of the tools to manage them - it is not as simple as it used to be as you now need a management tool inside the business. VAMT answers this as does Desktop Management. Then we have some webcasts on slow networks, diagnosing crashes in Windows XP (although many of the techniques work for Vista too), backup and restore in Vista, using the ActiveX installer Service and Boot config parameters VAMT 1.0 (x86) The Volume Activation Management Tool enables IT professionals to automate and centrally manage the volume activation process using a Multiple Activation Key (MAK). VAMT v1.0 is only available as a US-EN (x86) release. Best Practices on Managing Windows Vista Desktops Get best practice guidance for managing Windows Vista desktop operations. Windows Vista Service Life-Cycle Management (WVSLM) provides concise guidance to help minimise the total cost of ownership of desktop infrastructure. Process guidance and document templates help make service...

  • Security for Windows Vista (understanding more about UAC), Networks, plus advice and guidance

    Security is always a big subject area. Over the last two months Technet have published the following items that will help understanding and delivery of secure systems base do Microsoft technology. Windows Vista TechNet Magazine: Inside Windows Vista User Account Control Mark Russinovich explains that User Account Control (UAC) is one of the most misunderstood new features in Windows Vista. But its goal -- to enable users to run with standard user rights -- can solve many security issues. Get an inside look at the problems UAC addresses and see exactly how this new feature works. http://go.microsoft.com/?linkid=6803653 Network Security Internet Protocol Security Enforcement in the Network Access Protection Platform This white paper describes the Network Access Protection (NAP) platform, how IPsec protects traffic, and how IPsec Enforcement in NAP provides system health policy enforcement for IPsec-secured communication. http://www.microsoft.com/downloads/details.aspx?FamilyID=144cc69f-790f-4f52-8846-3f3b8584d7cd&DisplayLang...

  • "Vista, XP Users Equally At Peril To Viruses, Exploits" and then a lengthy retort from Roger A Grimes including the comment that the number of vulnerabilities over a given time for OSs were XP-28, Vista-11, Max OSX-101

    I have been RSS feed and news hunting and found this review in IT Channel News stating that Vista was no more secure than Windows XP. Then I read how things seemless slipped onto the system and I started to get frustrated that they must have turned off every security feature in Vista to get the results. There I was about to write a WTF reply when I found a HUGE one by Roger. There also seemed to be some confusion that Microsoft also still recommends anti-virus software for Vista. I tell people to buy AV software and not some complete "take over everything on your system" suite. Rogers reply is worth reading for sure - Microsoft is far from perfect, but turning off all the security features and then saying it is no more secure is just a little bit silly too. If you look at the number of found vulnerabilities in Windows XP (28) vs. Vista (11) this year, Vista wins again. If that seems like a lot, don't forget Mac OS X has had 101 in the same time period. Cute commercials, but not necessarily a stellar...

  • How to configure SQL Server 2005 to allow remote connections on Windows Server 2008 (Longhorn) / Windows Vista

    Just a quick one - I was playing around with SQL2005 on my Longhorn server and I could not connect from a remote machine - Ahh I thought, the firewall is in the way, but it turned out I had to do 3 or 4 things to get things working. The Microsoft KB article that pointed to the light was How to configure SQL Server 2005 to allow remote connections which covers how to enable the firewall for the 2 programs you need and so on. When you try to connect to an instance of Microsoft SQL Server 2005 from a remote computer, you may receive an error message. This problem may occur when you use any program to connect to SQL Server. For example, you receive the following error message when you use the SQLCMD utility to connect to SQL Server: Sqlcmd: Error: Microsoft SQL Native Client: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. This problem may occur...

  • Changing the way that Vista User Access Control (UAC) works in Vista by group policy

    James gave me some hassle the other day for not referencing his blog (which is a valid thing to do), so I thought I would point out this post as it will end some of the gripes of people out there. Using Group Policy you can change the following: User Account Control: Behavior of the elevation prompt for administrators User Account Control: Behavior of the elevation prompt for standard users User Account Control: Elevate on application installs User Account Control: Run all users, including administrators, as standard users User Account Control: Validate signatures of executables that require elevation User Account Control: Virtualize file and registry write failures to per-user locations More information from James Blog at Views on Windows Vista : Can I customise UAC? . ttfn David Technorati Tags: Vista , Group Policy , UAC , Security

  • Windows Hacktivation (or Activation) Trojan Horse / Phishing scam

    I saw this and for a change decided I needed to blog on something about Symantec. The story is simple - a program pretends to be Windows Activation and asks for a credit card to prove ID. IT IS OBVIOUSLY NOT A MICROSOFT TOOL, but I am sure some people might presume it is. For more information, have a look at the eWeek and Symantec sites: Symantec is reporting on a Trojan horse that mimics the Windows activation interface. Once you reboot your PC after running the program, the program asks you to activate your copy of Windows and, while it assures you that you will not be charged, it asks for credit card information. If you don't enter the credit card information it shuts down the PC. How to clean it - Symantec writeup Source: Top Threat: Windows Hacktivation ttfn David Technorati tags: Security , Activation , Phishing

  • May security updates for Server DNS and Office 2003/2007 and IE7. Also Quicktime needs an update

    I did a quick scan and it seems that this month Office is the main target of updates, along with one critical one for Windows Server (for DNS RPC attack) and one for IE7. Worth a quick download and install :-) I also got this in the mail today: Apple QuickTime 7.x must be upgraded to 7.1.5 or higher. On the security updates: Microsoft is releasing the following new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS07-023 Critical Microsoft Excel (all currently supported versions) Remote Code Execution MS07-024 Critical Microsoft Word 2000, 2002, 2003, 2004 (Mac) Remote Code Execution MS07-025 Critical Microsoft Office (all currently supported versions) Remote Code Execution MS07-026 Critical Microsoft Exchange (all current versions) Remote Code Execution MS07-027 Critical Internet Explorer - all current versions on all currently supported versions of Microsoft Windows Remote Code Execution MS07-028 Critical CAPICOM, BizTalk Server Remote Code Execution...

  • From the The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

    I've talked about this before, but thought it was worth pointing people to this Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista [Today's post comes to us courtesy of Wayne McIntyre] In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and configured. In a situation where you are using a self-signed cert you will need to install the certificate into the Trusted Root Certification Authorities store. 1. Connect to your OWA site by going to https://host.domainname.com/exchange FOR THE REST OF THE INSTRUCTIONS PLEASE FOLLOW THE LINK TO THE SOURCE BELOW Source: The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista ttfn David Technorati Tags: Vista , Certificate , SBS

  • Changing Vista boot screens and opening yourself up to rootkits (or not)

    I love people who want to customise WIndows Vista and some of my previous posts have covered this, however you can go too far - you can hack the OS. While I understand the desire to "hack" the OS to get customisations, there are better ways. This particular example is where people want to change the boot screen in Vista. The ability to do this will be coming from StarDock soon, but until then people have taken to modifying the existing OS files. THERE IS ALWAYS a change that by downloading someones customised file to your PC and it being loaded so early on in the boot process that it could do nasty things, especially since these files are in now way certified by Microsoft. A classic example of this can be found here when people want to change the boot logo - this could easily be a social engineering attack. The instructions tell someone to remove the access and security permissions from a core system file, overwrite it with one that might make the system look prettier during boot, but who knows what else will...

  • Symantec "Microsoft Listed as Most Secure OS"

    Wow, you have to wonder whether this hurt them to say this :-) Now I am a believer that any security vulnerability is bad and that the longer it is out there then the more likely it is to exploit it. If "people" only have one way to crack into your system, then they can still get in and the longer it is out there then the more likely it is that it will be used, however always nice to see that MS is trying hard and while not perfect, is doing better than other people who throw stones at MS. Of course, Windows also has more in it, so being better with more features in the box is even nicer and this is across all versions of Windows, not just the latest (Vista) for example. I think it shows that the IT industry has more work to do in this area - as Ed the Fed said - "this is a journey." Surprise, Microsoft Listed as Most Secure OS By Andy Patrizio UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec ( Quote ), no friend of Microsoft, said in its...

  • How to start an administrative (or elevated) command prompt and tell if you got it right (in Vista)

    I have had a few people tell me that they have had problems getting an administrative command prompt up and running in Vista. If you have done it correctly then a windows will open just like the one to the left. Notice that it has opened into the X:\windows\system32 directory and that it has the title "Administrator: X:\windows\system32\cmd.exe. Anything else and I would be suspicious. The process is simple - do either of these Click Start , click All Programs , and then click Accessories . Right-click Command Prompt , click Run as administrator or Click Start Type cmd into the search box and wait for Command Prompt or cmd.exe to appear in the list Press CTRL-Shift-Enter Either way, you should get an User Account Control (UAC) prompt appear with a BLUE banner on the top - press Continue here. For more information on User Account Control go to here ttfn David Technorati tags: Windows Vista , Elevate , run as Administrator , Vista Ultimate , Security

  • Windows Vista Security "Guide", why Jim Allchin doesn't use Anti-Virus software for his son and why some people just don't want to have improved security unless you pay them for it.

    OK, so I saw that the Vista Security Guide ( http://blogs.msdn.com/windowsvistasecurity/archive/2007/01/05/windows-vista-security-guide-1-2-released.aspx ) had been updated - it is worth knowing more about the security model in Vista, how we protect against some threats and how it might impact your applications (eg if a non-admin application wants to send UI information to an admin one), Group Policy, Settings etc. Now, while security is important, so are the basics, like turning on the auto-updates, firewalls and anti-malware software. Well, MS now supplies a great anti-spyware product built into Windows in the form of Defender and the firewall can now be configured on outbound comms as well as inbound if you want, but no AV in the product. So, you need a 3rd party AV product (or Windows OneCare)... well, Jill Allchin, who delivered the Vista project for all of us does not use one for his son's machine.... http://windowsvistablog.com/blogs/windowsvista/archive/2006/12/19/windows-vista-and-protection-from-malware...

  • ISA 2004, meet Vista, Vista, meet ISA 2004 client so that you can now work!!

    If you are using Vista and ISA, you will be used to getting a compatibility warning when the client loads. Well, this KB and download gives you a time when that is no longer the truth :-) From the joys of Susan B's blog View article... .. How to obtain the version of Firewall Client for ISA Server (December 2006) that includes Windows Vista support: http://support.microsoft.com/kb/929556 Finally the ISA firewall client that will support Vista is out today and there's a new WSUS category to boot! As always, be careful when playing with your systems ttfn David

  • Need Norton Anti Virus for Vista - get the beta then

    I have just seen that the beta for AV and security software from Symantec is now available for download . As one would hope, it comes with the following information: What is a Beta? A “beta” is a pre-release version of a Symantec product that is available for public testing before the final version is released. Through public testing, we can evaluate how the product performs in “real world” environments and collect valuable feedback from you. We want you to tell us what you like and don’t like about the product and report any problems to us directly. Be among the first to experience the new features and functionality of our latest products. Current betas: Norton Internet Security 2007 Vista Public Beta Norton AntiVirus 2007 Vista Public Beta Norton 360 All-In-One Security Learn More

  • Windows Defender released to market - free Anti-Spyware product

    Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected and minimizes interruptions and helps you stay productive. Now with 2 free support incidents for Windows XP and Windows Server 2003. Source: Windows Defender home The product has the following features: A redesigned and simplified user interface – Incorporating feedback from our customers, the Windows Defender UI has been redesigned to make common tasks easier to accomplish with a warning system that adapts alert levels according to the severity of a threat so that it is less intrusive overall, but still ensures the user does not miss the most urgent alerts. Improved detection and removal – Based on a new engine, Windows Defender is able to detect and remove more threats posed by spyware and other potentially unwanted software. Real...

  • Microsoft blocks 'Black Hat' Vista hack

    I remember when this story 1st broke - that someone had found a way to use cpu virtualisation technology to provide the ultimate "root kit" to steal information from Vista (although this would work for any / every operating system). One little niggle was that the user had to install the nasty, which required admin access, so a UAC security prompt was part of the "process" of the seamless install. Then came the uproar about the 2-yr old technology of PatchGuard, which stops the hooking and replacing of certain x64 kernel APIs to make it harder to attack the system and blocks another set of routes for non-virtualisation based root kits. The noise about this was because some Anti-Virus vendors felt it was their right to modify the kernel in anyway they wanted and this access would obviously be used by both good and bad people. A compromise has been reached, so hopefully systems will be protected and AV vendors will be happy. The final piece is the changes that have been made to stop the virtualisation attack. Once...

  • IE7 Installation and Anti-Malware Applications - why you should turn them off for the install!!

    I saw this and because IE is coming soon, thought you might like to read this! IE7 Installation and Anti-Malware Applications A few people have asked why we recommend temporarily disabling anti-virus or anti-spyware applications (which I’ll refer to together as anti-malware) prior to installing IE7, so here’s a little insight to the situation. Along with copying IE7 files to your system, IE7’s setup writes a large number of registry keys. A common way anti-malware applications protect your computer is by preventing writes to certain registry keys used by IE. Any registry key write that fails during setup will cause setup to fail and rollback changes. We work around the problem in most instances by checking permissions at the beginning of setup, but many anti-malware programs monitor the key rather than change permissions. Therefore, setup thinks it has access when it starts, but then fails when it later attempts to write the key. The majority of users likely haven’t seen any such problems even with anti-malware...

  • Windows Live OneCare safety scanner: Free online tool for PC health and safety

    This has been around for a while, but it is no longet in beta - scan a PC to see how it is doing! Get a free PC safety scan Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC. Check for and remove viruses Get rid of junk on your hard disk Improve your PC's performance Fix specific PC issues Use the full service scan to check everything. To help fix particular problems on your PC, turn to the individual scanners below. Protection Clean up Tune up Source: Windows Live OneCare safety scanner: Free online tool for PC health and safety

  • E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Now remind me again why it's a bad thing to exclude other vendors from the Kernel?

    There was me ranting on security yesterday and then I spot this post by Susan that says it all Link to E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Now remind me again why it's a bad thing to exclude other vendors from the Kernel? enjoy David
1 2 3 Next >

(c)David Overton 2006-23