PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Crashed server? You have a need for speed!

http://www.ontrackdatarecovery.com/1107_need-for-speed/?promo=1207-winitpro-pc

Problems removing Admin Rights? Best practices

http://www.beyondtrust.com/wp_download.aspx?source=WIPSANewsletter

Migrating from Tape to Disk Backups

http://www.windowsitpro.com/go/wp/revinetix/diskbackups/?code=sechot1205

CONTENTS

===========================================

IN FOCUS: Tightening Software Restriction Policies

NEWS AND FEATURES

- Webroot Merges with Email Systems

- FBI Shut Down Botnets; Arrested Participants

- It's Official: Hormel Isn't a Spam Fighter

- Recent Security Vulnerabilities

GIVE AND TAKE

- Security Matters Blog: Firefox 2.0.0.10 Available

- FAQ: Certificates and Terminal Services

- Share Your Security Tips

PRODUCTS

- Block or Track Data Copied from PC to USB Device

- Product Evaluations from the Real World

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS

=== SPONSOR: Kroll Ontrack

===========================

Crashed server? You have a need for speed!

Ontrack Data Recovery services provide the fastest, most cost-effective recovery solutions available utilizing the industry's only lab-quality, remote data recovery service.

* No need to ship any equipment

* Fast, secure connection allows engineers to begin data recovery work in minutes

Special Offer: For a limited time, if you need data recovery service on any server or RAID system, you will receive:

* Free initial consultation with a data recovery engineer to help you determine the fastest, most cost-effective course of action

* Free service upgrade to our Priority-level Service

* Free comprehensive, remote evaluation of your storage media

For immediate assistance, call 800 872 2599 - or visit:

http://www.ontrackdatarecovery.com/1107_need-for-speed/?promo=1207-winitpro-pc

=== IN FOCUS: Tightening Software Restriction Policies

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Group Policy is an excellent tool for controlling various aspects of client computers. However it's not foolproof. Users could circumvent various aspects of Group Policy, such as Software Restriction Policies (SRPs). Doing so is possible as a regular user without the need for administrator-level access, which of course means that you need to be on the lookout for such activity.

Back in early 2004, Kamal Shankar wrote an article (at the first URL below) about ways to bounce specific program function calls to a different function over which the developer has more control. The technique can be used as a way to bypass aspects of Group Policy, including SRPs. Interestingly enough, Shankar's method uses Microsoft's Detours API (at the second URL below), which is meant to let developers extend application functionality.

http://www.codeproject.com/KB/system/KamalDetours01.aspx?df=100&forumid=36696&exp=0&select=1871367

http://research.microsoft.com/sn/detours/

Then in late 2005, Mark Russinovich wrote an entry in his Sysinternals blog (at the URL below) that explains why and how it's possible to bypass aspects of Group Policy. As part of his research on the topic, Russinovich wrote a small tool called Gpdisable that demonstrated the technique. But the tool disappeared sometime after Microsoft bought Russinovich's company.

http://blogs.technet.com/markrussinovich/archive/2005/12/12/circumventing-group-policy-as-a-limited-user.aspx

In April 2006, Russinovich wrote a bit more about the subject in an article on our Web site at the URL below. Russinovich wrote that "most of the settings in the Windows Components area of the Group Policy Editor's (GPE's) Administrative Templates node can be circumvented in environments in which end users can run arbitrary applications such as Gpdisable. Notably, IE configuration, including security zones, falls into this area, as do Windows Explorer, Windows Media Player (WMP), and Windows Messenger settings." He also pointed out that this isn't a bug in Windows; Windows was intentionally designed this way.

http://www.windowsitpro.com/Article/ArticleID/49166/49166.html

Well Gpdisable isn't available anymore, but last week another tool debuted that can be used to bypass Group Policy and SRPs. Eric Rachner released GPCul8r (at the URL below), which is a ready-to-use compiled executable that comes with two associated DLLs. The tool will undoubtedly be put into action on various corporate networks, so you should keep an eye out for it on your systems.

http://www.rachner.us/blog/?p=15

If you haven't done so already, check into tightening any SRPs you have in place. Microsoft has an article on Technet called "Using Software Restriction Policies to Protect Against Unauthorized Software" that applies to Windows XP, Windows Vista, and Windows Server 2003. The article is a good place to start when looking for ways to minimize the programs that can run on your desktops (at the first URL below). Another helpful reference is the Security Pro VIP article "Stay Safer with Software Restriction Policies" (at the second URL below).

http://technet.microsoft.com/en-us/windowsvista/aa940985.aspx

http://www.securityprovip.com/Article/ArticleID/94876/94876.html

=== SPONSOR: BeyondTrust

==============================

Problems removing Admin Rights? Best practices

Removing Admin Rights and applying the principle of least privilege will decrease security breaches by malicious users and malware, and reduce IT costs. However certain users require elevated rights in order to run required applications, ActiveX controls and more.

Read this white paper to discover best practices for removing admin rights.

http://www.beyondtrust.com/wp_download.aspx?source=WIPSANewsletter

=== SECURITY NEWS AND FEATURES

=======================

Webroot Merges With Email Systems

Webroot has entered the software as a service (SaaS) market space by merging with Email Systems. The combined company will offer Web and email security solutions for businesses.

http://www.windowsitpro.com/Article/ArticleID/97659

FBI Shut Down Botnets; Arrested Participants

The FBI said that the second phase of its operation Bot Roast resulted in the shutdown of more botnets and the indictment or conviction of eight men.

http://www.windowsitpro.com/Article/ArticleID/97683

It's Official: Hormel Isn't a Spam Fighter

After years of court battles over trademark issues related to the name "SPAM," a ruling has been made that states the obvious: Consumers don't confuse Hormel's famous meat product with computer software that fights junk mail.

http://www.windowsitpro.com/Article/ArticleID/97684

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

=== SPONSOR: Revinetix

===============================

Migrating from Tape to Disk Backups

Discover a Better Backup Strategy for Small to Medium-Sized Business. As backup software breaks away from its historically tight integration with tape, IT administrators are implementing disk-based backup products that are optimized to address new priorities. The new disk-based backup products geared to SMBs are being enhanced with enterprise-class product features and come with prices that are getting less and less expensive, making it feasible to back up from disk to removable disks and do away with tape backups altogether. Download this free white paper today and learn how you can break away from tape and move to disk-based data protection.

http://www.windowsitpro.com/go/wp/revinetix/diskbackups/?code=sechot1205

=== GIVE AND TAKE

====================================

SECURITY MATTERS BLOG: Firefox 2.0.0.10 Available

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Mozilla released Firefox 2.0.0.10 to fix three dangerous vulnerabilities. Read this blog item on our site to learn more.

http://www.windowsitpro.com/Article/ArticleID/97661

FAQ: Certificates and Terminal Services

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: Can I use wildcard certificates with Terminal Services?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/97596

SHARE YOUR SECURITY TIPS AND GET $100

Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@securityprovip.com. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS

=========================================

by Renee Munshi, products@windowsitpro.com

Block or Track Data Copied from PC to USB Device

CoSoSys announces Secure it Easy 1.2, which ensures that external devices such as USB thumb drives, portable drives, and iPods can't be connected to a PC unless they're authorized by an administrator. Unauthorized devices are blocked from reading or writing data. New in version 1.2 is the ability to trace files copied between a PC and a storage device. Secure it Easy is recommended for small office/home office (SOHO) use. The new version is available for a free 30-day trial from

http://www.cososys.com

PRODUCT EVALUATIONS FROM THE REAL WORLD

Share your product experience with your peers. Have you discovered a great product that saves you time and money? Do you use something you wouldn't wish on anyone? Tell the world! If we publish your opinion, we'll send you a Best Buy gift card! Send information about a product you use and whether it helps or hinders you to whatshot@windowsitpro.com.

=== RESOURCES AND EVENTS

=============================

For more security-related resources, visit

http://www.windowsitpro.com/go/securityresources

Attend the Power Up! With Virtualization online conference on Dec. 12. Learn how to take virtualization to another level. Whether you're just getting started or need to more effectively optimize your current virtual environment, discover how you can take the promise of virtualization and turn it into reality. Join Windows IT Pro and key independent virtualization experts for powerful tips, such as how to create a virtual machine (VM), ways to properly size VMs for server consolidation, and system factors that affect performance.

http://www.windowsitpro.com/go/virtualevent/virtualization/?code=120307er

Today's hackers are after your enterprise data, and the tools and services they employ to get at it are provided by a sophisticated, fast-growing criminal support industry. Even more surprising--and worrying--is how ineffective today's standard enterprise security practices are at stopping these sophisticated attacks. Attend this Web seminar to learn how high-tech criminals compromise your computers and profit from your data by putting confidential info up for sale.

http://www.windowsitpro.com/go/seminars/Bit9/ConfidentialData/?code=120307er

With more than 75% of business-critical information residing in email today, you're more likely to find evidence in users' inboxes than in filing cabinets or on a file share--a fact that hasn't been lost on lawyers, courts, or government regulators. Do you know what the email retention, discovery, and recovery requirements are for your business? Applications that archive mail are an invaluable resource for complying with those requirements. Download this essential guide about retention, discovery, and recovery for email and IM.

http://www.windowsitpro.com/go/eg/lucid8/ediscovery/?code=120307er

=== FEATURED WHITE PAPER

=============================

Unified Communications: What Is It? Why Should You Care? And How to Get There

Unified communications (UC) helps you manage voice, email, fax, and phone communications from one set of management controls. But from a practical standpoint, how do you get started? This white paper breaks the move to UC down into a manageable 3-phase process that starts with unified messaging (UM). Learn practical tips and a phased approach for getting started with UM as the first step toward a UC environment in the future.

http://www.windowsitpro.com/go/whitepapers/activevoice/um/?code=120307er

=== ANNOUNCEMENTS

====================================

Exchange 2007 Mastery Series: January 28, 2008

Three info-packed eLearning seminars for only $99 ($79 before December 15)!

Hosted by Windows IT Pro

Mark Arnold--MCSE+M, Microsoft MVP--will coach you through Exchange 2007 storage solutions: planning for archiving and compliance, optimizing your iSCSI network storage, and finding the sweet spot between memory and spindles.

http://www.windowsitpro.com/go/elearning/masteringexchange2007

Packed with thousands of articles, bonus content, and loads of expert advice, the Windows IT Pro Master CD is like having your very own team of professional Windows consultants in your pocket. Get real-world solutions lightning-fast--order the Windows IT Pro Master CD today. Includes a one-year subscription to all online content at WindowsITPro.com!

https://store.pentontech.com/index.cfm?promocode=EU227AOC&

===========================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below).

http://www.windowsitpro.com/windowssecurity

http://www.securityprovip.com

Subscribe to Security UPDATE at

http://www.windowsitpro.com/Email/Index.cfm?action=archive

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%

Be sure to add Security_UPDATE@list.windowsitpro.com to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- letters@windowsitpro.com

About technical questions -- http://www.windowsitpro.com/forums

About your product news -- products@windowsitpro.com

About your subscription -- windowsitproupdate@windowsitpro.com

About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.