PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:
St. Bernard Software
IN FOCUS: OS Haste Makes Waste
NEWS AND FEATURES
- Microsoft Offers Partners a Piece of the Pie
- Secure Computing Expands Offerings with CipherTrust Acquisition
- SurfControl Reels In BlackSpider
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Virtual PC Now Free
- FAQ: Saving Server Credentials To Reuse on a Net Use Command
- Instant Poll: Logon Password Security
- Share Your Security Tips
- Free Firewall Protection
- Tell Us About a Hot Product
RESOURCES AND EVENTS
FEATURED WHITE PAPER
=== SPONSOR: PatchLink
Automatically analyze, deploy and track security patches
Does your patch management solution automatically track and re-deploy to ensure network security? 20% of patches unknowingly become un-patched. Learn more about automating the analysis, distribution and tracking of security patches using PatchLink's security patch & vulnerability management solution -- the world's largest repository of tested patches. Request a free trial disk.
=== IN FOCUS: OS Haste Makes Waste
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Last week, Microsoft CEO Steve Ballmer said, "Rest assured we will never have a gap between Windows releases as long as the one between XP and Windows Vista. Count on it. I could go through the history of how we got here. Just count on it, we will never have this kind of gap again."
When I read that quote, I thought, "Oh no, here we go again." In the past, Microsoft's hasty OS release schedule led to a lot of security problems, which of course cost companies and individuals all over the world huge amounts of time, money, frustration, and in many cases, embarrassment.
How Microsoft got to the point it's currently at is this: Windows 3.x, released in 1990, was in widespread use on desktops when, in 1993, Microsoft released Windows NT. In 1995, the company released Windows 95, and in 1996, the company released NT Workstation. In 1998, the company released Windows 98, and in 2000, Microsoft released Windows Me and Windows 2000. In October 2001, the company released Windows XP.
Microsoft was criticized more harshly as time went by about the poor design of the OSs and the huge number of security holes, but the company didn't do a lot about the inherent security problems other than releasing fixes left and right and downplaying impacts when it could.
About a year after the release of XP, in September 2002, Microsoft released XP Service Pack 1 (SP1). Microsoft then put the brakes on its relatively rapid development and release schedule and conducted a massive security audit of its code to find and fix as many security problems as it could.
The results were Windows Server 2003 (released in 2003) and XP SP2, released nearly two years after XP SP1, in August 2004. It was my opinion at the time that XP SP2 brought so many significant changes, including security-related changes, to the desktop OS that the new release could have been called Windows XP2. The time line suggests to me that security is one of the major reasons for the delay between the release of XP and Windows Vista.
Microsoft currently plans to release Vista sometime in early 2007. If it does so, the time between the original release of XP and Vista will be roughly 5.5 years. That's a long time in the computer industry these days, but in my opinion, it was worth it to create a much safer product (which incidentally still isn't safe enough.) Time is indeed a cost of doing business prudently.
But let's also not forget that in August 2004, Microsoft released a major upgrade in XP SP2, so effectively only 2.5 years will have passed when Vista is released. That's not a long time when it comes to OS development.
I hope Microsoft has learned from its past experience with security. If the company falls back into a hasty OS release schedule without keeping security front and center and slowing down when security matters indicate such action, then we're all undoubtedly going to suffer the consequences.
=== SPONSOR: Thawte
Test the Starter PKI Program to benefit your company with timesaving convenience and secure multiple domains and host names.
=== SECURITY NEWS AND FEATURES
Microsoft Offers Partners a Piece of the Pie
Microsoft's Security Software Advisor program will pay partners a percentage when they assist companies with acquisition and deployment of Microsoft's security solutions.
Secure Computing Expands Offerings with CipherTrust Acquisition
Secure Computing's latest acquisition will bring the company new capabilities to defend against spam, malware, and spyware, as well as the ability to protect against outbound policy and compliance violations.
SurfControl Reels In BlackSpider
SurfControl announced that it has completed the acquisition of security solution provider BlackSpider Technologies. BlackSpider's solutions offer protection against spam, viruses, spyware, phishing and pharming attacks, and other unwanted content, and allow control over employees' Web access. The solutions also include email encryption technologies.
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
=== SPONSOR: St. Bernard Software
Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P.
=== GIVE AND TAKE
SECURITY MATTERS BLOG: Virtual PC Now Free
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters
Microsoft released its Virtual PC as a free download. It runs on Windows 2000 Professional Service Pack 4 (SP4), Windows XP Professional Edition, and Windows XP Tablet PC Edition. With Virtual PC installed, you can load Win2K, XP, and Windows Server 2003 as virtual machines.
FAQ: Saving Server Credentials To Reuse on a Net Use Command
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq
Q: How can I force a net use command to remember the credentials to use for a server?
Find the answer at
INSTANT POLL: Logon Password Security
How often does your organization force users to change their logon passwords?
- At least once per month
- Every two to three months
- Every four to six months
- Every six months or longer
- We don't force password changes
Submit your vote at
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to firstname.lastname@example.org. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.
by Renee Munshi, email@example.com
Free Firewall Protection
Comodo offers Comodo Personal Firewall 2.2 , free firewall software that performs inbound and outbound packet filtering and outbound application filtering at the network layer. New features and functionality include advanced network, application, and application component monitoring; a redesigned interface that has "smart" pop-up alerts; and a more powerful and intuitive security rules interface. For more information, go to
Tell Us About a Hot Product and Get a Best Buy Gift Card!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Best Buy Gift Card if we write about the product in a Windows IT Pro What's Hot column. Send your product suggestion with information about how the product has helped you to firstname.lastname@example.org.
=== RESOURCES AND EVENTS
Calling all Mythbusters! Do you know what is fact and what is fiction about Linux? Take the quiz and find out--you could win a $150 MSN Music gift card!
Are you protected company-wide against spyware, keyloggers, adware, and backdoor Trojans? Test the state-of-the-art scanning engine that uses threat signatures from multiple sources to track down the culprits that antivirus solutions alone can't protect you against. Download your free 30-day trial of CounterSpy Enterprise today!
Expert Ben Smith describes the benefits of using server virtualization to make computers more efficient. Download this exclusive podcast today!
Make sure that your DR systems are up to the challenge of a real natural disaster by learning from messaging survivors of Hurricanes Katrina and Rita. On-demand Web seminar
When disaster strikes your Windows, SQL, or Exchange servers, you need answers. Make sure that if an emergency occurs, you're prepared. Get the full eBook and get started on your recovery plan today!
=== FEATURED WHITE PAPER
Learn how to make email truly available 24x7x365, secure your systems against viruses, comprehensively back up email data, and more. Download the white paper today!
Discounted Offer for the Windows IT Pro Master CD
Save 50% off the Windows IT Pro Master CD! Order now and get portable, high-speed access to the entire Windows IT Pro article database on CD--a searchable library that includes every issue ever published. The newest issue also includes BONUS Windows IT Tips. Order now and save 50%:
Save $80 off the Windows Scripting Solutions newsletter
Get endless scripting techniques and expert-reviewed code. Subscribe to Windows Scripting Solutions today and save $80:
Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).
Subscribe to Security UPDATE at
Unsubscribe by clicking
Be sure to add Security_UPDATE@list.windowsitpro.com to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- email@example.com
About technical questions -- http://www.windowsitpro.com/forums
About your product news -- firstname.lastname@example.org
About your subscription -- email@example.com
About sponsoring Security UPDATE -- firstname.lastname@example.org
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.