[pcductape] Re: Was [Can anyone tell me what this means?] now - Security in Windows

  • From: "Pam" <ltf01@xxxxxxxxxx>
  • To: <pcductape@xxxxxxxxxxxxx>
  • Date: Wed, 4 Feb 2004 12:57:09 -0600

Nice article, Vic.

-----Original Message-----
From: pcductape-bounce@xxxxxxxxxxxxx
[mailto:pcductape-bounce@xxxxxxxxxxxxx]On Behalf Of Victor Firestone
Sent: Wednesday, February 04, 2004 12:37 PM
To: pcductape@xxxxxxxxxxxxx
Subject: [pcductape] Was [Can anyone tell me what this means?] now -
Security in Windows

First of all - WARNING - long email - go grab a cup off coffee or some such
, sit down and get all comfy and then read away.

Secondly, I am writing this in bigger fonts so everyone will have an easy
read and also Bccing this email to a couple of other lists.

Third, some of the info below is slightly technical - further questions to
enhance your understanding are always welcome.

I'll answer your questions below but would like first to recap all that has
been said [by me so far today]. BTW, I am, to remind you, a beta tester
[among other programs] also for Windows Update.

First - Windows Update -
During the last 6 months or so, Microsoft has turned a lot of resources to
plugging security problems in their programs [mainly because of lots of
pressure from outside the company]. This in effect has created many more
patches and fixes [Microsoft jargon for small or not so small updates that
plug/fix security issues]. Some of the problems that are discovered are
easier to fix than others , mainly because some programs - for example
Internet Explorer - are actually  much more than just a browser. [In the
case of Internet Explorer in our example - its' engine is used to display
your email messages in Outlook or Outlook Express especially HTML messages,
Internet Explorer's engine is used in several different OS's. Dozens of
different languages. Thousands of different applications. Changing one line
of code in the innards of Windows means potentially breaking a large number
of applications.]

In any case WU [Windows Update] is divided into 3 categories -

[ It's not necessary to install any updates for programs that you aren't
using; for example, if you've disabled Windows Media Player, you don't need
to install updates to it. ]

Critical and Service Packs - these are updates that in most cases close
security holes that are big enough to run a truck through. Get these updates
and install them ASAP, 99% of the time after installing these updates your
system will be okay - though there have been cases when things have gone
wrong - something that is inevitable when you consider the huge amount of
different computer configurations out there. [As an aside - anyone running
Win XP should create a system restore point before running WU just to be on
the safe side, the system itself does create a restore point but creating
one manually and giving it a name that you will remember can make things a
bit easier if you run into problems. If you do this then you can rest
assured that you can always roll back to the way things were before you
updated and then wait till the problem is solved]. Personally I do Critical
WU one at a time, on my main machine, and wait to see if anything is broken,
though when testing WU I do whole bunches together but that is on a test
machine that is used only for beta testing so if anything breaks there it is
no big deal. If you keep your machine updated to Critical Updates you will
be pretty well off, and updates in this category are less frequent so there
is no hassle in doing an update every time one comes out and waiting in
between updates to see if anything is broken.

This category also includes Service Packs are actually a whole huge pile of
fixes, the next huge Service pack for XP is Service Pack 2. And if there is
one thing Microsoft is preoccupied with right now, it would have to be
security. Microsoft is in the news more for security problems with Windows
(whether fairly or not) than any other issue. With other operating systems
such as Mac OS X (Panther) and Linux (Kernel 2.6) getting significant
updates, some are wondering, what Microsoft is up to? A few months ago,
developers were given a preview to Microsoft Windows Longhorn. Longhorn is
still at least two years away, leaving the rest of us who use the
currently-available Windows XP wondering what the next big XP update will

Microsoft has taken the wraps off Service Pack 2 for Windows XP. At first
thought, one might think "big deal - Service Packs from Microsoft are
generally bug squashers." Things are different this time. Service Pack 2
addresses security concerns, fixes previous security issues, and implements
new security features. In case you are slow on the uptake, Windows XP
Service Pack 2 is all about security. The coming Service Pack is huge -
weighing in at 220MB or so !!!  When it comes out I would wait a week or two
to see that there are no major problems with it and then download and
install it. It is set to come out sometime in Summer 2004. [BTW, checking a
few Windows websites and checking for update problems is a good policy
before downloading major updates, in most cases a day or two after any
critical update is enough , though in the case of Service Packs I would wait
a week or so. The same goes for updates in the other categories.
Service packs for Win ME and 2000 are also available and contain many fixes
and patches too.
If you want to read all about the next Service pack for XP go to -
Windows [your version] Updates - this is the second category. Here you will
find updates that pertain not only to security but also to updates and newer
versions of programs on your computer. Anything from Windows itself to Media
player or DirectX and so on. These updates are important - but not critical
and some [ for instance journal viewer or .net updates, are not needed by
everybody]. Here I recommend reading each and every update in detail and
choosing what you really need. Again, visiting websites that deal with
Windows will give you insight into what is what.

Driver Updates - this is the last category. Here you'll find updates for
software drivers that have been created outside of Microsoft, certified by
Microsoft and which in most cases update software that is not Microsoft
stuff - such as Video drivers or Burner drivers. These you can ignore if you
want, though in most cases they do enhance performance. Again check out info
on websites and newsgroups.

That's about it for WU. Now on to other stuff ......

Spyware or in other words stuff that somehow (g) shows up on your comp
unintended [not virii or worms, but trojans generally fall under this
category] .  Also called adware, spyware is any software that covertly
gathers information through your internet connection without your knowledge,
usually for advertising purposes. Spyware applications are typically a
hidden component of freeware or shareware programs that can be downloaded
from the internet. Once installed, the spyware monitors your activity on the
internet and your computer and transmits that information in the background
to someone else. Spyware can also gather information about e-mail addresses
and even passwords and credit card numbers.
Spyware is similar to a Trojan horse in that you unwittingly install the
product when you install something else. A common way to become a victim of
spyware is to download certain peer-to-peer file swapping products that are
available today.
Aside from the questions of ethics and privacy, spyware steals from you by
using the computer's memory resources and also by eating bandwidth as it
sends information back to the spyware's home base via your internet
connection. Because spyware is using memory and system resources, the
applications running in the background can lead to system crashes or general
system instability.
Because spyware exists as independent executable programs, they have the
ability to monitor keystrokes, scan files on the hard drive, snoop other
applications, such as chat programs or word processors, install other
spyware programs, read cookies, change the default home page on the Web
browser, consistently relaying this information back to the spyware author
who will either use it for advertising/marketing purposes or sell the
information to another party.
Licensing agreements that accompany software downloads sometimes warn the
user that a spyware program will be installed along with the requested
software, but the licensing agreements may not always be read completely
because the notice of a spyware installation is often couched in obtuse,
hard-to-read legal disclaimers.

That is more or less what Spyware is... now, there are quite a lot of
programs that claim to clean them out of your computer , most do a fairly
decent job. Personally I recommend two programs that you should run in
tandem [one after the other] as each have a slightly different spectrum that
they scan - thus you can catch almost certainly 100% of the spyware that you
might have.
First is Ad-Aware

Lots of updates to it's database - quite thorough with quite a few options.
I also recommend their latest addition called Ad-aware Cloak 1.0. It is
designed to allow Ad-aware to open fully when there are items on the system
which close Ad-aware when it attempts to start, such as some CoolWebSearch
variants.  To use Ad-aware Cloak, save it to your system, and run the
program before opening Ad-aware.  Once Ad-aware Cloak opens, click "Activate
Cloak" and then open Ad-aware and scan as normal.  When you are done using
Ad-aware, close Ad-aware Cloak. It can be found at

Second is Spy-Bot -

Search and Recover Don't forget to update it before running it the first
time. It updates at a slower rate than adaware but non the less is very
comprehensive. Also I recommend using the "immunize" function as well as
options to lock down your "HOSTS" file and Explorer Homepage.

Also - the online scan at Trend Micro does a very good job of not only
finding and eradicating virii but also gets a lot of spyware. It can be
found at -

All this is good and well - but there are 2 additional things that you
should have running on your comp - an Antivirus program [always keep this
updated] and a good firewall. If we want to delve into a discussion about
that, well I'll just have to write up another email - just ask.

Okay, now on to Buffer Overrun and Underrun.

These are 2 totally different things. But first lets explain what buffer
means in computer context - A buffer is a temporary storage area, usually in
RAM. The purpose of most buffers is to act as a holding area, enabling the
CPU or a program to manipulate data before transferring it to a device or to
apply it.

Because the processes of reading and writing data to a disk are relatively
slow, many programs keep track of data changes in a buffer and then copy the
buffer to a disk. For example, word processors employ a buffer to keep track
of changes to files. Then when you save the file, the word processor updates
the disk file with the contents of the buffer. This is much more efficient
than accessing the file on the disk each time you make a change to the file.

A Buffer Underrun happens when you are burning a CD and the data that is
streaming onto the CD is for some reason stopped [this is the actual
Underrun, as what was in the buffer is used up and there is no more data to
pass on to the CD Burner at that point in time], what happens then is that
the Burner can no longer continue to burn the CD and you end up with yet
another coaster. Some of the ways to avoid this, especially if you have a
slower computer are - burn your CD's at a lower than the maximum capable
speed of the burner, avoid doing other stuff on the comp while burning CD's
and turn of the screensaver so it will not start-up during the burning
process. Most of the latest versions of burning software now have the
capability of automatically stopping the screensaver from starting and also
use an extra bit of coding that helps avoid Underruns [though does not
always work 100% - especially if you burn at high speed].

A Buffer Overrun is something different - This happens when the data
transferred to a buffer exceeds the storage capacity of that buffer and some
of the data "overflows" into another buffer, one that the data was not
intended to go into. Since buffers can only hold a specific amount of data,
when that capacity has been reached the data has to flow somewhere else,
typically into another buffer, which can corrupt data that is already
contained in that buffer. Malicious hackers can launch buffer overflow
attacks wherein data with instructions to corrupt a system are purposely
written into a file in full knowledge that the data will overflow a buffer
and release the instructions into, in most cases, the computer's Operating
Systems instructions.
This, is malicious code that is written to exploit a hole in a program and
cause it to do something you never intended or crash it or windows.
These Overruns can be found in programs where the programmer never
envisioned that someone would send code that would cause an overflow, mainly
in older code or in sloppy coding or where the program has not yet been
The main problem being that malicious code is being written in areas that
until now were believed to be "sacred", the whole outlook for programmers
has changed a lot in the last year or so .

Okay, that's about it - again, further questions are welcome.

N.B. This email written while listening to music by Vanessa Mae

TTFN - Vic

To unsubscribe from this list send an email to
pcductape-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by logging into the Web interface. 

To view the message archives simply go to: 

Other related posts: