[pcductape] Re: Was [Can anyone tell me what this means?] now -Security in Windows

  • From: Lisa Schnepf <lars2@xxxxxxxxxxxxx>
  • To: pcductape@xxxxxxxxxxxxx
  • Date: Thu, 05 Feb 2004 02:21:59 -0500

Vic,
 
  Thank you for all of the information!  I'm going to save this email
and check out some of the links.  I'm using Ad-aware and Spybot (now)
and will check out Ad-aware Cloak.  I figured I probably needed the
Critical Updates.  Only thing is, I installed them all at once. Hope I
didn't cause any problems by doing that.  So far, everything seems ok.
The Windows Updates I'll have to check out.  Some of them I obviously
don't need but some I'm not sure of.  I'll check out the link for the
next Service Pack. too.  Thanks for the info on spyware- I didn't
realize how dangerous it actually is!  I didn't forget you're a beta
tester.  I always look for your replies to problems and questions. I
have an antivirus program and a firewall running on my computer- both
are Norton, which if I remember correctly, you don't like. So far,
they've been good to me. I use Norton Internet Security and Norton
Systemworks.  Lately, I've been getting a LOT of messages that someone's
trying to hack into the computer and Norton has blocked it. Can that be
because I didn't have the Critical Updates?  Thanks for explaining the
Buffer Overrun and Underrun.  I'll have to read that one over a couple
of times to make sure I got it straight.  As always, thank you for all
of your help!!! 
 
Lisa

-----Original Message-----
From: pcductape-bounce@xxxxxxxxxxxxx
[mailto:pcductape-bounce@xxxxxxxxxxxxx] On Behalf Of Victor Firestone
Sent: Wednesday, February 04, 2004 1:37 PM
To: pcductape@xxxxxxxxxxxxx
Subject: [pcductape] Was [Can anyone tell me what this means?] now -
Security in Windows




Lisa,

First of all - WARNING - long email - go grab a cup off coffee or some
such , sit down and get all comfy and then read away.
 
Secondly, I am writing this in bigger fonts so everyone will have an
easy read and also Bccing this email to a couple of other lists.
 
Third, some of the info below is slightly technical - further questions
to enhance your understanding are always welcome.


I'll answer your questions below but would like first to recap all that
has been said [by me so far today]. BTW, I am, to remind you, a beta
tester [among other programs] also for Windows Update.

First - Windows Update -
During the last 6 months or so, Microsoft has turned a lot of resources
to plugging security problems in their programs [mainly because of lots
of pressure from outside the company]. This in effect has created many
more patches and fixes [Microsoft jargon for small or not so small
updates that plug/fix security issues]. Some of the problems that are
discovered are easier to fix than others , mainly because some programs
- for example Internet Explorer - are actually  much more than just a
browser. [In the case of Internet Explorer in our example - its' engine
is used to display your email messages in Outlook or Outlook Express
especially HTML messages, Internet Explorer's engine is used in several
different OS's. Dozens of different languages. Thousands of different
applications. Changing one line of code in the innards of Windows means
potentially breaking a large number of applications.]

In any case WU [Windows Update] is divided into 3 categories -
 
[ It's not necessary to install any updates for programs that you aren't
using; for example, if you've disabled Windows Media Player, you don't
need to install updates to it. ]

Critical and Service Packs - these are updates that in most cases close
security holes that are big enough to run a truck through. Get these
updates and install them ASAP, 99% of the time after installing these
updates your system will be okay - though there have been cases when
things have gone wrong - something that is inevitable when you consider
the huge amount of different computer configurations out there. [As an
aside - anyone running Win XP should create a system restore point
before running WU just to be on the safe side, the system itself does
create a restore point but creating one manually and giving it a name
that you will remember can make things a bit easier if you run into
problems. If you do this then you can rest assured that you can always
roll back to the way things were before you updated and then wait till
the problem is solved]. Personally I do Critical WU one at a time, on my
main machine, and wait to see if anything is broken, though when testing
WU I do whole bunches together but that is on a test machine that is
used only for beta testing so if anything breaks there it is no big
deal. If you keep your machine updated to Critical Updates you will be
pretty well off, and updates in this category are less frequent so there
is no hassle in doing an update every time one comes out and waiting in
between updates to see if anything is broken.

This category also includes Service Packs are actually a whole huge pile
of fixes, the next huge Service pack for XP is Service Pack 2. And if
there is one thing Microsoft is preoccupied with right now, it would
have to be security. Microsoft is in the news more for security problems
with Windows (whether fairly or not) than any other issue. With other
operating systems such as Mac OS X (Panther) and Linux (Kernel 2.6)
getting significant updates, some are wondering, what Microsoft is up
to? A few months ago, developers were given a preview to Microsoft
Windows Longhorn. Longhorn is still at least two years away, leaving the
rest of us who use the currently-available Windows XP wondering what the
next big XP update will hold.

Microsoft has taken the wraps off Service Pack 2 for Windows XP. At
first thought, one might think "big deal - Service Packs from Microsoft
are generally bug squashers." Things are different this time. Service
Pack 2 addresses security concerns, fixes previous security issues, and
implements new security features. In case you are slow on the uptake,
Windows XP Service Pack 2 is all about security. The coming Service Pack
is huge - weighing in at 220MB or so !!!  When it comes out I would wait
a week or two to see that there are no major problems with it and then
download and install it. It is set to come out sometime in Summer 2004.
[BTW, checking a few Windows websites and checking for update problems
is a good policy before downloading major updates, in most cases a day
or two after any critical update is enough , though in the case of
Service Packs I would wait a week or so. The same goes for updates in
the other categories.

Service packs for Win ME and 2000 are also available and contain many
fixes and patches too.

If you want to read all about the next Service pack for XP go to -
http://www.arstechnica.com/wankerdesk/04q1/sp2-beta-1.html

Windows [your version] Updates - this is the second category. Here you
will find updates that pertain not only to security but also to updates
and newer versions of programs on your computer. Anything from Windows
itself to Media player or DirectX and so on. These updates are important
- but not critical and some [ for instance journal viewer or .net
updates, are not needed by everybody]. Here I recommend reading each and
every update in detail and choosing what you really need. Again,
visiting websites that deal with Windows will give you insight into what
is what.
 
Driver Updates - this is the last category. Here you'll find updates for
software drivers that have been created outside of Microsoft, certified
by Microsoft and which in most cases update software that is not
Microsoft stuff - such as Video drivers or Burner drivers. These you can
ignore if you want, though in most cases they do enhance performance.
Again check out info on websites and newsgroups.
 
That's about it for WU. Now on to other stuff ......
 
Spyware or in other words stuff that somehow (g) shows up on your comp
unintended [not virii or worms, but trojans generally fall under this
category] .  Also called adware, spyware is any software that covertly
gathers information through your internet connection without your
knowledge, usually for advertising purposes. Spyware applications are
typically a hidden component of freeware or shareware programs that can
be downloaded from the internet. Once installed, the spyware monitors
your activity on the internet and your computer and transmits that
information in the background to someone else. Spyware can also gather
information about e-mail addresses and even passwords and credit card
numbers.
Spyware is similar to a Trojan horse in that you unwittingly install the
product when you install something else. A common way to become a victim
of spyware is to download certain peer-to-peer file swapping products
that are available today.
Aside from the questions of ethics and privacy, spyware steals from you
by using the computer's memory resources and also by eating bandwidth as
it sends information back to the spyware's home base via your internet
connection. Because spyware is using memory and system resources, the
applications running in the background can lead to system crashes or
general system instability.
Because spyware exists as independent executable programs, they have the
ability to monitor keystrokes, scan files on the hard drive, snoop other
applications, such as chat programs or word processors, install other
spyware programs, read cookies, change the default home page on the Web
browser, consistently relaying this information back to the spyware
author who will either use it for advertising/marketing purposes or sell
the information to another party.
Licensing agreements that accompany software downloads sometimes warn
the user that a spyware program will be installed along with the
requested software, but the licensing agreements may not always be read
completely because the notice of a spyware installation is often couched
in obtuse, hard-to-read legal disclaimers.
 
That is more or less what Spyware is... now, there are quite a lot of
programs that claim to clean them out of your computer , most do a
fairly decent job. Personally I recommend two programs that you should
run in tandem [one after the other] as each have a slightly different
spectrum that they scan - thus you can catch almost certainly 100% of
the spyware that you might have.
First is Ad-Aware 
http://www.lavasoftusa.com/software/adaware/
 
Lots of updates to it's database - quite thorough with quite a few
options. I also recommend their latest addition called Ad-aware Cloak
1.0. It is designed to allow Ad-aware to open fully when there are items
on the system which close Ad-aware when it attempts to start, such as
some CoolWebSearch variants.  To use Ad-aware Cloak, save it to your
system, and run the program before opening Ad-aware.  Once Ad-aware
Cloak opens, click "Activate Cloak" and then open Ad-aware and scan as
normal.  When you are done using Ad-aware, close Ad-aware Cloak. It can
be found at http://www.lavasoftnews.com/theeye/i17/a4.html
 
Second is Spy-Bot - 
http://www.safer-networking.org/
 
Search and Recover Don't forget to update it before running it the first
time. It updates at a slower rate than adaware but non the less is very
comprehensive. Also I recommend using the "immunize" function as well as
options to lock down your "HOSTS" file and Explorer Homepage.
 
Also - the online scan at Trend Micro does a very good job of not only
finding and eradicating virii but also gets a lot of spyware. It can be
found at - 
http://housecall.trendmicro.com/
 
All this is good and well - but there are 2 additional things that you
should have running on your comp - an Antivirus program [always keep
this updated] and a good firewall. If we want to delve into a discussion
about that, well I'll just have to write up another email - just ask.
 
Okay, now on to Buffer Overrun and Underrun.
 
These are 2 totally different things. But first lets explain what buffer
means in computer context - A buffer is a temporary storage area,
usually in RAM. The purpose of most buffers is to act as a holding area,
enabling the CPU or a program to manipulate data before transferring it
to a device or to apply it.
 
Because the processes of reading and writing data to a disk are
relatively slow, many programs keep track of data changes in a buffer
and then copy the buffer to a disk. For example, word processors employ
a buffer to keep track of changes to files. Then when you save the file,
the word processor updates the disk file with the contents of the
buffer. This is much more efficient than accessing the file on the disk
each time you make a change to the file. 
 
A Buffer Underrun happens when you are burning a CD and the data that is
streaming onto the CD is for some reason stopped [this is the actual
Underrun, as what was in the buffer is used up and there is no more data
to pass on to the CD Burner at that point in time], what happens then is
that the Burner can no longer continue to burn the CD and you end up
with yet another coaster. Some of the ways to avoid this, especially if
you have a slower computer are - burn your CD's at a lower than the
maximum capable speed of the burner, avoid doing other stuff on the comp
while burning CD's and turn of the screensaver so it will not start-up
during the burning process. Most of the latest versions of burning
software now have the capability of automatically stopping the
screensaver from starting and also use an extra bit of coding that helps
avoid Underruns [though does not always work 100% - especially if you
burn at high speed].
 
A Buffer Overrun is something different - This happens when the data
transferred to a buffer exceeds the storage capacity of that buffer and
some of the data "overflows" into another buffer, one that the data was
not intended to go into. Since buffers can only hold a specific amount
of data, when that capacity has been reached the data has to flow
somewhere else, typically into another buffer, which can corrupt data
that is already contained in that buffer. Malicious hackers can launch
buffer overflow attacks wherein data with instructions to corrupt a
system are purposely written into a file in full knowledge that the data
will overflow a buffer and release the instructions into, in most cases,
the computer's Operating Systems instructions.
This, is malicious code that is written to exploit a hole in a program
and cause it to do something you never intended or crash it or windows.
These Overruns can be found in programs where the programmer never
envisioned that someone would send code that would cause an overflow,
mainly in older code or in sloppy coding or where the program has not
yet been updated.
The main problem being that malicious code is being written in areas
that until now were believed to be "sacred", the whole outlook for
programmers has changed a lot in the last year or so .
 
Okay, that's about it - again, further questions are welcome.
 
N.B. This email written while listening to music by Vanessa Mae


~~~~~~~~~~~~~~~~~~~
TTFN - Vic

To laugh often and much; to win the respect of intelligent people and
the affection of children; to earn the appreciation of honest critics
and endure the betrayal of false friends; to appreciate beauty,
to find the best in others; to leave the world a little better;
whether by a healthy child, a garden patch or a redeemed social
condition;
to know even one life has breathed easier because you have lived.
~~~~~~~~~~~~~~~~~~~~~

-----Original Message-----
From: pcductape-bounce@xxxxxxxxxxxxx [
<mailto:pcductape-bounce@xxxxxxxxxxxxx>
mailto:pcductape-bounce@xxxxxxxxxxxxx] On Behalf Of Lisa Schnepf
Sent: Wednesday, February 04, 2004 7:51 AM
To: pcductape@xxxxxxxxxxxxx
Subject: [pcductape] Re: Can anyone tell me what this means?

Ok, question- Buffer Overrun in Messenger Service Could Allow Code
Execution (828035) What exactly does that mean? I see Buffer Underrun in
my CD burner software, and don't know what that means, either.  I don't
have Messenger running in the background.  (I'm assuming they mean MSN
Messenger?) Do you think I need the patch?

Lisa


-----Original Message-----
From: pcductape-bounce@xxxxxxxxxxxxx
[ <mailto:pcductape-bounce@xxxxxxxxxxxxx>
mailto:pcductape-bounce@xxxxxxxxxxxxx] On Behalf Of Bob Noble
Sent: Tuesday, February 03, 2004 11:52 PM
To: pcductape@xxxxxxxxxxxxx
Subject: [pcductape] Re: Can anyone tell me what this means?


Hi Lisa,
I'd say don't buy it because it is not taking you to a Microsoft web
site. The address should say Microsoft.

There is a patch by this name, which you can get here.

 <http://support.microsoft.com/default.aspx?scid=kb;en-us;828035>
http://support.microsoft.com/default.aspx?scid=kb;en-us;828035

It could be that someone is using this legit patch to suck people in.

Never, never get a patch from anywhere, but Microsoft.

If there is something you are not sure of do searches on it instead. Bob
Noble www.sonic.net/bnoble
----- Original Message -----
From: "Lisa Schnepf" <lars2@xxxxxxxxxxxxx>
To: "SAYQ" <sayq@xxxxxxxxxxxxxxx>
Cc: <pcductape@xxxxxxxxxxxxx>
Sent: Tuesday, February 03, 2004 8:20 PM
Subject: [pcductape] Can anyone tell me what this means?


> I keep getting this box that pops up on my desktop for no reason.  Is
> it legit?  Should I go to the website it's mentions to download a
> patch??
> 
> Thanks.
> 
> 
>
> 
> Lisa
> ~~Just remember, if the world didn't suck, we'd all fall off...~~

Other related posts: