<<<>>><<<>>><<<>>><<<>>><<<>>><<<>>><<<>>><<<>>>
<<>>                 PC Alert               <<>>
<<>>                                        <<>>
<<>>     Where to find the best support     <<>>
<<>>        information on the Web          <<>>
<<<>>><<<>>><<<>>><<<>>><<<>>><<<>>><<<>>><<<>>>

            Issue 36 - 15th September 2000

Welcome to PC Alert, the email newsletter that
keeps you informed of the best new tech support
resources on the Internet.

PC Alert is free. If you like it, why not share
the good news and email a copy to a friend or
colleague?

PC Alert is sponsored by PC Support Advisor and
PC Network Advisor, the standard reference sources
for support professionals.  Find out how much
easier your tech support job can be - get free
copies of PC Support Advisor and Network Advisor now.
Just point your browser at http://www.itp-journals.com.

               <<<>>><<<>>><<<>>>

FROM THE EDITOR

There's a deadly new type of virus about to
wreak havoc with millions of Windows 2000 and NT
machines worldwide.  It uses a technique called
ADS, or Alernative Data Streams, to write itself
into files on NTFS hard disks in such a way that
no existing scanner can detect.

That's the basis of a story which Kaspersky Labs
put out a few days ago.  Kaspersky Labs is an
anti-virus software company and, as if you can't
guess, its scanner is now capable of detecting
these new viruses.

Others in the antivirus industry were quick to
retaliate.  Network Associates said that its
scanner can already detect ADS viruses, but that
no such virus has yet been discovered outside of
the virus companies' research labs so there's no
need for anyone to panic.

At least 2 companies have made available a free
program to detect ADS viruses.  These, we
are told, clearly illustrate that ADS viruses
are far from undetectable and that Kaspersky was
simply trying to scare people into buying its
own software products.

If you enjoy a good argument, keep an eye on
this one. It'll run and run.  The antivirus
software people have never been on particularly
friendly terms with each other, and this episode
does nothing to change that situation.
 

Robert Schifreen

PS:  Do you have a favourite site that you'd like to
see featured in PC Alert?  If so, send details to me
at pcalert@itp-journals.com.
 

          <<<>>><<<>>><<<>>><<<>>><<<>>>

IN THIS ISSUE

1. TOP SUPPORT SITES
    - Security Q&A
    - IBM drivers and more
    - Server Scanning

2. SUPPORT UTILITIES
    - WinZapper
    - Free ADS Virus Scanner
    - IIS Security Tool

3. SERVICE RELEASES AND PATCHES
    - Still Image Service Privilege Escalation
    - IE 5.5 Privacy Update
    - Malformed RPC Packet Patch
    - Unicast Service Race Condition

4. OTHER USEFUL STUFF
    - Power Utility Pak 2000
    - Web Server Security Tips
    - Windows Me vs Windows 2000

5. TECH SUPPORT RESOURCES
    - How to dual-boot Windows 2000
    - Troubleshooting a Switched Network

          <<<>>><<<>>><<<>>><<<>>><<<>>>

1. TOP SUPPORT SITES
====================

Security Q&A
SecurityPortal is one of the best Web sites for
providing IT security news, and it now sports a
Q&A column which goes under the name of Ask Buffy.
You can access the archives at
http://www.securityportal.com/research/research.buffyarchive.html,
which contain a wealth of useful and timely tips
on protecting your systems from attack.
PC Alert Rating: Highly Recommended

IBM drivers and more
At http://www3.software.ibm.com/download/ you'll
find a collection of IBM drivers to download,
including drivers for LANs, monitors, Aptivas,
ThinkPads, printers, IntelliStations and more.
PC Alert Rating: Recommended

Server Scanning
Sunbelt Software has launched a new automated
service which will, for an annual subscription,
attempt to hack into your servers and produce
a report about any weaknesses it finds.
QualysGuard is updated daily to take account of
new security threats.  Watch a demo at
http://www.sunbelt-software.com/product.cfm?id=545
PC Alert Rating: Highly Recommended

2. SUPPORT UTILITIES
====================

WinZapper
WinZapper could well be useful for support staff.
But it's also a demonstration of a new type of
tool which could prove highly dangerous in the
wrong hands.  It allows you to selectively remove
entries from the Windows NT event log.  Thus
someone could use it to cover their tracks after
breaking into a server.  You can read more about
WinZapper, and get your own copy, at
http://ntsecurity.nu/toolbox/winzapper

Free ADS Virus Scanner
Crucial Security has released a free tool which
claims to be able to detect ADS viruses, as
discussed above.  Get it at
http://www.crucialsecurity.com

IIS Security Tool
Microsoft has released a free tool to help
IIS administrators ensure that their servers
are running all the latest security patches.
The tool is called HFCheck and you can get it at
http://www.microsoft.com/technet/security/tools.asp

3. SERVICE RELEASES AND PATCHES
===============================

Still Image Service Privilege Escalation
Microsoft has issued a security patch for Windows
2000 that fixes a bug which could allow a local user
of a machine to become an Administrator.
http://www.microsoft.com/technet/security/bulletin/fq00-065.asp

IE 5.5 Privacy Update
In response to recent criticism, Microsoft
has released the beta of a security add-on
for Internet Explorer 5.5 which provides
more powerful options for managing cookies.
You can now specify that you wish to accept
cookies from sites that you intentionally
visit but not allow them from advertisers.
Get it from http://www.microsoft.com/ie.

Malformed RPC Packet Patch
In its 66th security patch to be released
this year, Microsoft has fixed yet another
potential Denial of Service problem in
Windows 2000.  You can download the patch from
http://www.microsoft.com/technet/security/bulletin/fq00-066.asp

Unicast Service Race Condition
Microsoft has also issued a patch for Windows
Media Services, which fixes a potential Denial
of Service problem. You can download the patch at
http://www.microsoft.com/technet/security/bulletin/fq00-064.asp

4. OTHER USEFUL STUFF
=====================

Power Utility Pak 2000
The PUP 2000 is a collection of 50 add-ins
and functions to enhance the functionality
of Excel 2000.  Ideal for your power users
who need more power than Excel can provide.
You can grab a copy from the Web site at
http://one.digital.cnet.com/cgi-bin1/flo?y=eye0BpW80Oc0ETPS

Web Server Security Tips
Is your corporate Web server allowing hackers
in?  Read some useful tips on securing
your Web server against intruders at
http://one.digital.cnet.com/cgi-bin1/flo?y=eye0BpW80Oc0EUku

Windows Me vs Windows 2000
There are now 2 Windows platforms, namely
Me (Millennium Edition) and 2000.  It's time
to accept that 95, 98 and NT are officially
obsolete.  So which of the new flavours should
you choose?  Information to help you decide is at
http://one.digital.cnet.com/cgi-bin1/flo?y=eye0BpW80Oc0EapD

5.  TECH SUPPORT RESOURCES
==========================

How to dual-boot Windows 2000
If you want to evaluate Windows 2000 but you
don't have a spare PC to dedicate to the task,
installing a dual-boot configuration is the
answer.  But if you don't do it right, you'll
destroy the existing OS and will need to reinstall
all the applications again.  In the current issue
of PC Support Advisor, there's an article which
explains everything you need to know.  Read the
full article at http://www.itp-journals.com.

Troubleshooting a Switched Network
The current edition of PC Network advisor contains
a detailed article which outlines some of the most
common problems that affect switched networks
and explains how to fix them.  Read it online
at http://www.itp-journals.com.
 

<<<>>><<<>>><<<>>><<<>>><<<>>><<<>>><<<>>><<<>>>

                  ABOUT PC ALERT

PC Alert is produced by International Technology
Publishing, the publishers of PC Support Advisor
and PC Network Advisor, the standard resource
publications for tech support professionals.

PC Alert is free. If you like it, why not share
the good news and email a copy to a friend or
colleague.

Discover how much easier tech support can be!
Order your free trial copies of PC Support Advisor
and PC Network Advisor at http://www.itp-journals.com.

To subscribe to PC Alert, point your Web browser at
http://www.itp-journals.com/al_about.htm or send
a totally blank email (no subject or body required)
to pcalert-subscribe@itp-journals.com.

To unsubscribe, send a blank email to
pcalert-unsubscribe@itp-journals.com.

You can subscribe a friend or colleague to PC Alert
directly.  He or she will then receive an email request
for confirmation.  To do this, send a blank email to
pcalert-subscribe-aaaa@itp-journals.com, where
aaaa is your friend or colleague's email address. Note
that you must replace the @ sign in your friend or
colleague's email address with an = sign.

For example, to subscribe jsmith@aol.com send a
blank email to:

pcalert-subscribe-jsmith=aol.com@itp-journals.com

(c) Copyright International Technology Publishing 2000