wintweaks.netfirms.com

3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES

3.1 Microsoft Security News

November's set of security patches from Microsoft contains just 2 fixes, one of which is described as important and the other as critical. If your PCs are set to download and install updates automatically then you should already be protected, but it's always a good idea to visit Microsoft's security website occasionally and opt for an automatic check to ensure that you're not missing any important updates.

The "critical" rated patch, MS07-061, finally fixes a problem that has been known and exploited since mid-year. The flaw meant that a Windows user who clicked on a carefully crafted malicious URL could have his or her PC compromised by a hacker. The problem was originally blamed on Firefox but Windows was the real culprit. The flaw affects all recent Windows versions.

The "important" patch, MS07-062, affects only Windows Server 2000 and Windows Server 2003. Microsoft says that a spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations.

Further details of the Microsoft November updates can be found here [1]. All the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and will require a considerable period of time online to be successfully downloaded. If you are not certain that you have received the updates, then visit the Microsoft Update Service [2] now.

[1] http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx

[2] http://update.microsoft.com (Requires IE5 or later)

3.2 Multiple Patches for Oracle Products

Oracle's latest batch of security updates, which it releases on a quarterly basis, appeared in October and contains 51 updates for various Oracle products including the Oracle Database, Application Server, E-Business Suite, Collaboration Suite, and its PeopleSoft product line. All of the updates are described as critical, and Oracle is advising customers to install them as soon as possible.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

3.3 Storm Worm Gets Even Sneakier

The Storm worm (also known as Dorf and eCard) is believed to have infected up to 50 million PCs worldwide. The infected machines form a huge botnet under the control of the criminals behind Storm. One of the nastiest aspects of the worm is that it is constantly being updated on the infected machines to avoid detection. According to Sophos analyst Richard Cohen [1] the latest trick in its ever increasing defensive repertoire is to neutralize a wide range of anti-virus software products but instead of killing the AV, it leaves it running. Users thus think they are protected while in reality they are infected. This is just another example of what I've been saying to you in recent issues - you can no longer rely on your AV or other defensive security product to protect you against modern malware. A far better approach is to take a pro-active approach to ensure you don't get infected in the first place. Full details here [2]

[1] http://www.sophos.com/security/blog/2007/10/682.html

[2] http://techsupportalert.com/how-to-secure-your-pc.php

3.4 Microsoft Security At Home

Microsoft publishes various online guides to security, and finding all the information you need can often be confusing. But here's one page that brings together lots of useful facts and links for home users and it's well worth adding to your web favorites. In addition to containing details about the latest patches and fixes that Microsoft has issued, and advice on how to download and install them, there are also topical tips such as how to prevent your neighbors from borrowing your Wi-Fi bandwidth, how to handle suspicious email messages, how to avoid online donation scams and how to stay safe when you're using a public computer.

http://www.microsoft.com/protect/default.mspx

3.5 Microsoft Office 2007 Security Guide

Microsoft has published an excellent set of documents aimed at helping you ensure that Office 2007 is configured for optimum security. If you use Office 2007 at home or at work, and you want to ensure that your computer and your files remain out of the reach of hackers and viruses, this is well worth reading.

http://www.microsoft.com/technet/security/guidance/clientsecurity/2007office/default.mspx

3.6 Apple unleashes Leopard

As every Mac fan will no doubt be aware, Apple finally launched OSX 10.5 this month, known colloquially as "Leopard". It contains more than 300 new features, though many of these are fairly minor. Among the most useful improvements is the automatic backup feature, known as Time Machine, which lets you revert to a previous version of a document (or even an entire folder) if you need to. Spaces is a new feature that allows you to create multiple desktops and switch between them. For example, you might have one arrangement of documents and icons for when you're doing real work and another for leisure times. It's neat, but hardly new; Linux has had it for ages.

The most unwelcome aspect of Leopard is that the default setting for the built-in firewall has reportedly changed. It's now effectively turned off, configured to allow all incoming connections to get through. If you upgrade to Leopard from a previous version of OSX and your firewall is currently turned on, Leopard will change your settings. Easy enough to fix, of course, so long as you're aware that it has happened.

It's surprising that Apple has taken this step. When Microsoft launched Windows XP, and the built-in firewall was turned off by default, security experts called it a bad decision. Microsoft finally saw sense with Service Pack 2 for XP and turned it back on. Hopefully Apple will do the same.

http://www.apple.com

3.7 New Linux Releases Impress

Probably the two biggest players in the world of Linux distributions, Ubuntu and Fedora, each released new versions this month, and each has an animal-related moniker in addition to a conventional version number.

Fedora version 8, better known as Werewolf, has a host of new features, some functional and some cosmetic. Among the cosmetic features is a new desktop theme, including wallpaper that changes color according to the time of day. Perhaps more useful, the functional changes include an improved firewall configuration tool and better support for printers and for running on laptops.

Ubuntu, rapidly becoming the de-facto standard for Linux owing to its adoption by Dell, has released version 7.10, better known as Gutsy Gibbon. Gutsy, too, has a range of new features, including a new desktop theme with semi-transparent window borders and other graphical effects, inspired by Windows Vista yet, in this writer's personal opinion, actually much less intrusive and nicer to use.

Both operating systems can be downloaded now and are completely free of charge. Ubuntu also comes in a Server version, without a graphical interface, which lets you set up a Web server complete with MySQL and PHP support in a matter of minutes.

[1] http://www.fedoraproject.org

[2] http://www.ubuntu.com

3.8 Microsoft Office 2003 SP3

In September, Microsoft released a new Service Pack for Office 2003. Weighing in at a hefty 117 MB, it contains a variety of new bug fixes and security patches, and also contains everything from the previous two service packs. The company is urging all users to download and install the update. Despite what Microsoft urges, I'd be cautious and do some research first. There have been many reports of SP3 causing problems and with Access applications in particular.

http://officeupdate.microsoft.com

3.9 Office 2007 "Save as PDF" Feature Added

One popular feature of the beta version of MS Office 2007, which was removed from the product prior to its official release, was the ability to save document files in PDF format. Apparently it was all down to legal arguments between Microsoft and Adobe, and Microsoft stated that the facility would be re-introduced by way of a downloadable freebie. That freebie has now been released, and adds an option to all of the Office 2007 applications to save your work as a PDF file for easy distribution and printing to those who don't have Office or who don't need to modify the files.

http://tinyurl.com/v46jc (microsoft.com)

3.10 Written to Gizmo in the Last Month?

When I got back from my recent vacation I was confronted with over 1000 emails from subscribers in my in-tray! Answering all these may take a couple of months but I've tried to respond to everything that looked urgent. If I missed your urgent email then please write again. My apologies to all those who offered suggestions or asked questions. I will get back to you but it will take some time.

editor@techsupportalert.com

3.11 New Version of Comodo Firewall Released

Comodo has finally released version 3 of their highly regarded free firewall. New features include full Vista compatibility and a greatly improved HIPS. I've long been a fan of the Comodo firewall; indeed I use it on several of my PCs. However I must note that early releases of previous versions have been troublesome and I expect V3 to follow the same pattern. So unless you are desperate for a free Vista firewall I suggest you hold off installation for a couple of months until any bugs are sorted out. That's what I'll be doing.

http://www.personalfirewall.comodo.com/

Part 1 - 1.0 TOP TECH SITES AND RESOURCES

Part 2 - 2.0 TOP FREEWARE AND SHAREWARE UTILITIES

Part 3 - 3.0 SECURITY PATCHES, SERVICE RELEASES AND UPDATES

Part 4 - 4.0 OTHER USEFUL STUFF

Part 5 - 5.0 TIP OF THE MONTH - Back UP Data Online