[ISN] Security UPDATE -- Limit Your Exposure: Don't Use Administrative Accounts -- March 2, 2005

From: InfoSec News (isn@private)
Date: Wed Mar 02 2005 - 23:50:02 PST


====================

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which you 
might be interested. Please take a moment to visit these advertisers' 
Web sites and show your support for Security UPDATE. 

Exclusive Online Event: Email Protection at the Perimeter!
   http://list.windowsitpro.com/t?ctl=3DFB:4FB69

SQL Server Magazine
   http://list.windowsitpro.com/t?ctl=3E0B:4FB69

====================

1. In Focus: Limit Your Exposure: Don't Use Administrative Accounts

2. Security News and Features
   - Recent Security Vulnerabilities
   - Numerous Security Flaws in Web Browsers Remain Unpatched
   - Microsoft Adds Security Guidance Center for Small Businesses

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

4. New and Improved
   - 256-Bit SSL Certificates

====================

==== Sponsor: St. Bernard Software ====

Exclusive Online Event: Email Protection at the Perimeter!
   Learn how you can get award-winning anti-virus protection and 
superior spam blocking while assuring your critical business emails 
get through. Sign up today for this free online product demonstration 
and see the ePrism M500 from St. Bernard Software in action. Discover 
the secret behind the eGuard Analysts and how email is scoured for 
digital fingerprints left by spammers so you won't receive or send 
spam and viruses again! Sign up now!
   http://list.windowsitpro.com/t?ctl=3DFB:4FB69

====================

==== 1. In Focus: Limit Your Exposure: Don't Use Administrative 
Accounts ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You're probably well aware that running your desktop while logged on 
as an administrator can be risky. The reason of course is that 
administrators have full authority on the system, so any program that 
launches under an administrative account can perform almost any 
action you can think of. 

As you'll learn if you read the Security Matters blog item "Windows 
Firewall: Another Good Reason Not to Login as Administrator" 
( http://list.windowsitpro.com/t?ctl=3E02:4FB69 ), spyware 
peddlers have already developed a way of adding their programs to the 
Windows Firewall's list of trusted applications. The spyware 
application simply adds a registry subkey that references the 
application under the subkey that stores trusted applications. Any 
trusted application is allowed to send traffic out of the computer. 
However, adding a subkey to the list of trusted applications works 
only if the user is logged on with administrative authority. So now 
you know one more reason why administrative accounts should be used 
sparingly. 

Mark Minasi recently wrote an interesting editorial in Windows IT Pro 
UPDATE--Special Edition titled "Follow-Up: Why Microsoft Can't Stop 
Root Kits." Minasi pointed out that the primary leverage an intruder 
has is a user logged on with an administrative account. 
   http://list.windowsitpro.com/t?ctl=3E03:4FB69

In a message posted to the Bugtraq mailing list, Chris Wyposal 
pointed out that "The security problem that has created the spyware 
malaise on Windows is the default Windows installation for home 
users, which creates the user's named account in the Administrators 
group. When this account is used to browse the Internet there is no 
protection to prevent spyware/malware from bypassing security 
mechanisms, such as the XP SP2 firewall, by exploiting 
vulnerabilities or tricking the user." 

Wyposal's statement is true. The same thing goes for corporate users 
who use an administrative account primarily for visiting networks 
external to their company network. Wyposal also made the interesting 
prediction that due to the problem of spyware and malicious software, 
Microsoft will eventually change the Windows installation process so 
that at least two accounts are created: one for administrative use 
and another with limited permissions for everyday and Internet use. 
   http://list.windowsitpro.com/t?ctl=3DFF:4FB69

Any of you who've used a Unix-based or Linux-based system know that 
this sort of dual-account use is standard practice. You log on with a 
regular user account, and when you need administrative privileges, 
you can use the "su" (super user) command to temporarily elevate your 
privileges, log out and log back in as "root" or some other 
administrative account, or create another logon session on your 
desktop. 

Windows also lets users elevate their privileges, but this capability 
isn't used nearly as often as it should be. You probably know this 
already, but I'll point it out in case any readers are unaware: A 
simple way to elevate your privileges for specific application use in 
Windows is to use the RunAs feature, which lets you run programs 
under any account context provided that you supply the corresponding 
account password. This feature works great even for desktop systems 
on which some applications might not work correctly except under an 
account with some level of administrative authority. If you need help 
figuring out how to use RunAs, then check the articles at Microsoft's 
Web site. 
   http://list.windowsitpro.com/t?ctl=3E00:4FB69

====================

==== Sponsor: SQL Server Magazine ====

Get SQL Server Magazine and Get Answers
   Throughout the year in 2005, SQL Server Magazine is on target to 
deliver comprehensive coverage of all hot industry topics including, 
SQL Server 2005, performance tuning, security, Reporting Services, 
Integration Services, and .NET development. If you aren't already a 
subscriber, now is the time to sign up. You'll get unlimited online 
access to every article ever published in the magazine and you'll get 
30% off the cover price. Don't miss out . . . sign up today: 
   http://list.windowsitpro.com/t?ctl=3E0B:4FB69

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=3DFE:4FB69

Numerous Security Flaws in Web Browsers Remain Unpatched
   Dozens of security-related problems remain unpatched in the 
Microsoft Internet Explorer (IE), Mozilla Firefox, and Opera Web 
browsers. According to security solution provider Secunia, which 
tracks vulnerabilities in more than 4000 products, some of the 
unpatched browser vulnerabilities are considered to be either 
moderately or highly critical. 
   http://list.windowsitpro.com/t?ctl=3E06:4FB69

Microsoft Adds Security Guidance Center for Small Businesses
   Microsoft added a new Security Guidance Center to its Small 
Business Center Web site. The new content provides security 
information and advice to help businesses create a safer network 
environment. 
   http://list.windowsitpro.com/t?ctl=3E05:4FB69

====================

==== Resources and Events ====

Keeping Critical Applications Running in a Distributed Environment
   Get up to speed fast with solid tactics you can use to fix 
problems you're likely to encounter as your network grows in 
geographic distribution and complexity, learn how to keep your 
network's critical applications running, and discover the best 
approaches for planning for future needs. Don't miss this exclusive 
opportunity--register now!
   http://list.windowsitpro.com/t?ctl=3DF9:4FB69

Get Ready for SQL Server 2005 Roadshow in a City Near You
   Get the facts about migrating to SQL Server 2005. SQL Server 
experts will present real-world information about administration, 
development, and business intelligence to help you implement a best-
practices migration to SQL Server 2005 and improve your database 
computing environment. Receive a 1-year membership to PASS and 1-year 
subscription to SQL Server Magazine. Register now!
   http://list.windowsitpro.com/t?ctl=3DFC:4FB69

Learn What You Can Do When Exchange Disaster Strikes
   Messaging administrators can't always adequately plan for or 
prevent some kinds of disasters. In this free Web seminar, join 
Exchange MVP Paul Robichaux, as he describes some operational 
scenarios in which "disaster recovery" takes a back seat to "business 
continuance." Learn how to be prepared for events that might 
otherwise wipe out your messaging capability. Register now!   
   http://list.windowsitpro.com/t?ctl=3DF8:4FB69

The Must-Attend Event for Securing Your Wireless Deployments
   The Conference on Mobile & Wireless Security delivers on-target, 
need-to-know information on emerging issues and tech trends. 
Featuring first-class keynotes and sessions, an in-depth panel 
discussion, and interactive workshops, you will learn practical 
tactics for overcoming mobile security challenges and real-world 
strategies for maximizing the potential of your wireless devices.
   http://list.windowsitpro.com/t?ctl=3E0D:4FB69

Meet the Risks of Instant Messaging Head On in This Free Web Seminar
   Don't overlook Instant Messaging in your compliance planning. 
Attend this free Web seminar and learn how to minimize IM's 
authentication and auditability risks and prevent security dangers. 
You'll also receive a list of the top requirements to consider when 
choosing a secure IM solution. Sign up now!
   http://list.windowsitpro.com/t?ctl=3DFA:4FB69   

====================

==== 3. Security Toolkit ==== 

Security Matters Blog 
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3E0C:4FB69

Windows Firewall: Another Good Reason Not to Login as Administrator
   Administrator rights are dangerous enough already. Combine them 
with Windows Firewall protecting a system, and somebody from outside 
your network might be able to bypass the firewall. 
   http://list.windowsitpro.com/t?ctl=3E02:4FB69

FAQ
   by John Savill, http://list.windowsitpro.com/t?ctl=3E08:4FB69 

Q. How can I configure Group Policy-based scripts to display when 
they're executed?

Find the answer at
   http://list.windowsitpro.com/t?ctl=3E04:4FB69

Security Forum Featured Thread: Annoying Files That Continually 
Reappear
   A forum participant is wondering about two files on his system, 
wkwgww.exe and hnhihh.exe. He thinks the files are related due to the 
file names. He has the latest updates for his antivirus and 
antispyware scanners, but those tools don't detect anything 
suspicious about the two files. When he deletes the files, they 
reappear on the system. Join the discussion at
   http://list.windowsitpro.com/t?ctl=3DFD:4FB69

====================

==== Announcements ====
   (from Windows IT Pro and its partners)

Get Windows IT Pro at 44% Off!
   Windows & .NET Magazine is now Windows IT Pro! Act now to get an 
entire year for just $39.95--that's 44% off the cover price! Our 
March issue shows you what you need to know about Windows Server 2003 
SP1, how to get the best out of your IT staff, and how to fight 
spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0. 
This is a limited-time, risk-free offer, so click here now:
   http://list.windowsitpro.com/t?ctl=3E07:4FB69

====================

==== 4. New and Improved ====
   by Renee Munshi, products@private

256-Bit SSL Certificates
   XRamp Technologies announced that it's now issuing 256-bit digital 
Secure Sockets Layer (SSL) certificates. The certificates work with 
all browsers and servers that support the 256-bit Advanced Encryption 
Standard (AES) and are backward-compatible for browsers and servers 
that can handle only 128-bit or 40-bit encryption. Microsoft hasn't 
yet implemented 256-bit capability into its servers and browser, but 
256-bit AES encryption is available with Linux Web servers, and the 
free Mozilla Firefox Web browser supports 256-bit AES. A 1-year 256-
bit SSL certificate from XRamp costs $128. Multiyear certificates are 
available at discounted prices. For more information, go to
   http://list.windowsitpro.com/t?ctl=3E11:4FB69

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
whatshot@private

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Security Administrator print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rsecadmin@private If we print your submission, you'll get 
$100. We edit submissions for style, grammar, and length.

====================

==== Sponsored Links ====

Automate Patch Management with Symantec ON iPatch
   http://list.windowsitpro.com/t?ctl=3E12:4FB69

Quest Software
   See Active Directory in a whole new light. And get a free 
flashlight!
   http://list.windowsitpro.com/t?ctl=3E13:4FB69

====================

==== Contact Us ==== 

About the newsletter -- letters@private
About technical questions -- http://list.windowsitpro.com/t?ctl=3E0F:4FB69
About product news -- products@private
About your subscription -- windowsitproupdate@private
About sponsoring Security UPDATE -- emedia_opps@private

====================

This email newsletter is brought to you by Security Administrator,
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal 
users. Subscribe today.
   http://list.windowsitpro.com/t?ctl=3E01:4FB69

View the Windows IT Pro privacy policy at
   http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Thu Mar 03 2005 - 00:17:16 PST