Published on Windows DevCenter (http://www.windowsdevcenter.com/)
http://www.windowsdevcenter.com/pub/a/windows/2005/07/05/scripting.html
See this if you're having trouble printing code examples
Is This Security Alert Really from Microsoft?
by Mitch Tulloch, author of Windows Server Hacks
07/05/2005
Although you can use Automatic Updates (AU) to keep your Windows XP computer
up to date with security patches, it's also good to know exactly what these
patches are doing and why they're necessary. One way of doing this is to
periodically visit www.microsoft.com and click on the Security link under
the Product Resources heading. This takes me to Microsoft's Trustworthy
Computing: Security home page, where I find a prominent link to the current
month's security updates, which has a link to security guidance on TechNet,
where if I just wanted a quick summary I would probably select the Want Less
Technical Detail? link, which takes me to a page where I can find a link
that says Review the nontechnical summaries, which has a link called This
month's security updates summary, which takes me back to where I was earlier
and tells me almost nothing about the updates for this month. So this time
I'll instead click on security guidance on TechNet and select Microsoft
Security Bulletin Summary for June 2005, which finally gives me what I'm
looking for--albeit at a technical level that some home users could find
daunting. (There seems to be a gap between what Microsoft considers "less
technical" detail and "more technical" detail for security bulletins.)
Anyway, there's got to be an easier way of getting information about the
patches AU is applying to my system. The answer is to subscribe to email
alerts from Microsoft Technical Security Notification Services. These
notifications are usually sent out once a month by Microsoft via email to
alert administrators about details concerning recently found security
vulnerabilities in Windows and the patches that fix them. Once you subscribe
to this service, which requires Microsoft Passport, you can receive the
alerts in your inbox and keep abreast of what patches AU is applying to your
machine.
Of course, not every email that arrives in your inbox and purports to be
from Microsoft is actually from Microsoft. Some security bulletins that
appear to be legitimate are actually messages with worms or viruses
attached, while others are phishing attempts to redirect your browser to a
bogus site that can capture sensitive personal info from you or install a
Trojan on your machine. How can you tell if a security bulletin in your
inbox is really from Microsoft and not from some bad guy? Microsoft tells us
four ways to do this, which basically amount to the following:
* If the email has an attachment, don't open the attachment. The email
did not come from Microsoft, since the company never includes attachments in
its security bulletins. Delete the email immediately.
* If the URLs in the email begin with http://www.microsoft.com or
https://www.microsoft.com, then the email may or may not be from Microsoft.
If it contains an URL like http://www.microsof1.com or
https://www.micros0ft.com, however, it's definitely not from Microsoft, so
don't click on that URL.
* If you can find the exact information in the bulletin somewhere on
Microsoft's web site, then the email may be from Microsoft. Of course, a
sneaky attacker might craft an email that is almost identical to an
existing, legitimate Microsoft security bulletin and try to fool you into
clicking on a link in it.
* Finally, if you clicked on a link in the email and it took you to an
SSL web site (you can tell this by the closed-lock icon in the status bar),
then you can double-click on the lock icon to verify that the Issued To
field of the web site's digital certificate says www.microsoft.com. Of
course, if you're a nontechnical user, then you're probably out of your
depth here.
Only the first method above is a dead giveaway; that is, if the security
alert email has an attachment, then it's bad and should be deleted. The
other methods rely to various degree on the sophistication, brains,
patience, and good eyesight of the user and are probably not as helpful. But
what more can Microsoft do? I've heard rumors that the next version of IE
will include advanced features to help protect against phishing and spoofing
attacks, but we'll have to wait and see how that works out.
There's more to security alerts than plain old email, however. If you'd
prefer to receive your security alerts from Microsoft by other methods, you
can now get them by RSS feed or Windows Messenger or MSN Messenger. You can
also subscribe to Comprehensive Security Alerts, in which Microsoft will
alert you by email concerning upcoming security bulletins, changes to
existing bulletins, and security advisories on various relevant topics. Then
there are patches for Microsoft Office, for which you can receive email
notification by subscribing to the Inside Office--Product Updates Alert on
the Office Online web site. If an update in this newsletter applies to you,
you can download and apply the update from the Office Update web site. And
if you have other Microsoft software installed on your PC, you can also
search the Microsoft Download Center for news or information about patches
for your software.
All of this is simply to say that monitoring what patches are coming out of
Redmond and why they're needed is not a trivial task. There's lots of
information to watch for and lots of different vehicles to deliver it. How
do you keep abreast of security fixes for your XP machine? What do you find
useful on Microsoft.com and what drives you bananas? Let me know below.
Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell,
Windows Server 2003 in a Nutshell, and Windows Server Hacks.
You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.
