CONTENTS
Introduction
Eighth Layer News
Safe Attachments
Windows 2000
Not in The Fine(?) Manual
IT Business in the South West
Industry News
Recommended Web Sites
Subscription Details
==========================================
Introduction
Crushed toads splattered on Dog Lane in Woodbury Salterton are an incontrovertible sign that spring has finished its faltering arrival to the South West of England. The Office has received a spring clean, and an Office LAN has sprung from the chaos.
Welcome to all those people who we signed up from the Windows 2000 launch party - sorry but this issue will focus on Windows 2000 for those who didn't make it.
==========================================
Eighth Layer News
Well the Office now has two PCs, and optimistically an eight port hub - so room for six more little ones.
I'm hoping to build some LINUX boxes to experiment with some network security tools, as well as integrating UNIX and Windows 2000. Anyone with old PCs in the Devon area let me know - I don't need keyboards or monitors - network cards desirable - but they are only ten pounds new.
==========================================
Safe Attachments
I was planning a long diatribe on Browser and E-mail security - but it got too long and boring, so I decided to discuss e-mail attachments, and HTML e-mail messages.
Pretty much any sort of file can be attached to an e-mail message, Word Documents, HTML (Web pages), printer ready formats like Postscript, executables.
Hopefully we all know that executables can contain viruses, and that at the very least we should ensure they are checked with an up to date virus checker.
Everyone who listens to TV news will remember Melissa, and the perils of Macro viruses in Microsoft Word documents. Remember most of these perils also apply to other Microsoft Office documents. Basic precautions here involve up to date virus checkers, and taking advantage of the features of later versions of Office to prompt us if a document contains Macros.
Okay - so other than executables and Microsoft Office are other attachments safe to open?
The answer is, alas, generally no. Typically any attachment will run a program external to your mail program, and expose you to weaknesses in that program.
Examples:
An HTML attachment when opened in a Browser can redirect your Browser to any web site. Web Browser security has been thoroughly examined, but new holes are being found all time.
Some Windows Help files can execute arbitrary programs.
Recently Microsoft released a patch for it's Clip-Art format, where opening Clip-Art(!) would execute any program the person sending it cares to include.
Mitigating the risks created by these other attachments is quite challenging. Ensure that you are up to date on relevant patches. Windows 95 for example has some hideous weaknesses in how it stores passwords if you haven't applied any patches, so your PC might reveal all your passwords should it be compromised by a malicious program.
Similarly more robust operating systems are useful here. Windows NT has far fewer exploits than Windows 95, not least because the end user has far less authority to change important settings on their PC. Malicious code is far more likely to do something that is denied and give itself away.
Okay - so now I have patched up my computers against the known exploits, am I safe?
Safety is a relative concept - your safer. New weaknesses are discovered all the time.
One other area that might be a concern is HTML formatted e-mail messages. Many modern e-mail packages allow you to write e-mail messages in HTML. However HTML formatted messages can contain active content that could be malicious, depending on how your mail package interprets it. Similarly since active content is not necessarily visible in the message - even if your system is unaffected you could forward on the malicious message to a less fortunate recipient.
Most of these e-mail packages allow you some control over how the HTML message is interpreted. For example Outlook Express allows you to specify the security zone in which the HTML is interpreted (I would suggest e-mail messages should be in the restricted sites zone. Note you may want to restrict the settings for the restricted sites zone further than the default settings!)
The risks for most users of mail attachments are far outweighed by the benefits. Like all things in life, computing carries risks, all I hope to do is point out the first steps in mitigating these. Whether they are justified for your business will depend very much on what you do.
For the record - the PC I use for e-mails has; lots of patches, a reasonably up to date virus checker, and the security zone for HTML in e-mail is "Restricted Sites Zone". I have also tightened the security settings on my web Browser to restrict various types of Active Content. The Eighth Layer newsletter is sent in plain text - partly to avoid the above problems, and partly because it is easily read on a variety of platforms (At least one reader has a text only mail client).
==========================================
Windows 2000
The launch party was fun - I particularly enjoyed the audience's clearly expressed cynicism on certain topics.
Windows 2000 would have been called Windows NT 5 in a more sane world. Indeed at least one Microsoft employee corrected himself mid-sentence on this very subject.
Eighth Layer have been busy since the launch party, building a test system, and playing with the bits that interest us, mainly networking (DHCP, DNS, ADS, and TCP/IP).
Generally I am very impressed at the range of new features. However to take advantage of many of these you need to set up ADS (A Directory Service - lists things like machines, users, shares, etc).
Useful business things in Windows 2000
Remote installation service - a set of tools to allow you to load up a standard PC configuration to your server - so that you can quickly install or reinstall new client (Windows 2000) PCs, with all your common applications pre-loaded.
Vastly improved security features - the paranoid can quickly and easily encrypt all network communications, as well as folders or files. Similarly the less paranoid(?) can integrate security with non-Microsoft systems (surely some mistake -Ed) using Kerberos, making systems both more secure and more user friendly.
A built-in terminal server allows enhanced remote administration.
Some of the changes in the handling of foreign language may be of interest to specialists (i.e. Translators) or the Bilingual among us.
Groovy Stuff in Windows 2000
The server ships with web serving software for Multimedia.
The start menu remembers which options you chose frequently, and collapses the rest to keep them out of the way.
("Cool sells" - Bill Gates)
Whilst I would recommend Windows 2000 where Windows NT would have gone before. Many of the benefits will come from having Windows 2000 widely used as both client and server. Many companies may find the minimum hardware requirements mean they will require new hardware.
Some businesses will see this as an opportunity to replace Windows 95 and Windows 98 desktops with new Windows 2000 Professional PCs. Mostly rich businesses, or large businesses who can benefits from both discounts and advantages of scale in Active Directory.
==========================================
"Not in the Fine Manual"
Shortcut to view a folder
You can get a quick view of a directory or disk by typing the path in to the "Run" dialog on the Windows start-up bar. Thus "Start"-"Run"-"A:\Simon\" will show you the contents of the folder Simon on the floppy drive. Since you can use "Ctrl-Esc", followed by "R" - keyboard junkies will find this much quicker than the various mouse clicks and whirring that "My Computer" or "Explorer" require.
How to crash Windows using the above
Windows 95 and Windows 98 have a strange way of interpreting device names when they occur in the path name of a file. This provides a quick and easy way to crash Windows 95 and 98.
First - do save any open documents, and shutdown any applications. We disclaim any liability for damage that may result!!!! Try using the shortcut above to view the folder "C:\con\con". Okay the folder doesn't exist, but con is a reserved name for "Console" in DOS and Windows 95 and 98.
This isn't a result of the shortcut. Any attempt by any program to access this path name will crash Windows. Whilst this is old news - it has received a lot of publicity recently, so look forward to lots of viruses and the like using it to crash PCs.
Who links to my Web Site?
Having discussed a service to spot broken links at and to your web site last time. You might like to get some idea how many people link to your web site, or how many of your web pages have been indexed.
For those covered by the Altavista search engine you can enter a search string beginning with "url:" or "link:", to find which pages are indexed, and which pages are linked to, respectively.
e.g. "url:www.wretched.demon.co.uk" will show which pages I have indexed at Altavista.
"link:www.wretched.demon.co.uk" will show who links to my pages (Not enough of you - apart from Dave's Exeter Chess pages which seem to be rather well indexed at Altavista - Dave claims he doesn't know why)
==========================================
IT Business in the South West of England
Various good news for the region.
Vodaphone are opening a site in Exeter.
Wavetek, Wandel and Goltermann - refuted rumours about closures etc, by announcing merger and expansion plans. WW&G manufacture network testing devices primarily for telecommunication companies.
==========================================
Industry News
Only one announcement of real interest.
Altavista announced it would provide unmetered Internet access in the UK this year - indeed they went further and said after an initial sign-up fee, and a small ongoing annual fee - the service will be effectively free.
First let me declare myself a supporter of the aims of the 'Campaign for Unmetered Telecommunications' (as well as a paid up member - URL in the next section).
Altavista's announcement is important because in the UK the charging scheme for telecommunications means that anyone offering unmetered communications is going to be hit with a large bill - at least until the charging scheme changes.
Personally I think Altavista have perhaps overstepped the mark of sensible competition. I suspect they can only limit the losses they will make by offering a service severely limited in the number of users who can sign up, or use it simultaneously. Some of the UK's existing free ISP's (local call charges apply) have something of a reputation for not supplying enough lines or bandwidth to meet demand. Either way it got them some great publicity.
Still anything that keeps these issues in the public eye will help overturn the shoddy and over priced service most of us receive from British Telecom.
==========================================
Recommended Web Sites
http://www.unmetered.org.uk
Campaign for unmetered telecommunications in the UK.
http://www.hp.com
The HP IT Resource Center available under here is an excellent source of technical help on HP-UX, LINUX and Microsoft products.
http://www.bastille-linux.org
A project aimed at helping the inexperienced administrator do a sensible job of configuring security in LINUX.
==========================================
Subscription Details
Eighth Layer News subscription is still done the old fashion way by hand.
The newsletter is free, and you are welcome to pass it on to colleagues, but please do encourage them to subscribe, so I know who I'm writing for.
To subscribe or unsubscribe e-mail Simon@wretched.demon.co.uk
Copyright Eighth Layer Limited 2000. Remember copyright allows exclusions for study, and personal use, I'll only get upset if you make more money out of my ramblings than I do. Archive copies are kept on the web site http://www.eighth-layer.com/