Archive 34

office     Word 2003 Sample: Creating a Custom Spell Checker with Word 2003 and Visual Basic .NET (Mar 16)

This sample file accompanies the MSDN article “Creating a Custom Spell-Checker with Word 2003 and Visual Basic .NET” which demonstrates using the Word object model in conjunction with Microsoft Visual Basic .NET to create a simple spell-checker whose functionality you can add to your own applications. To view the article, click the link in the Related Links section.

You can tie into the objects and methods of Microsoft Office Word 2003 to create powerful applications. To demonstrate creating and using a spell-checker with object and methods from Word, the article describes how to create an application in Visual Basic .NET that checks a text file for spelling errors.

This download presents a complete example of this sample application.

Download: Word 2003 Sample: Creating a Custom Spell Checker with Word 2003 and Visual Basic .NET


office     Microsoft Office XP Web Services Toolkit 2.0 (Mar 16)

The Microsoft® Office XP Web Services Toolkit 2.0 brings the power of XML Web services to Office XP by enabling developers to use the Universal Description, Discovery, and Integration (UDDI) Business Registry or the URL to a Web Services Description Language (WSDL) file to reference XML Web services.

The Office XP Web Services Toolkit 2.0 supports SOAP 3.0 and complex data types. It was updated to support Windows 2000 SP4.

Download: Microsoft Office XP Web Services Toolkit 2.0


update     Bagle Latches on to Anti-Spam Ploy (Mar 15)

Three new Bagle variants discovered over the weekend differ from previous incarnations by using an antispam trick to try to avoid detection by antivirus software–but experts believe the attempt won’t succeed.

The Bagle worm installs a back door on infected systems and could allow a machine to be used as an e-mail gateway for sending spam. Since the beginning of March, Bagle has arrived under the guise of an encrypted Zip file with a password included in the e-mail text. Within days, antivirus companies updated their products to look for the password and decrypt the Zip file.

But now the Bagle author has released three new versions (N, O and P) of the worm that produce the password in the form of a graphic or picture file, so a simple text scan of the infected e-mail will not find the password. This trick is commonly used by Web sites to hide e-mail addresses from Web bots that trawl the Internet looking for potential spam targets.

Cluley said Sophos updated its systems over the weekend to include detection for the new variant. “We can pick up the password, even if it has been put inside a graphic,” he said.

View: Bagle latches on to antispam ploy


office     Trustworthy Messaging at Microsoft (Mar 15)

Microsoft needed to use e-mail for transmitting business-sensitive data but was concerned about security and data privacy. Microsoft’s internal IT group deployed a solution they called trustworthy messaging, offering both senders and recipients three levels of protection for their data. These solutions were based on applying Secure Multipurpose Internet Mail Extensions (S/MIME) digital signatures, S/MIME encryption, and/or rights management policies.

Download: Trustworthy Messaging at Microsoft


office     Exchange Server 2003 Site Consolidation: Preliminary Results (Mar 15)

Description of how Microsoft is consolidating its Exchange Server 2003 infrastructure from seventy-two to six geographic sites. By deploying highly available clustered servers in regional data centers, Microsoft has simplified its messaging infrastructure and advanced its strategy to consolidate IT infrastructure.

Download: Exchange Server 2003 Site Consolidation: Preliminary Results


office     Exchange Server 2003 Security Hardening Guide (Mar 15)

This guide is designed to provide you with essential information about how to harden your Microsoft® Exchange Server 2003 environment. In addition to practical, hands-on configuration recommendations, this guide includes strategies for combating spam, viruses, and other external threats to your Exchange 2003 messaging system. While most server administrators can benefit from reading this guide, it is designed to produce maximum benefits for administrators responsible for Exchange messaging, both at the mailbox and architect levels.
This guide is a companion to the Windows Server 2003 Security Guide . Specifically, many of the procedures in this guide are related directly to security recommendations introduced in the Windows Server 2003 Security Guide. Therefore, before you perform the procedures presented in this guide, it is recommended that you first read the Windows Server 2003 Security Guide.

Download: Exchange Server 2003 Security Hardening Guide


office     Live Communications Server Architecture and Deployment (Mar 15)

Detailed discussion about how Microsoft IT designed and deployed the live communications platform at Microsoft. Microsoft Office Live Communications Server uses industry standard Session Initiation Protocol (SIP) to provide presence information, encrypted real-time communications, a single namespace across trusted forests, and integration with Microsoft Office and other collaboration programs.

Download: Live Communications Server Architecture and Deployment


office     Custom solutions and add-ins that integrate with Outlook 2002 are affected after you apply Office XP Service Pack 3 (SP3) (Mar 13)

This article describes the security-related changes that have been made in Microsoft Office XP Service Pack 3 (SP3). These changes may adversely affect custom solutions that integrate with Microsoft Outlook 2002.

Office XP SP3 includes a wide variety of security-related changes to help reduce the effects of various forms of malicious attacks on your computer and on your Outlook program. However, some of these changes may restrict the functionality that was available before you installed Office XP SP3. Although Microsoft regrets any adverse affect that these changes may have on custom solutions, these changes are necessary to help reduce risk.

The following issues may occur if you install Office XP SP3 with a custom solution, such as a custom form, a COM add-in, Outlook Visual Basic for Applications, or external code that automates Outlook.

View: Microsoft Knowledge Base Article – 838871


office     Exchange Supports Broader Range of Storage Solutions (Mar 12)

Microsoft Corp. today announced support for a broader range of storage solutions for use with Microsoft® Exchange Server 2003, part of Windows Server System (TM) . Customers now will be able to enjoy the benefits of Internet Small Computer Systems Interface (iSCSI) and network attached storage (NAS) storage solutions that have qualified for the Designed for Windows® Logo Program. The Designed for Windows Logo helps customers identify products that deliver a high-quality computing experience with the Microsoft Windows Server (TM) operating system.

“Exchange Server customers have been asking us for the ability to utilize iSCSI and NAS storage devices in an Exchange environment,” said Kevin McCuistion, director of Exchange marketing at Microsoft. “These new storage solutions for Exchange 2003 bring exciting benefits to our customers and are especially valuable in small-business and remote-office scenarios.”

With iSCSI support in Exchange 2003, customers are able to take advantage of an industry-standard storage protocol that is designed to transport block-level storage traffic over Internet Protocol (IP) networks. iSCSI enables low-cost solutions that provide businesses with performance, reliability and security for their storage area networks. The capabilities announced today also will enable customers to easily deploy and maintain Exchange 2003 database files on qualified NAS devices, providing new opportunities for storage consolidation and user access from a local area network through network-addressable content.

View full Press Release: Exchange Supports Broader Range of Storage Solutions


office     Office XP update interferes with spam filters (Mar 12)

Microsoft’s latest set of updates for Office XP is causing headaches for users of two junk mail filtering products.

After installing Office XP Service Pack 3 (SP3), users of Sunbelt Software’s iHateSpam and Cloudmark’s SpamNet are complaining about security warnings popping up with each e-mail message they receive, according to reports on the Windows NTBugtraq mailing list.

Both Sunbelt and Cloudmark acknowledge the problem and have posted support bulletins on their websites. Sunbelt has released an update to its software to fix the problem while Cloudmark said it is working with Microsoft to solve the issue.

Office XP SP3 contains security enhancements for the Office suite in addition to stability and performance improvements.

After installing SP3, each e-mail received triggers a dialogue box alerting the user that a program is trying to access e-mail addresses stored in Outlook and warning that this could be related to a computer virus. There is no indication of what program is accessing Outlook, according to the NTBugtraq posting.

Microsoft is investigating the issue.

View full article: Office XP update interferes with spam filters


other     Windows Messenger and MSN Messenger update (Mar 12)

Windows Messenger 5.0
Windows Messenger is the instant messaging client of choice for businesses in managed environments.

MSN Messenger 6.1 for Windows
MSN Messenger is an instant messaging program that lets you send instant messages to your friends, and much more.


update     More NetSky worms. So much for quitting (Mar 12)

Two new NetSky worms appeared on the scene yesterday, despite a promise by the original author this week to refrain from releasing any more versions.

Differences in the code of NetSky-L and NetSky-M from their 11 older siblings have led anti-virus researchers to suspect that they are the work of a copycat. This suggests the source code of the virus has been leaked.

Text hidden inside NetSky-K said that it would be “the last version”, but warned that the source code would be “available soon”. Releasing the source code would make it far easier for other viruswriters to create new versions of the worm, such as NetSky-L.

Like previous versions, Netsky-L, spreads by email in an attachment. But it contains a number of significant differences from its predecessors.

View: More NetSky worms. So much for quitting


office     Improving Time and Absence Reporting Through Microsoft Office InfoPath 2003 (Mar 12)

Discussion of how Microsoft IT improved the usability of its internal time and absence reporting tool through Microsoft Office InfoPath 2003. The InfoPath solution provides a more intuitive experience for the end user, and has contributed to an increase in compliance for reporting leave and absence data.

Download: Improving Time and Absence Reporting Through Microsoft Office InfoPath 2003


office     Exchange Server 2003 Transport and Routing Guide (Mar 12)

Microsoft Exchange servers use Simple Mail Transfer Protocol (SMTP) to communicate with each other and to send messages. SMTP is part of the Microsoft Windows Server 2003 or Windows 2000 Server operating system. This guide discusses basic components of transport and routing, explains how SMTP works in Exchange Server 2003, provides information on configuring a routing topology, discusses deployment scenarios, suggests ways to help secure your infrastructure, and offers troubleshooting tips.

Download: Exchange Server 2003 Transport and Routing Guide


office     Office XP Alternative User Input Update: KB832668 (Mar 12)

The Microsoft Office XP Alternative User Input Update: KB832668 updates the framework that is used to support advanced text services in Office XP.

Download: Office XP Alternative User Input Update: KB832668


Sperry Software
Use "BH93RF24" to get a discount when ordering!

Archive 33

office     Hosted Solution Facilitates Team Collaboration (Mar 12)

Overview of how the Global Identity Management Team (GIdMT) leveraged Microsoft IT’s centrally-hosted Windows SharePoint Services collaboration environment to quickly and easily build a team site. By providing the SharePoint collaboration environment to teams across the corporation, Microsoft IT benefits from associated economies of scale and lowered support costs.

Download: Hosted Solution Facilitates Team Collaboration


office     Exchange Server 2003 Design and Architecture (Mar 11)

Microsoft IT had operated a complex, worldwide messaging infrastructure at Microsoft that used over 100 mailbox servers running in 75 locations worldwide, using a variety of non-scalable hardware configurations. Microsoft IT upgraded to use Exchange Server 2003 on clustered Windows Server 2003 servers attached to Storage Area Network systems. As a result, Microsoft IT consolidated mailbox servers, improved mobile messaging, and enhanced its ability to backup and restore mailbox data to better meet its Service Level Agreements.

Download: Exchange Server 2003 Design and Architecture


office     Excel 2003 Samples: Expense Report and XML Schema (Mar 11)

This download contains two sample files that accompany the Office Online article Turn around expense reports in a snap with Excel 2003 and XML. The first file is an Excel spreadsheet that demonstrates how to use Excel 2003 to create a typical expense report. The second file is an XML schema file used to map XML elements to cells in the spreadsheet.

Download: Excel 2003 Samples: Expense Report and XML Schema
View: Turn around expense reports in a snap with Excel 2003 and XML


office     Project Server 2003: Multilingual User Interface (MUI) Packs (Mar 11)

Microsoft® Office Project Server 2003 supports use by multilingual and multinational companies with a language plug-in called the Multilanguage User Interface Pack (MUI Pack). To add language support after you have finished installing Project Server, simply install the MUI Pack for the language you want to add.

MUI Packs for Project Server can only be installed on a computer that already has Project Server installed.

Download: Project Server 2003: Multilingual User Interface (MUI) Packs


update     Outlook flaw riskier than thought (Mar 11)

Alright, if you don’t get it by now; click here and run Office Update

Microsoft has raised the severity rating of an Outlook flaw to “critical,” the highest level, after its initial analysis was challenged by the researcher who found the security hole.

The vulnerability in Outlook 2002, first publicized on Tuesday, when Microsoft released a patch, could allow an attacker to use a malicious Web site to cause an affected PC to download and execute a program.

When Microsoft released its fix, it said it believed that the attack could only be accomplished if a PC user had the “Outlook Today” folder as the default home page in Outlook 2002. Now, after being alerted by Jouko Pynonnen, the Finnish security researcher who found the flaw, it says the potential for attack is greater.

“After we released the bulletin, we were made aware that (the ‘Outlook Today’ restriction) could be gotten around by the attacker,” said Stephen Toulouse, the program manager for Microsoft’s Security Response Center. Toulouse stressed that the patch provided to customers on Tuesday prevents any attack, even though the hole is larger than first thought.

View full article: Outlook flaw riskier than thought


info     Securing Cyberspace (Mar 11)

Last month, Microsoft and leading Internet service providers from many nations united in a common cause: to better protect more than 150 million customers from the hacker attacks that periodically threaten to disable computers and disrupt Internet traffic.

The Global Infrastructure Alliance for Internet Safety was formed to help members respond faster and more effectively to outbreaks of software viruses, worms and other malicious code. Already, the group has played a crucial role in analyzing the recent “MyDoom” virus, developing tactics to curb its proliferation and helping customers guard against it.

The Alliance is one of several promising efforts by industry and government to improve computer security. In the past decade, millions of people and businesses have come to enjoy and rely upon the Internet, but its highly beneficial connectivity has had the unfortunate side effect of making it easier for criminals to launch online attacks that disrupt our shared information infrastructure.

Although there is no quick or easy way to completely protect against cyberattacks, Microsoft is committed to enhancing the security of our products and customers and collaborating to make computing safer.

To start, we are using state-of-the-art engineering practices and processes that make our software more secure by design. We began shipping new versions of key products in their most secure configurations, to provide higher levels of protection by default. And we have been improving how we disseminate software security updates to make them easier for customers to install and maintain.

View full article: Securing Cyberspace


office     Live Communications Server 2003 Update: Exchange Migration Scripting Files (Mar 11)

This download provides new versions of four scripting files that were included with Live Communications Server 2003. You should download and use these updated scripting files if you plan to migrate from Microsoft Exchange 2000 Instant Messaging to Live Communications Server 2003.

The following files are updated with this release:

  • rtcimpac.wsf

  • rtcish.wsf

  • rtcmcon.wsf

  • rtcsipen.wsf

The updated files resolve the following issues:

  1. The scripts can construct the SIP URIs inconsistently even though the migration appears to succeed.

  2. When renaming the URI to use the Exchange Instant Messaging account instead of the domain account name, it can fail with an Event Log entry indicating that the target URI is in use in the database.

  3. You might receive an error message “Failed to perform LDAP Query for user” due to an error in parsing logic while performing an LDAP search that retrieves attributes from that user object.

Download: Live Communications Server 2003 Update: Exchange Migration Scripting Files


info     Army to Gates: Halt the free software (Mar 10)

Microsoft has been mailing free copies of its pricey Office productivity software to government employees, but CNET News.com has learned that at least two federal agencies are warning recipients to return the gifts or risk violating federal ethics policies.

Since the launch of Office 2003 last year, Microsoft has given out tens of thousands of free copies of its flagship software, which retails for about $500, to workers at its biggest customers. The giveaway was expanded to government workers this year, but ethics offices at the Department of the Interior and Department of Defense have said the offers constitute unauthorized gifts and must be returned.

The Department of the Army went a step further, calling on Microsoft Chairman Bill Gates to stop sending the software to Army personnel.

View full article: Army to Gates: Halt the free software


info     Anti-piracy directive could expose consumers (Mar 10)

The Intellectual Property Rights Enforcement Directive, passed by the European Parliament on Tuesday, could mean significant legal changes for firms and individuals, say civil liberties groups.

Minor copyright infringements could lead to harsh sanctions under the anti-piracy directive approved by the European Parliament on Tuesday, according to a UK civil liberties group. The directive could trigger sweeping changes to the UK’s intellectual property laws, it says, including raids, equipment seizures and the freezing of bank accounts used for file copying.

“It is very disappointing that the amendments we had worked on to limit the scope of the directive to commercial piracy didn’t pass,” said Ian Brown, director of the Foundation for Information Policy Research. “What we have ended up with is a vague, potentially wide-ranging directive. Groups concerned about the directive will now have to try to persuade 25 member states to do good implementations, since we have not been able to prevent these problems at a European level.”

Once the Intellectual Property Rights Enforcement Directive (IPRED) directive is approved by ministers, as is expected on 11 March, member states will have two years to adopt the directive’s provisions into national law, which is a process that gives states significant leeway in interpretation.

View full article: Anti-piracy directive could expose consumers


info     Microsoft Plans to Sue Spammers (Mar 10)

Microsoft, along with other Internet industry players, is due to announce Wednesday lawsuits against spammers under the CAN-SPAM Act. The software giant also will detail a technical initiative aimed at stopping the onslaught of unsolicited e-mail, a company representative reveals.

The lawsuits announced under CAN-SPAM will be among the first since the law took effect on January 1, and will target “serial spammers,” a Microsoft representative in Europe says.

Microsoft will also discuss plans for its Caller ID e-mail specification, the representative says. The sender authentication technology that aims to thwart the spoofing of e-mail addresses–a common spammer tactic–was talked up by Microsoft Chairman Bill Gates at the RSA security conference in San Francisco last month.

The technical initiative is presumably meant to supplement the antispam efforts being made under the CAN-SPAM law.

View full article: Microsoft Plans to Sue Spammers
View Press Release: America Online, EarthLink, Microsoft and Yahoo! Team Up To File First Major Industry Lawsuits Under New Federal Anti-Spam Law


office     MapPoint and Streets & Trips Construction Update (Mar 10)

Download the construction update to keep your maps current in Microsoft MapPoint and Streets & Trips.
Save the file in the folder where you installed the program files for MapPoint or Streets & Trips. I.e. C:\Program Files\Microsoft MapPoint\Data\.

Download: MapPoint 2001 and Streets & Trips 2001 Construction Update
Download: MapPoint 2002 and Streets & Trips 2002 Construction Update
Download: MapPoint 2003 and Streets & Trips 2003 Construction Update
Download: MapPoint 2004 and Streets & Trips 2004 Construction Update


update     Microsoft Security Bulletin MS04-009 (Mar 10)

Note that you are not effected when you installed Service Pack 3

A security vulnerability exists within Outlook 2002 that could allow Internet Explorer to execute script code in the Local Machine zone on an affected system. The parsing of specially crafted mailto URLs by Outlook 2002 causes this vulnerability. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page.

The attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who successfully exploited this vulnerability could access files on a user’s system or run arbitrary code on a user’s system. This code would run in the security context of the currently logged-on user. Outlook 2002 is available as a separate product and is also included as part of Office XP.

View: Microsoft Security Bulletin MS04-009
Download: Outlook 2002 Security Patch: KB828040


other     Slipstream Office XP to SP3 (Mar 9)

I updated my guide on how you can slipstream Office XP with Service Pack 3. This way you can create an Office XP SP3 installation CD and save you from the need to apply it afterwards.

View: Slipstream Office XP to SP3


update     Office XP Service Pack 3 (SP3) (Mar 9)

Office XP Service Pack 3 (SP3) provides the latest updates to Microsoft Office XP. SP3 contains significant security enhancements, in addition to stability and performance improvements. This service pack applies to any level of Office XP. It contains all updates included in Office XP Service Pack 1 (SP1) and Office XP Service Pack 2 (SP2), and updates released after SP2.

Download: Office XP Service Pack 3 (SP3)
Download: Office XP Service Pack 3 (SP3) for Access 2002 Runtime
Download: Office XP Service Pack 3 (SP3) for SharePoint Team Services


howto     Save Embedded Pictures in Their Original Format (Mar 9)

You’ve probably come across this at least once; You receive a nicely HTML formatted message with embedded pictures so the sender can tell the story with the pictures and when you try to save the pictures you can only save them as a bmp-file. Or; you receive a fun e-mail with an animated gif-file and when you try to save it you can only save it as a bmp-file which will of course break the animation.

Subscribers to my newsletter already received this guide in their mailboxes last week. Click here if you also want to receive the latest news around Microsoft Office and tips for Outlook in your mailbox.

View: Save Embedded Pictures in Their Original Format


Archive 32

info     Do We Get Enough In Innovation for What We Give to Microsoft? (Mar 9)

It’s 2004; do you know where your computer dollars are going?

One can learn a lot about the computer industry by looking at the breakdown of manufacturing costs in an average desktop PC, as compiled by iSuppli Corp., a market-research firm. Excluding labor and shipping, and leaving out the costs of a monitor, keyboard or mouse, the typical desktop PC these days costs the Dells or the H-Ps of the world roughly $437 in parts.

The biggest portion of that — 30%, or $134 — goes to Intel for a Pentium processor. The disk drives, including whatever CD or DVD is installed, cost around $104; the RAM memory is $54; and the remaining hardware items — power supply, case, circuit boards — total $100.

The final 10%, or $45, goes to Microsoft for the Windows operating system.

View full article: Do We Get Enough In Innovation for What We Give to Microsoft?


update     New worm masquerades as Microsoft update (Mar 8)

Sober variant employs latest social engineering technique.

A new variant of the Sober worm has surfaced this morning, antivirus specialist F-Secure has warned.
Sober D pretends to be a Microsoft software update that protects against a new version of the MyDoom worm. Once activated the worm displays a patch loading screen, but harvests email addresses and mails itself out using its own SMTP engine.

The email, written in either English or German, has the headline ‘Microsoft alert: please read!’ The body text adds: ‘New MyDoom virus variant detected – please download this digitally signed attachment.’

Paul Bushen, technical manager at F-Secure UK, told vnunet.com: “The social engineering is good enough to do the job of fooling people. “People are not learning quickly that Microsoft does not send out emails like this. “It’s like remembering to back up your hard drive regularly: something that’s done religiously, but only by those who’ve been caught out in the past.”

Sober A first surfaced in October 2003, again using either English or German text and a variety of social engineering techniques. The virus has previously been disguised as a Microsoft email and as one from the Recording Industry Association of America.

View: New worm masquerades as Microsoft update


office     Deployment Guide for Microsoft Content Management Server 2002 Connector for SharePoint Technologies (Mar 8)

The Microsoft® Content Management Server (MCMS) 2002 Connector for SharePoint™ Technologies contains software and documentation that you can use to integrate Microsoft Content Management Server 2002 with Microsoft Windows® SharePoint Services and Microsoft Office SharePoint Portal Server 2003.

MCMS Connector for SharePoint Technologies is designed for organizations that use or plan to use Microsoft Content Management Server 2002 with Microsoft SharePoint Products and Technologies. Windows SharePoint Services and SharePoint Portal Server 2003 provide collaboration and intranet features such as search, alerts, and document versioning that you can use to organize, share, and find important information located throughout your organization.

This paper organizes the various deployment scenarios and deployment best practices for MCMS Connector for SharePoint Technologies by the features you want to use most. The deployment scenarios and best practices in this paper assume basic Microsoft Content Management Server, Windows SharePoint Services, and SharePoint Portal Server deployment knowledge.

Download: Deployment Guide for Microsoft Content Management Server 2002 Connector for SharePoint Technologies


info     Gates: Buy stamps to send e-mail (Mar 7)

If the U.S. Postal Service delivered mail for free, our mailboxes would surely runneth over with more credit-card offers, sweepstakes entries, and supermarket fliers. That’s why we get so much junk e-mail: It’s essentially free to send. So Microsoft Corp. chairman Bill Gates, among others, is now suggesting that we start buying “stamps” for e-mail.

Many Internet analysts worry, though, that turning e-mail into an economic commodity would undermine its value in democratizing communication. But let’s start with the math: At perhaps a penny or less per item, e-mail postage wouldn’t significantly dent the pocketbooks of people who send only a few messages a day. Not so for spammers who mail millions at a time.

Though postage proposals have been in limited discussion for years — a team at Microsoft Research has been at it since 2001 — Gates gave the idea a lift in January at the World Economic Forum in Davos, Switzerland. Details came last week as part of Microsoft’s anti-spam strategy. Instead of paying a penny, the sender would “buy” postage by devoting maybe 10 seconds of computing time to solving a math puzzle. The exercise would merely serve as proof of the sender’s good faith.

View full article: Gates: Buy stamps to send e-mail


info     Microsoft wants to know who your friends are (Mar 5)

Thanks to e-mail, we all have thousands of “contacts,” but in some ways, this newfound popularity makes it harder to keep up with our true friends.

That’s one of several problems Microsoft’s research arm is trying to address as part of a push into “social computing.” Communicating with others is one of the key reasons people use computers, but researchers worry that the methods we use for handling those interactions have become a little too impersonal.

“Contacts don’t match the way people think,” said Lili Cheng, group manager of the social-computing group within Microsoft Research. A better model is the handwritten list of phone numbers many people keep next to their computer. That, Cheng said, “better represents the people that you’d want to talk to.”

To try to translate that idea into digital terms, Cheng and her team have come up with a concept called Inner Circle, which automatically maintains and updates a list of about 20 people with whom one is e-mailing and instant messaging the most.

The project is one of several efforts Cheng’s team showed off this week at Microsoft’s TechFest. The two-day event brings thousands of company employees to the giant’s headquarters in Redmond, Wash., to hear presentations from workers in Microsoft Research’s five labs, based in Cambridge, Mass., the Silicon Valley, San Francisco, Redmond and Beijing.

View full article: Microsoft wants to know who your friends are


info     Experts question Microsoft’s Caller ID patents (Mar 5)

Just a week after Microsoft Corp.’s Chairman and Chief Software Architect Bill Gates unveiled his company’s plan for securing e-mail communications, leading e-mail authorities, legal experts and at least one Internet service provider (ISP) are expressing concerns about the e-mail sender authentication plan, known as Caller ID.

Some experts agreed that the technology is promising. However, Microsoft’s claim that it owns patents around Caller ID and its decision to license the technology to third parties, rather than submit it to an Internet standards body, have riled e-mail experts and domain owners, some of whom said they worry about a power grab by the Redmond, Washington, company and are wary of signing on to the new system.

Caller ID allows Internet domain owners to publish the IP (Internet Protocol) address of their outgoing e-mail servers in an XML (Extensible Markup Language) format e-mail “policy” in the DNS (Domain Name System) record for their domain. E-mail servers can query the DNS record and match the source IP address of incoming e-mail messages to the address of the approved sending servers, Microsoft said. The goal is to reduce spam for end users.

View full article: Experts question Microsoft’s Caller ID patents


office     How to collect Outlook 2003 connection performance from Exchange 2003 (Mar 5)

Client side monitoring is used to find client errors and latency problems. An Administrator can turn on client side monitoring on the Exchange Server via a registry key. When enabled via a reg-key, Outlook 11 clients send data to the server based on status and state of connection including failed RPC requests and error conditions. This information is aggregated on the server and exposed to the administrators via event log entries.

This is controlled on the Exchange server by registry key: ClientMonitoringReportLevel (DWORD). This registry key will be located at the following location:
HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem\
This registry key will have three settings:

0 = do not collect data from any Outlook 11 clients.
1 = collect performance data only from high bandwidth Outlook 11 clients
2 = collect performance data from all Outlook 11 clients

View: How to collect Outlook 2003 connection performance from Exchange 2003


update     Virus writers stage online slanging match (Mar 4)

It’s cyber-handbags at dawn as worm authors turn on each other

The authors of the MyDoom, Bagel and Netsky worms are staging a public slanging match – with the world’s PCs as their arena.

The war started when an early version of Netsky, referred to as either C or D, began removing the Bagel and MyDoom viruses as part of its payload. And now the authors of MyDoom.G, spreading today, have included comments in the worm’s code insulting Netsky. A similar message was found in Bagel J, also discovered today, which ended: “Don’t ruine our bussiness, wanna start a war?” Netsky’s authors responded with the following message in Netsky.F: “Skynet AntiVirus – Bagle – you are a looser!!!”

“We have three different groups fighting here,” said Mikko Hypponen, director of antivirus research for F-Secure. “Netsky seems to come from an individual or hobbyist group while Bagel’s creators appear to be a spam group like MyDoom’s authors. We don’t know who’s going to win but in the meantime the rest of us are all losing.”

The battle continues to hot up, with more than one new variant of all three viruses being identified today.

View: Virus writers stage online slanging match


office     Office 2004: First Look (Mar 4)

Although Microsoft’s Office 2004 won’t be on store shelves until the middle of this year, we got a sneak peek at its new features. And these additions — from a command center for related correspondence, calendars, and files, to an audio recorder that gives your typing fingers a rest — made quite an impression. Come take a look at the next version of one of the most important program suites for the Mac.

The biggest addition in Office 2004 — an organizational tool called Project Center — resides in Entourage. But there’s more to Project Center than e-mail. It reaches across Word, Excel, and PowerPoint, providing a single place from which to jump to documents, spreadsheets, presentations, and e-mail messages scattered across your hard drive. Project Center is at the heart of Microsoft’s efforts to make organizing and managing information with Office easier.

Office 2004 will cost the same as the previous version of the suite, across all three editions introduced by Microsoft last fall. The Standard Edition of Office 2004 — which includes all four Office applications — sells for $399. The $499 Professional Edition includes the same programs, as well as the latest version of Virtual PC with Windows XP Professional. The cost of the Student and Teacher Edition remains $149, with users still able to install the suite on as many as three Macs.

View: Office 2004: First Look


other     MSN Messenger 6.2 is coming! (Mar 3)

This week is going to be a busy week in MSN Messenger Land, Mess.be brings to you the announcement of MSN Messenger 6.2! Only minutes ago Microsoft has changed its internal site to a new layout, after looking around we found out that the layout change is related to the release of MSN Messenger 6.2 ! And best of all we can tell you the exact date of arrival, Thursday, April 08, 2004.

The new site holds a list of Authorized Users of .NET Messenger Service. The programs in this list are allowed to use the MSN protocol. For now the only allowed client are:

MSN Messenger for Windows or Mac , Windows Messenger , MSN TV service , Microsoft TV set-top box , MSN Mobile , Windows Mobile-based devices, including Pocket PC and Smartphone , Windows CE .NET-based devices, including Windows CE .NET 4.0, 4.1, and 4.2 , MSN Messenger Connect for Enterprises ( IMlogic , Vayusphere , Akonix ). Programs not listed (like trillian and bots) are considered illegal.

MSN Messenger 6.2 will be available for Windows XP, 2000, ME and 98 and the new site will become orange!

View full article: MSN Messenger 6.2 is coming!


info     The 2004 Worldwide Microsoft Office Specialist Competition (Mar 3)

This year Microsoft are once again searching the globe for the students with the best Microsoft Word and Excel skills.

Countries all over the world are hosting local competitions to determine Country Champions. In the summer of 2004, each country’s champions will compete in regional and world championships.

Think you have what it takes? Find out how to participate


office     Removing the Unique Tracking Number from Subject Line of Microsoft CRM E-Mail (Mar 3)

This update addresses the E-mail tracking feature of the Microsoft Business Solutions CRM v1.0 product. This feature provides the ability to track e-mail correspondence by including a unique tracking number that appears on the subject line of messages composed from within the Microsoft CRM system.

When this update is applied to a Microsoft CRM implementation, the administrator will have the ability to turn on or off the e-mail tracking feature. If the e-mail tracking is turned off, the Microsoft CRM system will no longer generate the unique tracking number. In addition, this results in the loss of the Microsoft CRM system’s ability to automatically track incoming e-mail.

Download: Removing the Unique Tracking Number from Subject Line of Microsoft CRM E-Mail


office     Solution Files for Visual Studio Tools for Office, Version 2003 Labs (Mar 3)

Use these solution files in conjunction with the Microsoft Visual Studio Tools for the Microsoft Office System, Version 2003 Labs available from the MSDN Office Developer Center.

Download: Solution Files for Visual Studio Tools for Office, Version 2003 Labs


office     SharePoint Portal Server 2001 Service Pack 2a Client (Mar 3)

SharePoint Portal Server 2001 Service Pack 2a (SP2a) Client is a cumulative client service pack that provides updates based on the Microsoft Trustworthy Computing Initiative and the latest fixes for customer-reported issues. These client components are included in the full SP2a download.

Improvements in SP2a client include:

  • OLE DB Provider for Internet Publishing security fixes

  • Hotfix roll-up

Download: SharePoint Portal Server 2001 Service Pack 2a Client


office     Microsoft May Offer an Early Office Update (Mar 2)

A new version of Office could be closer than expected if Microsoft decides to release an interim version of its Windows operating system before the debut of Longhorn.

Microsoft’s Office team is closely following a project named “Windows XP Reloaded” on the Windows side of the company, a Microsoft official said last week. The XP Reloaded project is exploring ways to deliver further updates to Windows XP after the release of Service Pack 2 later this year and before the release of Longhorn.

“When the Windows team does innovation within their operating system, we are going to take advantage of that innovation,” says Gytis Barzdukas, director of Office product management at Microsoft. “When the Windows guys rev, we’re going to be interested in revving also.”

But while the Windows XP Reloaded talks could lead to a revision of Windows before Longhorn, it is too early to draw any firm conclusions, Microsoft says. The same goes for the Office team. “We don’t have a definitive plan. We haven’t made a decision to do something interim between now and Longhorn,” Barzdukas says.

A new Office version only makes sense if the update to Windows contains features the productivity applications can take advantage of, Barzdukas says. Changes to the user interface or Windows storage technology, for example, would be a reason to come out with a new version of Office, he says.

Analysts at Gartner predicted earlier this year that Microsoft would offer interim releases of Windows and Office prior to the release of Longhorn to appease customers who signed up for its Software Assurance licensing program, which provides three-year contracts for software maintenance and upgrades.

View full article: Microsoft May Offer an Early Office Update


Archive 31

update     Virus Alert! (Mar 2)

Due to an increased rate of submissions, Symantec Security Response has upgraded W32.Netsky.D@mm from a Category 3 to a Category 4 as of March 1, 2004.

W32.Netsky.D@mm is a mass-mailing worm that is a variant of W32.Netsky.C@mm. The worm scans drives C through Z for email addresses and sends itself to those that are found.

The Subject, Body, and Attachment names vary. The attachment will have a .pif file extension.

Download: Netsky.D Removal tool

Other removal tools
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom@mm.removal.tool.html


office     Microsoft’s Presence Server Marches Toward a Mid-March Launch (Mar 2)

Now known as MapPoint Location Server, Microsoft’s newest server product integrates location data into business and consumer applications.

Microsoft’s presence server — MapPoint Location Server — is looking like it will launch finally at the DevCon show in San Francisco in March. MapPoint Location Server has undergone at least two name changes in the past year and a half. Last summer, Microsoft rechristened the product, which originally was known as Microsoft Enterprise Location Server (MELS), as Microsoft Location Server (MLS). At that time, Microsoft expanded the beta program for the product and said it would ship by year-end 2003.

It sounds as if Microsoft hasn’t changed the feature set of MapPoint Location Server since it was known as Microsoft Location Server.

View full article: Microsoft’s Presence Server Marches Toward a Mid-March


update     Five new Bagles spreading (Mar 1)

Five new variants of the Bagle worm were released into the wild over the weekend, with two causing particular problems for enterprise antivirus software scanner technology, say experts.

Bagle versions C, D, E, F and G started propagating over the weekend and although the first three are very similar to the original Bagle–being spread through e-mail and infecting PCs of users who open the attachment–Bagle.F and Bagle.G are designed to slip past most enterprise antivirus gateways.

Mikko Hypponen, head of antivirus response at Finnish security company F-Secure, told ZDNet UK that the latest variant of the Bagle family is sent inside an encrypted Zip file attached to an e-mail that contains the password required to access the file. This means that enterprises are unlikely to detect the virus at the perimeter because .zip files are not usually blocked and the encryption means that antivirus scanners will not be able to unzip the file: “This way they get through many gateway scanners that will not be able to unzip the file to scan it.”

View full article: Five new Bagles spreading


office     eBay and Microsoft Office Extend Opportunity for Developers To Create Solutions That Enhance Trading on eBay (Mar 1)

eBay Inc. and Microsoft Corp. today invited third-party developers to tap into the Web services capabilities of both the eBay platform and the Microsoft® Office System to enhance trading on eBay. With the combined power of the two platforms, developers now have the opportunity to build innovative solutions that can greatly benefit buyers and sellers on eBay by giving users more control and flexibility in managing their transactions.

Using the enhanced capabilities of Microsoft Office Excel 2003 and Microsoft Office FrontPage® 2003, developers can create a variety of solutions that will help users increase their productivity on eBay. For example, solutions could enable eBay users to utilize Excel to manage dynamic listing data on eBay — such as pricing and bids — and update the data automatically as changes occur. Solutions also could enable users to list multiple items on eBay simultaneously or create a Web site that displays their eBay item listings.

“Using the Microsoft Office System with eBay enables developers to help eBay sellers more effectively manage inventory, access the most up-to-date pricing data, and quickly and easily build a customized Web site to showcase products to eBay buyers,” said Debbie Brackeen, director for the eBay Developers Program. “We are excited about extending the eBay platform and anticipate that these capabilities will foster innovation in our developer community.”

View full Press Release: eBay and Microsoft Office Extend Opportunity for Developers To Create Solutions That Enhance Trading on eBay


info     10 Questions For Bill Gates (Mar 1)

He’s not just the chairman of Microsoft and the richest man in the world, with $46 billion in his bank account. Later this year the Queen of England will make Bill Gates a Knight Commander of the Most Excellent Order of the British Empire for his philanthropic work. TIME’s Lev Grossman caught up with him on a speaking tour of college campuses.

Is there something Ironic about a college dropout lecturing people on the importance of a good education?
You could say that. If you’ve got a chance to be at the beginning of a paradigm shift, like we were, then going on leave for a year or two to see if you’ve really got it might make sense. But by and large, finishing your education is a great thing to do.

View full article: 10 Questions For Bill Gates


info     Brainier networking gear to the rescue (Mar 1)

Networking equipment makers are adding “intelligence” to their gear in an effort to protect bandwidth resources from being hijacked by spammers, denial-of-service attackers and peer-to-peer application users.

TurnTide, a 20-person company based in Conshohocken, Penn., is the latest to take this approach. Last week, the start-up introduced an “antispam router,” which it claims can eliminate up to 90 percent of unsolicited messages.

Unlike spam filters–which sit near e-mail servers, examining every e-mail message and quarantining those that look bad–the antispam router looks at the actual packets and determines which ones are likely to have come from a spammer. Using features inherent in the TCP/IP (Transmission Control Protocol/Internet Protocol), it can limit the amount of traffic being sent from these sources.

“It’s almost impossible to differentiate spam based on the content of the message,” said Peter Christy, co-founder and principal analyst at NetsEdge Research Group. “But normal people don’t send out millions of messages. If you’re looking at IP source and destination addresses, it’s much harder to conceal that you are spammer.”

View full article: Brainier networking gear to the rescue


office     Microsoft SharePoint™ Developers’ Conference 2003 (Mar 1)

The Microsoft SharePoint™ Developers’ Conference 2003 presented an opportunity to learn about the upcoming release of Microsoft SharePoint products and technologies, including Microsoft Windows® SharePoint Services, Microsoft Office SharePoint Portal Server 2003, Web Parts, Microsoft Office FrontPage® 2003, Microsoft Office InfoPath™ 2003, Microsoft SQL Server™, Microsoft Exchange Server 2003, and the Microsoft Office System—among others. The content focused on the developer extensibility of these technologies, providing a head start to extending this terrific collaboration platform, built on Microsoft Windows Server™ 2003 and ASP.NET.

Sessions include…

  • D306: Microsoft SharePoint Application Architecture

  • D310: Deploying Microsoft SharePoint Products and Technologies

  • S270: Introduction to Microsoft Office InfoPath 2003

  • T233: Developing Custom Microsoft SharePoint Solutions with Microsoft FrontPage

  • T250: Microsoft Windows SharePoint Services: End-to-End Security Model

  • T302: Programming the Microsoft SharePoint Object Model, Web Services, and Events

  • T304: Microsoft SharePoint Portal Server Object Model and Web Services

  • T310: Debugging, Packaging, and Deploying Web Part Applications

  • T321: Microsoft FrontPage: Build XML Data-driven Web Sites

  • T330: Connecting Enterprise Applications to Microsoft SharePoint Portal Server v2.0

  • T350: Building Applications with People Objects in Microsoft SharePoint Portal Server

  • T401: Building Administrative Applications for Microsoft SharePoint

  • T406: Mobility Solutions for Microsoft SharePoint Products and Technologies

  • T409: Search Extensibility 1: Using Microsoft SharePoint Portal Server Search Technology

  • T410: Search Extensibility 2: Extending the Reach of Microsoft SharePoint Portal Server Search Technology with Protocol Handlers and IFilters

  • T413: Microsoft Office 2003: Instant Messaging and Alerts in Microsoft SharePoint

  • T416: Creating Web Parts with Connections>

  • T419: Workflow Options 2: Document Library Events and Building Workflow Solutions in Microsoft SharePoint

Download: Microsoft SharePoint™ Developers’ Conference 2003


office     Caller ID for E-Mail Technical Specification: The Next Step to Deterring Spam (Feb 27)

“Caller ID for E-Mail: The Next Step to Deterring Spam” is Microsoft’s draft specification to address the widespread problem of domain spoofing. (Domain spoofing refers specifically to the use of someone else’s domain name when sending a message, and is part of the larger spoofing problem, the practice of forging the sender’s address on e-mail messages.)
Caller-ID for e-mail would verify that each e-mail message originates from the Internet domain it claims to come from. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help receivers more effectively identify and filter junk e-mail.

Download: Caller ID for E-Mail Technical Specification: The Next Step to Deterring Spam


info     Bill Gates still the richest man on Earth (Feb 27)

Author J.K. Rowling, creator of “Harry Potter,” and the founders of the Google search engine have landed on Forbes magazine’s annual list of billionaires after a year when rallying stocks and a strong euro swelled the list to the longest it’s ever been.

Microsoft co-founder Bill Gates remains perched atop the list for the 10th straight year, but investor Warren Buffett is nipping at his heels. Gates’ net worth is now estimated at $46.6 billion, still less than half the $100 billion it peaked at in 1998, but up about 13 percent from the $40.7 billion Forbes attributed to him in 2003.

View full article: Bill Gates still the richest man on Earth


office     SharePoint Products and Technologies Templates: Web Part Templates for Visual Studio .NET (Feb 27)

Web Part developers can use Microsoft® Visual Studio® .NET to build Web Part assemblies for use in Microsoft SharePoint™ Products and Technologies. These templates are provided to help developers create Web Parts. The templates are similar to the default server control file and project templates included with Visual Studio .NET.

Download: SharePoint Products and Technologies Templates: Web Part Templates for Visual Studio .NET


info     Antispam Registries Aren’t Official (Feb 27)

While the Federal Trade Commission investigates setting up a national do-not-spam registry, new private sites are claiming to keep users spam-free now–but they lack the force of law.

The recently enacted CAN-SPAM law exhorts the FTC to consider the feasibility of a national, government-sponsored do-not-spam registry similar to its recent Do Not Call Registry restricting telephone solicitations. Last week the agency issued a formal request for information to vendors interested in helping create a national do-not-spam registry. The FTC will present a summary of its research to lawmakers in mid-June.

Meanwhile, the FTC issued a warning earlier in February about a private do-not-spam registry that offered to do the same job. That site, unsub.us, has apparently shut down. But another site appears to have have taken its place: Thedonotspamregistry.com claims that registrants, by handing over their e-mail and IP addresses, will be kept spam-free.

View full article: Antispam Registries Aren’t Official


office     Microsoft Expands Office Solution Accelerator Program (Feb 27)

In good economic times and bad, companies seek to cut costs, increase productivity and boost revenue. To help organizations achieve these goals, Microsoft has expanded the Office Solution Accelerator program by making the accelerators available at no charge to all Microsoft industry partners and the Microsoft business customers they serve.

Peter Rinearson, Corporate Vice President, Information Worker Business Unit
Click image for high-res version.
Designed for and built on the Microsoft Office System, Office Solution Accelerators are software components, templates and best practices guides crafted to solve common business problems and ease the burden of everyday business tasks. Each accelerator is designed to help develop a solution to a problem, enabling a person or team to accomplish a specific task, such as streamlining recruiting functions, consolidating administrative tasks, creating customized reports and writing proposals.

By making it easier for industry partners and their customers to take part in the Office Solution Accelerator program, Microsoft expects to establish a broader audience for partner-built solutions that solve customer problems.

To better understand why Microsoft has decided to extend the reach of its Office Solution Accelerators program, PressPass spoke with Peter Rinearson, Corporate Vice President, Information Worker Business Unit.

View full article: Microsoft Expands Office Solution Accelerator Program


other     Windows XP … Reloaded (Feb 26)

Despite Microsoft’s repeated denials, the company will indeed release an interim version of Windows XP that will bridge the gap between the initial XP release and Windows Longhorn, which is currently due in late 2005 at the earliest. The interim XP version will ship as a new retail product that replaces existing retail boxed copies of XP and as a set of updates, called XP Reloaded, that existing XP users can install separately. According to sources I contacted this morning, XP Reloaded will include all the features from XP Service Pack 2 (SP2), which is due by midyear, as well as a host of other unique features, including Windows Media Player (WMP) 10.

Other details about XP Reloaded are unknown at this time, although the update kit apparently will include a Web-based installer application that will let users choose optional features. Reports about an XP Version 2 release first cropped up more than a year ago, but Microsoft officials repeatedly denied that the company planned to issue such a release. In early 2004, when the company revealed the new security features that XP SP2 will include, the rumors resurfaced. But the XP Reloaded OS refresh will clearly include a lot more than security updates, possibly in a bid to revive consumer excitement about XP while Microsoft preps the ever-delayed Longhorn release.

View: Windows XP … Reloaded


info     Caller ID for E-Mail Technical Specification (Feb 26)

“Caller ID for E-Mail: The Next Step to Deterring Spam” is the Microsoft draft specification to address the widespread problem of domain spoofing. Domain spoofing refers specifically to the use of someone else’s domain name when sending a message, and is part of the larger spoofing problem, the practice of forging the sender’s address on e-mail messages.

Caller ID for e-mail would verify that each e-mail message originates from the Internet domain it claims to come from. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail.

View: Caller ID for E-Mail Technical Specification


info     Security vendor mass-mails worm to clients (Feb 26)

Antivirus firm F-Secure has apologised for sending the Netsky.B virus to several thousand of its UK customers and partners via a mailing list.
The email apology said: “Because of a human error, you may have received an email infected with the Netsky.B virus that was relayed through our external email list server and was resent to our UK mailing list.

“The virus did not originate from our network – it was sent by an unknown party to the list address. If you had up-to-date antivirus installed, the virus has been stopped automatically already and no further steps are necessary on your part.”

Mikko Hypponen, F-Secure’s director of antivirus research, said the mailing list was outside of the firm’s normal email scanning.

View: Security vendor mass-mails worm to clients


Archive 30

update     Latest Mydoom variant deletes files (Feb 25)

The latest variant of the Mydoom virus, discovered Friday, is still spreading and actively deleting files from victims’ computers, security researchers warned Wednesday.

The variant, dubbed Mydoom.F, not only tries to perform a distributed denial-of-service attack on the Web sites of Microsoft Corp. and the Recording Industry Association of America, but has a destructive payload that deletes document and picture files, according to researchers at Helsinki’s F-Secure Corp.

While Mydoom.F is not as widespread as previous variants, it is more destructive to users, said Mikko Hyppönen, director of antivirus research at F-Secure. “Mydoom.F gradually goes through your system again and again, deleting files,” Hyppönen said.

The worm targets mostly image and Microsoft document files, with extensions such as .jpg, .doc and .xls. Computer users are advised to update their antivirus software, as most antivirus companies updated their products to address the new variant when it was discovered, Hyppönen said.

If users haven’t updated their antivirus software, they should turn off their systems until they are ready to update so the virus does not continue deleting files on infected computers, he added.

View: Latest Mydoom variant deletes files


office     Exchange Server 2003 Release Notes Update (Feb 25)

The release notes list important information you should know prior to deploying and using Exchange Server 2003, including known issues. You should familiarize yourself with all of the known issues listed here prior to installing the software. Known issues are listed based on Exchange component. The following sections are included:
• Setup
• Migration
• Administration
• Clustering
• Transport
• Clients
• Mobility
• Development

Download: Exchange Server 2003 Release Notes Update


office     Exchange Server 2003 Security Hardening Guide (Feb 25)

This guide is designed to provide you with essential information about how to harden your Microsoft® Exchange Server 2003 environment. In addition to practical, hands-on configuration recommendations, this guide includes strategies for combating spam, viruses, and other external threats to your Exchange 2003 messaging system. While most server administrators can benefit from reading this guide, it is designed to produce maximum benefits for administrators responsible for Exchange messaging, both at the mailbox and architect levels.

Download: Exchange Server 2003 Security Hardening Guide


info     Europe may tell Microsoft to split software (Feb 25)

European antitrust regulators are considering a requirement that Microsoft sell two versions of Windows in Europe–one with the music- and video-playing software stripped out–should they find the company to be an abusive monopoly, according to people close to the case.

Regulators may also demand that Microsoft itself propose “within a few months of a ruling” what computer code for Windows it should disclose to make the operating system fully compatible with programs and servers manufactured by rivals, these people said. Servers drive networks of personal computers.

The European Commission is nearing a final ruling in the five-year-old case. Unless a settlement is reached in the next few weeks, the commission will find that Microsoft abused its dominant position in operating software and will propose remedies and a fine of at least $100 million.

The commission has completed an internal review and the proposed ruling against the company, which was written by competition regulators in January, has emerged “almost untouched,” a person close to the case said Tuesday.

Representatives for the commission and Microsoft both declined to comment on possible remedies or on the state of negotiations. A Microsoft representative said the company was still pursuing “an amicable settlement.”

Last August, the European Commission told Microsoft that its practice of bundling Media Player into Windows amounted to an abuse of the operating system’s dominant position because it placed rival music and video players at a disadvantage.

View full article: Europe may tell Microsoft to split software


info     Uncovered: Trojans as Spam Robots (Feb 25)

c’t has gathered evidence that virus writers are selling the addresses of computers infected with trojans to spammers. The spammers use the infected systems to illegally distribute commercial e-mail messages — without the knowledge of their owners. Furthermore, the network of trojans forms a powerful tool which the distributors of the viruses can use to, for example, launch distributed DoS attacks.

With the help of c’t, a student of computer science has tracked down the authors of a computer virus. The editorial staff were able to establish contact with the virus distributors and buy IP addresses of infected machines. Because one of the virus distributors has been located in Great Britain, c’t has passed on all information to Scotland Yard. By now, individuals in several countries have been arrested.

In this case, a trojan was installed on thousands of computers with the help of the virus “Randex”. This small program contacted its “master” through the chat protocol IRC. From its master it received commands to for example look for CD keys of games, launch SYN Flood attacks from the infected machine or secretly load additional software. This way, the trojan was also able to install a SOCKS proxy server which can be used to relay spam through the infected PCs. The virus also infects local subnets using the Windows Directory Service.

In an interview with c’t, an investigating officer of Scotland Yard commented: “We fear that this is just the beginning. In the case in question, the authors and distributors of the viruses already no longer do their work just for fun or ego. The scene is becoming more professional and has recognised how much money can easily be gained illicitly this way.”

View: Uncovered: Trojans as Spam Robots


office     Find Real Money in Deployment Projects with Microsoft Office 2003 Editions (Feb 25)

Once your customer has decided to license and deploy an Office 2003 Edition or other software and servers that are part of the Microsoft Office System, you have to identify the key “deployment blockers” that will be factors in determining the feasibility or potential success of your installation.

In October 2003 Microsoft and its technology partners marked many significant milestones with the introduction of the Microsoft® Office System. The Microsoft Office 2003 Editions are its cornerstone, offering innovative features that will encourage businesses to upgrade, including support for developing applications using Microsoft .NET connection software, core XML support, integrated team management and support for Microsoft Windows® SharePoint™ Services technology, and a rights management solution that helps companies protect their information assets. Once your customer has made the decision to license and deploy an Office 2003 Edition or other software and servers that are part of the Microsoft Office System, you have to identify the key “deployment blockers” that will factor into determining the feasibility or potential success of your installation.

View: Find Real Money in Deployment Projects with Microsoft Office 2003 Editions


info     Enterprise instant messengers make the grade (Feb 24)

Few things in life are more frustrating than not being able to contact someone you need to talk to right away. If there’s one reason behind the success of IM in business, it’s that you have one more way to get through. Presence indicators show who’s online and who’s not, and just a click on a contact list makes brief exchanges faster and easier than picking up the phone. No wonder IM has spread like wildfire and free IM services from AOL, Yahoo, and MSN have joined the list of technologies that captured users at home and followed them to the office.

Click the link below for the test results of four enterprise IM products, looking at the business-critical elements you should consider.

View: Enterprise instant messengers make the grade
View: Test results at a glance
 


info     Microsoft Will Extend E-Mail Protection With Exchange Edge Services (Feb 24)

Today in his keynote address at the RSA Conference 2004, Microsoft Corp. Chairman and Chief Software Architect Bill Gates announced that the company will deliver Microsoft® Exchange Edge Services, an enhancement to the Simple Mail Transfer Protocol (SMTP) relay implementation in Exchange Server, part of the Windows Server System (TM) . With Exchange Edge Services, Microsoft will provide a new set of capabilities aimed at enabling customers to better protect their e-mail system from junk e-mail and viruses as well as improve the efficiency of handling and routing Internet e-mail traffic.

“The viability of the e-mail system as we know it is threatened by the constant deluge of information — both wanted and unwanted — that companies receive daily and hourly. We are striving to provide customers with the means to meet this challenge head on and preserve the integrity and productivity of their organization,” said Paul Flessner, senior vice president of the Server Platform Division at Microsoft. “Exchange Edge Services will be a comprehensive way for customers to better protect their Exchange e-mail infrastructure and improve the efficiency of the handling of the tremendous amounts of incoming and outgoing e-mail traffic.”

Exchange Edge Services will perform three major functions critical to overall e-mail protection, security and hygiene. As an SMTP relay, it will serve as an e-mail gatekeeper, for enhanced security and reliability when relaying e-mail to and from the Internet. It also will provide a variety of methods, built on the foundation already laid in Exchange Server 2003, to help block junk e-mail, and an extensibility infrastructure that industry partners can use to build and run anti-spam and anti-virus solutions. In addition, it will apply basic routing server rules, from relaying and address rewriting to format conversion, and provide the basic engine to allow an administrator to build custom rules.

View full Press Release: Microsoft Will Extend E-Mail Protection With Exchange Edge Services
View: Exchange Edge Services Overview


office     Office 2003 Smart Tag: Date and Phone Number XML Smart Tags (Feb 24)

The Date and Phone Number smart tags recognize most date and phone number formats in Microsoft Word 2003, Microsoft Excel 2003, and Microsoft PowerPoint 2003.

Download: Office 2003 Smart Tag: Date and Phone Number XML Smart Tags


office     Office 2003 Update: Enterprise release of Office 2003 Setup.exe (Feb 24)

This download is a replacement of the Office 2003 setup.exe file for administrators who plan to deploy Office 2003 with Local Installation Source enabled.

EntSetup.exe supports two new properties: ENFORCECACHE and CACHEONLY. When ENFORCECACHE is set, it blocks the install from occurring if Local Installation Source fails and also disables the Local Installation Source from being removed by the users. When CACHEONLY is set, it creates only the Local Installation Source and does not perform an install at this time. The installation can occur at a later time.

Download: Office 2003 Update: Enterprise release of Office 2003 Setup.exe


office     InfoPath 2003 Toolkit for Visual Studio .NET (Feb 24)

The InfoPath™ 2003 Toolkit for Visual Studio® .NET is designed for developers who are interested in creating form templates in InfoPath 2003 using Visual Studio .NET 2003.

The InfoPath 2003 Toolkit for Visual Studio .NET provides integration features and documentation that enable you to use Visual Studio .NET to create, debug, and build InfoPath projects that use Visual C# or Visual Basic .NET managed code. The integration features provided by the toolkit allow you to use a combination of InfoPath for form design and Visual Studio .NET for writing and debugging form code. Using the toolkit, you can create new InfoPath form templates or add managed code to existing templates.

Download: InfoPath 2003 Toolkit for Visual Studio .NET


office     Newest Enhancements to Microsoft Office InfoPath 2003 Now Available for Preview (Feb 23)

Microsoft Corp. today unveiled a special preview of updates that will be added to Microsoft® Office InfoPath (TM) 2003, the information-gathering and management program, as part of the Office 2003 service pack scheduled for release in June. In addition to the improvements Microsoft is delivering to make InfoPath 2003 more secure and reliable, the service pack also will contain feature enhancements that organizations can choose to deploy to aid developers and end users in capitalizing on the InfoPath platform. By downloading the InfoPath 2003 Service Pack 1 Preview, form designers can begin incorporating the forthcoming enhancements into their InfoPath 2003 solutions, enabling them to make updated solutions available when the Microsoft Office System service pack is released.

View full Press Release: Newest Enhancements to Microsoft Office InfoPath 2003 Now Available for Preview
Download: InfoPath 2003 Service Pack 1 (SP-1) Preview


other     Updated: Search From the Address Bar (Feb 23)

I updated the article on how you can easily search from the address bar. I added http://filext.com to the quick list. Now when you type for example “ext pst” in the Internet Explorer address bar you’ll search on FILExt.com which programs all have the pst-file extension.

View: Search From the Address Bar


info     E-mail tries out a sense of smell (Feb 20)

I would say; Can’t wait for it. Finally pay-back time to all those users who just open everything. We need a virus that really stinks up the place for some weeks; that’ll teach them :-D

You could soon be able to spice up your e-mails with your favourite perfume.
UK net provider Telewest Broadband is testing a system to let people to send aromatic e-mails over the internet.

It has developed a kind of hi-tech air freshener that plugs into a PC and sprays a smell linked to the message.

Telewest say it could be used by supermarkets to tempt people with the smell of fresh bread or by holiday companies seeking to stir up images of sun-kissed beaches.

“This could bring an extra whiff of realism to the internet,” said Chad Raube, director of internet services at Telewest Broadband.

“We are always looking at ways to enhance the broadband internet experience of the future and this time we are sure consumers will come up smelling of roses.”

View: E-mail tries out a sense of smell


info     Microsoft: No MS Office for Linux (Feb 20)

The rumors just won’t die: Someone, somewhere is working on porting Microsoft Office to Linux. This week’s version making the rounds online: IBM Corp. is extending its Linux commitment with a Linux version of the productivity suite.

On Thursday, however, Microsoft Corp. poured cold water on the reports. “Microsoft has no plans to work with IBM on porting Microsoft Office to Linux,” a Microsoft spokeswoman told eWEEK.com. As for porting Office to Linux in general, she said, “It’s not happening.”

View full article: Microsoft: No MS Office for Linux


Archive 29

office     Question & Answer Session: Microsoft Office 2003 System Team (Feb 20)

ActiveWin.com: What was the development time of Microsoft Office 2003?

Office 2003 Team: While we don’t have specific dates around when development first started, what we can outline for you is the major milestones leading to launch of Microsoft Office 2003 Editions:

Microsoft “Office 11” Beta 1 release: Oct 22, 2002
Microsoft Office 2003 Beta 2 release: March 10, 2003
Microsoft Office 2003 Editions RTM: August 15, 2003
Microsoft Office 2003 Editions Retail Availability (Launch): Oct. 21, 2003

View full article: Question & Answer Session: Microsoft Office 2003 System Team


office     Office 2003 XML Reference Schemas (Feb 20)

This download contains the Microsoft Office 2003 XML Reference Schemas and related documentation and now includes:

  • Overview articles on WordprocessingML (the XML file format for Microsoft Office Word 2003), SpreadsheetML (Microsoft Office Excel 2003) and FormTemplate XML schemas (Microsoft Office InfoPath 2003).

  • Reference documentation on the Microsoft Office 2003 schemas, detailing every element and types.

Download: Office 2003 XML Reference Schemas


office     Access 2000 Sample: Database of Sample Forms (Feb 20)

The Access 2000 Database of Sample Forms provides sample user forms that demonstrate how to perform a wide variety of tasks such as bringing a subtotal from a sub form to a form, and how to disable command bar items.

Download: Access 2000 Sample: Database of Sample Forms


update     New Virus! W32.Netsky.B@mm (Feb 18)

W32.Netsky.B is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. This worm also searches drives C through Z for folder names containing “Share” or “Sharing,” and then copies itself to those folders.

The Subject, Body, and email attachment vary.

View: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.html


info     Majority of Older Americans Prefer to Send E-Mail Instead of Handwritten Letters or Postcards (Feb 18)

E-mail is replacing handwritten letters and postcards for the majority of older Americans with Internet access, according to a recent survey conducted by E-Poll for Microsoft Corp.’s MSN® TV service. Seventy-nine percent of Internet users over the age of 55 who responded to the survey said that they type an e-mail message instead of handwriting a letter or postcard when they write to a family member.

Sixty-three percent of survey respondents said that communication with their family has increased since going online. Of the respondents, 71 percent receive e-mail from family members at least once a week, and 14.5 percent said they receive e-mail daily. The survey also found that 30 percent of older Americans receive digital photographs from family members at least once a month.

“These numbers demonstrate that older Americans with Internet access have adopted e-mail as a preferred way to keep in touch with family members,” said Sam Klepper, general manager of MSN TV at Microsoft. “Alternatives like MSN TV that provide e-mail and Internet access from a television are helping older Americans cross the digital divide by allowing them to communicate with their children and grandchildren, who may be more advanced technology users.”

The MSN TV/E-Poll survey of 500 respondents was conducted in October 2003, with a sampling error of plus or minus 4 percent. The E-Poll report surveyed a representative group of adults over the age of 55 who were randomly selected from the E-Poll online panel. Statistics based on subsamples of the respondents are more sensitive to sampling error.

View: Majority of Older Americans Prefer to Send E-Mail Instead of Handwritten Letters or Postcards


other     Order the Windows Security Update CD (Feb 18)

The Windows Security Update CD will be shipped to you free of charge. This CD includes Microsoft critical updates released through October 2003 and information to help you protect your PC. In addition, you will also receive free antivirus and firewall trial software.

This CD is only available for Windows XP, Windows Me, Windows 2000, Windows 98, and Windows 98 Second Edition (SE).

View: Order the Windows Security Update CD


office     Microsoft Office SharePoint Portal Server 2003 Beta 2 Documentation (Feb 18)

This download includes the following four documents containing Beta 2 information about Microsoft® Office SharePoint™ Portal Server 2003:

  • Upgrading from Microsoft SharePoint Portal Server 2001
  • Enabling Secure Sockets Layer on SharePoint Portal Server 2003 Beta
  • Deleting a Portal Site That Provides Shared Services
  • Capacity Planning Guide for SharePoint Portal Server 2003 Beta

Download: Microsoft Office SharePoint Portal Server 2003 Beta 2 Documentation


office     Office 2003 Language Interface Pack (Feb 18)

Only use it if you can read the lipread.htm file included ;-)

Download: Office 2003 Language Interface Pack


office     Microsoft Office Visio 2003 Resource Kit Tools (Feb 17)

Tools to support deployment of Microsoft Office Visio 2003

Download: Microsoft Office Visio 2003 Resource Kit Tools


faq     Added Content: Creating a Classic View in Outlook 2003 (Feb 17)

Since a lot of people are “hooked” on the classic view of Outlook or simply don’t like the initial Outlook 2003 view I made an overview of settings to change so it looks more like previous versions of Outlook.

View: Creating a Classic View in Outlook 2003


update     New Virus! W32.Alua@mm / W32/Bagle.b@MM (Feb 17)

The risk assessment of this threat has been raised to Medium due to increased prevalence.

This is a mass-mailing worm with the following characteristics:

  • contains its own SMTP engine to construct outgoing messages

  • harvests email addresses from the victim machine

  • the From: address of messages is spoofed

  • contains a remote access component (notification is sent to hacker)

Users are reminded that the scanning of compressed files (default option) is required for detection.

As for its predecessor , this worm checks the system date. If it is the 25th February 2004 or later, the worm simply exits and does not propagate.

View: http://securityresponse.symantec.com/avcenter/venc/data/w32.alua@mm.html
View: http://vil.nai.com/vil/content/v_101030.htm


update     Code for MSBlast variant posted online (Feb 17)

Users who haven’t deployed the critical security patch released by Microsoft last week are in imminent danger, after exploit code was posted online.

A piece of code that exploits the critical vulnerability for which Microsoft issued a patch only last week has been posted online, raising fears of an imminent MSBlast-style attack.

On 10 February, Microsoft released a patch that fixes a networking flaw affecting all Windows XP, NT, 2000 and Windows Server 2003 systems. The company warned users to patch their systems because the vulnerability could be exploited by virus and worm writers. Four days after the patch was released, a piece of code was published on a French Web site that allows anyone to exploit the vulnerability, which means unpatched users can expect to be hit with another MSBlast-type worm.

Richard Starnes, director of incident response at Cable & Wireless, told ZDNet UK that the code appears to work: “We ran [the compiled code] against an unpatched XP and Windows 2000 SP3 system and it took both systems down. It does a buffer overflow and immediately sends the PC into a reboot phase that you can’t get out of,” he said.

View full article: Code for MSBlast variant posted online


office     Microsoft Insider: Office System Preview (Feb 17)

In this edition of Insider, hosts Ari Bixhorn and Chris Flores give you an in-depth preview of the new Microsoft® Office System.

Learn how the new Microsoft Office Professional Edition 2003 can save you time and help you work more productively. Watch demonstrations of new and revamped Office technologies, plus see the new Microsoft Office Word 2003 and Microsoft Office PowerPoint® 2003 in action. Listen to Robert Rounthwaite as he discusses how Microsoft Office Outlook® 2003 can help you combat junk e-mail, then watch a demo of the program so you can see for yourself.

Preview one of the best parts of the new Office: Microsoft Office OneNote™ 2003. See how it will completely change the way you take notes. Then watch how it works with a Tablet PC to make your standard notepad and pen virtually obsolete.

Download: Microsoft Insider: Office System Preview


office     Server Consolidation Using Exchange Server 2003 (Feb 17)

As e-mail messaging continues to grow in both volume and business importance, organizations are looking for new options to manage future demand in a reliable and cost-effective way. One option is to build a messaging strategy based on advanced technologies available in Microsoft® Windows Server™ 2003 and Microsoft Exchange Server 2003. This article discusses strategies for server consolidation using Exchange 2003.

Download: Server Consolidation Using Exchange Server 2003


info     Updated: Statement from Microsoft Regarding Illegal Posting of Windows Source Code (Feb 17)

On Thursday, February 12, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. Subsequent investigation has shown this was not the result of any breach of Microsoft’s corporate network or internal security, nor is it related to Microsoft’s Shared Source Initiative or its Government Security Program, which enable our customers and partners, as well as governments, to legally access Microsoft source code.

Microsoft continues to work closely with the U.S. Federal Bureau of Investigation and other law enforcement authorities on this matter. Microsoft source code is both copyrighted and protected as a trade secret. As such, it is illegal to post it, make it available to others, download it or use it. Microsoft will take all appropriate legal actions to protect its intellectual property. Questions about the investigation should be referred to the FBI.

On Monday, February 16, Microsoft began investigating a reported exploit on versions of Internet Explorer allegedly discovered by an individual studying the leaked source code. This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer — Internet Explorer 6.0 Service Pack 1.

View Press Release: Statement from Microsoft Regarding Illegal Posting of Windows Source Code


Archive 28

info     Anti-virus industry: white knight or black hat? (Feb 16)

One has to wonder whether the anti-virus industry sleeps well at night. On one hand, it purports to serve the world by defending our computers and networks from any number of electronic critters and malicious code. On the other hand, sometimes its “cure” is worse than the problem its products allegedly treat. Add to that the decades-old concerns over business, market share and publicity, and you have all the ingredients for industry, product and service confusion. This situation regularly benefits the anti-virus software industry at the expense of its customers.

Let’s start with malicious code outbreaks in general. Unlike hurricanes and tsunamis, there is no standard way of naming malicious code. Gone are the days when simple names like “Jerusalem”, “Michaelangelo” and “Stoned” were accepted and used by all anti-virus vendors. So, we might have the same threat labelled “Worm_Minmail.R”, “W32.Novarg”, “MyDoom.A@m” or “W32/MyDoom” by competing companies. What we need is a return to industry-wide nomenclature for malicious code; used by all vendors and facilitating the reporting, analysis, and resolution of such outbreaks.

View full article: Anti-virus industry: white knight or black hat?


office     MS launches ‘Office Hindi’ in India (Feb 16)

Microsoft Corporation India Ltd on Monday launched ‘Office Hindi’, its first offering developed specifically for the Indian market, which combines computing experience with familiarity of Hindi language.

“The product includes a Hindi language interface and supports nine Indian languages, empowering Indian users to leverage the global, standards based Office applications suite in the language of their choice,” a Microsoft release said.

The suite would allow users to create documents and communicate with others in native language and also facilitate easy navigation and use by providing menus and toolbars in Hindi.

The two editions of the product — Office Hindi Professional and Office Hindi Standard — will be available through Microsoft’s regular sales channels.

“Microsoft also announced the availability of online resources, training material and partner support to ensure that customers can smoothly adopt and integrate the offering into their infrastructure,” the release said.

Elaborating on the launch of the product, Microsoft Corporation India managing director Rajiv Kaul said: “Our local language initiatives are aimed at helping Indian users realise the same benefits of IT as their peers the world over.”

“Office Hindi combines a world-class computing experience with the comfort and familiarity of Hindi language, and we are confident of the value it will offer users in India,” he said.

Microsoft hopes that Office Hindi would offer significant benefits to central and state Governments, public sector undertakings, banking industry, education institutes and local developer community.

The offering has seen significant investment in product development, the release said adding the development team comprised more than 50 professionals involved in various aspects of coding and testing.

“The product also went through a six month testing process with customer audiences, with their feedback incorporated at each stage,” the release added.

View: MS launches ‘Office Hindi’ in India


office      IBM to launch MS Office for Linux (Feb 15)

As part of its initiative to put Linux on the desktop, IBM Corp. wants to migrate Microsoft Corp.’s Office suite to Linux. Microsoft said it’s not involved and suggests that IBM might do it by emulation.

For several years, the Linux operating system has been part of IBM’s explicit strategy. So far, we’ve mostly seen server-side solutions. Now, IBM is going for the desktop.

Many Linux users would prefer to run both Microsoft’s Office suite and IBM’s Lotus Notes. This is actually possible, using so-called emulation. Companies such as U.S.-based Codeweavers offer such products. But this will not give you applications that are actually compiled for Linux.

Stefan Pettersson, technical manager for IBM’s Lotus division in Sweden, said that there will be a Java client of Lotus Notes some time during the second half of 2004. This means that the first “native” Notes client to run under Linux will soon be available.

View full article: IBM to launch MS Office for Linux


office     Microsoft Office SharePoint Portal Server 2003 Document Library Migration Tools (Feb 13)

The Microsoft® Office SharePoint™ Portal Server 2003 Document Library Migration Tools move documents, versions, metadata, folders, and security settings from Microsoft SharePoint Portal Server 2001, as well as from SharePoint Portal Server 2003 backward-compatible document libraries, to SharePoint Portal Server 2003 document libraries. This installation includes an export tool, an import tool, and documentation for use of the tools.

Download: Microsoft Office SharePoint Portal Server 2003 Document Library Migration Tools


office     MapPoint and Streets and Trips Construction Update (Feb 13)

Download the construction information update to keep the road construction projects information of your maps current in Streets and Trips.

Save the file in the Data folder, located where you installed the program files for MapPoint or Streets & Trips. I.e. C:\Program Files\Microsoft MapPoint\Data\.

Download: MapPoint 2001 and Streets & Trips 2001 Construction Update
Download: MapPoint 2002 and Streets & Trips 2002 Construction Update
Download: MapPoint 2003 and Streets & Trips 2003 Construction Update
Download: MapPoint 2004 and Streets & Trips 2004 Construction Update


info     Mainsoft: Statement to the Media Regarding Microsoft Source Code Leak (Feb 13)

Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft’s and all our customers’ security matters seriously, and we recognize the gravity of the situation.

We will cooperate fully with Microsoft and all authorities in their investigation

We are unable to issue any further statement or answer questions until we have more information.

From Mike Gullard, Chairman of the Board, Mainsoft Corporation

View: Mainsoft: Statement to the Media Regarding Microsoft Source Code Leak


info     Statement from Microsoft Regarding Illegal Posting of Windows Source Code (Feb 13)

On Thursday, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. It’s illegal for third parties to post Microsoft source code, and we take such activity very seriously.

We are currently investigating these postings and are working with the appropriate law-enforcement authorities.

At this point it does not appear that this is the result of any breach of Microsoft’s corporate network or internal security.

At this time there is no known impact on customers. We will continue to monitor the situation.

View Press Release: Statement from Microsoft Regarding Illegal Posting of Windows Source Code


update     ‘Robin Hood’ virus on the loose (Feb 12)

A new variant of the Nachi worm is patching PCs that are vulnerable to MyDoom.A.
Nachi B, also known as Welchi, copies itself onto systems using the same flaw as MyDoom.A, as a file named ‘Svchost.exe’. It then attempts to delete MyDoom and downloads patches to fix the security hole.

Carole Theriault, security consultant at Sophos, said: “It’s an interesting case – some kind of Robin Hood virus. “We’re seeing some spreading but it’s not going too fast. We’re hoping everyone with MyDoom would have stripped it out by now. If IT managers haven’t updated by now they are way behind the curve.”

Viruses to deal with viruses are nothing new. In the mid 1990s a boot sector virus called Chinese Fish attempted something similar by removing a virus called Stoned.

Nachi’s first incarnation emerged last year as an attempt to patch the security hole exploited by the Blaster worm. David Emm, product marketing manager at McAfee Security, explained that such code is a bad idea. “I see code like this as a little bit of a blind; a ruse to calm people’s fears,” he said. “Nachi A did not do a particularly good job at patching systems and this one doesn’t look much better. At the end of the day it’s still self-replicating code and that’s a bad medium.”

Infection rates are low so far, but an antivirus signature is under development.

View: ‘Robin Hood’ virus on the loose


info     Windows 2000 and NT4 source code leaked? (Feb 12)

Earlier today internet and IRC sites were abuzz with the news that the source code to both Windows 2000 and Windows NT4 had leaked out onto the net. WinBeta.Org has investigated these claims and the alleged screenshot posted on Neowin and they’appear to be real but incomplete’.

This must be highly embarressing for Microsoft, who will undoubtedly be scrambling to find the source of the leak of their highly confidential Operating Systems.

Windows XP and Windows 2003 server source codes do not appear to have leaked at the moment.

For those who ascribe to theories of collusion with “No Such Agency” backdoor keys to Windows 2000, this may infact be a positive spin for Microsoft if such a backdoor is not found. Of course, to those that claim Elvis is indeed working at a gas station in Kansas, who’s to say this is infact the retail code that Microsoft has been sharing? Maybe it’s a ‘sanitized’ version?

Intellectual Property laws as well as public perception of one of the world’s largest companies are on the line here. Microsoft’s response will be indicative of just how important this code is to them, even given that it is outdated code – maybe they will use this as a corporate scare tactic to make companies upgrade to Windows XP?

View: Windows 2000 and NT4 source code leaked?
View on Neowin: Windows 2000 & Windows NT 4 Source Code Leaks
 


office     How will Office 2003 DRM impact interoperability? (Feb 12)

In the near future, will we be able to open and access files from our coworkers, our clients, or our students? Will we be able to attach these files to email, for efficient and convenient dissemination, or print them if needed? Will we collectively be forced into expensive and in some cases platform-specific software migrations, just to maintain document interoperability?

Last October, OpenOffice.org released the 1.1 version of its office productivity suite. This update included native PDF and Flash conversion, complex text layout language support, and increased compatibility with Microsoft Office file formats.

Roughly a month later, Microsoft released Office 2003. This product was freshly-infused with digital rights management (DRM) technologies, dubbed “information rights management” by Microsoft, designed to secure and restrict access to documents as needed. Documents employing DRM created in Office 2003 may well only be accessible via Office 2003. More recently, Microsoft filed for numerous patent applications in New Zealand and Europe, covering the interoperability of XML-based word processing documents.

View entire article: How will Office 2003 DRM impact interoperability?


update     New Virus! Doomjuice B (Feb 12)

This tool will help to remove the Mydoom.A, Mydoom.B, Doomjuice.A (aka “MyDoom.C”), and Doomjuice.B worms from infected systems. Once the tool has run—after the End-User License Agreement (EULA) is accepted—it automatically checks for infection and removes any of the targeted worms that are found. If a machine is infected with the Mydoom.B worm, the tool will also provide the user with the default version of the hosts file and set the “read-only” attribute for that file. This action will allow the user to visit previously-blocked Microsoft and antivirus websites.

Download: Mydoom (A, B) and Doomjuice (A, B) Worm Removal Tool


office     Office XP Service Pack 3 (Feb 11)

The final build of Service Pack 3 for Office XP has been released WinBeta.org has learned, although it’s not due to ship until Q2 of ’04.

Microsoft had expected Office XP to sell millions and millions of copies, even though it was released hot on the heels of Office 2000, without any major enhancements. With the expectation (rightly so) that Windows XP would sell millions of copies, the hope was that people would upgrade to Office XP at the same time.

Unfortunately for Microsoft’s bulging coffers, it did not occur. Many companies resisted the promotional material, many consumers only received it when it was bundled free with a new PC.

Regardless, Microsoft has supported those that did install Office XP with two, and now a third service pack. SP3 is due out in April or May ’04, yet build #10.6308.6403 has been touted by some to be the final build of SP3, however, since this cannot be confirmed consider this build to be beta.

View: Screenshots of the build numbers


office     Exchange 2003 Deployment Guide (Feb 11)

This updated book provides installation and deployment information for intermediate and advanced administrators planning to deploy Exchange Server 2003. This book is a companion to the book Planning an Exchange Server 2003 Messaging System.

Although the planning book helps you plan your Exchange 2003 system architecture, this book guides you through the prerequisites and procedures to successfully deploy and install Exchange Server 2003 into your infrastructure. Whether you are deploying a new Exchange Server 2003 messaging system or upgrading from a previous Exchange version, this book guides you through the deployment process and provides recommendations, including how to configure your Exchange 2003 organization to run in native mode. Furthermore, the Exchange Server Deployment Tools, which are a new feature in Exchange Server 2003, provide you with utilities and wizards to verify that your organization is in a healthy state, before your Exchange 2003 deployment.

Download: Exchange 2003 Deployment Guide (version 1.1)


office     Excel 2003/2002 Add-in: MSN Money Stock Quotes (Feb 11)

This add-in for Excel 2003 and Excel 2002 allows you to get dynamic stock quotes from the MSN® Money™ Web site. The tools and features found in Excel are particularly well suited to analyzing financial data such as stocks. This add-in allows you to easily gather and study the stocks of interest to you, refresh your quotes when you want, and readily change or modify the quotes gathered.

Download: Excel 2003/2002 Add-in: MSN Money Stock Quotes


office     ‘Niobe’ Enters the Microsoft Matrix (Feb 11)

Microsoft is testing a prototype tool designed to streamline the development of applications based on Outlook.

Microsoft is fielding a prototype of a new tool that eventually could become a member of its Visual Studio Tools for Office family.
The prototype tool, code-named “Niobe,” is designed to simplify the development of applications built on the Microsoft Outlook e-mail client.

The ‘Niobe’ code name is fitting, as the Visual Studio Tools for Office suite, which Microsoft delivered last year, was code-named “Trinity.” (Microsoft’s Visual Studio Tools for Office are designed to aid developers writing applications that build on top of Microsoft Office.) Both Trinity and Niobe, as film buffs know, are characters from The Matrix movies.

Microsoft has made the Niobe code available under its shared-source licensing program, and has posted the Niobe run-time and software-development-kit code to its GotDotNet Workspaces site.

View full article: ‘Niobe’ Enters the Microsoft Matrix


Archive 27

office     Implementing Email Security with Exchange Server 2003 (Feb 11)

Has anyone ever considered Email Security (S/MIME) within their Exchange Server 2003 network environment? As complex as it was to configure with earlier versions of Exchange Server, now it’s equally easy to implement with Exchange Server 2003. The only requirement is a Windows Server 2003 certificate authority with configured automatic certificate enrollment.

If you have successfully configured Email Security your users will have the ability to send and receive signed and encrypted email.

View full article: Implementing Email Security with Exchange Server 2003


update     4 Security Bulletins (Feb 10)

Critical
Microsoft Security Bulletin MS04-004 – Cumulative Security Update for Internet Explorer (832894)
Microsoft Security Bulletin MS04-007 – ASN .1 Vulnerability Could Allow Code Execution (828028)

Important
Microsoft Security Bulletin MS04-006 – Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352)
Microsoft Security Bulletin MS04-005 – Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150) (Macintosh only)


office     Visio Downloads (Feb 10)

Visio 2003 Update: KB831925
This update addresses a problem where Visio 2003 overwrites some registry settings for msxml2.dll and msxml3.dll. The problem may prevent applications utilizing these files from running properly.

Visio 2003 Software Development Kit (SDK)
The Visio 2003 SDK contains sample applications, code librarian code snippets, documentation, and tools, including the ShapeStudio, Event Monitor, Persistent Events, Print ShapeSheet, and Solution Publishing tools.

Visio Viewer 2002
The Visio Viewer 2002 allows you to distribute drawings and diagrams to team members, partners, customers, or others without requiring that they have Visio installed on their computers.


office     Office 2003 SP1 Enhancements (Feb 10)

We’ve received information about future enhancements for Office 2003. Office 2003 SP1 which is currently planned for release in late May will include fixes/improvements for all applications in the Office 2003 suite with some big enhancements for InfoPath 2003.

Microsoft are adding the ability for custom controls, active x controls that can be made available in InfoPath’s control tasks pane as well as other improvements throughout InfoPath. Details are unclear on what enhancements will be made in other applications like Word and Outlook at the moment. See below for the InfoPath improvements. Details for other Office applications coming soon.

View: Office 2003 SP1 Enhancements Screenshots


howto     Added Content: Create your own fully customized Toolbar (Feb 9)

Subscribers to my newsletter already received this guide in their mailboxes last week. Click here if you also want to receive the latest news around Microsoft Office and tips for Outlook in your mailbox.

View: Create your own fully customized Toolbar


info     Clueless office workers help spread computer viruses (Feb 9)

Busy or apathetic employees are accelerating the spread of viruses and potentially costing UK businesses millions in clean-up charges, according to a survey out today.

Two-thirds of the 1,000 people quizzed by market researchers TNS in January admit they are not aware of even the most basic virus prevention measures. Meanwhile a third of those polled in the Novell-sponsored study said they are too busy to check their emails before opening them.

Depressingly, nine in ten of the workers quizzed believe that have no part to play in preventing the spread of viruses, preferring to leave responsibility to “their IT department, Microsoft or the government”.

Where does Novell find these lunk heads? UK office workers, that’s who.

Even allowing for the fact the survey took place in the first two weeks of January – before the ongoing MyDoom pandemic – one would think that most people would have a fair idea of what a virus-infected email might look like. Not so – two thirds of the respondents to the survey said they didn’t have a clue.

View full article: Clueless office workers help spread computer viruses


office     E-Mail: Outlook Rules (Feb 9)

According to a recent survey by Osterman Research — a company focused on understanding corporate messaging, e-mail, and collaboration issues — Microsoft Outlook continues its dominance of the e-mail world.
The survey found that 61.4 percent of all employees (the sample space was 320) use Microsoft Outlook most often as their e-mail client at work. Lotus Notes was a distant second at 19.4 percent. Third place was Novell GroupWise at 9.1 percent.

The picture changed only slightly at the enterprise (above 1,000 employees) level, with 58 percent using Outlook most often, followed by 26.4 percent using Lotus Notes.

Michael Osterman of Osterman Research says that Outlook “has become the desktop of choice.” But Microsoft’s domination may not be as complete as the survey shows, given that Osterman points out that companies can use Outlook with a Lotus back end. “Companies like Rockliffe, Scalix, Bynari, and Stalker Software can replace the back end,” he says. Based on another survey done a few months ago, Osterman found out that 55 percent of companies would be willing to change their e-mail client if they could keep their existing front end. Given that there are some users of Outlook now two generations behind, in 5.5., this could be a selling opportunity, reiterates Osterman.

Despite Outlook’s overall dominance, Osterman notes that are plenty of environments in which Lotus might be more attractive. “Exchange is primarily a messaging system that can do some applications, and Notes is an application development framework that does messaging,” he summarizes. “For a company interested in custom applications at a workgroup level, Notes is the way to go.”

View: E-Mail: Outlook Rules


office     Microsoft Online Seminars: Microsoft Exchange (Feb 9)

See how to maximize your business potential with Microsoft solutions. Seminars are learning resources designed to meet the needs of developers, IT professionals, and business decision makers.

Download: Microsoft Online Seminars: Microsoft Exchange


office     Windows XP Professional, Windows Mobile 2003, and Office Professional Edition 2003 for a Mobile Workforce Whitepaper (Feb 9)

Microsoft mobile solutions enable collaboration through communication. These solutions enable all of the mobility scenarios that this whitepaper describes by using systems with which you are already familiar, including Microsoft® Windows Server™ 2003, Microsoft Exchange Server 2003, Microsoft Windows® XP Professional, and Microsoft Office Professional Edition 2003. This white paper describes these solutions, including the key elements, investments, and decisions you must make in order to implement them in your organization.

Download: Windows XP Professional, Windows Mobile 2003, and Office Professional Edition 2003 for a Mobile Workforce Whitepaper


office     Project Server 2003 Updated Guides (Feb 9)

Project Server 2003 Configuration Planning Guide
This guide helps you to understand the Microsoft Enterprise Project Management (EPM) solution in great detail, including the applications and components that make up the EPM solution, their integration points, performance implications, and environmental considerations.

Project Server 2003 Application Configuration Guide
This guide outlines what you need to know about configuring the Enterprise Global Template and populating the Enterprise Resource Pool.


office     SharePoint Products and Technologies 2003 Software Development Kit (SDK) (Feb 9)

Microsoft SharePoint Products and Technologies uses a common set of Microsoft® Windows Server™ 2003 services named Windows® SharePoint Services, to take advantage of the performance, stability, and security features of the Microsoft .NET Framework. Use Windows SharePoint Services to create and maintain team sites. Microsoft Office SharePoint Portal Server 2003, a server product, is built on Windows SharePoint Services, and adds features used to build and manage integrated, large-scale portal solutions.

This SDK also includes new documentation for the Web Part Page Services Component (WPSC), which is a client-side component that adds dynamic capabilities to your Web Part Page by providing Web Part discovery, notification, and state management services used by Web Parts; and for Windows SharePoint Services RPC methods.

Download: SharePoint Products and Technologies 2003 Software Development Kit (SDK)


office     Microsoft Outlook: travelers’ secret weapon (Feb 9)

If you want to become a better traveler, you can skip some of those “how-to” books penned by armchair road warriors.

Instead, fire up your laptop computer and open Microsoft Outlook.

Yes, I’m talking about that ever-present application that handles e-mail, scheduling and some word processing tasks. Odds are pretty good that you’ve got a copy of it installed on your laptop, and that you take your portable with you when you travel. (Regarding the latter point, a recent survey by Harris Interactive found that more than one in four laptop PC owners say their machine is one of their “most prized possessions,” and nearly a third said they’ve regretted leaving it at home on trips and have turned around to retrieve it on at least one occasion.)

Outlook is to travelers what a paper clip is to MacGyver. It does a lot more than you think. (My apologies to those who aren’t familiar with television show which had its heyday in the 1980s and ’90s.)

View full article: Microsoft Outlook: travelers’ secret weapon


info     Geeks Put the Unsavvy on Alert: Learn or Log Off (Feb 6)

When Scott Granneman, a technology instructor, heard that one of his former students had clicked on a strange e-mail attachment and infected her computer with the MyDoom Internet virus last week, empathy did not figure anywhere in his immediate response.

“You actually got infected by the virus?” he wrote in an e-mail message to the former student, Robin Woltman, a university grant administrator. “You, Robin? For shame!”

As MyDoom, the fastest-spreading virus ever, continues to clog e-mail in-boxes and disrupt business, the computer-savvy are becoming openly hostile toward the not-so-savvy who unwittingly play into the hands of virus writers.

The tension over the MyDoom virus underscores a growing friction between technophiles and what they see as a breed of technophobes who want to enjoy the benefits of digital technology without making the effort to use it responsibly.

The virus spreads when Internet users ignore a basic rule of Internet life: never click on an unknown e-mail attachment. Once someone does, MyDoom begins to send itself to the names in that person’s e-mail address book. If no one opened the attachment, the virus’s destructive power would never be unleashed.

“It takes affirmative action on the part of the clueless user to become infected,” wrote Scott Bowling, president of the World Wide Web Artists Consortium, expressing frustration on the group’s discussion forum. “How to beat this into these people’s heads?”

View full article: Geeks Put the Unsavvy on Alert: Learn or Log Off


update     MyDoom (A,B) Worm Removal Tool for Windows XP and Windows 2000 (Feb 6)

This tool will help to remove the MyDoom.A and My.Doom.B worms from infected Windows XP and Windows 2000 systems. Once executed, after the EULA is accepted, the tool automatically checks for infection and removes the worm(s) if found. If a machine is infected with MyDoom.B, the tool will also provide the user with the default version of the “hosts” file and set the “read-only” attribute for that file. This action will allow the user to visit previously-blocked Microsoft and antivirus websites.

After execution, the tool pops-up a message describing the outcome of the detection/removal. The tool can be safely deleted after execution. Also, the tool creates a log file named doomcln.log in the %WINDIR%\debug folder.

This tool will not:

  • Detect/remove any viruses or worms besides MyDoom.A and MyDoom.B.

  • Detect/remove future variants of MyDoom.

  • Prevent the machine from being re-infected with MyDoom if, for example, an infected e-mail attachment is re-executed.

  • Detect/remove malware that exists on a system as a result of the backdoor component created by MyDoom.A and MyDoom.B

  • Delete any e-mail that contains MyDoom.A or MyDoom.B

  • Work on any Windows NT 4.0 platform.

The user must be an administrator to run this tool.

Download: MyDoom (A,B) Worm Removal Tool for Windows XP and Windows 2000


update     Critical Update for Microsoft XML 3.0 (Feb 6)

This update contains Microsoft XML (MSXML) functionality that will allow applications using MSXML to continue to function correctly after security update 832894, Security Update for Internet Explorer, has been applied. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.

Download: Critical Update for Microsoft XML 3.0 Service Pack 2 – KB832414
Download: Critical Update for Microsoft XML 3.0 Service Pack 3 – KB832414
Download: Critical Update for Microsoft XML 3.0 Service Pack 4 – KB832414


Archive 26

info     PayPal virus writing scammer scumbag pleads guilty (Feb 5)

A Minnesota man who tried to defraud PayPal customers through a phishing scam has pleaded guilty to wire fraud.

Alec Scott Papierniak, 20, of Mankato in Minnesota, also admitted using viral code to further his fraudulent activities at an appearance in a federal court in San Jose on Tuesday.

Papierniak was able to siphon money from online accounts after he tricked users into handing over their user names and passwords via bogus security alerts. These bogus alerts directed users to a maliciously constructed Web site run by Papierniak, instead of the genuine PayPal site.

In pleading guilty, Papierniak also admitted to emailing a “key logger” virus to PayPal users, again with theft in mind. Both MiMail-I and MiMail-J fit the bill, but we’re not certain if either virus was involved in this case.

The 20 year-old ran the scams for nearly two years until he was caught in September 2003. Papierniak, who admits stealing in excess of $30,000 during that time, has agreed to pay restitution to his victims.

A DoJ statement on the case omits details of how Papierniak was tracked down, beyond saying it was the result of an FBI investigation. If a member of the public was involved we’d be very disappointed if Microsoft didn’t stump up a substantial reward as part of its Anti-Virus Reward Program.

Papierniak pleaded guilty to a specimen charge involving theft of $10,000 from one account and is scheduled to return for sentencing by US District Judge James Ware on May 10. Wire fraud is punishable by up to 20 years imprisonment but Papierniak’s guilty plea will go some way towards reducing the severity of his sentence.

View: PayPal virus writing scammer scumbag pleads guilty


office     Troubleshooting Exchange Server 2003 Performance (Feb 5)

This technical article provides administrators of Microsoft Exchange Server 2003 with information on how to isolate performance degradations and how to use existing tools and products, such as Performance, Load Simulator, Exchange Stress and Performance 2003, Network Monitor, and Filemon, for this purpose. The information in this article can also be used to ensure that a server is not degrading over time because of hardware issues or malfunctions.

Download: Troubleshooting Exchange Server 2003 Performance


other     Saint Valentine’s Day Screensaver (Feb 5)

This is a screensaver for Windows which celebrates Valentine’s Day. During setup you can enter the message of love you would like the screensaver to display by editing the screensaver settings.

Download: Saint Valentine’s Day Screensaver


office     Now, MS Office in 14 Indian languages (Feb 5)

Microsoft India would make available its Office suites, including Office 2003 and Windows 2003, in all 14 Indian official languages in next three years, while plans are in the offing to provide an improved thrust on the company’s e-commerce initiatives in the country.

“We are providing local language interface much ahead of the curve (maturity point) and the enablement in the remaining five languages is under the company’s localisation drive,” Microsoft India managing director Rajiv Kaul told reporters here on Thursday.

The software major had earlier provided local language interface for its Office suites in nine Indian languages, including Tamil, Hindi, Malayalam and Telugu among others.

On its improved thrust on e-commerce initiatives, he said that Business-to-Business (B2B) and Business-to-Customer (B2C) sectors are expected to mature shortly, with a turning point somewhere between 18 and 24 months.

View full article: Now, MS Office in 14 Indian languages (via bink.nu)


info     Equant touts hosted Exchange 2003 e-mail (Feb 5)

France Telecom subsidiary Equant, which provides communications and data networking services around the world, announced on Thursday that it will offer hosted e-mail and other messaging services based on Microsoft’s Exchange Server 2003. Equant executives said the service would allow businesses to benefit from recent improvements to Microsoft’s e-mail server without paying big up-front costs. “We’re convinced of the large potential of the emerging market for hosted messaging solutions,” Gilles Pradere, vice president of managed services for Equant, said in a statement. Equant also offers hosted messaging services based on IBM’s competing Lotus Notes software.

Microsoft introduced Exchange 2003 late last year as part of a family of products built around its Office 2003 productivity software. Significant enhancements in the new version of Exchange include new tools for filtering spam and setting up remote access to e-mail accounts.

View: Equant touts hosted Exchange 2003 e-mail


info     Gates’ e-post idea gets stamp of disapproval (Feb 5)

Bill Gates may have his detractors in the Internet community, but he united the world’s e-mail users last month with a pledge to end the scourge of spam — or junk e-mail — by the year 2006. The chairman of Microsoft Corp. outlined a number of possible strategies, like creating “computational puzzles” to thwart bulk e-mail programs, but the one he’s placing his bets on is electronic postage. It’s a proposal that some detractors say is technologically unfeasible and may be little more than a veiled attempt at a money grab by Microsoft and other large e-mail providers.

People involved with the Web have been whispering about e-mail postage — also known as “sender pays” — for a decade, but it resurfaced last month when Mr. Gates broached the topic at the World Economic Forum in Davos, Switzerland. The belief is that e-postage would deter rampant spammers; a 1-cent levy on each e-mail, for example, would be ruinous for companies that send out millions of unsolicited ads every day with the hope that a handful of people will respond.

Mr. Gates thinks spammers should be punished retroactively, in a transaction known as a “charge-back.” When a person receives a piece of mail that they deem as spam, they press a designated button and the sender is charged a fee for that message.

Observers agree that combatting spam is a noble and worthy endeavour but feel that the notion of e-postage is fraught with logistical and financial problems.

Bill Sweetman, president and founder of e-business consultancy Kalixo, says the scheme outlined by Mr. Gates is well-intentioned but has an inherent weakness. “The problem with this is you can’t find these folks in the first place, so where are you going to send the invoice?” he asks.

View full article: Gates’ e-post idea gets stamp of disapproval


office     Outlook 2003 Sample: What’s New in Microsoft Office Outlook 2003 for Developers? (Feb 5)

Learn how to use Visual Basic .NET to integrate Microsoft Office Outlook 2003 with Microsoft SharePoint Products and Technologies. Although changes to the Outlook Object Model are small in scope, new properties are added to support integration with Microsoft Windows SharePoint Services (formerly known as SharePoint Team Services) and Microsoft Office SharePoint Portal Server 2003. The sample Visual Basic .NET Outlook Add-in allows you to import a Contact list from a SharePoint site into Outlook and directly export Outlook Contact items to a SharePoint site.

Download: Outlook 2003 Sample: What’s New in Microsoft Office Outlook 2003 for Developers?


info     Are you secure? (Feb 4)

10 Best Practices For Avoiding Computer Viruses
Read 10 tips from the Microsoft Office team that will help you reduce the risk of a virus infecting your computer.

Help Protect Your Computer Against Viruses with Outlook
Read this article to learn how viruses can affect your computer and how to use Microsoft Office Outlook® to help keep your computer safe.


office     Access 2003 Sample: Using Automation with Access and Outlook (Feb 4)

This download provides a sample Access file for use with the MSDN article “Using Automation in Microsoft Office Access 2003 to Work with Microsoft Office Outlook 2003.” Automation is the process of controlling one program from another program.

Download: Access 2003 Sample: Using Automation with Access and Outlook
View: Using Automation in Microsoft Office Access 2003 to Work with Microsoft Office Outlook 2003


office     Server Consolidation Using Exchange Server 2003 (Feb 4)

As e-mail messaging continues to grow in both volume and business importance, organizations are looking for new options to manage future demand in a reliable and cost-effective way. One option is to build a messaging strategy based on advanced technologies available in Microsoft® Windows Server™ 2003 and Microsoft Exchange Server 2003. This article discusses strategies for server consolidation using Exchange 2003.

Download: Server Consolidation Using Exchange Server 2003


info     Microsoft Site Appears to Weather MyDoom Attack (Feb 3)

Microsoft Corp. appeared to have survived the worst the MyDoom worm could throw at it Tuesday. Experts say the virus, a variant of the MyDoom.A virus that knocked out another company’s Web site Sunday, was programmed to fire continuous volleys of debilitating data at Microsoft’s site Tuesday. But there was no visible impact on the software giant’s Web site, http://www.microsoft.com, which barely flickered as the MyDoom.B Internet worm’s trigger time of 8:09 EST passed. Microsoft had said Monday it was taking a series of technical precautions to ward off any attack. The company declined to give any immediate comment Tuesday.

MyDoom.B is a low-grade variant of the original MyDoom.A virus, the fastest-spreading e-mail contagion to ever hit the Internet, security experts said. MyDoom.A has infected hundreds of thousands — and possibly over one million — PCs, generating a torrent of spam e-mails and crippling corporate e-mail servers, plus slowing traffic for some Internet service providers. The biggest victim of MyDoom.A was Utah-based computer software firm SCO Group. The week-old worm, also dubbed Novarg or Shimgapi, knocked the SCO site offline Sunday with a barrage of data known as a denial of service attack. SCO scrambled to launch an alternative site at http://www.thescogroup.com.

MyDoom.B, which was programmed to target both SCO and Microsoft with a similar attack starting Tuesday, spread more slowly than its super-potent sibling and was never considered much of a threat, security experts have said. “As far as MyDoom.B is concerned, you’re more likely to see it in the headlines than in your e-mail in box,” said Graham Cluley, senior technology consultant at Sophos Plc. Still, security officials warned Tuesday MyDoom.A was still spreading rapidly despite the fact more computer users were fortifying their machines with a variety of free patches available from anti-virus vendors.

“It’s now become less of a virus infection problem and more of an e-mail glut problem,” Cluley said.

View: Microsoft Site Appears to Weather MyDoom Attack


info     MyDoom Author: “Sorry” (Feb 3)

The MyDoom variant that joined the original virus in wreaking havoc on the Internet last week contains a cryptic message in which the author appears to apologize for the malicious code, security experts say. The creator of what anti-virus experts say is the fastest spreading virus ever on the Internet signed MyDoom and MyDoom.B with “andy,” and left the following message in the latter version: “I’m just doing my job, nothing personal, sorry.”

“Our interpretation is that he’s apologizing to the general public,” Jimmy Kuo, research fellow at anti-virus software maker Network Associates Technology Inc., said Friday. “Our guess is that someone is paying him to write this thing.”

Both MyDoom versions install a “back door” in infected PCs, enabling hackers to commandeer the machines to send spam, launch denial of service attacks, or perform other nefarious acts. Some experts, however, doubted the sincerity of the apology. Many virus writers leave cryptic messages in their code to tease investigating authorities and to pat themselves on the back for their handiwork.

“If he’s really sorry, then why did he release it,” said Michele Morelock, technical support leader at anti-virus software maker Sophos Inc. “I would imagine it’s much more tongue-in-cheek than saying I’m really sorry for releasing it.”

View full article: MyDoom Author: “Sorry”


office     Access 2003/2002/2000 Sample: On how much time has elapsed (Feb 3)

The On how much time has elapsed sample file provides three sample database functions to learn how Access stores Date/Time values and how to calculate elapsed time. Use this file in conjunction with the Office Power User column On how much time has elapsed.

Download: Access 2003/2002/2000 Sample: On how much time has elapsed


info     Microsoft releases metadata removal tool (Feb 3)

I’ve posted the download below at the beginning of this year already. The download link is there because it’s relevant for the article

A year ago, 10 Downing Street published a dossier on Iraq’s security and intelligence organisations. It was cited by none other than Colin Powell in his address to the United Nations. Then a lecturer in politics at Cambridge University discovered that much of the 19-page document was copied from three different articles, one written by a graduate student.

How did he know? In the document there was a listing of the last 10 edits of the document, showing the names of the people who worked on the file. These logs are normally hidden and cannot be viewed directly in Word.

MS Word is notorious for containing private information in file headers, but not any longer. Microsoft has quietly released a tool to scrub leaky metadata from documents edited with its software. The Remove Hidden Data Add-In will permanently remove hidden and collaboration data, such as change tracking and comments, from MS Word, MS Excel, and MS PowerPoint files. For Office XP/Office 2003 only, we should add.

View: Microsoft releases metadata removal tool
Download: Office 2003/XP Add-in: Remove Hidden Data


office     Project Server Guides (Feb 3)

Project Server 2003 Disaster Recovery Guide
This guide provides guidelines for developing a disaster prevention and recovery strategy for computers running Microsoft Office Project Server 2003.

Project Server 2003 Installation Guide
This guide covers the installation of Microsoft Office Project Server and its related components.

Project Server 2003 Administrator’s Guide
This guide provides information about managing users, managing security (categories and templates), managing views, and configuring Project Server settings for your organization.


Archive 25

office     Step by Step Tutorials (Feb 3)

Accessibility training documentation for Office applications and Windows OS

Download: Step by Step Tutorials


update     Cumulative Security Update for Internet Explorer (Feb 2)

Who should read this document: Customers who are using Microsoft® Internet Explorer
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

View + Download: Security Bulletin MS04-004


info     Gates backs e-mail stamp in war on spam (Feb 2)

Should people have to buy electronic stamps to send e-mail?

Some Internet experts have long suggested that the rising tide of junk e-mail, or spam, would turn into a trickle if senders had to pay even as little as a penny for each message they sent. Such an amount might be minor for legitimate commerce and communications, but it could destroy businesses that send a million offers in hopes that 10 people will respond. The idea has been dismissed both as impractical and against the free spirit of the Internet.

Now, though, the idea of e-mail postage is getting a second look from the owners of the two largest e-mail systems in the world: Microsoft and Yahoo.

Ten days ago, Bill Gates, Microsoft’s chairman, told the World Economic Forum in Davos, Switzerland, that spam would not be a problem in two years, in part because of systems that would require people to pay money to send e-mail. Yahoo, meanwhile, is quietly evaluating an e-mail postage plan being developed by Goodmail, a Silicon Valley start-up company.

“The fundamental problem with spam is there is not enough friction in sending e-mail,” said Brad Garlinghouse, Yahoo’s manager for communications products.

The company is intrigued by the idea of postage, Garlinghouse said, because it would force mailers to send only those offers a significant number of people might accept. “All of a sudden, spammers can’t behave without regard for the Internet providers’ or end users’ interests,” he said.

View full article: Gates backs e-mail stamp in war on spam


office     Microsoft Content Management Server 2002 Connector for SharePoint Technologies (Feb 2)

Microsoft® Content Management Server 2002 Connector for SharePoint™ Technologies enables you to integrate Microsoft Office® SharePoint Portal Server 2003 and Windows® SharePoint Services 2.0 technologies with Microsoft Content Management Server (MCMS) 2002 to create an end-to-end solution for document publishing.

MCMS Connector for SharePoint Technologies is designed primarily for businesses that are already using or intend to use SharePoint Technologies and MCMS 2002.

Download: Microsoft Content Management Server 2002 Connector for SharePoint Technologies


office     Exchange 2003 Deployment Guide (Feb 1)

This book provides installation and deployment information for intermediate and advanced administrators planning to deploy Exchange Server 2003.

Download: Exchange 2003 Deployment Guide (version 1.1)


info     Waiting For MyDoom’s Sunday Punch (Jan 31)

his Sunday, as American football fans await the Super Bowl broadcast, a slow-motion, digital wave will be building on the Internet, a result of the recent MyDoom worm attack. Following the worm’s dissection by security analysts, the world knows a distributed denial-of-service attack is coming, but there’s little that can be done to stop it.

Here’s how Sunday’s distributed denial-of-service attack will proceed: At midnight of the international date line the Windows computers infected by the MyDoom.A and MyDoom.B worms will begin to send large numbers of Web requests to the Web site of The SCO Group, the Lindon, Utah-based Unix vendor; the wave will begin in the far east and move westward around the world. Such a large quantity of requests will overwhelm SCO’s Web server, making the site unavailable.

On February 3, a similar attack will form against Microsoft from computers infected with MyDoom.B. However, major antivirus vendors reported that the infection rate for MyDoom.B was much less than the earlier worm, which it is believed infected hundreds of thousands of systems.

View full article: Waiting For MyDoom’s Sunday Punch
View more details on the first MyDoom/Novarg on Symantec
View more details on the second MyDoom/Novarg on Symantec


info     Australia joins global spam battle (Jan 31)

Two Australian government agencies have joined an international campaign aimed at persuading companies to close open relays and proxies, in a bid to reduce the amount of spam.

The Australian Competition and Consumer Commission (ACCC) and the Australian Communications Authority (ACA) are taking part in an international campaign to educate companies about the need to close open relays and proxies.

The campaign is headed by the US Federal Trade Commission (FTC), with 36 agencies from 26 countries taking part. Dubbed ‘Operation secure your server’, the aim is to persuade organisations to close open relays and proxies to reduce the amount of unsolicited commercial email.

“As part of the initiative, the participating agencies have identified tens of thousands of owners or operators of potentially open relay or open proxy servers around the world and are sending letters urging them to protect themselves from becoming unwitting sources of spam,” according to an ACCC statement.

View full article: Australia joins global spam battle


office     Microsoft Online Seminars: Microsoft Exchange (Jan 31)

See how to maximize your business potential with Microsoft solutions. Seminars are learning resources designed to meet the needs of developers, IT professionals, and business decision makers.

Sessions include…

  • 19991118OWAKB1: The Microsoft Exchange 2000 Web Client: Microsoft Outlook Web Access

  • 20000511ExchangeKM1: Microsoft Exchange 2000 Conferencing Server: Enabling “Knowledge Workers Without Limits”

  • 20000518ExchangeccMailGD1: Upgrading from cc:Mail to Microsoft Exchange 2000 Server

  • 20000518Groupwise: Migrating from GroupWise to Microsoft Exchange Server 2000

  • 20001121mec1400: Advanced Microsoft Active Directory Integration

  • 20001128mec4333: Building a Group Calendaring Web Application

  • 20001205mec1200: Deploying Microsoft Exchange 2000: A Practical Overview for Upgrading Exchange 5.5

  • 20001205mec1302: Deploying Microsoft Exchange 2000: Upgrading from Exchange 5.5 (Part 2)

  • 20010109exchma: Making the Decision to Migrate to Microsoft Exchange 2000

Download: Microsoft Online Seminars: Microsoft Exchange


info     MyDoom Lessons: Failures of Education, Antivirus Vendors (Jan 30)

The sorry truth is that people fall very easily for social engineering attacks. The problem has nothing at all to do with Windows; if end-users were running Linux or anything else, it’s clear that any e-mail message could persuade them into following whatever steps were necessary to compromise their systems.

User education has proved a failure. Sure, it’s better to have educated users than uneducated ones, and it’s worth continuing to try to drill the details, if only to give individuals a chance to protect themselves.

However, IT managers must assume that their clients are dumber than dirt about this antivirus stuff and will run whatever executable code strangers send them.

Worse, one vendor told me today that whenever one of these attacks happens a number of people intentionally run the virus—knowing it’s a virus—just to see what happens. This must be the digital equivalent of a kid wondering what happens when her or she puts their fingers in an electrical socket.

View full article: MyDoom Lessons: Failures of Education, Antivirus Vendors


office     Access 2000 Sample: Report Topics (Jan 30)

The Access 2000 Sample: Report Topics database contains sample reports that demonstrate how to perform a variety of reporting tasks, including:

  • Creating a Top 10 report

  • Printing a constant number of lines per group

  • Shading every other detail line in a report

Download: Access 2000 Sample: Report Topics


office     Windows SharePoint Services 2003 Software Development Kit (SDK) (Jan 30)

The SDK contains conceptual overviews, programming tasks, and references to guide you in developing solutions based on Windows SharePoint Services as a platform. The SDK includes information about the following technologies:

  1. Web Part Framework Create, package, and deploy Web Parts on SharePoint sites.

  2. Server-side object model Work with individual lists and sites or manage an entire Windows SharePoint Services deployment.

  3. Web services Use default Web services, or create custom Web services, to interact with Windows SharePoint Services from external applications.

  4. Collaborative Application Markup Language (CAML) Customize the schemas that define lists and sites, define queries for use with members of the object model or Web services, and specify parameters for use with methods in Remote Procedure Call (RPC) protocol.

  5. RPC protocol and other protocols Post requests from client applications to the server in order to access or modify data.

  6. Client-side APIs Use ActiveX controls to launch applications on the client or to provide other features that enhance Windows SharePoint Services.

This update of the SDK includes new documentation for the Web Part Page Services Component (WPSC), which is a client-side somponent that adds dynamic capabilities to your Web Part Page by providing Web Part discovery, notification, and state management services used by Web Parts and Windows SharePoint Services RPC methods.

Download: Windows SharePoint Services 2003 Software Development Kit (SDK)


office     Exchange Server 2003 RPC over HTTP Deployment Scenarios (Jan 30)

Microsoft® Exchange Server 2003 and Microsoft Office Outlook® 2003, combined with Windows Server™ 2003, support the use of RPC over HTTP to access Exchange servers. Using the Microsoft Windows RPC over HTTP feature to enable your users to connect to their Exchange mailbox eliminates the need for remote office users to use a virtual private network (VPN) to connect to their Exchange servers. Users running Outlook 2003 on client computers can connect directly to an Exchange server within a corporate environment from the Internet.

Download: Exchange Server 2003 RPC over HTTP Deployment Scenarios


office     Office Update Inventory Tool Version 2.0 (Jan 30)

The Office Update Inventory Tool version 2.0 enables administrators to check one or more computers in their organization for the status of Microsoft Office 2000, Office XP, and Office 2003 updates.

Download: Office Update Inventory Tool Version 2.0


info     Microsoft Offers $250,000 Reward for Information Leading to Conviction of MyDoom.B Perpetrators (Jan 30)

Reward Is Third From Microsoft Reward Fund to Support Worldwide Law Enforcement Efforts Against Malicious Code Distributors

REDMOND, Wash. — Jan. 29, 2004 — Microsoft Corp. today announced that it will pay a $250,000 (U.S.) reward for information resulting in the arrest and conviction of those responsible for unleashing the MyDoom.B worm. MyDoom.B, detected yesterday, is a variant of the earlier released MyDoom.A worm, also known as the Novarg worm, which has spread quickly infecting computers around the world. The release of this B variant triggered the first alert from the newly formed Department of Homeland Security’s cyber alert system yesterday.

Characteristics of MyDoom.B
Characteristics of the B variant of MyDoom include these:

  • Infects the computers of unsuspecting consumers and automatically sends infecting e-mail to their e-mail contacts

  • Blocks access to anti-virus vendor Web sites and www.microsoft.com

  • Leaves a “backdoor” into infected computers, allowing any hacker to modify the existing worm without the user’s knowledge

  • Is designed to launch an attack against www.microsoft.com next month

“This worm is a criminal attack,” said Brad Smith, senior vice president and general counsel at Microsoft. “Its intent is to disrupt computer users, but also to keep them from getting to anti-virus locations and other sites that could help them. Microsoft wants to help the authorities catch this criminal.”

Residents of any country are eligible for the reward, according to the laws of that country, because Internet viruses affect the Internet community worldwide.

Partnership Program With Law Enforcement
Representatives of three law enforcement agencies, the Federal Bureau of Investigation (FBI), the U. S. Secret Service and Interpol, joined Microsoft to unveil the company’s $5 million reward program in November. All three agencies have engaged Microsoft in their investigations of this most recent worm.

Individuals with information about the MyDoom worm or any other worms or viruses should contact the following international law enforcement agencies:

  • International/Interpol via the Interpol National Central Bureau in any of Interpol’s 181 member countries or at http://www.interpol.int/

  • FBI or Secret Service via any local field office

  • The Internet Crime Complaint Center (IC3) at http://www.ic3.gov

View full Press Release: Microsoft Offers $250,000 Reward for Information Leading to Conviction of MyDoom.B Perpetrators


office     Microsoft Sets Office Service Pack 1 Timing; Watch For InfoPath Improvements (Jan 29)

Microsoft this week acknowledged that Office 2003 Service Pack 1 is in the works but gave no details beyond an expected late June launch date.

Original plans called for Service Pack 1 (SP1) to include fairly substantial enhancements and even new features for the InfoPath and OneNote components of the Office System lineup (see story). InfoPath enables a user’s desktop applications–Word or Excel, for example–to tap into back-end data via XML links. OneNote is a note-taking application that accepts penned or inked input.

For InfoPath, Microsoft wants to enable users to “ink” in input into fields and make it easier to route the created forms around, sources close to the company said.

“It will be easier to e-mail the form around. Before, it had to be deployed on a Web server as a URL, and, if I didn’t have InfoPath myself, I couldn’t see it. They’re working to open that up,” said one source.

Also on the wish list: better workflow using the BizTalk 2004 integration server and better editing and layout tools, sources close to the company said.

View full article: Microsoft Sets Office Service Pack 1 Timing; Watch For InfoPath Improvements