In this issue:
Editor’s Corner. This Week in IT (NEW SECTION!). Revisiting file associations. Short URL security. Live dangerously! Robot escapes from hotel. Mailbag. Ask Our Readers (answered): Which Windows services can I safely disable? IT Bookshelf: An In-Depth Guide to Mobile Device Forensics. Factoid: Xoursigyfaslwort! Plus lots more — read it all, read it here on WServerNews!
Got questions? Ask our readers!
WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!
Help spread the news!
Please tell all your colleagues and friends about WServerNews and its companion newsletter FitITproNews, and let them know that they can subscribe to these and other TechGenix newsletters for free by going here. Thanks!!
If you listen to what the self-styled experts say in the tech media, you’ll likely arrive at the following conclusion:
Linux is more secure than Windows.
And of course if this is true then so is this corollary:
Open Source is more secure than Microsoft software.
Those are no-brainers, right? Well at least these are views that are widely held throughout much of the IT community. And of course they’re not my own views on this matter, which can be succinctly stated as follows:
Recently however a couple of news items have come to my attention that may give the Open Source zealots among us reason to pause and consider their position on software platform security. For example:
Major Linux PolicyKit security vulnerability uncovered: Pwnkit (ZDNet)
“A serious memory corruption vulnerability in polkit (formerly PolicyKit) has finally been discovered after 12+ years. This program is found in essentially all modern Linux distributions.“
My comments: This probably won’t not be a problem if you’re running a vanilla Linux distro that uses init-system. But if your distro uses systemd then it might be good to start worrying because even though polkit isn’t part of systemd and was developed earlier than systemd, most distros that use systemd also install polkit by default. At least that’s my understanding of the matter.
Nasty Linux kernel bug found and fixed (ZDNet)
“A heap overflow bug was recently discovered in the Linux kernel. The patch is available now in most major Linux distributions.“
My comments: Wait a minute. I thought open source software like Linux was supposed to be more secure because the underlying code was open for inspection. Wasn’t it Eric Raymond who coined “Linus’ Law“ back in 1999 which says that given enough eyeballs, all bugs are shallow? How could so many Linux developers and security experts have missed this vulnerability which was introduced into the Linux 5.10rc1 kernel two years ago? How many other kernel bugs in Linux are still being missed by the legions of eyeballs supposedly overseeing its development?
Then there’s this one which is old news by now but whose ramifications are still unfolding:
CISA director: We’ll be dealing with Log4j for a long time (CNET)
The bug’s impact will be massive, requiring lots of tech to be patched or locked down.
Yikes! And don’t forget, the Log4j Java-logging library which is Open Source software is widely used with the Apache web application platform which is one of the most popular and widely-deployed Open Source applications. For a good basic technical description of the Log4j problem, see this article by PurpleBox.
What do our readers think about the security of Linux and Open Source vs. Windows and Microsoft software? We already have one Linux machine deployed in our offices but keep it firewalled and VLANed because we don’t consider ourselves Linux security experts (yet). What about you? As an IT professional do you think Linux is more secure than Windows? Would you sleep better at night if all your workloads ran on Linux instead of Windows Server? Let me know.
This Week in IT (NEW SECTION!)
A compendium of recent IT industry news compiled by Your Editors. Feel free to email us if you find any news items you feel our newsletter readers might be interested in—thanks!
We’ll start by looking back on 2021 which according to the Identity Theft Resource Center’s 2021 Annual Data Breach Report was a year when we experienced a 68% increase in breaches over the previous year 2020. Based on this statistic alone one can safely surmise that the Number One Priority in 2022 for those of us in the IT profession will be—you guessed it—improving our organization’s cybersecurity posture. Microsoft for one is taking a step in this direction by disabling VBA macros in Office by default (CloudPro). And if you’re worried about whether your company’s IT systems may have been compromised by ransomware actors using the nefarious LockBit 2.0 ransomware, there’s good news: the FBI has published a list of indicators you can use to check for this (PDF – FBI Internet Crime Complaint Center). In addition Google Cloud has announced that it’s adding a new security feature to help detect cryptojacking malware (ZDNet).
If your organization still uses on-premises Active Directory and you’re thinking of migrating to Azure AD, you might want to read this new article on Network Computing that explains how Azure AD security differs from on-prem AD security. And in general if your company utilizes any cloud services you should be aware of how this can expand the attack surface of your IT infrastructure. This new article on The Hacker News explains how good attack surface management practices can help preempt cyberattacks against your organization.
In other IT industry news, Citrix is to be acquired by Vista and Evergreen in a $16.5 billion deal (ITpro) which probably means there are interesting times ahead for those of us who use Citrix products. Microsoft is buying Activision Blizzard, a California-based videogame company (Redmond Channel Partner). Enterprise software company IgniteTech known for its innovative Netflix-style subscription service has expanded upon its earlier acquisition of products from Avolin by adding BryterCX’s Journey Intelligence platform to their solutions offering (TechGenix). The top ten semiconductor buyers have upped their spending in 2021 by 25% (Channel Pro). And Neom, the futuristic city being built in northwest Saudi Arabia, is going to have a $500 million colocation data center (DataCenter Knowledge) which probably means we should all buy stock in companies that produce cooling systems for datacenters!
Revisiting file associations
Back in October a reader named Marco asked us about how to lock down file associations in Windows 10 and two of our readers responded in this issue. This week someone pointed out to us that the Ask The Performance Team blog on Microsoft Tech Community had answered this question in detail in the following post which I find especially helpful since it targets IT pros that deploy and maintain Windows PCs.
Short URL security
This article on the Safe Computing website of the IT Services for the University of Michigan provides some helpful tips on how you can check whether a shortened URL someone sends you might contain harmful content:
For more on the dangers lurking in short URLs see this PDF research paper on Arxiv.org:
So maybe you feel that you no longer need that recovery partition taking up space on your PC’s drive. If so, this article on Lifewire explains how you can use the diskpart command to remove it:
Yeah, maybe you’ll be sorry afterwards, but why not live on the edge? The worst that can happen is you’ll fall off.
AND FINALLY: Robot escapes from hotel
BBC News reported recently that a robot vacuum cleaner made a break for freedom after giving staff the slip at a Travelodge hotel:
Yes, the Robot Rebellion has begun. Will humanity survive?
Got comments about anything in this issue?
Email us! We love hearing from our readers!
Meet the Editors
MITCH TULLOCH is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.
INGRID TULLOCH is Associate Editor of both WServerNews and FitITproNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.
In our last issue I talked about ways you can securely wipe data from a HDD or SSD before you recycle it or give it to others. This naturally resulted in our receiving several comments like this one from reader Mike Schulman:
I use a couple of very basic tools to protect the data on old drives. If it’s an HDD I use a hammer, and if it’s an SSD I use a microwave oven.
Of course. Don’t forget to clean your oven afterwards.
And two issues ago we asked “What registry value does this GPO policy setting change?“ and pointed readers to a resource online where they can find help. Jeremy Harris commented on this by saying:
Regarding group policies and the registration keys they modify, your reference is fine for standard policies. However, if a user has written custom adm or admx files to extend group policies (as I have), those adm or admx files will be found on the domain controllers at the following location: c:\Windows\PolicyDefinitions. Note that these can be difficult to read because they can reference variables either assigned within the admx file itself, or in a Microsoft common XML file located on Microsoft.com.
Thanks for clarifying!
Ask Our Readers (answered): Which Windows services can I safely disable?
In our previous issue a reader named Howard asked us this question:
I noticed the reliable Black viper site is no longer tracking services in Windows. The site author says he stopped using Windows and is on Linux now. Can you recommend a good source of process info, saying what’s needed and what can be safely disabled?
In that issue I answered Howard myself as follows:
Howard my usual advice is not to disable *any* services in Windows due to services dependencies and because of possible unexpected consequences that may arise from doing so. Unless of course you have a specific *reason* for wanting to disable some specific service(s). But trying to “harden“ Windows by disabling “unneeded“ services can often backfire and is not recommended.
I then asked if any of our readers had any different suggestions for Howard concerning this, and reader Mark Van Noy stepped forward with the following suggestion:
Hello Mitch, I have slightly different advice. I have not found a more up to date reference from Microsoft, but here is their official guidance on services for Server 2016 and whether they can safely be disabled. The document was last updated 9/23/2021 and says it applies all the way up to Server 2022. This is Microsoft’s official guidance, but I would still test any configuration that is not the default:
While the article Mark refers to deals with Windows Server and not Windows client (which is likely what Howard is referring to) it can still be helpful in deciding which Windows services you can safely disable, provided you’re willing to wade through the reams of information on this page. Mark also added the following:
I am personally not a very big fan of disabling default services since it seems to cause unintended headaches. Case in point, we had decided to disable IPv6 for WinRM years ago because our network did not support IPv6. However, an install of Ivantis User Workspace Manager failed because it required a connection back to itself over WinRM and IPv6 for finish the install successfully; IPv4 was not good enough. None of us saw that problem coming and it was technically okay to disable IPv6.
Ooh yes, I’ve heard many times about issues arising from disabling IPv6 in Windows. Seemed like a sensible thing to do in the early days, but as Mark says such tweaks can have unintended consequences. Have any other readers experienced this?
IT Bookshelf: An In-Depth Guide to Mobile Device Forensics
An In-Depth Guide to Mobile Device Forensics from CRC Press is another tech book I recently had time to peruse. The book provides a good introduction to the principles, practices and tools for forensically examining iPhones, Android phones, and even smart TVs to acquire legally admissible evidence for court proceedings.
The book begins with a chapter providing an overview of how cellular technologies works. This is followed by a chapter describing the basics of mobile device hardware including antennas and SIM cards. Readers who have some background in physics or engineering will find these first two chapters easier to follow. Next comes a description of the iOS and Android operating systems, with more information obvious about Android since Apple keeps most of what’s under the hood in iOS hidden from prying eyes.
The book then proceeds to describe in detail forensic tools and techniques you can use for examining data of all kinds stored in iOS and Android phones, mining the contents of SQLite databases in phones, opening phones up and removing chips to extract data from them, and so on. The book finally concludes with two invaluable chapters: the first describing anti-forensic techniques hackers often utilize to cover their tracks, and the second explaining in detail for a U.S. audience various legal issues associated with forensic analysis including evidence tracking, expert testimony, warrants, ethics, licensing, reporting, and so on.
While the book’s main target audience is probably cybersecurity experts who want to enter the field of mobile device forensics, it would also be good reading for any IT professional whose job involves managing employee cellphones for their organization. One reason is that you might find yourself one day called to investigate a breach that has occurred with the devices you manage, and this book provides a good overview of the subject though you’ll probably need to supplement with easily found online videos explaining in detail how to use the various forensic tools the author mostly only summarizes here. Another reason of course is that you might get called to testify in court concerning a breach that occurred at your company, and in that case reading this book will better prepare you for the kinds of questioning you will experience. Either way, you can buy this book on Amazon here.
FastNetMon lets you detect and filter out malicious traffic flowing into or from your network:
WSCONFIG is a powerful command line menu user interface for configuring many features of Windows clients and servers:
Fossil is a simple, high-reliability, distributed software configuration management system:
WS Display Settings is a tool to save and apply Windows display settings to and from file as well as adjust the monitor’s brightness/contrast/color settings itself:
Tip of the Week
This week’s tip can be found on Office Watch.
All the options for Microsoft Office 365 update channels
“Here are all the current options for Microsoft Office 365 channels, in other words how often the software is updated with new or changed features…“
Our previous factoid didn’t generate any response so here is this week’s factoid:
Fact: Researchers use tiny magnetic swirls to generate true random numbers.
Question: Roufsginalgip? Ornfifalhgweevilsnorrk? But seriously, when was the last time you ran a program to generate a random number? Buying a lottery ticket, maybe? Or using the Monte Carlo method for predicting when robots will overwhelm humanity? And when was the last time you flipped a coin?
Email us your answer and we’ll include it in our next issue!
Subscribe today to WServerNews!
Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.
Conference Calendar 2022
NOTE: Conference dates and locations (real/virtual) are subject to change
Big Data & AI World — March 2-3, 2022 in London, UK
Mobile World Congress — June 29-July 1, 2022 in Shanghai
Cisco Live Las Vegas – June 12-16, 2022
HPE Discover 2022 – June 28-30 in Las Vegas, USA
Def Con 30 — Aug 11-14, 2022 in Las Vegas, USA
Big Data Expo — Sept 14-15, 2022 in Utrecht, The Netherlands
RunAsRadio: Modern Client Management with Julie Andreacola
Heavy Networking: Do We Need An SMTP Alternative? TMTP And MNM Are Here To Find Out
Clear To Send: JNCIA-MistAI & JNCIS-MistAI
Risky Business: The state of malicious mass scanning with Andrew Morris
Microsoft Cloud Show: Is 2022 the Year of Gaming Consolidation or the Metaverse Burn Pit
New on Techgenix.com
Exchange 2016 – AirSync Exceeded Errors
Do You Like Your PowerShell Wet or Dry?
Scripting help from the Windows Admin Center
System Center Virtual Machine Manager Gets a Badly Needed Update
Exchange 2016/2019 – Patch Active Directory
Fun videos from Flixxy
Candide Thovex – Pretty Tight
Amazing Calculations With A Randomly Picked Number
The Changing Room Illusion
Bill Gates Explains The Internet to David Letterman in 1995
Please tell others about WServerNews!
We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!
Product of the Week