Vol. 19, #20 - May 19, 2014 - Issue #980
Free Security Tools
- Editor's Corner
- Free Security Tools
- Tip of the Week: Dynamic Disks and Storage Spaces
- Recommended for Learning
- Microsoft Virtual Academy
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Events Calendar
- Asia Pacific
- Webcast Calendar
- MSExchange.org Webinar: Choosing an Email Cloud Option
- Register for Webcasts
- Tech Briefing
- SharePoint, Exchange, and Office
- Windows Azure
- Windows Server News
- The Seven deadly sins of DevOps
- It might be a zero client if…
- Pods offer scalability but bring clustering challenges
- Ways to keep a resource pool from sinking performance
- WServerNews FAVE Links
- Amazing Billiard Trick Shots 2014 By Florian Kohler
- Astounding Wire Balancing Act - Tatiana Kundyk - Ukraine Got Talent
- How Wolves Changed An Entire Ecosystem
- The Cat And The Ducklings
- WServerNews - Product of the Week
- Using Microsoft Hyper-V? FREE Hyper-V Backup for WServerNews
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- FORWARD THIS NEWSLETTER to a colleague who you think might find it useful!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about free security tools available from Microsoft. We welcome Sasa Kranjac, a technical trainer and consultant with almost two decades of experience in the IT field, who has contributed the guest editorial for this issue.
Free is a word that tends to catch people's attention. Which is of course why we used it in the title for this week's newsletter. Of course the only thing better than free tools is free coffee has the following Dilbert comic strip illustrates:
The defense rests its case.
And now on to our guest editorial by Sasa Kranjac...
Free Security Tools
Not every Microsoft program or a tool has a price tag. Cheap, in this case FREE, does not mean low or questionable quality. These tools rock and are here for you to use them.
Meet some of the free security tools that can help increase security of IT environments:
1. Microsoft Security Essentials and Windows Defender
Although different in name, these two programs are brothers, or even twins. Both are free, real-time protection malware solutions for Microsoft client operating systems. Microsoft Security Essentials is available for download in 33 languages, supports Windows XP, Windows Vista and Windows 7. If you run small business and have no more than ten computers, then Microsoft Security Essentials is a way to go. What about Windows 8? No problem, Windows Defender is already protecting your devices. It is included and built into Windows 8.
Microsoft Security Essentials:
Microsoft Safety Scanner Download:
2. Microsoft Safety Scanner
Your current antivirus solution will not start; maybe the database is obsolete and antivirus signatures updates will not download. You have a reason to suspect a potential malware infected your system and need a "second opinion". Microsoft Safety Scanner is your solution. A standalone executable helps remove viruses, spyware and other malicious programs. Its small size, currently around 95 megabytes, makes it extremely portable allowing you to squeeze it on almost every USB drive.
The program does not need internet connection to work and can be run immediately after downloading, as the bundled signature database includes latest malware definitions. Malware Protection Center supplies Microsoft Safety Scanner with the latest malware signatures several times a day. For the best protection and scanning results, be sure to get the newest version possible.
The tool works even if your real time antivirus solution is present. Installation is not required and after accepting the terms of the license agreement and a reminder that the tool is not a replacement for an anti-malware solution, the user has three choices: Quick scan, Full scan or Customized scan. A Quick scan checks the places of the system most likely infected with malicious software such as registry, memory and system folders. Full scan can take some time to complete as it scans all files in all drives. Customized scan option allows selecting and scanning specific destination, such as folder, local or networked drive.
Microsoft Safety Scanner, or its signatures, expire ten days after downloading. To get the latest malware definitions simply download the tool again.
Microsoft Safety Scanner Troubleshooting and error messages:
3. Windows Defender Offline
A certain type of malicious software, such as rootkits, can install themselves on the system at the time operating system boots up. This advanced type of malware can run and hide before real time antivirus solution starts making very hard to disinfect or clean infected computer. Running an application on an infected system is never safe: a malicious program may interfere with everything you do on an operating system. Simply, if your system is infected, it is not your system anymore.
In such cases, a solution like Windows Defender Offline can help remove the threat. In comparison to Microsoft Safety Scanner, which runs on a "live" system, Windows Defender Offline is, as its name reveals, an "offline" solution.
To use Windows Defender Offline, make sure to download the executable on uninfected computer. The downloaded file is a utility that will inform you it needs an internet connection and a blank media, such as CD, DVD or a USB flash drive to build an offline antivirus solution. If you do not have the blank media at hand, you can build an ISO file and make a bootable media later. This time you will need at least 250 MB of free space that will include a search engine, database signatures and a bootable environment.
Booting from an infection-free media will provide safe, clean environment for malware removal. If you have already built an USB bootable drive, you can use the utility to update the drive with latest spyware and virus definitions.
Microsoft Defender Offline:
4. Microsoft Baseline Security Analyzer (MBSA)
Microsoft Baseline Security Analyzer (MBSA) is a vulnerability and security scanner that scans computers for potential security misconfigurations and missing security updates. These include checks for weak passwords, Windows, IIS and SQL administrative vulnerabilities. MBSA will run under an administrative account, it needs an internet connection to check latest security updates, taking advantage of Windows Update.
It supports scanning local or multiple computers using a range of IP addresses or a domain name. To increase its strength MBSA has some great features. Scripting MBSA can run scans concurrently and thru a large number of machines decreasing the overall scanning time and manipulate reports to name a few. Connecting Microsoft Office Visio and MBSA makes scanning even easier: you can scan the network from the diagram or import the detailed scan results into Visio.
Once scanning is over, MBSA provides comprehensive scan results, listing score, issue and the result for the particular assessment, along with details, such what was scanned and precise issue scan results.
The latest version (MBSA 2.3) supports most Microsoft client and server operating systems, from Windows XP to Windows 8.1, from Windows Server 2003 to Windows Server 2012 R2, 32-bit, 64-bit or Itanium-based systems. It supports Microsoft Office, Microsoft Visio, Microsoft SharePoint Server and some other products too. For the detailed and complete list visit MBSA web page.
Microsoft Baseline Security Analyzer:
Microsoft Baseline Security Analyzer 2.3 Download:
5. URLScan tool
Attackers frequently target Web servers trying to disrupt normal operation and to gain control of such vital services. URLScan tool helps protect Internet Information Services (IIS) Web server by scanning and filtering all incoming requests based on the rules set by the administrator. It restricts and blocks specific type of unsafe HTTP requests from reaching Web server service, preventing potentially disastrous consequences. Phishing sites, SQL injection attacks or malware distribution can be mitigated or prevented by stopping dangerous requests reaching Web servers.
Suspicious URL encoding, specific file name extension of the requested resource, presence of non-ASCII characters in URL or specified character sequences in the URL are just some of the malicious HTTP requests that URLScan can reject. URLScan processes the requests before the code is transferred on application or the script preventing fatal outcomes.
URLScan 3.1 Download:
How to use URLScan:
6. Microsoft Security Compliance Manager
Microsoft Security Compliance Manager (SCM) is a part of Microsoft Solution Accelerators tools that can help you manage the computers in your environment in a consistent way using Group Policy and Microsoft System Center Configuration Manager. SCM provides baselines for Windows operating systems, Office applications and other Microsoft applications.
Based on Microsoft recommended security settings, SCM can help you achieve centralized security baseline consistency across all IT environment computers, deploy security configuration to domain or non-domain joined computers, create a snapshot of a reference machine producing your own security baseline for later deployment and manage IT environment through SCM Management console.
SCM version 3.0.60 has been published more than year ago, having only two entries on the list of supported operating systems it will install to: Windows 7 and Windows 8. Upon starting, SCM will check for additional baselines, download and prompt for install if updates are available. Although the list of Microsoft product security baselines is quite large and include, among other versions, Windows 8, Windows Server 2012 and SQL Server 2012, some products and versions are missing and I would like to see the baseline updated with those products in the near future as well.
You cannot modify Microsoft baselines but you can make a copy of a baseline, store it as a custom baseline and make changes as you wish. You can even import a Group Policy Backup, compare and merge baselines to create customized baselines. Baseline configurations can be exported in Excel workbook, as a Group Policy Object Backup, as Desired Configuration Management (DCM) pack, as Security Content Automation Protocol (SCAP) data files and as SCM .cab configuration files.
Each baseline has its security and compliance baselines, like WS2012 DNS Server Security or Win8 Computer Security Compliance where you can edit and change settings according your preferences and needs. Attachment/Guides hides real gems: Security Guides, compliance entries and links.
Security Compliance Manager:
Last but not the least,
7. Enhanced Mitigation Experience Toolkit (EMET)
EMET is a security tool that complements existing security and malware protection tools on the system by taking advantage of the security technologies and protection methods on the computer that applications might not be using. What does that mean? Should application use every feature operating system has to offer? Yes, but the developers have to build the application in a way to enable and use the available operating system's features. Windows operating systems support many security mitigation technologies like Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) and Structured Exception Handler Overwrite Exception (SEHOP). According one Microsoft Trustworthy Computing study, only 34% of applications fully support and enable ASLR, while DEP is not enabled on 29% of applications. This is where problem lies and computers running applications that do not use security mitigation technologies present potential risk where malware can take advantage of these vulnerabilities and spread more easily.
EMET can protect against undiscovered threats and can provide protection for legacy applications without the need to rewrite the code with its twelve security mitigations that complement other security solutions, such as real time antivirus software. It can verify SSL certificates validity protecting you from the man-in-the-middle attacks. Websites or applications in need for protection can be easily added to the list and mitigation technologies can be applied granularly.
It works on Windows 8/8.1, Windows 7, Windows Vista, Windows XP, Windows Server 2003 SP2, Windows Server 2008/R2 and Windows Server 2012/R2.
Enhanced Mitigation Experience Toolkit:
About Sasa Kranjac
Sasa is Technical Trainer and Consultant with almost two decades of experience in the IT field. He began programming in Assembler, met Windows NT 3.5 and the love exists since then. He has held various jobs and roles: Teacher, Systems Engineer, IT Manager, Consultant, and IT Trainer. His focus and interest is on everything related to IT security and networking. He loves tearing apart operating systems of any kind.
You can find Sasa on:
Send us feedback
Got feedback on this issue's main topic? Let us know at [email protected]
Tip of the Week: Dynamic Disks and Storage Spaces
The following tip is excerpted from my book Training Guide: Installing and Configuring Windows Server 2012 from Microsoft Press:
In previous versions of Windows Server, you could use dynamic disks for implementing software RAID 0 or RAID 1 redundancy for both the boot volume and data volumes. Dynamic disks were first introduced in Windows Server 2003 and were implemented using the new Virtual Disk Service (VDS) API included in that platform. Beginning with Windows Server 2012, however, the VDS API was superseded by SMAPI. This means that dynamic disks are now considered deprecated for all usages except mirroring the boot volumes. Storage Spaces should now be used instead of dynamic disks when you need to provide resiliency for data volumes. In addition, the following tools that rely on the VDS APIs should also be considered deprecated:
- DiskPart command
- DiskRAID command
- Disk Management MMC snap-in
Note that you can still use these commands on Windows Server 2012, but they will not work with Storage Spaces or with any SMAPI components or tools. For more information, see:
GOT TIPS you'd like to share with other readers? Email us at [email protected]
This week we have some top titles on information security for your perusal...
Wireshark 101: Essential Skills for Network Analysis
Cybersecurity and Cyberwar: What Everyone Needs to Know
Threat Modeling: Designing for Security
Computer and Information Security Handbook, Second Edition
The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice
Managing Risk and Information Security: Protect to Enable
Microsoft Virtual Academy
Just one new announcement from the Microsoft Virtual Academy:
May 21-22: Moving to Hybrid Cloud with Microsoft Azure
Register today for the latest courses in the popular IT Camp series. “Moving to Hybrid Cloud with Microsoft Azure,” on May 21 and 22, is a pre-recorded session with live Q&A. Complete the hands-on labs, and walk away with a fully functional Windows Server 2012 R2 or Linux cloud-based test lab running Microsoft Azure. Be sure to sign up for the free Microsoft Azure trial so you can follow the demos during the sessions:
Then register for the session here:
Quote of the Week
"Those who can, build." --Robert Moses
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.
Admin Tools We Think You Shouldn't Be Without
Download Altaro Hyper-V Backup. Easily backup/restore virtual machines, replicate offsite backups and restore Exchange emails directly from a VM backup. Free for WServerNews subscribers.
Free Study Guide for Microsoft Certification Exam 74-409: Server Virtualization with Windows Server Hyper-V and System Center. Read it now.
Is managing users and computers on Active Directory too cumbersome? Download SolarWinds terrific trio of Active Directory Admin Tools today & start saving time on Active Directory management tasks.
Amazon Web Services and Metalogix Virtual Private Cloud provide organizations with a highly secure and scalable Exchange and Files archive solution. Take it for an Instant Test Drive Today.
WinDirStat tells you what files and folders are occupying the most space on your hard disk:
Microsoft Worldwide Partner Conference (WPC 2014) in July, 2014 in Washington, D.C.
Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington
TechEd Europe on October 27-31, 2014 in Barcelona, Spain
TechEd New Zealand on September 9-12, 2014 in Auckland, New Zealand
Add your event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]
MSExchange.org Webinar: Choosing an Email Cloud Option
If you’re considering a cloud option for your email, you have a lot to consider, including compliance requirements, security concerns, archiving capabilities and management tool options Join Microsoft MVP Michael Noel and Hudson Casson from Metalogix on Wednesday, May 21, at 11am EDT/4:00pm BST to learn about the key factors organizations must take into account when moving email management to the cloud. This live, informative webinar is provided by MSExchange.com will help you understand the potential impacts of a cloud migration - good and bad - that you need to know!
Register for Webcasts
Add your Webcast
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]
Does security by obscurity work? (4sysops)
Adoption of TLS Extensions (Paul's Journal)
Phishers Targeting Growing Mobile User Base and Online Services (Microsoft Security Blog)
Start 2014 With the Right Networking Tools (WindowsNetworking.com)
Windows Protocols Documentation (Microsoft Download Center)
SharePoint, Exchange and Office
Missing E-mails In Outlook 2013 With Office 365 Or Outlook.com (Jorge's Quest for Knowledge)
Product Review: C2C PST Enterprise (MSExchange.org)
Windows Azure Pack Architecture (Thomas Maurer)
Windows Azure Mini Case Studies (Microsoft Download Center)
The Seven deadly sins of DevOps
You might think you’re ready, but before jumping into a DevOps strategy, it is crucial to have a strong understanding of common pitfalls and mistakes. Read this strategic article for a list of the seven deadly DevOps sins, and learn what you can do to avoid these destructive failures.
It might be a zero client if…
Do you have a clear understanding of what a zero-client is? While one single definition may not yet exist, it is critical to understand the capabilities and limitations they can offer. For a clear breakdown of each, read this comprehensive resource and decide for yourself which zero-client you should choose for your company.
Pods offer scalability but bring clustering challenges
Converged infrastructure pods offer numerous benefits, including supportability and consistency, but because pods are not “one size fits all,” they may not necessarily fit with your own virtual infrastructure. Find out if you can benefit from using converged infrastructure pods and review tips on how to design your own cluster of pods in this detailed resource.
Ways to keep a resource pool from sinking performance
To avoid VM performance issues, it is crucial to use resource pools properly so that they deliver the right resources for changing workloads. By using proper resource pool practices, you can succeed in keeping your high-priority VMs afloat. Find out more inside this special report.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
Amazing Billiard Trick Shots 2014 By Florian Kohler
These amazing pool trick shots are only possible if you are a master of concentration, physics, geometry, and magic.
Astounding Wire Balancing Act - Tatiana Kundyk - Ukraine Got Talent
Tatiana Kundyk does the most amazing things on a thin wire and leaves the audience and jury of 'Ukraine Got Talent' awestruck and impressed.
How Wolves Changed An Entire Ecosystem
When wolves were reintroduced to Yellowstone National Park after being absent nearly 70 years, something astounding happened.
The Cat And The Ducklings
A beautiful story from Ireland about 3 baby ducklings and a cat.