As is the case the second Tuesday of each month, today Microsoft will deploy the latest set of critical patches for your Windows XP operating system. These “patches” — as indicated in the latest Microsoft Security Bulletin — include critical system components and security fixes to keep those dastardly hackers out of your computer, and the regular monthly updated version of the Microsoft Windows Malicious Software Removal Tool. In order to keep your computer secure, it is necessary to download these updates at your earliest possible convenience.
What is that you say? You’ve set your Windows Update facility to download critical patches automatically? Well, according to Stephen Manes at PC World magazine, “Microsoft’s Automatic Updates service may be automatic, but it is definitely not instantaneous … The only way to ensure that you’ll get updates immediately is to surf to Microsoft’s Windows Update Web site and explicitly request them.”

According to a Microsoft product manager responsible for this stuff, up to five days may elapse before every PC with Automatic Updates turned on actually gets updated. There’s no way to know whether your machine is at the front of the line or the back; the only way to jump the queue is to head directly for Microsoft’s update site. It’s also the only way to collect “optional” updates, such as new versions of Windows Media Player, which never arrive automatically.

So there you go. You’ve got your PC security work cut out for you today.
Create a Windows CD for Your Computer If You Don’t Have One
Why many computer manufacturers insists on selling computers that require you to create up to nine recovery disks rather than selling you a computer that comes with a certified version of Windows, on disk, VanRamblings will never know (a word to the wise, never purchase a computer which doesn’t come bundled with an OEM copy of Windows).
If you’re one of those unlucky folks who are stuck with a computer without an available Windows XP OEM disk, help is at hand.
Lincoln Spector, writing in this month’s edition of PC World, suggests that you download Bart Lagerweij’s free Preinstalled Environment Builder to create a bootable Microsoft Windows XP installation disk. Having this self-made disk on hand is worth anywhere up to $300 to you, and may serve to rescue you from potential disaster should your Windows XP OS go on the fritz. Save yourself a world of heartache. Create the Windows disk if your computer didn’t come bundled with a standalone Windows XP disk.

This week in Tech Tuesday, a brief potpourri of items, mostly revolving around PC security issues — everything from the latest security patches from Microsoft to a work-around for Microsoft’s Genuine Microsoft Software Check facility, and the prospect of a catastrophic attack on the Internet.
Critical Windows Patch Arriving Today
Heads up to all Windows users. The monthly patch scheduled for today includes six security updates affecting Windows, one of which is rated “critical.”
In addition, via its Windows Update process, Microsoft plans to release a refresh of its malware removal tool — the Microsoft Windows Malicious Software Removal Tool — to add detection for new virus and worm variants. Microsoft has also reported it will release one non-security but high-priority update. It is already known that a fix for a denial-of-service flaw in Windows XP will be included in the August patch batch.
Bypass Windows’ Genuine Check
Bypassing Microsoft’s automated check for pirated software may be as simple as inputting one line of code. Within 24 hours of Microsoft officially requiring users of its Windows XP software to validate the authenticity of their software, the validation method was allegedly cracked and disclosed in a public blog.
Late last week, the code snippet appeared on popular blog site BoingBoing claiming to be a way to bypass Microsoft’s Windows Genuine Advantage check. A user only needs to paste the code into the address bar of one of the Microsoft update services before pressing either the ‘Custom’ or ‘Express’ button. The code snippet allegedly disables the key check by turning off the code trigger for the check.
Microsoft Windows Genuine Advantage (WGA) is an effort to prevent users from running pirated non-licensed versions of Microsoft’s software. When visiting one of Microsoft’s update services, users are prompted to download an ActiveX control, which validates their software. Only validated WGA users have full access to Microsoft’s update services; security updates are still available to non-validated users as well.
A Credible Plan To Take Down The Internet
According to CNET Reviews’ Senior Editor, Robert Vamosi, “a credible threat to the infrastructure of the Internet exists that will give everyone who uses the Internet a rough ride … all indications suggest that the clock is ticking toward some kind of showdown between criminal hackers and the good guys.”

At stake is the exploitation of flaws affecting the once-invincible Cisco router hardware, which currently carries most of the Internet’s traffic on a daily basis.

Cisco tried to silence Internet Security Systems Inc. researcher Michael Lynn who was scheduled to reveal a serious flaw in Cisco Systems Inc.’s IOS (Internet Operating System). When Cisco and ISS intervened to prevent Lynn from speaking, he quit his job and gave the speech anyway.

“I admire the guy for being brave,” said Lisa Bickford, president of InReach Internet, and a board member of the California ISP Association. “It’s not easy to quit your job, but he stood by his principles. I think Cisco has some egg on its face.”

e-week contributing editor David Coursey writes that if “Cisco were doing its job, we might not need Michael Lynn to tell us about the company’s shortcomings. But, because the bad guys already know — or could be presumed to know — about the problems, only Cisco’s customers are out of the loop. Or were, until Lynn arrived on the scene.”
Needless to say, Cisco was far from thrilled with Lynn’s disclosure and quickly filed suit in the Supreme Court. This past week, Lynn and his attorney agreed to a permanent injunction that prevents him from using any Cisco code in his possession for further reverse engineering or security research. The permanent injunction does not prevent Lynn from doing further research on Cisco products provided it is done legally.

The next Windows operating system, previously known by the code name Longhorn, will be called Windows Vista.
With a developers test release of the new operating system scheduled for August 3rd, and a broader consumer beta release expected later this year, Microsoft allegedly took eight months researching potential names for the upcoming version of Windows. The new name débuted this past Thursday before roughly 10,000 attendees of a Microsoft sales conference in Atlanta (here’s a short video presentation of the event).
Among the key features of Vista are a new searching mechanism, lots of new laptop features, parental controls and better home networking. There will be visual changes, ranging from shiny translucent windows to icons that are tiny representations of a document itself, as well as the ability to launch applications 15% faster (and boot up 50% faster) than Windows XP does, and resuming from standby in only 2 seconds. According to Microsoft, Vista’s three design goals also include enhanced security, new ways to organize information, and seamless connectivity to external devices.
Given that 90 percent of the world’s personal computers run Windows, and given that Windows XP will become obsolete late next year, chances are that you’ll be switching to Windows Vista over the next 18 months.

Just when you think you have Microsoft’s Bill Gates’ next move figured out, he goes and does the opposite.
Reversing a longstanding Microsoft policy, Gates told those attending the RSA security conference in San Francisco this past week that the company will ship an update to Internet Explorer separately from the next major version of Windows, currently using the code name Longhorn. A beta version of a secure and fully featured Internet Explorer 7 will début this summer, Gates said in his keynote address to conference participants.
In announcing the plan, Gates acknowledged something that many had been arguing for some time — that the browser itself has become a security risk. “Browsing is definitely a point of vulnerability,” Gates said.
Gates also ended speculation about whether Microsoft would shift to a paid model for their recently released (and invaluable, it turns out) AntiSpyware tool, when he announced that the company will continue to provide customers with its new anti-spyware software free. The pledge comes after the company had been testing its AntiSpyware application — technology it acquired with its purchase of security software maker Giant Software.
“Just as spyware (Windows Media Player video) is something that we have to nip down today, we have decided that all licensed Windows users should have that protection at no charge,” Gates said.