Viz Vista by Ed Tittel

The second Tuesday in each month is when Microsoft schedules its patches, fixes, and security updates. Recently, Microsoft has begun to offer Advance Notification for its Security Bulletins, which makes it a lot easier to tell what's coming down the pike. For December, 8 updates have been pushed to the Windows Update servers

A rootkit is a particularly stealthy and nasty form of malware designed to take over complete control of a system (root level access in UNIX terms means "access to everything, no holds barred"). Rootkits seek to hide from detection via standard operating system based security mechanisms, and require special tools for detection and cleanup.

As somebody who's been researching and writing about malware since 2003, I've come to recognize Danish information security firm Secunia as a reliable source of good intelligence about what's happening on the threat landscape. When a malware alert, proof of concept exploit, or news story shows up with their name on it, I will invariably pay attention. That's why I was very interested to read in a a recent issue of PCWorld (November 11, 2008) about the Secunia PSI vulnerability scanner.

Last night when I was quitting for the day, after 11 PM, I noticed that the autoupdate function in Windows Update had posted two more items to my primary production PC. Both look interesting, but so far I've had some trouble trying to ferret out more details about one of these two patches.

Normally, Microsoft reserves its security patches, fixes, updates, and other software tweaks and maneuvers for the second Tuesday in each month, aka "Patch Tuesday." Yesterday afternoon I was somewhat surprised to see various sources trumpeting the release of an out-of-schedule security patch through Windows Update on the fourth Thursday in October.

Any time something surfaces in Event Monitor that I've never seen before, it always piques my interest. My usual practice is to scan the Event Monitor's Windows Application and System logs every Monday morning to see what might need my attention. This morning, among the items that caught my eye was this message "Application (pid 4684) cannot be restarted - Application SID does not match Conductor SID" from an unfamiliar source--namely the Restart Manager.

This morning, I posted the news that circumstances beyond my control--a crashed member of the mirrored disk pair that makes up the system drive on my production PC--forced me to reinstall Vista on that machine. I'm now more or less finished with that chore, though I still have many more applications to dig up and reinstall to completely rebuild the desktop environment present before the crash. That said, I probably won't reinstall everything anyway: I've become a believer in keeping my production machine simpler and less cluttered up than it had been in the months leading up to the crash. That's what test machines are for!

If you've ever looked over the regular updates that get delivered the second Tuesday of every month (so-called "Patch Tuesday") to your Vista machine, you can't help but have noticed the regular appearance of something called the Windows Malicious Software Removal Tool. As I write this blog on 8/05/2008, it's only the first Tuesday of the month, so the latest version is dated 7/8/2008, as documented in KB article 890830 (there's also a download).

Whenever you install a service pack on a Windows machine, it’s not unusual for it to leave plenty of files strewn about your system disk in its wake. What’s unusual about Windows Vista SP1, however, is that it includes its own clean-up utility.

In the wake of installing Vista SP1, I’ve been noticing various little “gotchas” that have popped up and require my attention as time goes by. It’s been about 4 to 5 months since SP1 hit, and I’ve been slowly and steadily inspecting and cleaning up in its wake.