KhaineBOT

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-013.asp "..Summary Who should read this bulletin: Administrators of Microsoft® Windows NT® 4.0, Windows® 2000 and Windows® XP systems. Impact of vulnerability: Local Elevation of Privilege Maximum Severity Rating: Important Recommendation: Customers should install the patch at the earliest opportunity. Affected Software: Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP ...." Technical description: The Windows kernel is the core of the operating system. It provides system level services such as device and memory management, allocates processor time to processes and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. A vulnerability results because an attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system. For an attack to be successful, an attacker would need to be able to logon interactively to the system, either at the console or through a terminal session. Also, a successful attack would require the introduction of code in order to exploit this vulnerability. Because best practices recommends restricting the ability to logon interactively on servers, this issue most directly affects client systems and terminal servers. Mitigating factors: A successful attack requires the ability to logon interactively to the target machine, either directly at the console or through a terminal session. Properly secured servers would be at little risk from this vulnerability. Standard best practices recommend only allowing trusted administrators to log onto such systems interactively; without such privileges, an attacker could not exploit the vulnerability. More Info http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-013.asp

I'm looking forward to see what extra security features Windws 2003 Server has, its a pity they didn't release a Workstation version as well, because it looks alot more like windows 2000 then XP (I like 2K more

I think you should get and read the pdf file from http://www.cisecurity.org/ they have a tool to analyse your security and compare it with different standards (including the NSA). Apart from being a very good read, it mentions several ways to disable these shares If you can't find it, PM me and I'll send it to you.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp Affected Software: Versions of the Microsoft virtual machine (Microsoft VM) are identified by build numbers, which can be determined using the JVIEW tool as discussed in the FAQ. All builds of the Microsoft VM up to and including build 5.0.3809 are affected by these vulnerabilities Technical description: The Microsoft VM is a virtual machine for the Win32® operating environment. The Microsoft VM is shipped in most versions of Windows (a complete list is available in the FAQ), as well as in most versions of Internet Explorer. The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail. Mitigating factors: In order to exploit this vulnerability via the web-based attack vector, the attacker would need to entice a user into visiting a web site that the attacker controlled. The vulnerability themselves provide no way to force a user to a web site. Java applets are disabled within the Restricted Sites Zone. As a result, any mail client that opened HTML mail within the Restricted Sites Zone, such as Outlook 2002, Outlook Express 6, or Outlook 98 or 2000 when used in conjunction with the Outlook Email Security Update, would not be at risk from the mail-based attack vector. The vulnerability would gain only the privileges of the user, so customers who operate with less than administrative privileges would be at less risk from the vulnerability. Corporate IT administrators could limit the risk posed to their users by using application filters at the firewall to inspect and block mobile code.

I'm sorry I haven't replied to this earlier, what you could do is use a program like System Safety Monitor, which controls what apps can run and what can't. At the moment it is still in beta but it works really well with XP and 2K. What I would do is password protect the admin side of SSM and tell it what can run, then set it in user mode and when they d/l the *.exe it can't/won't run SSM - http://maxcomputing.narod.mu/ssme.html Also another similar program is Tiny Trojan Trap (Now part of their firewall) it does the same thing except it offers more control than permit or deny.

I'm glad you found it useful APK I have a printed out copy and use it after I've finished instaling everything

Thanks APK grrrr RPC leaving port 135 open (by default) is one of the worst features of windows 2000. It can be stopped from holding port 135 open by following these steps : http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html

try www.tweak3d.net and these : -=[TWEAKING]=- http://members.aol.com/axcel216/ http://www.tweakfiles.com/ http://www.3dspotlight.com/ http://www.tweak3d.net/ http://optimizing.net/ http://www.speedguide.net/ http://tweakhomepc.virtualave.net/thpc.html http://www.overclockers.com http://www.overclockers.co.uk http://www.overclockingstore.co.uk http://home.earthlink.net/~chinmonster/links/index_links.htm http://www.hexus.net/ http://www.utilitygeek.com/ http://people.ne.mediaone.net/rizun/index.html http://www.heatsink-guide.com/ http://www.56k.com/ http://www.voodoofiles.com/ http://www.windrivers.com/ http://meltingpot.fortunecity.com/botswana/733/softcraft/intro.htm http://www.comppwizz.com/ http://www.onecomputerguy.com/index.html http://blue-lemon-labs.virtualave.net/ http://www.shellcity.net/ http://www.putergeek.com/ http://www.smartalec2000.com/ http://www.apushardware.com/?action=articles&id=44 http://www.rojakpot.com/ http://www.regedit.com/ http://tweakcentral.com/ http://www.tweaktown.com/ http://www.pcguide.com/ http://www.windowstrouble.com/ http://www.2cooltek.com/ http://www.win98central.com/ http://www.pureperformance.com/ http://webwi.de/main.htm http://www.angelfire.com/biz/serenitymacros/ http://zoiah.m3dzone.com/ http://www.tweakbase.com/ http://www.ocshoot.com/ http://sysopt.earthweb.com/ http://www.extremeoverclocking.com/ http://www.3dfxgamers.com/view.asp?PAGE=drivers http://solo.abac.com/dllarchive/index.html http://www.rocketdownload.com/helpsfil.htm http://gabe-x.hypermart.net/dlls-vbxs/ http://www.topfile.com/dll/ http://dllstar.hypermart.net/ http://support.microsoft.com/servicedesks/fileversion/dllinfo.asp http://www.hackers-supply.com/hack/dll/ http://www.uforesources.com/dlldownload.html ftp://ftp/matsusaka-u.ac.jp/pub/windows/dll/ http://www.32bit.com/hyper95/get/hardware/2841.html http://www.channel1.com/support/software/runtime.html http://support.microsoft.com/support/vbasic/runtime.asp http://www.geocities.com/SiliconValley/Sector/5185/vbx.html http://www.mindspring.com/~d7dot/drivers01.htm http://www.windrivers.com/ http://www.driverzone.com/ http://www.driverguide.com/ http://temp:512@www.driverguide.com/guide/intro.htm http://www.mrdriver.com/ http://www.evitech.fi/~jarnomn/files/drivers http://www.conitech.com/windows/index.asp http://www.drivershq.com/ http://www.pcanswers.co.uk/ http://meltingpot.fortunecity.com/botswana/733/softcraft/intro.htm http://www.anandtech.com/ http://www.tomshardware.com/ http://www.sharkyextreme.com/ http://www.virtualhideout.net/ http://www.vtoy.fi/jv16/ http://tweakup.homestead.com/ http://www.iarchitect.com/mshame.htm http://www.desktopian.org/ http://www.voodooextreme.com/koolsmoky/ http://members.aol.com/ojatex/ http://www.wmeworld.com/ http://www.activewin.com/tips/index.shtml http://www.fiveanddime.net/notes.html http://www.amd-oc.com/ http://198.95.255.188/Speed_Demonz/Disk_Cache_Optimization/Disk_Cache_Optimization_01 .htm http://www.storagereview.com/ http://www.ugeek.com/procspec/prospec.htm http://www.octools.com/ http://snakefoot.homestead.com/ http://www.littlewhitedog.com/reviews_other_00015.asp http://www.fixwindows.com/ http://www.winguides.com/ http://808hi.com/56k/ http://www.optimizing.net/ http://www.nikkie-luuc.demon.nl/ http://www.linuxdoc.org/LDP/Linux+Windows-GUIDE/ http://microshaft.8k.com/ http://napsterzone.homestead.com/utilities.html http://users.iafrica.com/d/da/dalen/tclockex.htm ftp://ftp.twoguys.org/pub/linux/distributions/mandrake/ http://hermes.spacesports.com/~ivanf/ http://srana.virtualave.net/ http://members.tripod.com/mr_tweaks/mytweaks/ http://www.jsiing.com/reghack.htm http://www.ntfaq.com/ http://www.ntcompatible.com/ http://www.superspeed.com/ http://www.pixelstation.com/APKWeb/ http://www.grc.com/nr.dll?bh0bkyd2

I'll give it a go, and tell you guys what its like [Edit]The DNS is still cached where I live and I get a 401, so I'll have to wait, unless someone has a direct download[Edit]

I believe that EFS itself is secure, but the way Microsoft implemented it is flawed and thus not secure. About that program APK, I honestly don't know if it works over lan's or not, as I haven't used it.

Well in windows 2000 EFS can apparently by bypassed 3rd party software : http://www.elcomsoft.com/aefsdr.html "Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2000. Files are being decrypted even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys (private or master) have been tampered. Besides, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions of Windows 2000 (including Service Packs 1, 2 and 3)." So I would prefer to using something alittle more secure Second Both of these products encrypt the whole HD, so they can't use a boot disk to delete the SAM account, which is a big bonus

Hey APK, what exactly is watchdog ?

The ONLY viable solution to protect your HD is to encrypt entire content of the HDD with secure encryption and use preboot authentication so that nobody can tamper it. ALL other options WILL fail, since there is always possibility to either tamper the settings, take out the HDD to read the contents of it or plant trojan horse into it. Couple examples of such (not-so-free) products are - "Drivercrypt plus" http://www.drivecrypt.com/dcplus.html - "Safeboot solo" http://www.controlbreak.net/products/sbsolo41.html After that, all you have to worry about is hardware keyloggers...

I have 2 computers networked, 1 is win 2k Pro, and the other is Windows 98. Whenever I try to access the 98 machine from the 200o one I get a message saying "The acount is not authorized to log in from this station". I cannot get the 98 machine to access the 2000 machine because it cannot find the share, it always wants to use IPC$ I am using netbui to connect the two together, and have never seen this issue before. Any help would be greatly appricated

Proxomitron will work with any browser as : Quote: So, what the heck is a Proxomitron anyway? Have you ever wished you could turn off some of those fancy new HTML features your web browser supports? Are you tired of pages filled to the brim with blinking banners, pop-up windows, and other such aggravations? Enter The Proxomitron, Re-Writing the web Your way... Using special HTML filters, the Proxomitron can transform web pages on the fly - changing most anything you wish. Speed your browsing by saying goodbye to slow loading cyber spam and other web-gimmickry. Customize pages to suit your tastes. Take control of your web viewing, and don't be slave to some web-master's whims. It works with most any browser (not just the big two) and, for starters, can do the following keen things... Stop or limit Pop-up windows Control MIDI music and other sounds Freeze animated .GIFs - load only the first frame Kill most all advertising banners Stop Web-Branding and other scripts added by web space providers Stop Pop-up alert/confirm boxes Remove slow web counters Stop web pages and ads from "auto-refreshing" Remove Dynamic HTML Prevent getting stuck in someone's frames Remove frames or tables altogether for that matter Kill or change selected Java scripts and applets Add your own scripts to pages! Remove or replace web page and/or table background images Stop Status bar scrollers Unhide URLs obscured by status line text Convert blinking text to bold Remove Layers and Style sheets Automatically re-write or redirect URLs Create lists of sites to block or allow Create similar lists for just about anything else And as they say, much, much more... All features can be individually toggled on and off, or limited to specific sites. Better yet, it's just a taste of what the many included filtering rules can do. You have the freedom to modify the rules or create new, equally powerful, rules of your own! You can add filters or complete configurations created by other Proxomitron users for an ever expaning array of tasks. The secret life of a web browser revealed! Not everyone is aware that there's a hidden conversation going on between your web browser and the sites you visit. Known as HTTP header messages they can contain all sorts of information - some of which you might rather keep to yourself. The Proxomitron not only lets you view all messages, but also lets you alter, add, or delete them. If security is important to you, make it your business to know what your browser is telling the world and have it say only what you want! Choose your proxy. If you already use web proxies to speed your internet viewing, the Proxomitron can help here too. It can maintain a list of different proxy servers and allow you to easily switch between them. You can even test proxy servers for accessability and see what, if any, HTTP headers they may add. What's it cost? Nothing - It's Free... This isn't demo-ware! It's fully functional with no nag screens or time limits - use it as often as you like for as long as you like. Released as ShonenWare, you can support the program's future development by purchasing any album by the female, Japanese power-trio Shonen Knife! They are an amazing band who's music I dearly love. By supporting them you not only make me happier, but can perhaps help make the entire world a happier place! Origins... Some time ago I began to notice that many of the wonderful new features added to web browsers, far from making pages better, were instead making the web a more and more hostile place! Cramped frames, pop-up windows, music you can't shut off, stroboscopic animations, and and ever increasing deluge of slow loading advertising content were making web viewing something akin to trying to read a novel in the middle of Times Square on New Years Eve! I decided to try and create a general purpose solution - one that could not only stop the aggravations of today, but also any demonic HTML tags lurking in the future. Thus the Proxomitron was born! At it's heart is a powerful text matching engine. Similar to wildcards and regular expressions, but specially designed for HTML, it can re-write web pages on the fly. Think of it like a very powerful "Search and Replace" for the web. Troublesome HTML can be altered or removed and new content can be added - even your own JavaScripts! By simply selecting some of the many included filters, you can say goodbye to common nuisances like animated GIFs, pop-up windows, advertising banners, dynamic HTML and more. Best of all, these rules are not hard-coded. More than simply flexible - You can completely change them, make them more powerful, and of course, add rules of your own! If it can be written in HTML, it can probably be controlled by the Proxomitron. The final power is yours! Not only can the filters stop general aggravations, but web pages you visit often can be completely customized to suit your own taste. Don't like someone else's choice of colors, fonts, or backgrounds? Use your own instead. Delete useless frames or even change their JavaScripts to work the way you want. There's really no limit! However it is always good to try alternitive programs so that you find the one that suits you best. BTW normally I would use the name Khaine, but it was taken. anyway I've only been here 2 days and found it a great reasource for Windows 2000 / XP / NT users.