Dear SBCA Reader:

The latest headlines in computing and technology continue to focus on security, especially for people and organizations using the Windows operating system. You know the issues: malicious worms spreading via email, hackers attacking vulnerabilities in Windows, users inadvertently downloading code because they are unfamiliar with security or error messages.

You might also know that help is on the way. Coming in August, Microsoft's next scheduled update to Windows XP - Service Pack 2 (SP2) - contains several new features that focus on securing the desktop environment. That's the good news. The bad news is that SP2 is much more than just a service pack. The lead article in this issue of the Small Business Computer Advisor focuses on the new features in SP2, the sheer magnitude of which compels organizations to seriously assess the impact of SP2 implementation on the computing environment and then to carefully plan for it.

It is our hope that this article will educate and prompt organizations to weigh the risks and rewards of implementing SP2.

We are always eager to hear what you think about this issue and to receive suggestions for topics you would like to see covered in the future. Please send an email to Newsletter Comments.

Thank You,

All Covered

---

In this issue...

Windows XP SP2
More Than Just a Service Pack

The next service pack for Windows XP, called SP2, contains much more than the standard bug fixes and other updates. Many in the industry consider it the equivalent of a new operating system release – one complete with all the usual liabilities as well as benefits. There are new features and changes, mainly in the areas of security, that could affect your computing environment, if the update is not properly planned. Read more…

Virus Update
July 2004

The ongoing battle among rival hacker communities has wreaked havoc on hundreds of thousands of computer users around the world for months. Numerous variations of three different email worms have plagued companies and individuals, causing a frenzy of activity, especially for those who continue to be reinfected by these worms. Read more…

Customer Spotlight
Elpac Electronics

Once frustrated by its technology support resources, Elpac turned to All Covered. The result – All Covered has delivered effective, proactive IT management, making IT "invisible" for this private manufacturing company. Read more…

Tech Tip
Making Sure Your Outlook PST File Doesn't Fail You

Did you know that versions of Outlook (older than 2003) have a size limitation of the PST file? This is the file that holds critical information such as your email, contacts, and calendar. Find out how to make sure the file doesn't get overloaded and stop working. Read more…

Quick Tip
Cost Savings at the Pump

With gasoline prices continuing to rise across the country, here are five tips to help soften the blow to your wallet when filling up at the pump. Read more…

---

Windows XP SP2
More Than Just a Service Pack

When is a service pack more than just a service pack?

Many believe that an excellent case in point is the announced Windows Service Pack 2 (aka SP2), which is the next scheduled service pack for Windows XP users. Much more than a standard service pack release that contains bug fixes and other updates, some in the industry see it as the equivalent of a new operating system release – one complete with all the usual liabilities as well as benefits.

Of special concern for many users and companies is the havoc SP2 can potentially cause. "The service pack", notes the June 2004 issue of Computerworld, "could break current applications, disrupt networking setups, and prompt nontechnical users to make PC configuration decisions beyond their grasp." The magazine also notes that Microsoft, PC manufacturers, and users will likely have more headaches and an increased need for support.

For organizations that have adopted Windows XP, this means an important decision – they must decide whether or not to upgrade to SP2.

To help you make a better informed choice, All Covered has prepared this brief article, highlighting the new features and changes in SP2, the risks and rewards of the upgrade, and our recommendations regarding SP2.

Summary of New Features in XP SP2
In recent months, customers have pressured Microsoft to address several issues in the latest release of the desktop operating system, especially in the areas of security, updating, and reliability. Focused mainly on these three areas, SP2 is scheduled to ship sometime in August. Below is a brief list of its new features.

(For complete information on the release, read the fact sheet from Microsoft at www.microsoft.com/presspass/newsroom/winxp/WindowsXPSPFS.asp.)

Stronger Security Settings

• Windows Firewall (formerly Internet Connection Firewall) is on by default, extending the boot time and shutdown process.
• Attachment Manager isolates potentially unsafe attachments during the opening process. (This feature works with Outlook and Outlook Express.)
• Internet Explorer security improvements and stronger default security settings have been added.
• A data execution prevention feature helps prevent certain types of malicious code from attacking and overwhelming the computer's memory. (Many worms have taken advantage of this vulnerability.)

Increased Manageability and Control

• The Windows Security Center is a new Control Panel feature that allows status checking of all security functionality in one place (Firewall information, Automatic Updates, and third-party antivirus software can all be viewed in this panel).
• Automatic update enhancements make it easier for home users to download and install critical updates automatically.
• Centralized management of Windows Firewall and Internet Explorer lets IT managers have more configuration options for these capabilities. (This enables them to better manage applications by designating certain ports needed by those applications.)
• Internet Explorer Add-on Manager allows network administrators to manage and enforce permissions against a list of Internet Explorer add-ons.
• New wireless LAN client allows easier setup and management of wireless connections and does not require installation or updates to a third-party client.

Improved and More Secure Experiences

• Enhancements to Internet Explorer have been added. These include a pop-up blocker, a new Information Bar, and download monitoring, and they are all geared to enhance the Internet experience, while protecting users from harmful downloads and annoying pop-up ads.
• A Bluetooth update enables customers to take advantage of the latest wireless devices.
• DirectX 9.0b and Windows Media Player 9 series are more secure.
• New Windows XP Media Center and Tablet PC Editions provide improved TV picture quality, enhanced music library, richer photo experience, and integration of pen support in Windows XP.

Rewards and Risks of Upgrading
Security. Security. Security. That's both the major focus of this upgrade and the reward. Several of the most damaging attacks have been against vulnerabilities found in the Windows operating system. Preventing the continued spread of worms and viruses is also another reason to consider the upgrade to SP2.

While many of these new enhancements are quite attractive, many companies that have started testing the early release candidates (beta versions) of SP2 have reported numerous compatibility problems with their applications. The magnitude of the security changes can potentially cause problems with remote users because Windows Firewall is turned on by default. One day, for example, they can connect. But, on the next day, after the update is installed, they can’t. Other risks are related to users unfamiliar with security settings who may be forced to make uninformed decisions about those settings. The consequences could result in a sense of panic when they're continually prompted by web page warnings they have not seen in the past.

Recommendations
Since every company is unique, All Covered does not recommend a "one-size-fits-all" approach. Instead we suggest that you:

1. Review your current environment and determine the potential effects of the upgrade to your network and infrastructure.
2. Create a plan that:
1. thoroughly tests the upgrade in your existing environment prior to SP2 implementation
2. incorporates all types of users supported by your company (on-site, remote offices, home users, or telecommuters)
3. has a rollback component if there are problems when you start to upgrade
4. incorporates user training on the new features, especially in Internet Explorer and the Windows Security Center
3. If you are unable to determine the effects of the upgrade prior to the release, you should — at a minimum — turn off the Automatic Update feature on all Windows XP machines until you have a plan in place. You do not want someone to inadvertently update a machine without having tested it in your fully operational network environment.

If the SP2 update is introduced into your environment without proper planning, you can expect to see, among other issues, multiple communications and connectivity problems that can effectively disable your computing environment and take substantial effort to resolve.

If you are an All Covered Care client, please schedule a time for your All Covered consultant to discuss this important update and plan for its potential installation.

If you would like assistance with SP2, please contact your local All Covered office or give us a call at 866-446-1133 to find the office closest to you.

This Service Pack can be a big step in securing your desktop computers, but, if not implemented properly, it can create big problems for your IT network. Make sure you investigate your options and determine your course of action before embarking on the update.

---

Virus Update
July 2004

The latest ongoing battle among rival hacker communities has wreaked havoc on hundreds of thousands of individuals around the world for several months. Numerous variations of three different email worms have plagued companies and individuals causing a frenzy of activity, especially for those that continue to be reinfected by these worms. Another worm, that also has multiple variations, takes advantage of a vulnerability identified in Microsoft Windows.

The Netsky, Beagle and Sober Worms
The Netsky worm has had over 26 variations released since February with at least eight reaching Level 3 (medium risk) or higher. The Netsky series of worms has been particularly harmful because it is spread using its own mail engine, has random subjects, message bodies and randomly named attachments, and can appear to be sent from someone you know, which makes it hard to identify. Some variations of the Netsky worm also open a back door, which could allow a hacker to take control of the computer.

Beagle (also know as Bagle) is very similar to Netsky as it spreads via email, has random subjects, bodies and attachments and can also open a back door on your computer. This worm has variations that attempt to terminate antivirus software. The Beagle worm can also copy itself to shared network folders and could spread via your local area network.

The Sober worm spreads by sending itself via email using its own mail engine. The subject, body and attachment also vary like Netsky and Beagle, but all information is usually in German or English. The attachment usually has a .zip or .pif file extension. This worm has affected Europe more than the U.S. by a factor of 10 according to Trend Micro Labs.

The Sasser Worm
Sasser is a worm that exploits a Microsoft Windows vulnerability (LSASS; remote code execution) and unlike the others mentioned above, this virus does not spread via email. Users can get the worm if they are simply connected to the Internet AND their system has not been updated or patched; no other user intervention is required to spread the virus. One of the symptoms of an infected computer is a repeated shut down of the system, which may make it difficult to apply the patch.

Protecting Your Computer
All Covered continues to recommend the following approaches to protect users from viruses and worms:

• Keep your antivirus software definitions updated.
• Be wary of email attachments if you have not requested information or if the email and attachment name are vague (document, info etc.).
• Make sure to look at the name of the attachment extension. Many worms use .pif, .scr and .exe extensions.
• Watch for patterns of emails that have the same subject or attachment name, even though they are from different people. Many times the subjects and attachments are vague, such as "file, document or info."
• If in doubt of an email or attachment, throw it away; ask the sender if they recently emailed you and give them the name of the attachment.

If you would like to be notified by email any time a serious virus is on the loose, you can subscribe to All Covered's complimentary Virus Alerts.

---

Customer Spotlight
Elpac Electronics

Elpac Electronics is a privately held manufacturer of power supplies, AC adapters, custom docking stations, and battery chargers and headquartered in Irvine, California. To support the manufacture of its products at locations in both California and Shenzen, China, the company needed an extremely reliable, high-performance IT network.

Over the years, however, the various IT support resources Elpac hired had consistently proved ineffective. Frustrated with the ongoing problems in early 2000, the company decided to take a different approach and brought in All Covered.

Once on the job, All Covered addressed a wide range of computing and network issues such as installing Windows 2000 upgrades, implementing a server-based company-wide spam filtering solution that reduced the spam volume by 90%, installing a new firewall for greater security, and establishing a secure FTP site for the Shenzhen facility for better document sharing.

According to Marshall Wright, COO of Elpac Electronics, "All Covered makes IT invisible – something we don't worry about because problems are addressed so quickly and competently." In addition, he is pleased with All Covered's proactive approach to network management. Before All Covered, everything was reactive. For Marshall Wright and Elpac Electronics, the bottom line has been All Covered's competence and professionalism. "They're the only people we've ever worked with that do it right all the time," says Marshall. "We've never had a problem All Covered didn't nail right away. And that means everything to us. All Covered handles IT so I don't have to."

All Covered also delivers All Covered Care services to Elpac Electronics. To find out more about Elpac Electronics and their products, contact them by phone at 888-ELPAC80 (888-357-2280) or visit them on the Web at www.elpac.com.

---

Tech Tip
Making Sure Your Outlook PST File Doesn't Fail You

Like millions of other people, you may be using a version of Microsoft Outlook that's older than Outlook 2003. If so, you may not know that your Outlook file (PST) cannot exceed 2 gigabytes (GB)* of storage.

For people who use Outlook frequently, this can be a real problem. The PST file contains all your emails, folders, and contacts as well as all your calendar, task, and journal information. Recently, an All Covered client found out about this limitation the hard way. When Outlook became overloaded and stopped working, she almost lost all the data in her PST file.

Some Helpful Tips

To make certain you avoid this problem, here are some practical suggestions:

• Perform maintenance on your mail box.
  This is very important and one of the best ways to keep the size of the file below 2GB. You may want to perform these maintenance tasks:
• Throw out your unneeded deleted and sent items monthly or, if you can, weekly.
• Always delete spam and other unwanted mail as soon as you get it.
• If you receive email with large attachments, save the attachments to your disk and regularly delete the original email so it is not stored in two places.
• Create a separate PST file.
  To archive mail that you may need in the future, we recommend creating a separate PST file you can export and burn onto a CD or DVD or save to a file server. We do not recommend using the Archive feature in Outlook. Here are simple instructions for creating a separate archive PST file:
  • Move all the folders and email that you want to archive into a new folder.
  • Go to File|Import/Export and export the folder to a PST file.
  • Save the file as a different name such as "Archive_x" where "x" is the date or some other identifier (do not use a period in the archive name).
  • Burn the archive PST file to CD or DVD, or save it to a file server.
  • Once you confirm that the new PST file contains all the archived mail, you can delete the archive folder you created and reduce your PST file size.

If you need to access the archived email, you can load the CD. Then, from the Outlook File menu, you can select Open, choose Outlook Data File, browse to your CD (or file server), select the file, and click open. This gives you access to all the mail you exported to the PST file. This procedure can also be used for jobs or projects that have been completed. You can create as many archive PST files as you want and store them on CD or DVD for as long as you need without taking up space on your computer.

How Big Is Your PST?

To check your PST size, go to File|Folder|Properties. Click the Folder Size button and Outlook will show all the folders and their sizes. You can then calculate your total PST file size. If you are close to 2GB, we recommend following the maintenance and archive steps described above. (As reminder: 2GB = 2,000,000 KB or 2,000 MB.)

*The 2GB limitation exists with all versions of Outlook, except Outlook 2003. If you are using Outlook 2003, the limitation has been removed. We recommend, however, that you perform regular maintenance on your mailbox to keep your email manageable.

---

Quick Tip
Cost Savings at the Pump

With the price of gasoline continuing to increase throughout the country, it's important to find ways to lower the cost of 'filling up' at the pump. Most people know about standard maintenance issues such as keeping your tires inflated, regular tune-ups (air filter, spark plugs, oil changes), but here are five tips that can also help soften the impact on your wallet:

1. Buy gas from "independents" or wholesale clubs. Contrary to popular belief, gasoline at smaller independents is not inferior to gasoline from the large, national brands. All gas trucks pull up to the same refinery to get their gasoline. The national chains, however, do put their "perfume", or special additive, into their gas before it arrives at your local station. If you believe their claims of better fuel efficiency and performance from the additive, then go ahead and buy. The gasoline that goes to the independent and wholesale clubs, however, all meet the state's standards so you're not getting inferior gas. Also, you can compare prices of gas vendors within a radius of a zip code; try www.gaspricewatch.com.
2. Avoided extended idling. Don’t leave your car idling for long, either in the engine warm-up stage or if you're waiting for someone. It's better to turn off the car and restart the engine than to let it idle for long periods of time.
3. Use cruise control. If you're on a long trip where there's lots of open road, use the cruise control. Steady speeds increase the fuel efficiency, as long as you're not doing excessive speeds!
4. Minimize air conditioner use. While this may be difficult during the summer or heat waves, using the recirculation or economy setting will help save gas. Also, park in a shady spot, if possible, so the car will remain cool.
5. Plan your errands efficiently. Avoid multiple short trips by combining errands. Take the extra two minutes to plan your route and save gas by avoiding the extra miles.

There are a bevy of other things that you can do to lower your gas expenditures. We've just listed a few. Go to your local automobile club or its website to find more tips for saving money at the pump.