- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, May 8, 2000
Bitten By LoveBug? Try This Swatter!
  This issue of W2Knews™ contains:
1. EDITORS CORNER: 

* Thank You For Your Feedback, Really. / FIRST WINNER 

of our Recommend a Friend & Win $500 Campaign

2. TECH BRIEFING:

* Virus Protection too late? Try this BUG SWATTER, cause

mutations are sure to follow!

3. NT RELATED NEWS:

* Biometric Additions to Windows to Bolster Security

* Results from Sunbelt/Giga Hardware Reliability Survey

* Gartner Group Sez: Linux Not Taking Over World.

4. NT THIRD PARTY NEWS:

BEEN INFECTED BY THE VIRUS ALREADY? NEED AN EXTERMINATOR? 

Here are some third party tools that have come to the rescue:

* SCRIPTLOGIC cleans up the Morning After

* LOVE KILLER by ECM V2.5

* FileScreen Blocks LoveBug

5. HINTS AND TIPS: PRACTICE SAFE EMAIL

6. THE NT/2000 STOCK WATCH - Thursday Friday 28, 2000

7. HOW TO USE THE MAILING LIST

Instructions on how to subscribe, sign off or change your address.



******************** SPONSOR: NETIQ **************************



How will you monitor Active Directory? Ensure the replication,

verification and day-to-day health of Active Directory with 

AppManager - the most trusted applications management solution

for Window NT/2000. Find out why companies like Microsoft, NASDAQ

& PlanetOutdoors.com chose AppManager to get a grip on centrally

managing their Windows environments. For more AppManager info and

a *FREE* white paper on monitoring Active Directory, visit:

http://www.netiq.com/go.asp?ID=66



**********************WHAT IS W2Knews?***************************

Sunbelt W2Knews (the original NTools E-News) is the World's first 

and largest E-Newsletter designed for NT/2000 System Admins that 

have the job to get and keep NT up & running in a production 

environment. Sunbelt launched this electronic newsletter early 1996. 

Every week we keep the Windows NT/2000 community informed and aware 

of new developments of NT and 3-rd party System Management Tools. 

You get hints and tips that will enable you to better utilize and 

understand Win NT/2000 and help to pass your Certification Exams.

Info and Stu's bio: http://www.sunbelt-software.com/w2knews.htm



Via (separate) NTools E-NewsFlashes we will send you important 

breaking news like new service packs, killer viruses, etc. Sunbelt 

Software is the first and largest provider worldwide of Third 

Party System Management Tools for Windows NT. Tell Your Friends!

All back issues are here, searchable and indexed on key words:

http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=nt-list&text_mode=0

-------------------------------------------------------------------



1. "EDITORS CORNER" 



Hello NT/2000 Pros, 



Well, the Microsoft Breakup 'opinion piece' I sent was certainly

the one with the highest amount of feedback EVER. I'd like to

thank you all for your feedback, comments and viewpoints. It

was fascinating to read all the different ways you are looking

at this issue. I started with answering everyone personally, but 

the volume was just too much. -And- I had to write the newsletter 

you are now reading. Again, I really appreciate your feedback, 

whether you agree or if you told me I was nuts. I learned a lot!

----



Our first WINNER can now choose from a digital camera, a Palm, 

color printer, MP3 player, camcorder or any other cool gadget

at Amazon.com. Our 'Word of Mouth' campaign is getting popular! 

How does it work? You fill out the form, we invite them, and 

when they subscribe, BOTH of you will be entered for the draw 

that week. Less than 1 minute work & repeat for more friends! 

CLICK & WIN AT: http://www.sunbelt-software.com/



This weeks winner is David Johns at qgraph. When we called

him he was real happy! We order these online. This is how it

looks, they get sent by EMAIL, so you have them right away.



 Thank you for your Amazon.com gift certificate order!

 Your order summary appears below. To see the latest 

 information about your order, please visit: 

 http://www.amazon.com/your-account

 

 ----------------------------------------------------

 Quantity: 1

 Amount: $ 500.00

 

 Gift certificate(s): $ 500.00

 Shipping: free

 Tax: $ 0

 -------

 TOTAL: $ 500.00

 

 Will be sent to: [email protected]

 Thank you for shopping at Amazon.com!



Want one too? Go to our home page and recommend a friend!

CLICK & WIN AT: http://www.sunbelt-software.com/



Warm regards,



Stu Sjouwerman

Email me with feedback at: [email protected]



**************************SPONSOR*****************************



Need to track the serial number and model of all your machines? 

Tired of paying extra because you can?t effectively track your 

leased equipment? Computing Edge Inventory +Solution gathers 

PC serial number and full end-user details, including location, 

which can be viewed from any web browser. Simple to deploy; zero 

footprint; report via the Internet/Intranet. Numerous W2K pre-

deployment reports! Same great value with UNIX Inventory +Solution. 

Register to win a Compaq 18' flat screen monitor. Retail value: 

$3200. 30-day FREE trial! http://www.computingedge.com



****************************************************************



2. TECH BRIEFING:



* Virus Protection too late? Try this BUG SWATTER, cause

mutations are sure to follow!



Well, the world is now a few days into a new rash of a mailvirus

infection. Technically it uses 'worm-technology', but carries a

nasty payload so it can be legitimately called a virus. More 

over, it was relatively easy to change the script, so a few 

copycat worm/viruses are already out there. Latest count is at 

least 5 or 8 by now. Small alterations make the email message

look different, but execute an almost identical script. Worse, 

it is likely that similar variants are coming down the pike, 

using Widows Scripting host, Java scripts and/or HTML scripts. 

The mutated 'Mother's Day' that surfaced yesterday deletes all

.ini and .bat files from local directories and drives, yikes!!



By now, there is more known than on Thursday morning when I sent

you the first warning. This script contains 5 attacks, and seems

to have originated in Manilla. I was alerted to a site that

shows the different parts of the script and what they do. I'm

sure there are more sites but I thought this one did a good job 

explaining the script's evil ways: http://www.needguide.com/



NOT OPENING A LOVELETTER FROM SOME ONE YOU KNOW?



So now, how to handle these kinds of things? Training your users

to 'practice safe email' is not watertight. Despite repeated

warnings from me personally to the whole staff even a week or 

two ago, two people still opened this thing up and infected the

whole company anyway. I mean, you get a love letter from some

one you know and you don't open it up? .



Russ Cooper from the NTBUGTRAQ has two works on dealing with 

email and security that you could use to train users.

http://ntbugtraq.ntadvice.com/safemail.asp

and

http://ntbugtraq.ntadvice.com/outlookviews.asp

I quote Russ: "Neither are intended to be a complete solution. 

You should contact your support group and find out what, if 

anything, you need to do to ensure your anti-virus programs 

are up-to-date. I know that Symantec, Datafellows, and even 

NAI have updated definitions available for this latest wave.

Regardless of how much you might think someone is going to 

send you a love letter, you should treat any anonymous email 

as you would a knock at your door at 3:00am in the morning"



One of the problems is that often your virus protection software

is too late. Things as nasty as this spread SO fast that it is 

logistically unlikely _all_ signature files of everyone can be 

updated in time. That means you still run the risk of getting 

hit, even though you have anti-virus software running. Now what?



YOU'RE ON THE TITANIC AND YOU FEEL THE BOAT SINKING...



All of you have your own personal network of contacts that give 

you early warnings you when these thing happen. Colleagues, users, 

discussion lists, friends on the Net, you name it. Often we are 

warned and know this thing is in the wild, but our anti-virus (AV)

signatures are not there yet, your AV software cannot block any

attachments, or you are desperately trying to get through to the

website of your AV-vendor, but they are maxed out and you cannot

get in. You're on the Titanic, you know the boat is sinking,

you know there is help on the way but it's not here N O W...



I have one more additional 'Bug Swatter' for you that complements 

your anti-virus solution. It's called MAIL ESSENTIALS. There are

two key things this tool provides: 1) BLOCKS ALL EMAILS CONTAINING

SCRIPTS AT THE EMAIL SERVER LEVEL. You may perhaps get some false 

alarms that way, but it's better to be safe than sorry. Works

well with Exchange but also SMTP.

2) YOU can enter a search string IMMEDIATELY that filters the 

critters out before they even come in your mail servers and AV

software to begin with. So you could enter the specific 'lovebug' 

words and anything that contains this is prevented entry. That 

way you don't have to shut down your Exchange IMS (Internet Mail 

Service) and normal bizz operations continue, saving extremely 

costly downtime.



THINK SUPER LOW COST 'EMAIL FIREWALL'



MAIL ESSENTIALS is a 'content checking gateway' that you install

as it were 'before' your mail servers. AV-tools work by letting

all emails IN, and then try to disable them. Content Checking

gateways prevent entry in the first place, and stops all messages 

that could be dangerous. It's not a virus protection tool, but it

can integrate with one. Better to think: 'Email Firewall'.



With MailEssentials, blocking this virus is easy: Just set Mail 

Essentials to block VBS attachments in the Content Checking tab. 

This will block any incoming/outgoing infected mail. This way, 

the Mail Essentials resolution will block all viruses of this 

kind, as it will quarantine any attachments using a VB script. 

This means that Mail Eessentials will also catch any variants of 

the Love Letter virus using VB script.



Even if you do not plan to buy it, I suggest you download the

free 30-day eval from our High Speed FTP server and cover your 

behind asap. I decided to give you all the pricing right away 

so you can get approval from management immediately. This tool

is kind of a nobrainer because it is so cheap, and plays nice

with your existing anti-virus software.



SKU: License: US$: Euro: UK:

---------------------------------------------------

P6106540010 10 Users $250.00 272 159

P6106540020 20 Users $375.00 407 238

P6106540030 25 Users $450.00 489 286

P6106540040 35 Users $675.00 733 428

P6106540050 50 Users $895.00 972 568

P6106540060 100 Users $1495.00 1623 948

P6106540070 250 Users $1995.00 2165 1265

P6106540080 500 Users $2495.00 2708 1581

P6106540090 UNLIMITED(!) $2995.00 3250 1898



Price applies to any number of Exchange/SMTP servers as long 

as they are within the same site (ie The number of servers 

is irrelevant, as long as the number of users are all within 

the same site) 



MailEssentials Product Specs page and download forms are at:

http://www.sunbelt-software.com/product.cfm?id=610

(Oh yeah, if you buy now you get a free Windows 2000 upgrade)



Next, if your LAN is already infected, how to get rid of it?

Check out the NT THIRD PARTY NEWS section, as some of our vendors

have solutions ready for you that are faster than doing everything 

by hand.





****************************************************************

3. NT RELATED NEWS:



* Biometric Additions to Windows to Bolster Security



Microsoft has made a deal with I/O software to include software

that uses 'biometric' devices such as fingerprint, voice patterns

or eye scanners to boost (online) security.



I/O Software has written an API that allows for instance a mouse

with a built in fingerprint scanner to replace the username /

password drudgery with plug-and-play. Pretty useful as a matter 

of fact. Just grab your mouse and NT authenticates you. I want it!



The fact that MS decided to pick up this particular API more or

less standardizes the field, which is in this case especially

useful to that we can get some competition from hardware vendors

that now have an API they can interface with for their biometric

devices. It's not sure when we will see this appear, but I would

just love to see this in a coming service pack. Microsoft, are

you listening? ;-)

------------------------



* Results from Sunbelt/Giga Hardware Reliability Survey



The GIGA Information Group and Sunbelt do regular surveys. This

time we looked at Hardware reliability and surveyed over 800 out

of our customer base. The actual users of the hardware are normally

the most reliable source of the total vendor experience: products/

support/sales/customer relationship.



Rob Enderle, the VP Mobile Desktop & Internet Technology of Giga 

is in the process of writing a detailed Planning Assumption for

Giga's customers, but Sunbelt has received a sneak peak so we can

talk about the very interesting results. We will come out soon

with nice graphs on our website that show everything much clearer

than just this text.



Most customers buy a mix of desktop and notebook computers from

a particular vendor. IBM customers are showing a clear preference

in terms of notebook sales, and HP in terms of desktop sales which

is consistent with current beliefs. It is interesting to see how

closely Dell and Compaq match each other, supporting the belief

that Dell has become the replacement vendor for Compaq. When asked 

for their Service experience, Dell and Gateway come out first, 

followed by 'Other', IBM and Compaq. 



There is much more to follow about this one. I'll keep you up to

date!

------------------------



* Gartner Group Sez: Linux Not Taking Over World.



According to recent research by Gartner Group, the battle to 

dominate the general-purpose mid-range server market is over and 

Windows has won.



George Weiss (Gartner Hardware and Operating Systems Group VP and 

research director) claimed they are not saying that Linux is dead, 

but that it 'aint gonna' take over the world either. Gartner 

calculated that during the coming five years all the Linux and 

Unix flavors combined, (and that includes Solaris, HP-UX and AIX), 

are going to find themselves with about the same market share of 

the general-purpose server market as Windows.



Gartner's estimations are that just 2 or 3 Linux vendors will really

survive. Caldera and Red Hat will be among them as they have enough

critical mass. Many others are going to stay small players. Not 

included in their report are the embedded market or so the new 

breed of 'server appliances'. 



They interviewed a bunch of Independent Software Vendors and only 

about 30%-35% of these that currently support Windows or Unix, told

them that their mission-critical products will support Linux in 2002. 

Linux will be high on the porting priorities for 60%-65% "but will 

not dislodge current top-tier operating system platforms," and with

that he means Windows and Unix. Main reason: "They're really hard 

pressed trying to figure out how to make money in this market."



One of the results of the survey was they concluded that 

companies that are currently cozying up to Linux (like IBM) are

speaking Linux out of the corner of their mouth but really are

trying to sell their existing Unix OS'es like AIX. 





*****************************************************************



4. NT THIRD PARTY NEWS:



BEEN INFECTED BY THE VIRUS ALREADY? NEED AN EXTERMINATOR? 

Here are some third party tools that have come to the rescue



* SCRIPTLOGIC cleans up the Morning After



The developer of ScriptLogic has published a custom script for 

ScriptLogic that will clean up the after effects of the Lovebug

worm virus. Now that everyone has updated their virus signatures

to catch it, the clean-up must still be done. That's where this 

script comes in. It removes the infections, creates a log file 

of what machines were found to be infected and can optionally 

remove the vbs and other vbscript associates from the registry 

so that users can't double click on the attachment and re-infect

their systems.



http://www.sunbelt-software.com/product.cfm?id=299

---------------------------



* LOVE KILLER by ECM V2.5



The developer of Enterprise Configuration Manager (ECM) released 

an ECM script that you can use to identify and eliminate the virus 

on an enterprise wide basis. You can import it into your existing 

deployment on your network and take a look at it. Below is the 

Read Me so you can see how to do it. 



Detecting the I Love You Virus Using ECM 2.5:

1) Run SQL Query Analyzer.

2) Select your ECM database.

3) Load the love.sql script provided.

4) Run the Query. This query loads new file alerts that will 

identify any machine that has been infected by the Worm Virus. 

It will also write an event to the event log for any machine 

that meet these file criteria, as well as any machine whose 

AutoExec.bat has been modified.

5) Stop and restart the collector so it will pick the new file 

alerts.

6) Run a instant collection against your machines. Selecting 

static information and file alerts.

7) If any of these files exist on your machines you will receive 

a file alert in the GUI as well as a event written to the event 

log of your collector machine. 



How to load the Love Killer for ECM 2.5



This is a batch file that is designed to be run as a job submission 

that will delete all files related to the 911 Virus from any of 

your monitored systems.



1) Save the lovekiller.bat to a shared location on your network.

2) From the General Configuration menu select the Job Submissions 

Tab.

3) Click Add.

4) Name the Job

5) In the Command(s) to Execute window put the UNC of the 

lovekiller.bat, i.e. \\wpfile01\virus\lovekiller.bat.

6) Leave the options default.

7) Select an account to authorize this job and a job password.

8) Click Ok. Click Ok. And Click OK to update the collector 

with the new settings.

9) Log out of the console machine and have the Account that 

was chosen to authorize the virus job log in and authorize 

the job from the General Configuration | Job Submission Tab.

10) From the General Configuration menu select the Collection 

Times Tab.

11) Select your Default Group.

12) Click add to create a new collection time. Name the collection.

13) Click Next. Select File Alerts. Click Next.

14) Select Run a Job and Select the Virus Job.

15) Establish what frequency and when you want to run this job. 

Click Finish.



More info: http://www.sunbelt-software.com/product.cfm?id=522

---------------------------



* FileScreen Blocks LoveBug



Virus scanning is a critical component of any network. However, 

by the time a virus such as the "LOVEBUG" virus is identified 

and detected, it's usually too late. Virus companies may take 

hours to post a fix, while the virus continues to run its course 

throughout your network.



FileScreen 2000 screens files by name and file type from being 

written to your Windows NT/2000 servers. So, executables such 

as Melissa and Visual Basic files such as "lovebug.vbs." never 

have a chance to propagate in your domains and cause serious 

damage. FileScreen 2000 lets you get a grip on it by choosing 

what file types to screen including: 



Executable files--block dangerous viruses such as Melissa. 

Visual Basic files--protect your data from LoveBug perils. 

Application files--avoid software license infringement suits. 

Sound files--keep your servers from becoming another jukebox. 

Movie files--jokes, movies have no business on your network. 

Graphic files--usually large in size and often of no value. 



More info: http://www.sunbelt-software.com/product.cfm?id=422



****************************************************************



5. HINTS AND TIPS: PRACTICE SAFE EMAIL



* Have a Corporate Safe Email Policy AND enforce it.

* Use 'belt and suspenders'. Combine an AV-solution with a 

'content checking gateway' and file screening tools.

* Instruct users with:

- Be careful with emails if you don?t know the sender.

- Even if you DO know the sender, never execute files if 

you?re not aware of the content. Ask your system/network 

administrator before running the file. 

* Help avoid mail spamming. 

* Though your anti-virus might not have been able to prevent 

this one, update your virus data patterns anyway.



****************************************************************

6. THE NT/2000 STOCK WATCH - Friday May 5, 2000

Data Return is Rocketing up again! Novell loses almost half :-( 



52 WK 52 WK P/E WEEK

SECURITY CLOSE HIGH LOW RATIO CHNG

---------------------------------------------------------------------

Advanced Micro Devices... 92 1/4 92 3/8 15 5/8 66 +5.4%

BMC Software............. 44 1/4 86 5/8 36 45 -5.4%

BindView Development Corp 8 7/16 45 3/4 7 1/2 +4.6%

Cisco Systems............ 67 3/4 82 26 -2.2%

Citrix Systems Inc....... 43 3/8 122 5/16 20 1/4 66 -28.9%

Compaq Computer.......... 27 3/16 34 18 1/4 73 -6.8%

Computer Associates...... 53 1/16 79 7/16 40 15/16 42 -4.9%

Data Return Corporation.. 29 1/4 94 1/4 13 3/4 +19.0%

Dell Computer............ 49 7/8 59 3/4 31 3/8 82 -0.4%

Electronic Data Systems C 61 7/8 76 11/16 47 7/8 42 -10.0%

Gateway Inc.............. 53 7/16 84 28 3/8 38 -3.3%

Hewlett Packard Co....... 136 3/4 156 67 43 +1.2%

Intel Corp............... 123 3/8 145 3/8 50 1/8 53 -2.6%

Intergraph Corp.......... 6 9/16 10 1/4 3 3/16 -3.6%

International Business Ma 107 7/8 139 3/16 89 3/4 26 -3.2%

Legato Systems Inc....... 12 9/16 82 1/2 9 1/4 74 -2.8%

Micron Electronics Inc... 10 3/16 20 11/16 9 24 -4.6%

Microsoft Corp........... 71 1/8 119 15/16 60 42 +1.9%

Mission Critical Software 35 1/8 77 5/8 16 -2.4%

NCR Corp................. 36 3/16 52 5/8 26 11/16 11 -6.3%

NetIQ Corporation........ 37 1/4 81 1/2 14 3/4 +1.3%

Network Associates Inc... 25 13/16 37 3/16 11 5/8 +1.4%

Novell Inc............... 11 44 9/16 9 3/4 18 -43.9%

Oracle Corp.............. 76 13/16 90 11 1/4 -3.9%

Qualcomm Incorporated.... 109 3/4 200 21 1/2 +1.2%

Seagate Technology....... 48 7/8 76 25 1/8 11 -3.6%

Silicon Graphics......... 7 3/16 18 7/8 6 1/2 0.0%

Sun Microsystems Inc..... 90 1/2 106 3/4 27 99 -1.5%

Sybase Inc............... 24 15/16 31 7 1/8 33 +23.5%

Symantec Corp............ 60 1/2 81 5/8 17 3/4 23 -3.1%

Unisys Corp.............. 24 7/16 49 11/16 19 1/2 15 +5.3%

Veritas Software Corp.... 100 3/16 174 15 1/8 -6.5%

Dow Jones 30 Industrials. 10,577.86 -1.4%



*******************************************************************



7. "HOW TO USE THE MAILING LIST" Instructions on how to subscribe, 

sign off or change your email address



TO SUBSCRIBE TO THE LIST (Tell your friends!) 



Click: http://lyris.sunbelt-software.com/scripts/lyris.pl?join=nt-list

and fill out the form, simple & easy: 1 minute work.



Or by email, send a blank message to the following address:

[email protected]



_____________________________________________________



TO QUIT THE LIST



1) The Web Way:

http://lyris.sunbelt-software.com/scripts/lyris.pl?

choose the NT-List, use your email address that is at 

the bottom of each newsletter and leave the list via 

the web interface.



2) The Email Way: Simply follow the personalized 

instructions at the very end of this newsletter.

_____________________________________________________



TO CHANGE YOUR ADDRESS


First unsubscribe and then resubscribe as per the

procedure above.



********************************************************************



FOR MORE INFORMATION



On the World Wide Web point your browser to:



For the newsletter and our website:

http://www.sunbelt-software.com



For Tech Support on Sunbelt products mentioned:

http://www.sunbelt-software.com/scripts/rightnow.exe



Email for US sales information to:

[email protected]

Email for US Tech support to:

[email protected]com

Email to the US Editor:

[email protected]



Email for European Sales to:

[email protected]

Email for European Tech support to:

[email protected]



At the time of this newsletter's release, all links were 

checked to verify their accuracy and validity. However, 

due to the ever changing pages of various sites, some links 

may later prove to be invalid. We regret any inconvenience 

should you be unable to open any of these links.

********************************************************************



Things Our Lawyers Make Us Say:



This document is provided for informational purposes only. 

The information contained in this document represents the

current view of Sunbelt Software Distribution on the issues

discussed as of the date of publication. Because Sunbelt

must respond to changes in market conditions, it should not

be interpreted to be a commitment on the part of Sunbelt

and Sunbelt cannot guarantee the accuracy of any informa-

tion presented after the date of publication.



INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS"

WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,

INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND

FREEDOM FROM INFRINGEMENT.



The user assumes the entire risk as to the accuracy and the

use of this document. This document may be copied and

distributed subject to the following conditions: 1) All text

must be copied without modification and all pages must be

included; 2) All copies must contain Sunbelt's copyright

notice and any other notices provided therein; and 3) This

document may not be distributed for profit. All trademarks

acknowledged. Copyright Sunbelt Software Distribution, Inc.

1996-2000.



(email me with feedback: [email protected])