Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 9, 2001 (Vol. 6, #24 - Issue #259)
Who's Winning The SunPoll: W2K or Linux?
This issue of W2Knews contains:
- EDITORS CORNER
- Who's Winning The SunPoll: W2K or Linux?
- TECH BRIEFING
- Business Continuity Best Practices
- NT/2000 RELATED NEWS
- Massive User Survey Shows: W2K Is Vast Improvement
- Business Buyer Strike, Refusing To License WXP?
- Microsoft Has New Security Bulletin Site
- NT/2000 THIRD PARTY NEWS
- Transcender Pre-sells A+ Exam Simulations
- What Groups Is That User In? And What's Their Access?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- The Practical Intrusion Detection Handbook.
Looking for a simple way to manage your help desk? Need to track the
status of work items, provide detailed cost analysis, and receive
performance ratings for each managed computer from any web browser?
Altiris Helpdesk Dispatcher is a web-based help desk solution that
lowers the cost of managing LAN, WAN, and disconnected users from the
convenience of your web browser. Simple to deploy and manage. Native
Microsoft SMS integration. Click here for specs, screenshots & trial:
Visit Altiris for more information.
Who's Winning The SunPoll: W2K or Linux?
Some people mentioned that the click-thru's at the end of articles
always 'hung'. We fixed that by switching some things around. The
redirects are now via the w2knews.com site instead of Sunbelt Software.
That will fix the problem. Oh, before I forget, if you find that the
sunbelt-software.com site times out, you can always try our mirror site
www.sunbeltsoftware.com (no dash).
We're thrilled with the T3 performance to our site. I'm already hooked
and cannot live without it anymore. Try it out by voting for this week's
SunPoll: What do you consider the most compelling OS of the next 5 years?
(whether or not you intend to use it) www.sunbelt-software.com. We allow
1 IP address to vote 1 time by the way, doubles are deleted to prevent
'ballot-box stuffing'. Windows 2000/Whistler and Linux are the leaders
at the moment. Who will win? We'll know next week after you vote.
PS, I was promised the work on your Profile will be done the coming week.
(email me with feedback: [email protected])
SPONSOR: SWEET SECURITY SOLUTION
...15 MIN. LATER HE WAS IN THE PRINCIPAL'S OFFICE!
A high school network administrator installed Event Log Monitor on
classroom servers to evaluate system performance. The next day, ELM
alerted him that a student was trying to break into the system.
Within 15 minutes, the would-be hacker was in the Principal's office
waiting for his parents to arrive. Use Event Log Monitor to keep tabs
on your security perimeter. Because school boxes aren't the only
computers teenagers like to hack into. Your 30-day eval is here:
Visit SWEET SECURITY SOLUTION for more information.
Business Continuity Best Practices
Some one gave me a copy of a magazine I had never seen before. It's
called Disaster Recovery Journal (www.drj.com) and it had an article
written by Reinhard Koch from Strategic Technologies, Inc. He concluded
with a page that contained 9 rules I think you should all read and apply
if you can:
Just ask yourself: Will your data survive even if your building doesn't?
This will help:
- The Board of Directors annually reviews the business continuity program.
- The responsibility for business continuity rests with a top executive
(CEO or COO).
- A distinct staff, with associated budget, performs the business
- The business continuity function spans all aspects of the organization.
- Business continuity planning is a continuous process within the org.
- The org. maintains a comprehensive backup policy that includes all
- Recovery strategies are in place and are based upon the impact that
the loss of a business process would have upon the organization.
- A recovery strategy-testing program is in place.
- The recovery manual that documents the program is reasonably current
and available under all circumstances. The document is so structured
so that an outside technical expert, unfamiliar with the organization
could execute technical recovery strategies.
NT/2000 RELATED NEWS
Massive User Survey Shows: W2K Is Vast Improvement
In Q1 this year, Sunbelt Software in cooperation with the Giga Information
Group did a really large survey over more than 1,200 Windows 2000 users.
This is the second report about the survey results. We will shortly start
with our Q2 survey and you'll be invited to participate.
Findings & Recommendations:
Overall, Windows 2000 Professional and Server are a vast improvement over
prior versions of the Windows desktop and server operating systems. In
fact, Giga believes that Windows 2000 is the best 1.0 OS release Microsoft
has ever delivered. Users apparently agree: results of four separate Giga/
Sunbelt Software surveys indicate that customers have had an overwhelmingly
positive upgrade experience. The findings show the following:
All in all, these findings have earned Microsoft a well-deserved "A" for
delivering performance and reliability in Windows 2000 (see Figure 4).
- Nine out of 10 survey respondents rate Windows 2000 Professional
performance and reliability as two to 10 times better than Windows
9x or NT 4.0 Workstation.
- 85 percent of survey respondents rate Windows 2000 performance and
reliability as two to 10 times better than Windows NT 4.0.
- Only 1 percent of survey respondents reported that Windows 2000
Professional and Server performance and reliability declined from
prior versions of the OS.
- Only 10 percent of Windows 2000 Professional customers and 14 percent
of Windows 2000 Server users said they saw no discernible performance
or reliability improvements when they installed the new OS. This may
stem from running on sub-optimal hardware.
- Nearly half of the survey respondents - 48 percent - are installing
Windows 2000 Professional first, 24 percent indicated they will migrate
to Windows 2000 Server first and 29 percent will perform a mixed
The whole survey is on the Sunbelt website, this is interesting reading
if you plan to upgrade. Please click on the link below:
Business Buyer Strike, Refusing To License WXP?
The Windows Product Activation (WPA) is promising to be causing MS a
headache. I was sent quite a bit of feedback by business users that
told me they would freeze their environments on W2K and refuse to
touch WXP because of an expected major increase of management costs.
Why? Well, look at the following scenario.
Company has over 300 machines running various licenses and has three
MCSE's to handle them all. Normally it takes 3 to 4 hours to fully
load a new workstation from scratch. That's crazy so they Ghost them.
When one of these systems fails, they repair the system and in all cases
load the appropriate "ghosted" image back on the machine, returning
a stable system to the desktop. With the planned WPA copy protection
that won't be possible.
It would seem that with the new WPA Licensing, they'd have to spend
four hours loading software plus calling Microsoft every time a box
crashes or they purchase a new computer. That's NUTS of course. This
is not a license issue, it is having to hire more people to keep
maintaining what you already have. MS, please come to your senses.
Microsoft Has New Security Bulletin Site
Mark Joseph Edwards, News Editor of the Security Update reported
that MS has a new site that went live last week. He said: "The whole
site is XML based and lets you perform specific searches for relevant
security problems by refining your search based on product and
service pack. For example, you can select Windows NT 4.0 Server
and Service Pack 6a (SP6a) and quickly get a list of all related
security fixes that you can install on NT 4.0 Server systems
I went over there and had a look. Pretty cool, and you should check
it out if you're interested in Security (which you better be! [grin])
THIRD PARTY NEWS
Transcender Pre-sells A+ Exam Simulations
The Transcender gang announced it will pre-sell single-user licenses
for A+CoreCert 2.0 and A+OS-Cert 2.0, exam simulations for CompTIA's
newly revised A+ certification exams. These simulations provide test
preparation for your A+ Core Hardware exam and the A+ OS Technologies
exam, both of which are required for the CompTIA A+ certification track.
During the pre-sell period, Transcender Club members can purchase
single-user licenses for A+CoreCert 2.0 and A+OS-Cert 2.0 for a reduced
price of $89 each through the Transcender Club. Transcender's A+ Pak,
which offers both products, is also available. Transcender will release
the new exam simulations in June.
A+CoreCert 2.0 and A+OS-Cert 2.0 each contain four full-length exam
simulations with 70 questions apiece, including computer adaptive
testing, randomized and customized exam options. Features include
detailed answer explanations, complete with reference to A+ study
guides, and a score history report that provides instant feedback and
pinpoints the user's weak areas requiring further attention.
If you are looking for courseware that covers the updated A+, to
study for the exams before you use the transcenders, check out the
wares from SmartCertify over at:
What Groups Is That User In? And What's Their Access?
Ever asked yourself these questions?
Enterprise Security Reporter (ESR) is a powerful tool designed to
get answers to the questions you have about your network. By combing
through the vast amount of data on your network and storing it in
an open database, you now have the ability to analyze, query and
report on the security and configuration of your network. ESR's
one of a kind functionality - Delta Permissions Reporting? - takes
the manual labor out of viewing security.
- To which groups does a user belong?
- To which folders and files does a user and/or group have access?
- How can I view all the shares and their permissions on my entire
Using the tools that come with Microsoft Windows NT, you quickly
realize that it is nearly impossible to gather the necessary data
to produce the reports you need. ESR provides you an easy and
efficient way to get the data and produce reports that give you
the answers you need.
Using Microsoft Windows 2000? You will be pleased to know that
ESR has full support for Windows 2000's NTFS inheritance model.
Some Pretty Powerful Features:
Try this puppy out. Download here:
- Create unique summarized permissions reports: ESR's exclusive Delta
Permissions Reporting? technology targets and reports permission
changes on folders and files that differ from those of its parent
folder, enterprise wide. Great Report Support - Featuring reports
developed using Seagate Software's Crystal Reports, your reports can
be exported to numerous formats and even emailed to others.
- Support for Microsoft Access Reports - By natively supporting
Microsoft Access reports, we allow you complete flexibility in
developing your own reports in a tool most people are familiar with,
and then letting you run these reports from the ESR interface.
- Scalable Data Discovery - Using either a centralized data discovery
agent or distributed data discovery agents, ESR can accommodate both
small and large networks without becoming intrusive.
- Remote Agent Installation - Install the agents on remote servers
without having to log onto the server itself.
- Open Database - ESR uses Microsoft's SQL Server 7 or the scaled-down
Microsoft Data Engine as its back-end database. This means you can use
any tool you want to connect to and query the data. The ESR database
is fully documented so you can write your own queries and reports.
- Parameterized Queries - When building your own queries, you can define
custom parameters that will prompt the user for information as the
query is being run. This provides a much greater level of flexibility,
and doesn't tie you down to writing queries with hard-coded information.
- Enterprise Scopes - What do you do when you have one-hundred servers
discovered, but you only want to run a query against ten of them? You
define an Enterprise Scope including those ten servers, and add the
scope to your query. This puts more control back in your hands!
- Browse Real-time Data - All of the data in the ESR database is exposed
through an easy-to-use data browser. What's more is that you can also
browse data in real-time using the exact same screen. Sometimes getting
the answer you want is most easily obtained by browsing right to it.
- User Extensible - We don't limit you to just the reports and queries
we thought you would want. We also give you the ability to add your
own reports and queries.
This Week's Links We Like. Tips, Hints And Fun Stuff
Mass Institute for Technology plans to make its courses free via Net
CNN Sci_Tech site has article about catching hackers with HoneyPots
Free Chapter out of W2K Security handbook: Harden Windows 2000: PDF
PRODUCT OF THE WEEK
The Practical Intrusion Detection Handbook.
A pretty good book that goes into the details of product selection,
planning and operations of Intrusion Detection (ID). It's filled with
a bunch of real-life cases and stories of ID systems in action. It
covers both host-based and network-based intrusion detection. The
author Paul Proctor is Director of Technology with Cybersafe.com
and has been active in Security for over 15 years. This is a useful
one. ISBN 0-13-025960-8 - over at