Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Apr 26, 2001 (Vol. 6, #29 - Issue #264)
New Category Security Tools
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- New White Paper: OpalisRobot vs. Windows 2000 Features.
- Performance monitoring
- Service Recovery
- NT/2000 RELATED NEWS
- Whistler Beta 2 still being worked on: New Stuff
- Another Security Flaw: README.TXT can harbor malignant code
- NT/2000 THIRD PARTY NEWS
- New Category Security Tools: PORT MAPPERS
- You Can't Cut Back Too Much
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Network Monitoring and Analysis
You're busy all day keeping your systems up, secure and performing
at their best. Who has the time to surf thousands of websites to find
the latest Windows NT/2000 news, resources and technical advice?
Register for SearchWin2000.com today for all our Free Member Benefits
and you'll also gain access to our free interactive salary survey with
Visit SearchWin2000.com for more information.
The just closed SunPoll was very interesting. I asked people 'please
no religious wars' but one or two guys wrote a script, flooded the
numbers on a regular basis and tried to stuff the ballot-box. (We know
who you are - [evil grin]). These were deleted of course. We have a
"One-IP-One-Vote" rule. So here are the final results. These are 'non-
scientific' as always: the survey consists only of people that choose
Q: What do you consider the most compelling OS of the next 5 years?
(whether or not you intend to use it)
And here is the NEW SunPoll. By now you have had the chance to read
a bit about this, and we'd like to know what you think.
- Windows 2000/Whistler - 54.67% - 2361 votes
- Linux: 35.94% - 1552 votes
- Some other OS: 6.06% - 262 votes
- Solaris 2.45% - 106 votes
- Windows ME: 0.85% - 37 votes
Q: What do you think about the new Software Protection Scheme in
Windows XP? (it's called WPA: Windows Product Activation)
You can vote on both www.sunbelt-software.com and on www.w2knews.com,
and see how your colleagues think about this issue. It may also send
a message to Microsoft. I know they read W2Knews :-)
- Good! It's anti-theft and long overdue
- I can live with it, no problem
- I see difficulties with this in my production environment
- I hate it! We will refuse to buy WXP if Microsoft leaves it in
PS, If you skipped the SearchWin2000 sponsorship above, you shouldn't.
Registering over there proved useful to me. I registered a while ago,
and they do a good job.
(email me with feedback: [email protected])
SPONSOR: Regain 30% Of Your Server Space...
And save hundreds of hours in file cleanup. Maximizing uptime is a top
priority. But without control of the data on your servers, achieving
this priority can be nearly impossible. Servers crammed with obsolete
and non-business related files can jeopardize uptime, drag down backups
and slow down real-time access to what's really important. Adding more
disk space only compounds the problem - soon you'll have twice as many
junk files. That's why Microsoft and 77 of the Fortune 100 insist on
StorageCeNTral. Download your free 30 day evaluation copy, and you'll be
surprised at what StorageCeNTral finds wasting space on -your- servers.
Visit Regain 30% Of Your Server Space... for more information.
New White Paper: OpalisRobot vs. Windows 2000 Features.
- Performance monitoring
- Service Recovery
There is a brand new review out of the latest OpalisRobot V3.6. Bob
Currier, the reviewer at Network World said: "OpalisRobot is an easy-to-
use graphical tool that beats cron and Microsoft's scheduler hands-down."
(cron is a Unix-based scheduler)
Our recent survey showed it clearly. You guys are under pressure. Apart
from normal routine system management tasks, you are asked to do a lot
of other things on top. It?s easy to let things slip though the cracks.
Don't give up - relief can be downloaded right now. OpalisRobot can
provide you with the extra set of hands you've been dreaming about.
Instead of kicking off an event per a date/time trigger, OpalisRobot is
based on event-driven scheduling, and is object-oriented. Big difference
of course. Think: 'File arrives in specific directory' -> now needs to
be FTP'd over to Site B. OpalisRobot has an extensive library of more
than 50 predefined tasks. The docs are outstanding.
If you never have time enough, and day-to-day maintenance tasks suffer,
OpalisRobot can give you some help. It costs a lot less than staff
pay for overtime, and gets you home in time and a weekend off now and
then. The brand new white-paper compares how OpalisRobot functions
compared to W2K in the three areas of performance monitoring, scheduling
and the all-important recovering of services that have gone down.
The download page for the white paper is here, it's the third document
in the "White Papers, Documents and Other Files Section". And the link
to the new review at Network World is on this page too:
NT/2000 RELATED NEWS
Whistler Beta 2 still being worked on: New Stuff
As reported by eWEEK via ZDnet on the 23-rd. It's a work in progress,
and the name for the Server versions is still kept under wraps. I'll
let you know the moment I find out.
There are a bunch of new features coming into Whistler. Here are some
main topics, and the stuff they are working on and adding. Note they are
now beefing up the built-in defragger, and include a personal firewall.
FILE SYSTEM AND STORAGE:
Compressed (Zip) folders
Disk defragmenter enhancements
Forest Trust; Cross-Forest Authorization; Cross-Forest Authentication
Smart card for administrators
Device driver notification
ACTIVE DIRECTORY DEPLOYMENT
DirSync Control improvements
DNS configuration enhancements to the directory's Installation Wizard
Enhancements to the LDAP client and server
Support for command-line administration scripts
Asynchronous Common Gateway Interface
SharePoint Web server
Another Security Flaw: README.TXT can harbor malignant code
You may be aware of Bugnet, they are a supplier of software bug fixes.
Well, they exposed a Windows vulnerability that allows nasties to do what ever
they like, such as mess with the registry, delete files or even wipe out
your hard drive.
The bug was originally demonstrated by security analyst Georgi Guninski
and later validated by BugNet engineers. The bug originates in Microsoft's
Component Object Model (COM) that is built into all Windows systems since
Windows 95. COM objects rely on CLSID to uniquely identify a COM object
and instruct the operating system how to execute it. Using the CLSID,
dangerous executables and scripts can be disguised as innocent .TXT files.
Double-clicking on an obfuscated file will execute, not as a text file, but
in whatever way the original program was written. Ouch! BugNet performed
several exploits to ascertain the seriousness of this vulnerability.
"We were able to create an Excel spreadsheet with a built-in startup macro
that erases files off of the hard disk," said Eric Bowden, general manager,
BugNet. "We created a registry merge file that granted us admin rights on
a Windows 2000 domain server. We even selectively destroyed the Windows
"Despite the menacing nature of these files, they each hide innocently
behind a harmless file name like README.TXT. BugNet has posted a file
which demos the vulnerability".
I went and tried this, and it's true. Until Microsoft creates a patch,
the only protection is for the user to vigilantly check files. When
browsing network files, look at the file icon to make sure that it
matches the file type. Beware of any e-mail attachments that reveal
the CLSID filename. Don't double-click it until you double-check it.
Just to prove it, open a command prompt and do a dir.
THIRD PARTY NEWS
New Category Security Tools: PORT MAPPERS
As you all know, port scanners are used by hackers and crackers to
break into systems. Once they find an open port, one of the things
they try is to see if there is a trojan already in the system, or put
one there. Up to now, it was very difficult to see what executables
were communicating to what ports, so you could see if a trojan is in
your system and opening a port to the outside world. Vision[tm] is
the counter-measure against port scanners and allows you to MAP the
PORTS of a computer, (and a lot more) in no time flat!
Vision, a host based Forensic Utility is the GUI successor to the
well-known freeware tool, Fport. This innovative new product from
Foundstone shows all of the open TCP and UDP ports on a machine,
displays the service that is active on each port, and maps the ports
to their respective applications.
Vision allows you to access a large amount of supplementary data
that is useful for determining host status by displaying detailed
system information, applications running, as well as processes and
ports in use.
You can interrogate ports and identify potential "Trojan" services
by using the "Port Probe" command in the port mapper. Using "Port
Probe", Vision will enable you to send a customized string of data
to the port. Based on the response from the port, a determination
can be made to either kill the port, using the "Kill" command, or
leave it as is.
You can view system events by sorting by application, process, service,
port, remote IP, and device drivers in ascending or descending order.
Identify and review detailed information about Services and Devices
to determine if they are Running or Stopped.
This forensic utility is an essential part of a computer security pro's
tool-kit. Vision maps all of a host's executables to corresponding
ports, allowing you to identify and investigate suspicious services.
Vision enables you to interrogate suspect services to identify back-
doors and Trojan applications. If a malicious service is identified,
Vision allows you to immediately kill it. Download this 30-day eval
today! Best of all, the single workstation license is only $99. A 7-
pack WS is just under $500. Checking this puppy out takes 5 minutes!
You Can't Cut Back Too Much
As you perhaps know, Windows 2000 Magazine has a whole bunch of email
newsletters. One I particularly like is the one called Research Update
and the item below is quoted from the most recent one. In case you are
interested in market research data, you should subscribe to that e-zine.
the link at the end of this article. Here is the quote:
Server Sales Continue to Climb
"Things could be worse?and they might be getting better. That's the
message of International Data Corporation's (IDC's) quarterly results
for the worldwide server market. According to IDC, server sales climbed
to $16.7 billion in the fourth quarter 2000, up 14 percent over the
previous year and the best year-over-year increase in 2000. For the
year, revenue grew 7 percent. Unit shipments topped 1.2 million, up 16
percent from fourth quarter 1999. For the year, unit shipments grew 17
percent. As Graph 5 shows, rack-optimized servers, servers with the
Linux OSs, and servers running Windows NT drove most of the growth."
"The growth of rack-optimized servers has slowed somewhat from the torrid
400 percent year-over-year growth of the third quarter, but the fourth-
quarter performance indicates that companies are still investing in
backbone IT infrastructure. Companies that cut back IT spending too
much risk finding themselves behind the technology curve during the
next market upturn."
This Week's Links We Like. Tips, Hints And Fun Stuff
Extremely interesting research on Enterprise Storage Solutions
A good place to go for Active Directory Admin links and resources
Sunbelt sponsors a free list server for Exchange Admins. High Quality!
PRODUCT OF THE WEEK
Network Monitoring and Analysis
This protocol approach to troubleshooting allows you to troubleshoot
NT and W2K from the ground up. It's full of real-world scenarios, easy
examples and a lot of illustrations. You're going to get solutions
for improving network performance and how to support new applications.
it's got some good techniques to monitor security and detect intruders.
The CD-rom has some cool stuff on it too. Author Ed Wilson. The ISBN
is 0-13-026495-4 by Prentice Hall. Stu's 'Warmly Recommended'.