- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Apr 26, 2001 (Vol. 6, #29 - Issue #264)
New Category Security Tools
  This issue of W2Knews™ contains:
    • New SunPoll
    • New White Paper: OpalisRobot vs. Windows 2000 Features.
      • Performance monitoring
      • Scheduling
      • Service Recovery
    • Whistler Beta 2 still being worked on: New Stuff
    • Another Security Flaw: README.TXT can harbor malignant code
    • New Category Security Tools: PORT MAPPERS
    • You Can't Cut Back Too Much
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Network Monitoring and Analysis
  SPONSOR: SearchWin2000.com
You're busy all day keeping your systems up, secure and performing
at their best.
Who has the time to surf thousands of websites to find
the latest Windows NT/2000 news, resources and technical advice?


Register for SearchWin2000.com today for all our Free Member Benefits
and you'll also gain access to our free interactive salary survey with
instant results.
Visit SearchWin2000.com for more information.

New SunPoll

The just closed SunPoll was very interesting. I asked people 'please no religious wars' but one or two guys wrote a script, flooded the numbers on a regular basis and tried to stuff the ballot-box. (We know who you are - [evil grin]). These were deleted of course. We have a "One-IP-One-Vote" rule. So here are the final results. These are 'non- scientific' as always: the survey consists only of people that choose to participate.

Q: What do you consider the most compelling OS of the next 5 years? (whether or not you intend to use it)

  • Windows 2000/Whistler - 54.67% - 2361 votes
  • Linux: 35.94% - 1552 votes
  • Some other OS: 6.06% - 262 votes
  • Solaris 2.45% - 106 votes
  • Windows ME: 0.85% - 37 votes
And here is the NEW SunPoll. By now you have had the chance to read a bit about this, and we'd like to know what you think.

Q: What do you think about the new Software Protection Scheme in Windows XP? (it's called WPA: Windows Product Activation)

  • Good! It's anti-theft and long overdue
  • I can live with it, no problem
  • I see difficulties with this in my production environment
  • I hate it! We will refuse to buy WXP if Microsoft leaves it in
You can vote on both www.sunbelt-software.com and on www.w2knews.com, and see how your colleagues think about this issue. It may also send a message to Microsoft. I know they read W2Knews :-)

Warm regards,
Stu Sjouwerman

PS, If you skipped the SearchWin2000 sponsorship above, you shouldn't. Registering over there proved useful to me. I registered a while ago, and they do a good job.

(email me with feedback: [email protected])

  SPONSOR: Regain 30% Of Your Server Space...
And save hundreds of hours in file cleanup. Maximizing uptime is a top
priority. But without control of the data on your servers, achieving
this priority can be nearly impossible. Servers crammed with obsolete
and non-business related files can jeopardize uptime, drag down backups
and slow down real-time access to what's really important. Adding more
disk space only compounds the problem - soon you'll have twice as many
junk files. That's why Microsoft and 77 of the Fortune 100 insist on
StorageCeNTral. Download your free 30 day evaluation copy, and you'll be
surprised at what StorageCeNTral finds wasting space on -your- servers.
Visit Regain 30% Of Your Server Space... for more information.

New White Paper: OpalisRobot vs. Windows 2000 Features.

  • Performance monitoring
  • Scheduling
  • Service Recovery

There is a brand new review out of the latest OpalisRobot V3.6. Bob Currier, the reviewer at Network World said: "OpalisRobot is an easy-to- use graphical tool that beats cron and Microsoft's scheduler hands-down." (cron is a Unix-based scheduler)

Our recent survey showed it clearly. You guys are under pressure. Apart from normal routine system management tasks, you are asked to do a lot of other things on top. It?s easy to let things slip though the cracks. Don't give up - relief can be downloaded right now. OpalisRobot can provide you with the extra set of hands you've been dreaming about.

Instead of kicking off an event per a date/time trigger, OpalisRobot is based on event-driven scheduling, and is object-oriented. Big difference of course. Think: 'File arrives in specific directory' -> now needs to be FTP'd over to Site B. OpalisRobot has an extensive library of more than 50 predefined tasks. The docs are outstanding.

If you never have time enough, and day-to-day maintenance tasks suffer, OpalisRobot can give you some help. It costs a lot less than staff pay for overtime, and gets you home in time and a weekend off now and then. The brand new white-paper compares how OpalisRobot functions compared to W2K in the three areas of performance monitoring, scheduling and the all-important recovering of services that have gone down.

The download page for the white paper is here, it's the third document in the "White Papers, Documents and Other Files Section". And the link to the new review at Network World is on this page too:


Whistler Beta 2 still being worked on: New Stuff

As reported by eWEEK via ZDnet on the 23-rd. It's a work in progress, and the name for the Server versions is still kept under wraps. I'll let you know the moment I find out.

There are a bunch of new features coming into Whistler. Here are some main topics, and the stuff they are working on and adding. Note they are now beefing up the built-in defragger, and include a personal firewall.


  • CD burning
  • Compressed (Zip) folders
  • Disk defragmenter enhancements


  • Forest Trust; Cross-Forest Authorization; Cross-Forest Authentication
  • Personal firewall
  • Smart card for administrators


  • Hot-add memory
  • Automatic updates
  • Device driver notification


  • DirSync Control improvements
  • DNS configuration enhancements to the directory's Installation Wizard
  • Enhancements to the LDAP client and server

    IIS 6.0

  • Support for command-line administration scripts
  • Asynchronous Common Gateway Interface
  • SharePoint Web server

    Another Security Flaw: README.TXT can harbor malignant code

    You may be aware of Bugnet, they are a supplier of software bug fixes. Well, they exposed a Windows vulnerability that allows nasties to do what ever they like, such as mess with the registry, delete files or even wipe out your hard drive.

    The bug was originally demonstrated by security analyst Georgi Guninski and later validated by BugNet engineers. The bug originates in Microsoft's Component Object Model (COM) that is built into all Windows systems since Windows 95. COM objects rely on CLSID to uniquely identify a COM object and instruct the operating system how to execute it. Using the CLSID, dangerous executables and scripts can be disguised as innocent .TXT files.

    Double-clicking on an obfuscated file will execute, not as a text file, but in whatever way the original program was written. Ouch! BugNet performed several exploits to ascertain the seriousness of this vulnerability.

    "We were able to create an Excel spreadsheet with a built-in startup macro that erases files off of the hard disk," said Eric Bowden, general manager, BugNet. "We created a registry merge file that granted us admin rights on a Windows 2000 domain server. We even selectively destroyed the Windows registry.

    "Despite the menacing nature of these files, they each hide innocently behind a harmless file name like README.TXT. BugNet has posted a file which demos the vulnerability".

    I went and tried this, and it's true. Until Microsoft creates a patch, the only protection is for the user to vigilantly check files. When browsing network files, look at the file icon to make sure that it matches the file type. Beware of any e-mail attachments that reveal the CLSID filename. Don't double-click it until you double-check it. Just to prove it, open a command prompt and do a dir.



    New Category Security Tools: PORT MAPPERS

    As you all know, port scanners are used by hackers and crackers to break into systems. Once they find an open port, one of the things they try is to see if there is a trojan already in the system, or put one there. Up to now, it was very difficult to see what executables were communicating to what ports, so you could see if a trojan is in your system and opening a port to the outside world. Vision[tm] is the counter-measure against port scanners and allows you to MAP the PORTS of a computer, (and a lot more) in no time flat!

    Product Features
    Vision, a host based Forensic Utility is the GUI successor to the well-known freeware tool, Fport. This innovative new product from Foundstone shows all of the open TCP and UDP ports on a machine, displays the service that is active on each port, and maps the ports to their respective applications.

    Vision allows you to access a large amount of supplementary data that is useful for determining host status by displaying detailed system information, applications running, as well as processes and ports in use.

    You can interrogate ports and identify potential "Trojan" services by using the "Port Probe" command in the port mapper. Using "Port Probe", Vision will enable you to send a customized string of data to the port. Based on the response from the port, a determination can be made to either kill the port, using the "Kill" command, or leave it as is.

    You can view system events by sorting by application, process, service, port, remote IP, and device drivers in ascending or descending order. Identify and review detailed information about Services and Devices to determine if they are Running or Stopped.

    Product Benefits
    This forensic utility is an essential part of a computer security pro's tool-kit. Vision maps all of a host's executables to corresponding ports, allowing you to identify and investigate suspicious services. Vision enables you to interrogate suspect services to identify back- doors and Trojan applications. If a malicious service is identified, Vision allows you to immediately kill it. Download this 30-day eval today! Best of all, the single workstation license is only $99. A 7- pack WS is just under $500. Checking this puppy out takes 5 minutes!

    You Can't Cut Back Too Much

    As you perhaps know, Windows 2000 Magazine has a whole bunch of email newsletters. One I particularly like is the one called Research Update and the item below is quoted from the most recent one. In case you are interested in market research data, you should subscribe to that e-zine. the link at the end of this article. Here is the quote:

    Server Sales Continue to Climb
    "Things could be worse?and they might be getting better. That's the message of International Data Corporation's (IDC's) quarterly results for the worldwide server market. According to IDC, server sales climbed to $16.7 billion in the fourth quarter 2000, up 14 percent over the previous year and the best year-over-year increase in 2000. For the year, revenue grew 7 percent. Unit shipments topped 1.2 million, up 16 percent from fourth quarter 1999. For the year, unit shipments grew 17 percent. As Graph 5 shows, rack-optimized servers, servers with the Linux OSs, and servers running Windows NT drove most of the growth."

    "The growth of rack-optimized servers has slowed somewhat from the torrid 400 percent year-over-year growth of the third quarter, but the fourth- quarter performance indicates that companies are still investing in backbone IT infrastructure. Companies that cut back IT spending too much risk finding themselves behind the technology curve during the next market upturn."



    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Extremely interesting research on Enterprise Storage Solutions
  • A good place to go for Active Directory Admin links and resources
  • Sunbelt sponsors a free list server for Exchange Admins. High Quality!

    Network Monitoring and Analysis

    This protocol approach to troubleshooting allows you to troubleshoot NT and W2K from the ground up. It's full of real-world scenarios, easy examples and a lot of illustrations. You're going to get solutions for improving network performance and how to support new applications. it's got some good techniques to monitor security and detect intruders. The CD-rom has some cool stuff on it too. Author Ed Wilson. The ISBN is 0-13-026495-4 by Prentice Hall. Stu's 'Warmly Recommended'.