- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, May 21, 2001 (Vol. 6, #36 - Issue #271)
MS Twisting Your Arm?
  This issue of W2Knews™ contains:
    • New Survey: Are You Going To Buy An Xbox?
    • Free Open Software W2K Intrusion Detection System
    • MS Twisting Your Arm?
    • Free Active Directory Chapter Out Of My New Book and How To Get Your Free AutoPilot
    • SPQuery Renamed to UpdateEXPERT - New Version 5.0
    • New Version 4.01 of STAT Security Scanner
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Hack Proofing Your E-Commerce Site
  SPONSOR: SurfControl
ALERT: Networks bottleneck & costs climb as workers squander
hours online, surfing, listening to the radio over the 'Net,
downloading MP3s, video & other bandwidth hogs. Install Super-
Scout Web Filter on your network & in 20 min you'll know exactly
WHO is doing WHAT, WHEN & WHERE on the Internet. Monitor, record
& manage all TCP/IP protocols. You've got responsibility for the
network, download an easy way to manage it. *FREE* 30-day trial:
Visit SurfControl for more information.

New Survey: Are You Going To Buy An Xbox?

Hi All,

First, the results of our earlier survey. That was about the new Windows Product Activation feature in WXP. Well, 60% of you hated the idea, and wouldn't want to buy it. 32% Said they could see problems in production environments. MS, are you listening?

Next is the question of the XBOX. Some people sent me email back and asked why I was reporting on this box. Well, it runs on a stripped version of W2K, so that's easy. I'm going to get one. Why? The game quality. MS knows what it takes to get the hardware sold. They actually sell these boxes at a loss. Selling good games is where the money is coming from, and that is why they are acquiring games makers at a rapid clip at the moment. The Xbox will be released November 8-th. As an example, just look at this section out of the game, and you'll know what I mean. (You need some bandwidth for this puppy)

More over, the Xbox is of course MS' trojan horse toward the smart, hooked-up, micropayment enabled, interactive, automated home. Another step forward toward a subscription model instead of just selling boxes. Think "MS-tone".

So, whaddaYOUgonnado regarding the XBOX?

  • Yes! I've been holding out for this baby!
  • Looks interesting. I'm seriously considering.
  • Nah. Just bought a PS2, can't justify the expense.
  • Nope. I don't do games.
Vote here: http://www.w2knews.com

Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

ScriptLogic solves your problem by delivering the configuration
created for each user wherever they log in. Security policies,
drive mappings, folder redirection, printers, Internet config,
Microsoft Office paths, and Outlook/Exchange mail profiles are
automatically configured during the logon process. Users can log
in from any PC, running any Windows 32-bit OS, over any LAN, dial-
up or VPN connection -- and instantly have access to their unique
desktop configuration. 30-day Full Function Eval here:
Visit SCRIPTLOGIC for more information.

Free Open Software W2K Intrusion Detection System

If you do not get the Security Update e-zine from Windows 2000 Mag, well, you should. Their Editor Mark Joseph Edwards knows his stuff, and I'm quoting a few paragraphs that I thought were particularly interesting from this week's issue. They discuss freeware, for security. A rare combination indeed. I'm going to let Mark talk for a bit, and at the end of this section I'll show you where to get it, and how to subscribe to Mark's e-zine. This is a "Stu's Warmly Recommended"!

"The third security product I've been playing with is an intrusion- detection system (IDS) called Snort, which is provided free to everyone under the GNU General Public License scheme (as published by the Free Software Foundation.) Snort was originally designed by Martin Roesch to run on UNIX systems; however, Michael Davis has graciously ported Snort to the Win32 platform so now it runs on Windows.

"Like other IDS systems, Snort works by comparing network traffic to a database of known attack types and traffic patterns. Snort is very flexible; users can write their own rules using fairly simple syntax, or they can download any of several predefined attack signature databases (called rules) for use within the product. The ability to define your own attack signatures means that you don't have to wait for your IDS vendor to produce them for you; you can protect yourself as soon as you discover a new risk by writing your own rules.

"No IDS can detect attack types it doesn't know about, so the rules are crucial. And because Snort is freeware (and open source at that), the tool has a tremendous amount of community support, and as a result, new rules are created about as fast as hackers and crackers discover new exploits. So in most cases, instead of writing your own rules, you can simply go to a site that maintains Snort rules and quickly download any new rules.

"Developers have created many Snort add-ons that make the tool easier to use. Snort is command-line-based, so remembering the command switches is cumbersome. Snort users realized this and created Windows-based GUIs for Snort. The GUIs help automate command-line switch configurations through the use of simple dialogs. Other add-ons include log analyzers that help make sense of Snort logs. Logs can be written in Snort's native ASCII log format or to a familiar TCPDump-style binary format. In addition, Snort can send its output to a Posix-compliant syslog daemon (which typically runs on UNIX systems), to the Win2K/NT Event Log, or to a SQL database--all of which help you take advantage of existing technology infrastructures.

"Setting up Snort takes a little work, but its setup isn't beyond the capability of any network administrator who understands basic networking concepts. The real work comes from the need to download Snort along with other required components that might not be present on your system (e.g., WinPcap, which provides the packet driver--DLL file--that the Win32 version of Snort uses).

"I installed Snort, a GUI-based configuration tool, and a log analyzer/ alerter in less than an hour. I installed the software on a honey pot I leave running on my network as bait, and in the first 3 days, it caught crackers' port scans as well as their attempts to break into the honey pot's Web service, mail server, and DNS server.

"Snort is easy to use, good at detecting attacks, runs on a variety of OSs, and comes with a plethora of snap-ins and add-ons that further extend its abilities. If you thought you couldn't afford a good IDS system for your network, Snort is just what you need--and it's free! You can thank the open-source community for that fact. You can get Snort and the required WinPcap packet driver at the following URL:"


Subscriptions for your Security Update:

Grateful Acknowledgements to Mark Joseph Edwards, News Editor
([email protected])


MS Twisting Your Arm?

If you have not heard it yet, you did not read my last newsletter. (issue 269). But it's a good idea to take notice. MS is changing it's license terms and there is this whole firestorm going on, where a lot of people in the press complain about extortion and monopolist behavior.

Well, MS indeed is asking all of us to upgrade to W2K before the deadline of Oct 1, 2001. What they basically offer is to buy out the 'perpetual license" clause in existing volume contracts. Currently, once the agreement expires, you own the software. MS is changing that, so that when your contract expires, you must either re-up or take the software off your systems.

You need to do the math, to find out if this is all that bad. In some cases it can actually save money. The right approach to take in this situation, would be to study the issue, do your homework in Excel, and then decide if you are going to be happy or mad. No use jumping on the "screaming bandwagon" unless you did the calculations as they would be for your environment. In other words: stay cool, calm, collected until the evidence shows otherwise. Then you can explode or not. [grin]


Free Active Directory Chapter Out Of My New Book and How To Get Your Free AutoPilot

I got my copy of Windows 2000 Power Toolkit yesterday from Amazon, so if you have ordered it, you should see it drop in your mailbox any time now. For the few of you that did not order your copy yet ;-) I have a free chapter that explains Active Directory fundamentals. It's 16 pages and in PDF format.

You can order the book from the Sunbelt OnlineShop if you are in the USA, for the same price as it is sold at Amazon.com. If you are outside of the US, we still recommend Amazon, but you can order it at any of your fave local bookstores. Within a few weeks, you will have worldwide access to the online shop as well.

And if you did get your book, and now want your free copy of AutoPilot, the instructions to download your full copy are on this same page, so I guess everyone will now go here and download like mad to get their freebies! We have a T3 over fiber, so go right ahead. [grin]

SPQuery Renamed to UpdateEXPERT - New Version 5.0

SPQuery was renamed to UpdateEXPERT because that new name covers the dramatically expanded functionality much better. It's not just service packs anymore. Apart from the database enhancements, the new version 5.0 of UpdateEXPERT now supports Windows XP and the following MS applications:

  • IIS
  • SQL Server
  • Exchange Server
  • Internet Explorer
  • Media Player
  • Windows Media Services
  • Net Meeting
  • Office (Summer 2001)
  • Outlook (Summer 2001)
  • Validation
In addition to installing the updates, UpdateEXPERT will ensure that the update is correctly installed. This validation can be performed at any time and as part of the deployment process.

Required Updates
Users can designate updates as required. This enables users to manage hotfixes by policy. Users will define what updates are required with a click of the mouse. The sum of required updates equals the user's policies. Policies are used for many configuration parameters. Security and staging are just a couple of policy factors. Therefore, you will not confuse customers by narrowing the scope of policy management to these two factors.

Conformance Report
Users can run reports to verify policy adherence. This report makes it easy for users to see how the inventory matches up against what updates are required. Policy management is enforced by defining policy (with required Updates) and managing by exception those machines that are incomplete.

For Existing SPQuery Users
You will receive all functions that SPQuery 4.2 offered. You will be able to research for applications updates. Plus, you will be able to mark OS updates as required and run the Conformance Report for the OS updates. Finally, you will be able to use the Validation feature when applicable for the OS updates.

SPQuery maintenance/subscription entitles you to the latest updates for the OS. SPQuery is an OS only program. As a courtesy, we are offering an OS only version of UpdateEXPERT for our current SPQuery 4.x customers. Check with your Reseller or Rep for upgrade details:

New Version 4.01 of STAT Security Scanner

You all know STAT by now. It is one of the most tried-and-true tools that will help you to scan for holes and alert you with priorities indicated. It has many domain-wide autofix options and is one of the anti-hacker precautions you just have to take. The brand new V4.01 eval is out which allows you to test STAT against your domain. This version scans for and finds over a 1,000 known vulnerabilities. If you do not have a hole scanner like this, you should check out STAT.


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Want to make your car unique? Get a message across? W2Knews suggests:
  • Here's the official SP2 Jump page. The Pack has not changed. This is it:
  • Security: Want to know what software is using which port on your box?

    Hack Proofing Your E-Commerce Site

    This book shows you - whether you work for a Fortune 500 company or run your own small Web-based store - how to protect yourself and your business from the ever-increasing threat of hackers. It provides insights into the tools and techniques that hackers use to compromise sites and gives Web architects and engineers instructions on how to use those insights to design and implement better security measures. Beginning with the story of how one hacker managed to cripple the Web, it covers secure credit card transactions, content networking, redundancy and reliability, and security secrets, as well as configuring Cisco's LocalDirector and DistributedDirector.