- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Jul 26, 2001 (Vol. 6, #56 - Issue #291)
MCSE Base Salaries Down
  This issue of W2Knews™ contains:
    • Welcome To All New Subscribers
    • IIS 6.0 Will Be Much Faster Using Kernel-Mode Caching
    • New USB 2 Beta Drivers For WXP
    • MS Faces Some Hurdles With Windows XP Progress
    • Information Week Survey: MCSE Base Salaries Down
    • MS: Lower Profits But 13% Higher Sales
    • New MS Licensing: How Will It Affect Me?
    • Free Tool to Determine Code Red Infection
    • Q: Does Your New Retina Security Scanner Help Against Code Red?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Incident Response - You've been hacked. What now?
  SPONSOR: Tidal Software
TIDAL Software is the leader in job scheduling and event automation
solutions for the enterprise. We are recognized as a visionary vendor
by leading industry analysts. Our products are responsible for improving
operational efficiency in demanding data centers around the world including
Microsoft, HP, Compaq, General Mills, Enron, FedEx, BestBuy and hundreds of
others. If you are looking for the most advanced job scheduling solution
available for your Windows environment, you should attend our next webcast.
Register Now! at:
Visit Tidal Software for more information.

Welcome To All New Subscribers

Many of you were interested in what W2Knews would look like, and I hope this issue will live up to your expectations. There is a large amount of news, so here goes! But first the new SunPoll:

Microsoft will soon announce its third certification, which sits in between MCP and MCSE. We have codenamed it "MCSA" for (MS Certified System Admin). QUESTION: Would you get MCSA certified?

  • Forget it. I'm still really disappointed my NT MCSE will be nixed
  • Nope, I'm going for the new W2K MCSE
  • Perhaps, but I'm not going to shell out big bucks
  • Sounds like a great idea, that's just what I want
Here is where you can voice your opinion: (leftmost column)

Reminder: Here is where you can see which really are the most popular and best selling tools of the Year. VOTE and find out what your system admin colleagues like best! Right after you voted, you see all results:

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

Tired of being vulnerable to hackers? Don't have enough time to keep
up with the latest security vulnerabilities? Behind on installing the
latest patches on your Web server? Or just tired of dealing with
network security in general? Let Retina do the work for you. It helps
you hunt down and kill security holes in NT/2000, Unix, network devices
and common MS-apps. You can also hack your networks from the outside in!
Visit WIN NT/2000 = HACKER TARGET #1 for more information.

IIS 6.0 Will Be Much Faster Using Kernel-Mode Caching

Internet Information Services (IIS) 6.0 will have something MS calls a new "kernel-mode caching capability" that could boost your Web server's speed significantly. IIS 6.0 is included with Windows .NET Server, which we all expect to see the light of day somewhere first half of 2002. This type of caching has been around for a while. IBM has had it in their AIX (Unix flavor) since 1999.

Eric Deilly, IIS 6.0 program manager with Microsoft, describes it as follows: "The IIS 6.0 kernel-mode cache is designed speed up static file performance significantly by bypassing the need to do a kernel-to-usermode transition to generate and serve the response. Instead, the kernel mode listener is able to receive the connection request, receive the new connection, check the kernel-mode cache, and serve the response from the cache on a cache hit."

This is not "reinventing the wheel". This type of caching is being done already in the Linux space. A good example was a recent SPEC web99 benchmark. A Quad-CPU Dell PowerEdge running Linux was 260% faster than an identical machine running W2K AS with IIS 5.0. It was not quite an "apples-to-apples", but the benefits of caching were loud and clear.

There is only one disadvantage with kernel-space caching. It cannot serve dynamic content so you are stuck with only static pages that will be cached. Dynamic content caching is still a few years away.


New USB 2 Beta Drivers For WXP

MS just released its very first drivers for USB on WXP. A lot of people were waiting for this, as there are a tremendous amount of USB peripherals out there already. This version 2.0 boosts the available bandwidth, to a whopping 400 Mbs from a paltry 11Mbs. You can read more about it over here at the Wininformant site: http://www.w2knews.com/rd/rd.cfm?id=072701-NewUSBforWXP

MS Faces Some Hurdles With Windows XP Progress

This release is going to be a massive one with a Billion dollars set aside for marketing by MS and its partners. But it's getting flak already from different sides, even though it has not even gone RTM (Release To Manufacturing) yet. This is expected some where between August 15 and 30-th.

WXP faces continued legal challenges from the Department of Justice, and now a legislator is starting to make noise. New York Senator Charles Schumer, a Democratic member of the Senate Judiciary Committee, is preparing to call for congressional hearings into MS's "anti-competitive practices". Now, keep in mind that AOL after the merger with Time Warner, moved its HQ to New York. Schumer was accusing MS of appearing to engage in anticompetitive practices against AOL Time Warner and Eastman Kodak, also a NY company. AOL declined to discuss whether they had lobbied Schumer.

Schumer held a press conference on Tuesday to call for committee hearings to investigate Microsoft and "demand that Windows XP allow users to choose their media player, messenger service and other applications instead of being forced to use Microsoft applications". Schumer discussed the possibility of enjoining (that is put a legal stop on) the release of Windows XP. It said he had written a letter to Microsoft CEO Steve Ballmer demanding changes to Windows XP.

But everyone on Wall Street and in Microsoft circles agrees that WXP is the one chance the currently comatose PC market has of getting a pulse again in 2001. Another party complaining about WXP follows:

InterTrust Technologies is a developer of Digital Rights Management technology, and announced that they will modify its existing lawsuit against Microsoft. They claim that Microsoft's "product activation" /anti-piracy technology that is used in WXP, Office XP and Visio 2002 infringes InterTrust patent claims.

Ed Fish, President of InterTrust's MetaTrust Utility Division said. "Microsoft's 'product activation' technology prevents a user from continuing to use Windows XP unless the user has 'activated' the software, meaning that the user has received electronic authorization. InterTrust anticipated these DRM processes many years ago and our issued and pending patents serve to protect our ingenuity and investment in them."

And in a move that I had hoped (and was pushing) for, MS let the world know that it will loosen up the Windows Product Activation WPA scheme in WXP. The result will be that you do not have to reactivate WXP so often when you change hardware on your boxes. If you have a volume agreement, you'll get a key that can unlocks all WXP machines that you own, but you cannot get WXP without the WPA protection. How to get these unlock keys distributed is an internal organizational headache of course, it's a one-time organizational unlock.

A lot of users (including me) complained that WPA was too restrictive and that some common changes in their hardware would require a new product activation. That normally gets done via a call to MS and basically is a headache. So, they backed down and made it more friendly. Thank you. For more on the technical background, read:

Information Week Survey: MCSE Base Salaries Down

Hmmm, perhaps you have not noticed this yourself, but a new job might pay less than you are getting now. If you're an MCSE your yearly pay is dropping. A new survey by the Wilson research group shows average base pay for an MCSE dropped 7% over last year. The numbers went from $67,800 to $63,400. But the silver lining is that if you have your W2K Cert, your average yearly pay is up $4,400 over an NT Server 4.0 cert. Dang, now where are those books again?

MS: Lower Profits But 13% Higher Sales

They took a massive almost 4 Billion write-off for losses in their current investments, but the basic software business was solid and looks good for the coming year. However, they warned that the current quarter could be a bit slow. The main boost came out of sales from the W2K OS. MS gets about 30 bucks more for W2K from OEM's than for instance W98. And I'm sure that WXP will also be a bit more expensive for OEM's. Microsoft has a lot of "pricing power". (Meaning they can ask what they want).

Another source of revenues was Office XP, boosted by increased agressiveness in enforcing the licenses. Their "Enterprise Software and Services" business surged 20%. So, from the business perspective things looks fairly healthy in the Microsoft camp. Their total sales were 10% over their last year. Win2K Pro sales accounted for 41% of all 32-bit operating sales, up from 35% in Q1.

On the legal front of course they are not out of the wood yet. The rest of the industry has mixed results. Sun posted their first quarterly net loss in 12 years, Gateway slumped but Dell stayed on track and met its estimates.

New MS Licensing: How Will It Affect Me?

I just came off a Giga teleconference with Laura DiDio and Rob Enderle of Giga Information Group and a special guest, Mr. Bill Landefeld, Vice President of World Wide Licensing and Pricing at Microsoft. We discussed the impact of the new licensing will impact your business. The upshot: the majority of the customers may benefit, but your own situation will depend. So look into this!

Migrating existing Enterprise Agreements to the new one scheme may be cost prohibitive for your organization. It's definitely time to talk to your MS-Rep and dig into this. The actual program will be launched October 1-st, 2001. There will be a transition period until end of Feb 2002.

The long term goals of the new plan were something that was easier to understand and administer. Microsoft stated that the plan has been received well. It looks like it will be easier to determine what the total cost will be for you. If you are not interested in upgrading, You can stay current through the "Software Assurance" program. OS upgrade SKU's will still be available.

Another change is that channel partners will be compensated via a fee afterward the transaction. MS takes their customers direct instead of letting the transaction go via their Large Account Resellers. Some people are not going to be happy about that I'm sure. But the one line that jumped out to me out of the whole conversation, was the matter of fact statement "MS will evolve to Software As A Service".

Better get used to the idea you'll pay them something out of your budget every year. Or vote with your feet.


Free Tool to Determine Code Red Infection

The recent Code Red was an interesting Worm Attack. eEye, one of our developers, has developed a freeware tool to help you detect if you are infected with the worm. The worm is scheduled to reignite on the first of the month, so you HAVE to fix all machines that run IIS before that time. Here is some free help to find out the machines that are vulnerable. This is what they wrote:

"In an effort to help administrators find all systems within their network that are vulnerable to the .ida buffer overflow attack, which the "Code Red" worm is using to spread itself, we have decided to release a free tool named CodeRed Scanner. It can scan a range of IP addresses and report back any IP addresses which are vulnerable to the .ida attack, and susceptible to the "Code Red" worm.

The program will allow you to either scan a single IP address or a Class C (254) set of IP addresses. It will output a list of IP addresses which can be double clicked on to get information on how to patch your system from the .ida vulnerability and to eradicate the "Code Red" worm from your system.

Also this is a program you get to install on your own computer so you do not have to go to a website and register to scan 1 IP address at a time etc... like some of the other scanners we have seen that scan for the CodeRed Worm.

We are able to remotely scan IP addresses (web servers) for the .ida vulnerability (CodeRed Worm) without having to test your system via a buffer overflow, which can bring your web server down. Instead we use a technique which we have taken from Retina that allows CodeRed Scanner the ability to test a web server remotely, without causing any harm to it. This allows us to see if the .ida patch is installed or not (if the server is infected or susceptible to infection)".

Just go to the end of the page, fill out the form and get your "CodeRed Scanner" for free over here:

Q: Does Your New Retina Security Scanner Help Against Code Red?

Q1. Does Retina identify the Red Code worm if its resident on my server?
Not directly. The worm currently resides in memory and is not detectable by a security scanner. Retina will, however, detect your vulnerability to the worm. Retina has been updated to detect the presence of a patch to the vulnerability that the worm leverages to infect your system.

Q2. How can I determine whether my systems are vulnerable to the worm and whether my servers have already been infected?
eEye has developed a free tool for the general public that scans your system to detect both the vulnerability as well as whether the worm has infected it or not. Link below for the free download.

Q3. What can I do to secure my system against future attacks such as this worm?
Sunbelt offers the only product for Microsoft based servers that protects from unknown future security vulnerabilities. SecureIIS is an application firewall developed specifically for Microsoft's IIS web server and wards off complete categories of attacks.

As a matter of fact, clients that had SecureIIS installed were immune from the recent Code Red worm that infected more than 300,000 server worldwide. In addition, we recommend that you invest in a network vulnerability scanner and conduct routine proactive security scans of your network. At this moment, we recommend Retina for this, see the link at the end of this article.

Q4. How does the Retina licensing work?
There is no limitation on the number of IPs that can be scanned by Retina Enterprise. All you have to think about is how many machines do you want to have Retina running.

Q5. So why would I want to buy more than one Enterprise license?
While Retina is fully capable of running remote scans across firewalls and other cross-network limitations, it runs most optimally when it is used to scan within each subnet. When Retina is within a subnet, it does not get impeded by the presence of firewalls and reduced administrative access to machines in the network. Therefore, a company with several subnets spread across several physical locations can opt to purchase several Enterprise licenses for each location.

There is also a traveling license for consultants. This license is valid for one year and is per machine. The license must be renewed on the second year, and can be taken to any site to scan for holes and be used in consulting engagements. For evals and the free testing tool, download here:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Quite a "risque" (racy) Office XP ad from Microsoft in Switzerland. The translation of the menu is as follows: "Get Help, Print Instructions, Open Immediately or Cancel". (Forward this link to your friends)
  • If you plan to mix SAN's from different vendors, this is a good article:
  • Working on your Cisco Certification? They have a new site with Forums.
  • Hit by that pesky Sircam Worm? Use Symantec's WormKiller. No reboot needed.

    Incident Response - You've been hacked. What now?

    This is one of the first books available that explains what to do after you've been hacked. Written by FBI insiders, this book reveals the computer forensics process and offers authoritative solutions designed to counteract and conquer hacker attacks. You will learn the strategies for recovering from computer crime incidents, respond to security breaches and hacker attacks the right way with help from this insightful and practical guide. You'll get details on the entire computer forensic process and learn the importance of following specific procedures immediately after a computer crime incident occurs. Investigate various software including UNIX, Windows NT, Windows 2000, and application servers.