- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Sep 27, 2001 (Vol. 6, #74 - Issue #309)
Important Survey
  This issue of W2Knews™ contains:
    • Important Survey: Microsoft's New Licensing Program
    • Using SuperCache-NT/2000 to cache the NT/W2K Page File
    • Gartner: Throw Out IIS Completely
    • Just When You Thought IE 6 Was Safe For Nimba
    • Trying To Determine How To Protect Your IIS-Machines?
    • Welcome to IT Advancement Week!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • FREE STUDY GUIDES-MCSE Windows 2000 Accelerated Exam for Dummies!
  SPONSOR: Wave Technologies
Wave Technologies - provider of the comprehensive MCSE training
program - offers you the opportunity to obtain the skills you need
to compete in today's advancing global economy. Choose your curriculum
and get certified in record time. Our mentors and instructors work
with you to ensure that you leave boot camp with the expertise
necessary for a successful career as an MCSE. Register Now!
Visit Wave Technologies for more information.

Important Survey: Microsoft's New Licensing Program

Hi All,

We have a very interesting but also quite important survey relating to Microsoft's new licensing program. This topic even made the Wall Street Journal yesterday. Giga Information Group and Sunbelt Software do regular surveys together, and since the new MS licensing kicks in next week we are very interested in your opinion about it. As it can have major financial consequences it's time to see what the market really thinks. That means you! [grin]

It's a fast survey, all the questions are multiple choice. I'd be surprised if it would take you more than 3 minutes. Thanks in advance! Here's the link:


(And of course you guys will be the first we'll share the results with).

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: HostPilot?
Get Microsoft Exchange Hosting free for 30 days. Increase your
profitability with the innovative server technology that enables
employees to retrieve e-mails, contact lists, shared calendars
and public folders while on the road. With Intermedia.NET's
proprietary HostPilot?Control Panel, your company can instantly
create and manage its mailboxes, lists and shared folders. To
start using Exchange quickly and affordably:
Visit HostPilot? for more information.

Using SuperCache-NT/2000 to cache the NT/W2K Page File

Caching the Page file can get rid of a lot of disk access and speed up your systems 25-50%. How? Here is an article from the developer.

"For users that have 64 MB - 128 MB of main memory on their systems here's an excellent idea for speeding up paging operations. It works on every system. If you have more memory it works even better. On servers it works best of all. On Advanced Server and Datacenter systems, multiple page files may be cached using extended memory.

For W2K users - do the following:

  • Create an NTFS partition on a disk other than the physical disk that the boot partition is on. If you only have one physical disk, create a separate NTFS partition on the hard drive. The reason you select NTFS, is that it reduces page file fragmentation. If you have an extra drive, it will allow the system partition and the page file partition to perform writes simultaneously.
  • Install and license SuperCache 2000. Select the partition that you just formatted NTFS as the target partition for caching using the configuration utility for SuperCache 2000. Make sure your target partition does NOT have a Lazy Write Cache enabled in the hardware, check with the controller manufacturer for details. Enable SuperCache on the target device, and MAKE SURE YOU ENABLE LAZY WRITE MODE in SuperCache 2000. Lazy write mode will speed up all writes to the partition, since Windows 2000 thinks it's writing to disk, when it's really writing to memory. Now select the Tune tab and set the Cache Size to say 25, to start with, you can increase it later on. Also enable the cache monitor for the target partition, by clicking on the box to the left of the target drive. Then click on OK.
  • Shutdown and reboot your system to enable SuperCache 2000 to start up on the selected partition. The selected cached partition looks just like a regular partition with a normal drive letter, except that it's really fast - about 90% of the speed of SuperSpeed 2000.
  • Now you have to move the page file from where it is currently to the cached partition. We recommend that the page file be between 2 and 3 times the size of physical memory. To change the page file's location and configuration, open the System applet in the Control Panel. Select the Advanced Tab. Select Performance Options. In the middle of the screen it shows the Virtual Memory box. Select the Change button in the box, and it will bring up the Virtual Memory configuration screen.
  • Let's say that the page file is currently on the C: partition, and you want to move it to the D: partition, which is now cached with SuperCache 2000. You select the C: partition in the box at the top with a left mouse click. The partition is highlighted in blue. Then in the Paging File Size enter 0 (ZERO) for the Initial Size and 0 (ZERO) for the Maximum Size. Now left click on Set button. This will disable the page file on the C: partition (after the next reboot).
  • Select the D: partition in the top box with a left mouse click. Set the Minimum Page File size, Initial Size, to twice physical memory in MB, and set the Maximum Size to 3 times physical memory size in MB. Then, left click on Set and left click on OK. Now, left click on OK at the bottom of the screen. The system will inform you that you need to reboot to have the changes take effect.
  • Shutdown and reboot, and you'll be all set. On the next reboot you'll be lazy write caching your page file! You should look at the cache monitor after you reboot to see what's going on. You should also examine the effect of increasing the size of cache on cache performance.
Every time you would normally perform a page file write operation, you'll be writing to SuperCache's lazy write mechanism, which is 100-1000 times faster than writing to disk. If the system crashes and you don't have a UPS, it doesn't matter, because W2K rebuilds the page file each time it boots. When you read from the page file, you'll very likely be reading from main memory instead of disk, which is 100-1000 times faster.

We have a PDF in the White Papers Section that explains the same for Windows NT, a special offer for October 2001, and a 30-day eval copy you can use to test this scenario over at this page:


Gartner: Throw Out IIS Completely

"Gartner recommends that enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache," explains Gartner's John Pescatore.

Well John, excuse me but I think you are off your rocker. If you are hit with a worm or virus that does not mean you need to replace IIS. Managing it well, keeping patches up to date and taking further precautions like URLScan or SecureIIS make it a perfectly workable environment. Changing it out would cost waay more.

Sure it is true that IIS has become a popular target for hackers, so Gartner is recommending that companies affected by both worms should look at moving their Web applications to a more secure platform. That is throwing the baby out with the bathwater. This is certainly about IIS vulnerabilities, and a wake-up call for MS, but it's more about - managing IIS - than anything else. Gartner completely overlooks that, and I think they have a "knee-jerk" kind of attitude regarding IIS.

If you listen to what Gartner's report said, they think that iPlanet and Apache offer advisable alternatives to IIS. "Although these Web servers have required some security patches, they have much better security records than IIS and are not under active attack by the vast number of virus and worm writers".

Sure, IIS is a nice big juicy target. And what do you think happens when we all move en masse to Apache? Right. That will be the target and more holes will be found in Apache. Gartner's solution is nuts, they conveniently ignore that serious holes have been found in not just IIS but all server products and platforms. So, do not let a industry analyst convince your top management to change IIS. But do make sure you protect it well! Here is a more likely potential reason for the recent spate of IIS problems:

More than 700 people attended SANS courses on Microsoft IIS security in Washington and two other cities last week. A large fraction of those people had already earned MSCE certification. Why were they going back to class, SANS asked. Their answer, "Because MCSE training virtually ignored security. Either Microsoft didn't want to tell us about the security vulnerabilities or the instructors did no understand them, or both."

On Monday, SANS made the IIS security course available on line so that many more of the 200,000 people who manage IIS servers can learn to run them securely. Immersion courses on Intrusion Detection, Firewalls and Perimeter Protection, Hacker Exploits, and SANS Security Essentials are also now online at:

Some more at The Register:

Just When You Thought IE 6 Was Safe For Nimba

IF your users are not running W2K or NT on their workstations, you should read this:

Summary: If you are using IE 6 and all of the following conditions are true, you could be at risk from the Nimda worm, and should reinstall IE 6 using the default installation option:

  • You are running Windows 95, 98, 98SE or ME, AND
  • You upgraded from IE 5, IE 5.01, IE 5.01 Service Pack 1, IE 5.5, or IE 5.5 Service Pack 1 to IE 6, AND
  • You did not apply the patch for MS01-020 or MS01-027 before upgrading to IE 6, AND
  • When installing IE 6, you either selected "Custom Install" and deselected the option to install Outlook Express, or chose "Minimal Install".
THEN I strongly suggest you read the following page on MS TechNet:

Trying To Determine How To Protect Your IIS-Machines?

There are no two ways about it (well in this case there actually are). Protecting IIS is a MUST. You can decide to be 100% paranoid and always apply all the latest fixes but that still does not get you covered, as the fixes take time, and in the mean time that particular vulnerability is an open hole that crackers may know about.

So, there are currently two ways you can protect IIS. One is the recent URLScan tool from Microsoft. The other is SecureIIS which is a commercial tool developed by a leading edge security outfit. Here is a comparison between the two, and links where you can get them. It's the old issue again -- you get what you pay for. Here goes:

  • SecureIIS works within the Web server, never altering the core functionality of the server. URLScan disables certain functionalities of the Web server that have proven insecure in the past, preventing administrators from using features that they may rely on.
  • SecureIIS can be easily configured to work with most third-party Web applications (such as FrontPage and Microsoft Outlook Web Access). Many third-party applications are completely incompatible with URLScan, and some will only function after detailed configuration.
  • SecureIIS has been in heavy use since its release, and has proven time after time to be solid and effective in stopping many classes of attack. Microsoft URLScan is still in early development, and at this time still allows certain attacks to reach the server.
  • SecureIIS is configured through a point-and-click interface. URLScan does not have an interface, and all configurations must be made by hand to the configuration file.
  • SecureIIS is built to support a different policy for every website hosted on a single Web server, and managing each website can be done from the same interface. URLScan only supports one policy per server by default, and a multiple-policy setting requires additional install and configuration.
  • SecureIIS allows administrators to select the error page to be displayed when a security alert is generated. URLScan displays a generic and non-customizable page on each alert.
  • SecureIIS is an affordable, full-featured, innovative and supported product. URLScan is a simple one-time-use tool used to implement a "generic solution" for insecure servers, without any MS tech support.
Oh, before I forget, McAfee just picked up SecureIIS and slapped their label and a much migher price on it, but it's still only $495 at Sunbelt. [grin]

Link for SecureIIS:

Link for URLScan


Welcome to IT Advancement Week!

"Helping YOU Advance in the IT Industry"

From September 24 - October 1, 2001, IT Advancement Week provides you with the resources you need to get ahead in the IT industry. Whether you are a seasoned IT professional, or somebody looking to start in the field, IT Advancement Week provides the right resources for you. Please be sure to take full advantage of all the FREE resources available to you during IT Advancement Week:

    Get the training you need to boost your career? FREE! Choose from courses for MCSE, Cisco, A+, Linux, Programming, Database Admin, technical business skills, and more.
    Simply enter what kind of IT job you want and find it! Or browse through our list of thousands of IT employers. You can even submit your resume directly to prospective employers.
    Do you think you?ve got what it takes to make it in the IT industry or get IT certified? Then test your skills here and find out where you stand.
    Here?s your chance to get the tolls and utilities you need to get the most out of your PC and server. Categories include audio/video, networking, programming, Internet and more
    Wondering what you need to do to take the next step in the IT industry? Visit our resource center where we?ll answer your question about getting ahead in the IT industry. You?ll find salary surveys, IT news articles and much more that can help your career! (you have to register to get your hands on all these goodies)

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Good little article about "advertising" your Intrusion Detection System or not.
  • NASA Probe Deep Space 1 survives dangerous encounter with comet
  • What happens when you remove the heat sink from a CPU? Movie!
  • When all else fails, and you still can't print that Word document...

    FREE STUDY GUIDES-MCSE Windows 2000 Accelerated Exam for Dummies!

    This book of the week concerns the Windows 2000 Accelerated Exam 70-240 and is written by an author who has developed an entire web site dedicated to helping people pass their Windows 2000 exams -- www.ActiveCert.com -- and who has personally trained hundreds of Windows NT/2000 professionals. You can both learn about the book and pick up FREE study guides for the core exams by following the link below. MCSE Windows 2000 Accelerated Exam for Dummies takes a "just the facts, ma'm" approach to providing you with the essential information you need to pass the Windows 2000 Accelerated Exam. It will also tickle your funny bone along the way! Highly recommended.