Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Sep 27, 2001 (Vol. 6, #74 - Issue #309)
This issue of W2Knews contains:
- EDITORS CORNER
- Important Survey: Microsoft's New Licensing Program
- TECH BRIEFING
- Using SuperCache-NT/2000 to cache the NT/W2K Page File
- NT/2000 RELATED NEWS
- Gartner: Throw Out IIS Completely
- Just When You Thought IE 6 Was Safe For Nimba
- Trying To Determine How To Protect Your IIS-Machines?
- NT/2000 THIRD PARTY NEWS
- Welcome to IT Advancement Week!
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- FREE STUDY GUIDES-MCSE Windows 2000 Accelerated Exam for Dummies!
SPONSOR: Wave Technologies
REGISTER TO WIN ONE WEEK OF YOUR BOOT CAMP ABSOLUTELY FREE.
Wave Technologies - provider of the comprehensive MCSE training
program - offers you the opportunity to obtain the skills you need
to compete in today's advancing global economy. Choose your curriculum
and get certified in record time. Our mentors and instructors work
with you to ensure that you leave boot camp with the expertise
necessary for a successful career as an MCSE. Register Now!
Visit Wave Technologies for more information.
Important Survey: Microsoft's New Licensing Program
We have a very interesting but also quite important survey relating
to Microsoft's new licensing program. This topic even made the Wall
Street Journal yesterday. Giga Information Group and Sunbelt Software
do regular surveys together, and since the new MS licensing kicks in
next week we are very interested in your opinion about it. As it can
have major financial consequences it's time to see what the market
really thinks. That means you! [grin]
It's a fast survey, all the questions are multiple choice. I'd be
surprised if it would take you more than 3 minutes. Thanks in
advance! Here's the link:
(And of course you guys will be the first we'll share the results
(email me with feedback: [email protected])
Get Microsoft Exchange Hosting free for 30 days. Increase your
profitability with the innovative server technology that enables
employees to retrieve e-mails, contact lists, shared calendars
and public folders while on the road. With Intermedia.NET's
proprietary HostPilot?Control Panel, your company can instantly
create and manage its mailboxes, lists and shared folders. To
start using Exchange quickly and affordably:
Visit HostPilot? for more information.
Using SuperCache-NT/2000 to cache the NT/W2K Page File
Caching the Page file can get rid of a lot of disk access and speed
up your systems 25-50%. How? Here is an article from the developer.
"For users that have 64 MB - 128 MB of main memory on their systems
here's an excellent idea for speeding up paging operations. It works
on every system. If you have more memory it works even better. On
servers it works best of all. On Advanced Server and Datacenter
systems, multiple page files may be cached using extended memory.
For W2K users - do the following:
Every time you would normally perform a page file write operation,
you'll be writing to SuperCache's lazy write mechanism, which is
100-1000 times faster than writing to disk. If the system crashes
and you don't have a UPS, it doesn't matter, because W2K rebuilds
the page file each time it boots. When you read from the page file,
you'll very likely be reading from main memory instead of disk,
which is 100-1000 times faster.
- Create an NTFS partition on a disk other than the physical disk
that the boot partition is on. If you only have one physical disk,
create a separate NTFS partition on the hard drive. The reason you
select NTFS, is that it reduces page file fragmentation. If you
have an extra drive, it will allow the system partition and the
page file partition to perform writes simultaneously.
- Install and license SuperCache 2000. Select the partition that
you just formatted NTFS as the target partition for caching using
the configuration utility for SuperCache 2000. Make sure your
target partition does NOT have a Lazy Write Cache enabled in the
hardware, check with the controller manufacturer for details.
Enable SuperCache on the target device, and MAKE SURE YOU ENABLE
LAZY WRITE MODE in SuperCache 2000. Lazy write mode will speed
up all writes to the partition, since Windows 2000 thinks it's
writing to disk, when it's really writing to memory. Now select
the Tune tab and set the Cache Size to say 25, to start with,
you can increase it later on. Also enable the cache monitor for
the target partition, by clicking on the box to the left of the
target drive. Then click on OK.
- Shutdown and reboot your system to enable SuperCache 2000 to
start up on the selected partition. The selected cached partition
looks just like a regular partition with a normal drive letter,
except that it's really fast - about 90% of the speed of
- Now you have to move the page file from where it is currently
to the cached partition. We recommend that the page file be
between 2 and 3 times the size of physical memory. To change the
page file's location and configuration, open the System applet
in the Control Panel. Select the Advanced Tab. Select Performance
Options. In the middle of the screen it shows the Virtual Memory
box. Select the Change button in the box, and it will bring up
the Virtual Memory configuration screen.
- Let's say that the page file is currently on the C: partition,
and you want to move it to the D: partition, which is now cached
with SuperCache 2000. You select the C: partition in the box at
the top with a left mouse click. The partition is highlighted in
blue. Then in the Paging File Size enter 0 (ZERO) for the Initial
Size and 0 (ZERO) for the Maximum Size. Now left click on Set
button. This will disable the page file on the C: partition
(after the next reboot).
- Select the D: partition in the top box with a left mouse click.
Set the Minimum Page File size, Initial Size, to twice physical
memory in MB, and set the Maximum Size to 3 times physical memory
size in MB. Then, left click on Set and left click on OK. Now,
left click on OK at the bottom of the screen. The system will
inform you that you need to reboot to have the changes take
- Shutdown and reboot, and you'll be all set. On the next reboot
you'll be lazy write caching your page file! You should look at
the cache monitor after you reboot to see what's going on. You
should also examine the effect of increasing the size of cache on
We have a PDF in the White Papers Section that explains the same
for Windows NT, a special offer for October 2001, and a 30-day
eval copy you can use to test this scenario over at this page:
NT/2000 RELATED NEWS
Gartner: Throw Out IIS Completely
"Gartner recommends that enterprises hit by both Code Red and
Nimda immediately investigate alternatives to IIS, including
moving Web applications to Web server software from other
vendors, such as iPlanet and Apache," explains Gartner's John
Well John, excuse me but I think you are off your rocker. If
you are hit with a worm or virus that does not mean you need
to replace IIS. Managing it well, keeping patches up to date
and taking further precautions like URLScan or SecureIIS make
it a perfectly workable environment. Changing it out would
cost waay more.
Sure it is true that IIS has become a popular target for hackers,
so Gartner is recommending that companies affected by both worms
should look at moving their Web applications to a more secure
platform. That is throwing the baby out with the bathwater. This
is certainly about IIS vulnerabilities, and a wake-up call for
MS, but it's more about - managing IIS - than anything else.
Gartner completely overlooks that, and I think they have a
"knee-jerk" kind of attitude regarding IIS.
If you listen to what Gartner's report said, they think that iPlanet
and Apache offer advisable alternatives to IIS. "Although these Web
servers have required some security patches, they have much better
security records than IIS and are not under active attack by the
vast number of virus and worm writers".
Sure, IIS is a nice big juicy target. And what do you think happens
when we all move en masse to Apache? Right. That will be the target
and more holes will be found in Apache. Gartner's solution is nuts,
they conveniently ignore that serious holes have been found in not
just IIS but all server products and platforms. So, do not let a
industry analyst convince your top management to change IIS. But
do make sure you protect it well! Here is a more likely potential
reason for the recent spate of IIS problems:
More than 700 people attended SANS courses on Microsoft IIS security
in Washington and two other cities last week. A large fraction of
those people had already earned MSCE certification. Why were they
going back to class, SANS asked. Their answer, "Because MCSE training
virtually ignored security. Either Microsoft didn't want to tell us
about the security vulnerabilities or the instructors did no
understand them, or both."
On Monday, SANS made the IIS security course available on line so
that many more of the 200,000 people who manage IIS servers can
learn to run them securely. Immersion courses on Intrusion Detection,
Firewalls and Perimeter Protection, Hacker Exploits, and SANS Security
Essentials are also now online at:
Some more at The Register:
Just When You Thought IE 6 Was Safe For Nimba
IF your users are not running W2K or NT on their workstations, you
should read this:
Summary: If you are using IE 6 and all of the following conditions
are true, you could be at risk from the Nimda worm, and should
reinstall IE 6 using the default installation option:
THEN I strongly suggest you read the following page on MS TechNet:
- You are running Windows 95, 98, 98SE or ME, AND
- You upgraded from IE 5, IE 5.01, IE 5.01 Service Pack 1,
IE 5.5, or IE 5.5 Service Pack 1 to IE 6, AND
- You did not apply the patch for MS01-020 or MS01-027 before
upgrading to IE 6, AND
- When installing IE 6, you either selected "Custom Install" and
deselected the option to install Outlook Express, or chose "Minimal
Trying To Determine How To Protect Your IIS-Machines?
There are no two ways about it (well in this case there actually are).
Protecting IIS is a MUST. You can decide to be 100% paranoid and
always apply all the latest fixes but that still does not get you
covered, as the fixes take time, and in the mean time that particular
vulnerability is an open hole that crackers may know about.
So, there are currently two ways you can protect IIS. One is the
recent URLScan tool from Microsoft. The other is SecureIIS which
is a commercial tool developed by a leading edge security outfit.
Here is a comparison between the two, and links where you can get
them. It's the old issue again -- you get what you pay for. Here
Oh, before I forget, McAfee just picked up SecureIIS and slapped
their label and a much migher price on it, but it's still only
$495 at Sunbelt. [grin]
- SecureIIS works within the Web server, never altering the core
functionality of the server. URLScan disables certain functionalities
of the Web server that have proven insecure in the past, preventing
administrators from using features that they may rely on.
- SecureIIS can be easily configured to work with most third-party
Web applications (such as FrontPage and Microsoft Outlook Web Access).
Many third-party applications are completely incompatible with
URLScan, and some will only function after detailed configuration.
- SecureIIS has been in heavy use since its release, and has proven
time after time to be solid and effective in stopping many classes
of attack. Microsoft URLScan is still in early development, and
at this time still allows certain attacks to reach the server.
- SecureIIS is configured through a point-and-click interface.
URLScan does not have an interface, and all configurations must be
made by hand to the configuration file.
- SecureIIS is built to support a different policy for every website
hosted on a single Web server, and managing each website can be done
from the same interface. URLScan only supports one policy per server
by default, and a multiple-policy setting requires additional install
- SecureIIS allows administrators to select the error page to be
displayed when a security alert is generated. URLScan displays a
generic and non-customizable page on each alert.
- SecureIIS is an affordable, full-featured, innovative and supported
product. URLScan is a simple one-time-use tool used to implement a
"generic solution" for insecure servers, without any MS tech support.
Link for SecureIIS:
Link for URLScan
THIRD PARTY NEWS
Welcome to IT Advancement Week!
"Helping YOU Advance in the IT Industry"
From September 24 - October 1, 2001, IT Advancement Week provides
you with the resources you need to get ahead in the IT industry.
Whether you are a seasoned IT professional, or somebody looking
to start in the field, IT Advancement Week provides the right
resources for you. Please be sure to take full advantage of all
the FREE resources available to you during IT Advancement Week:
- FREE IT COURSES
Get the training you need to boost your career? FREE! Choose from
courses for MCSE, Cisco, A+, Linux, Programming, Database Admin,
technical business skills, and more.
- EXTENSIVE JOB SEARCH
Simply enter what kind of IT job you want and find it! Or browse
through our list of thousands of IT employers. You can even submit
your resume directly to prospective employers.
- IT SKILLS TESTING
Do you think you?ve got what it takes to make it in the IT industry
or get IT certified? Then test your skills here and find out where
- FREE TOOLS AND UTILITIES
Here?s your chance to get the tolls and utilities you need to get
the most out of your PC and server. Categories include audio/video,
networking, programming, Internet and more
- RESOURCE CENTER
Wondering what you need to do to take the next step in the IT
industry? Visit our resource center where we?ll answer your question
about getting ahead in the IT industry. You?ll find salary surveys,
IT news articles and much more that can help your career! (you have
to register to get your hands on all these goodies)
This Week's Links We Like. Tips, Hints And Fun Stuff
Good little article about "advertising" your Intrusion Detection
System or not.
NASA Probe Deep Space 1 survives dangerous encounter with comet
What happens when you remove the heat sink from a CPU? Movie!
When all else fails, and you still can't print that Word document...
PRODUCT OF THE WEEK
FREE STUDY GUIDES-MCSE Windows 2000 Accelerated Exam for Dummies!
This book of the week concerns the Windows 2000 Accelerated Exam
70-240 and is written by an author who has developed an entire
web site dedicated to helping people pass their Windows 2000 exams
-- www.ActiveCert.com -- and who has personally trained hundreds
of Windows NT/2000 professionals. You can both learn about the book
and pick up FREE study guides for the core exams by following the
link below. MCSE Windows 2000 Accelerated Exam for Dummies takes a
"just the facts, ma'm" approach to providing you with the essential
information you need to pass the Windows 2000 Accelerated Exam. It
will also tickle your funny bone along the way! Highly recommended.