- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Nov 8, 2001 (Vol. 6, #86 - Issue #321)
Opt-in To Get WinXPNews!
  This issue of W2Knews™ contains:
    • Opt-in To Get WinXPNews! / Securing America Investment Act
    • What Are The 2001 Top Selling Techie Tools?
    • More on HIPAA (this is for USA readers)
    • W2K Service Pack 3 Begins Testing
    • XP Slower Than W2K? - Microsoft Hits Back
    • Dramatic Price Drop For New High Availability Tool
    • Security Update: ONE Layer of Protection is NOT Enough
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Hack Proofing Windows 2000 Server
  SPONSOR: Control-F1
With the current state of the economy it is critical that
organizations look at ways of cutting costs and saving money.
The implementation of eSupport technology can make your helpdesk
agents more productive, increase customer satisfaction, and show
an ROI the minute you start using the solution. Download this
free white paper, 'Assisted Web-Based Customer Support'
Visit Control-F1 for more information.

Opt-in To Get WinXPNews! / Securing America Investment Act

Hi All,

We're very happy to announce our new weekly E-Zine for home users and small business: WinXPnews. You can now go to the site and opt in to get it. A Beta issue is on line now, and next week you will see the first real issue. What you told us is you wanted are articles covering the sections below, and of course we'll also cover all kinds of new stuff coming out for WinXP. It will be focused on power users and small office networks.

  • Editor's Corner
  • Hints, Tips, Tricks & Tweaks
  • How To's: All The New XP Features
  • WinXP Security: Updates & Patches
  • Upgrading & Compatibility Issues
  • WinXP Configuring & Troubleshooting
  • Fave Links
Check out our Beta Issue and SUBSCRIBE NOW! at:

US Congress Representatives Weller and Crowley have proposed a bill that will allow you to deduct from your taxes, any investments made to secure your building and network infrastructure. If this bill would pass, it will be RETROACTIVE to September 11, 2001. We have a copy of this bill in PDF format on one of our security consulting pages in the "White Papers, Documents and Other Files section. It's called Securing America Investment Act of 2001 (PDF - 32,024 bytes) and it would be VERY peachy if this thing came to be reality. It's in the House Ways and Means Committee now. Write your representative you'd like to see this bill passed. now, that would grease the budget wheels!

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Event Log Monitor
Prevent Downtime: ELM Helps You Prevent IT From Hitting The Fan
You need to be the first to know, and stay ahead. ELM will help as it
is real-time Business Continuity and Security Monitoring software for
NT/W2K, but also for TCP/IP devices and clusters. ELM is now a full
enterprise level monitoring tool packed with features but still for a
very low price. Collect event log-, performance-, and config data, ping
web pages and get notified in a variety of ways when they do not respond.
Powerful filtering engine. The Real-time monitoring guarantees your
business continuity, minimizes server downtime and reduces stress.
You'll be the first to know, not the last. 30-day eval:
Visit Event Log Monitor for more information.

What Are The 2001 Top Selling Techie Tools?

Many people ask us what the Best Sellers are in the different categories. Of course it's the safest bet to use the tools that everyone else already is using. So, for your "year-end budget spending spree", here are the winners of 2001 year-to-date in each category with their links:

Best Seller Active Directory Tools: FAZAM 2000

Best Seller Exchange Tools: CAMEO

Best Seller High Availability / Disaster Recovery: DOUBLE-TAKE

Best Seller Network Management Tools: SUNBELT REMOTE ADMINISTRATOR

Best Seller Performance Management: DISKEEPER

The Three Best Sellers in Security Tools:


Best Seller Storage Management: STORAGECENTRAL

Best Seller System Administration Tools: SCRIPTLOGIC

Best Seller Sunbelt Online Shop: NTACCESS (lost admin password cracker)

More on HIPAA (this is for USA readers)

Let?s face it. If the government did not enforce it and if it was not required by law, most of us would not even consider implementing some of the requirements set forth in the HIPAA. However, if you are in the health industry... Well, it?s the law. When I say the health industry I mean ANYONE who has anything to do with a patients Private Health Information (PHI).

The law leaves two common questions:

  1. Why?, and
  2. What is it?
And not necessarily in that order.

The answer to number 1 is pretty simple. In today?s litigation-happy world it?s a pretty good idea to have all your ducks in a row if you are in the health industry. Also, anything is much more efficient when you apply codified order to it. It may take a while but according to the experts it will save the health industry billions in the long run and more importantly protect patients rights.

Now the answer to number 2 is a bit more involved. However, here is the general idea. The law is split into four parts: 1) Transaction and Code Set Standards 2) Privacy Standards 3) Security Standards 4) Identifier Standards. Only the Transaction Rule and the Privacy Rule have been made final. The other two are still proposed. Although, the Security Rule is not expected to change much if at all because of it?s workings in and with the Privacy Rule.

What the heck does that mean?

Well the Transaction rule is pretty simple. It deals with the electronic transfer of PHI, or EDI (Electronic Data Interchange). Basically if you are using ANSI X12 with the Code Sets set forth in HIPAA you're all right.

The Privacy Rule consists of the 5 requirements:

  1. Designate an individual to oversee the privacy procedures as the Privacy Official.
  2. Provide information to patients regarding their privacy rights and how their info can be used.
  3. Adopt clear privacy policies and procedures.
  4. Train the employees so they understand the privacy procedures.
  5. Secure patient records with individually identifiable health information.
The Security Rule is a bit more involved but still decipherable. The Security Rule is divided into four parts.
  1. Administrative Procedures
  2. Physical Safeguards to Guard Data Integrity, Confidentiality, and Availability
  3. Technical Security Services To Guard Data Integrity, Confidentiality, and Availability
  4. Technical Security Mechanisms to Guard Against Unauthorized Access to Data That Is Transmitted Over A Communications Network
Each one of these is broken down into several parts. But the good news is that the Privacy and Security Rule have been reduced to an understandable outline that is actually available in one location. It is actually easy to understand now. Have a look at it here:

Now, the really good news. Sunbelt Software now offers complete services to help you design and implement a compliance program tailored to your organization. For more information on HIPAA and Sunbelt Services contact:

Michael Graves
Product and Services Consultant
Sunbelt Software Dist. Inc.
1-800-688-8404 Ext. 221
[email protected]


W2K Service Pack 3 Begins Testing

In the next coming days, pre-authorized testers will begin to receive their W2K SP3 test kits to try to break it. These kits normally list data about the release, its installation, and the bugs it fixes. Like we said before, this new SP will not include more new features, but things addressed are setup, application compatibility, OS reliability, and a whole bunch of at least 200 known security vulnerability fixes. According to Microsoft, "SP3 is slated for release the first half of 2002." Source: By David Worthington, BetaNews

XP Slower Than W2K? - Microsoft Hits Back

This is actually data written up by some one in Microsoft, as a defense against the InfoWorld tests done with the CSA Benchmark Suite that we covered in issue #319.

"Windows XP has great overall performance, and plenty of external evidence to back this up. However, one particular benchmark suite, from CSA Research, arrives at the wrong conclusion ? alleging that Windows 2000 is significantly faster than Windows XP. As of 29th October, this has appeared in InfoWorld. The information below provides a broader appreciation of Windows XP performance and highlights some of the limitations with the InfoWorld/CSA testing.

"The basic claim 'Windows 2000 significantly outperformed Windows XP' is false when compared against results from established benchmarks, including BAPCo?s Sysmark 2001 and Webmark 2001 and eTesting Lab?s Business and Content Creation Winstone. Extensive independent tests results validate Windows XP Performance is comparable with Windows 2000. Examples are:


"The InfoWorld benchmark findings do not agree with real-world experience: Windows XP is in production use with tens of thousands of users ? including a high percentage of IT Professionals and Developers.

"Today there are, conservatively, over 150,000 deployed seats of Windows XP in enterprise customers. Microsoft has not received any indications that users are experiencing reduced performance compared with Windows 2000. We have had extensive feedback that Windows XP is better performing than Windows 9X.

"Leading Analysts confirm the overall improvements in Windows XP ? including performance improvements. The CSA benchmark used is the wrong tool for making generalized conclusions about OS performance. This is because: The CSA benchmark is non-deterministic and violates measurement principles. This includes the issue that aspects of the workload cannot be separately measured, and it is difficult to ensure consistency across different test runs or configurations.

"The actual benchmark workload has an extreme profile, which does not map to real-world usage. For example, the workload includes several concurrent high traffic database applications on the client PC which is virtually unheard of in customer scenarios ? unless it was a on server workload.

"Many of today?s respected benchmarks do incorporate background processing and are not purely linear, as the article suggests. However, they include better isolation and measurement of background workloads ? ensuring better reproducibility.

"The reduced productivity claim in incorrect ('11 percent performance hit, or 53 minutes added to an 8-hour day'). The math implies that a user would be running this benchmark ? which is already extreme ? for the whole of their working day. Findings from an independent body indicate that there are productivity gains with Windows XP, for more information please refer to:"

End quote. So, as expected Microsoft disagrees violently with the CSA conclusions. Many people have sent me feedback on this, and quite a few see both better and worse results on different machines. Probably best to test thoroughly in your own environments!


Dramatic Price Drop For New High Availability Tool

Are you running a server environment of up to 10 machines, and want to prevent downtime? All automatic, 24/7 by 365? Add a smart little system admin to every mission critical box? Here is a new way to do that. And it just became very cheap too! Keep on reading for the new pricing. Availant Manager for Windows extends your current systems management by adding predictive capabilities and carefully conceived automated responses to anticipated (or current) problems.

The Availant Manager product comprises a core technology component and a collection of plug-in agents each designed for a specific application or component. The current version of Availant Manager has Availant Manager Agents for:

  • Windows Server
  • Microsoft Exchange
  • Microsoft SQL*Server
  • Microsoft IIS
There is a lot more information on the Sunbelt website: screenshots, white papers, quickstart guides, prices, user guides, and of course eval copies you can download and test. But the best news is last: The prices went permanently from $795 for Windows Server Agents to just $350 and the SQL, IIS and Exchange agents went from $795 down to only 150. The whole suite together is $650 which is a steal.

Security Update: ONE Layer of Protection is NOT Enough

Recently, the New York Times' networks were crippled by a new variant of the Nimda worm, known as "Nimda.E". The new worm has cropped up on many networks which were thought to have been protected, causing congestion, disruption of service and general havoc.

The bitter lesson learned -- anti-virus protection is simply NOT enough. SurfControl, a well known global company in content security, can cover you with the comprehensive SuperScout line of Web and email filtering products, designed to add extra layers of protection against virus attacks.

SuperScout Can Help You Block "Nimda.E" and Other Web-Borne Viruses in three quite easy steps:

  1. Download your FREE filtering software trials now at the link below:
  2. In SuperScout Web Filter, create a rule to block the virus's EXE file
  3. Use SuperScout Email Filter to work with your current anti-virus software and block viruses at the gateway.
Stop assuming that just AV protection is enough. Download SuperScout Web Filter and SuperScout Email Filter FREE for 30 days and test them for yourself. You have nothing to lose. Click Here:

This Week's Links We Like. Tips, Hints And Fun Stuff

  • There's a nasty bug in XP MDAC 2.7 that affects XP performance:
  • Good article about Linux adoption, and what they really replace.
  • The guys at Proxim have 100Mb Wireless up and running. Pretty cool.

    Hack Proofing Windows 2000 Server

    This book is a complete guide to securely configure a W2K network. There is a lot of coverage of IIS 5.0, hundreds of configuring and implenting hints, tips and FAQ's. It also goes into depth re. Kerberos, Distributed Security Services, Public Key Infrastructure and how to build a long-term security plan for your organization.