- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 18, 2002 (Vol. 7, #22 - Issue #353)
Warning: New Virus 'From Microsoft'
  This issue of W2Knews™ contains:
    • Refer A Friend!
    • Warning: New Virus "From Microsoft"
    • New HFNetChk Beta available
    • How is "MainFrame Windows" Doing?
    • New Weapon In Network Security And Availability Battle
    • ELM Version 3.0 Is Finally Here!
    • Opportunity To See Interactive Demo of New SecureIIS
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • BizTalk Server 2000 Developer's Guide for .NET
FREE SQL Tool from NetIQ
Need to know what's going on in your database environment?
Quickly and accurately identify and investigate specific SQL
Server problems with NetIQ's FREE diagnostic dashboard,
SQLcheck. Get the critical information you need about your
database server hardware, its operating system and SQL Server.
Download SQLcheck today!
Visit NetIQ for more information.

Refer A Friend!

We'd love you to tell your friends about W2Knews, and make it a fun game as well. The new XBOX winner this week is Bill Luffman, from Newmarket, in Canada. The only thing you need to do is complete your profile, and suggest up to 3 friends. They will get only an invitation, and not be spammed. Give it a try! We'd like more people to enjoy W2Knews. Use this link to get to your profile:

And as this week's little "time-saver" hint, sometimes Google is better at finding a MS technet article reference than the MS search engine itself. Funny but true, our Techs came to that conclusion this week by trying it out.

We are in the process of migrating to Exchange 2000, now that we have the Active Directory upgrade behind us. In the next issue you will get the whole story!

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Opalis
"A network administrators tool kit"
OpalisRobot automates a broad range of admin tasks
including system monitoring, corrective action and job
scheduling. It detects and corrects system errors &
automates jobs, enabling proactive management
of business-critical servers. Download & test-drive today!
Visit Opalis for more information.

Warning: New Virus "From Microsoft"

I have been getting a lot of people sending me email with a warning about a virus they have received with a spoofed Microsoft return address. It came with a W32.Gibe.dam infected attachment (q 2 1 6 3 0 9 . e x e).

The copy in the email starts with:

To: "Microsoft Customer" <'[email protected]'>
Subject: Internet Security Update
Microsoft Customer,
This is the latest version of security update, the known security
vulnerabilities affecting Internet Explorer and MS Outlook/Express as
well as six new vulnerabilities, and is discussed in Microsoft Security
Bulletin MS02-005. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run code on your computer.

Of course everyone of us knows that no one should EVER touch an exe file that we did not specifically ask for, but clueless users might be tempted to run this at home or at work if your email sanity scanner is busted and lets the exe through. You might want to send another general warning out to users, with this one as a recent example. We do this every monday morning at staff meeting, a reminder to not open any attachments they not specifically asked for. Repetition is the only way to make sure everyone remembers.

New HFNetChk Beta available

HFNetChk 3.40 is available for beta testing from MS's www.betaplace.com. It means you need a beta place user name and password, but you can request one from MS. They say it takes two days to get one to you. This new release of HFNetChk introduces new features and corrects several known issues.

New features:

  • trace switch creates a debug log to assist with troubleshooting.
  • sum switch will force a checksum scan even when scanning a non-English language system. Use only if you have a custom XML file with language- specific checksums.
  • NT4 Terminal Server support.
  • File version information is displayed in -v(erbose) mode for Patch NOT Found and Warning messages.
  • HFNetChk version information, scan date, and XML file version information is displayed in output.
  • Enhanced domain resolution and scanning.
  • Leading and trailing spaces in file inputs are removed and blank lines are ignored.
  • mssecure.cab file is now downloaded to the current working directory and not to the user's temp directory.
  • Now able to scan local Windows XP Home Edition systems.
  • Corrected a bug where the incorrect SQL Server SP version was being displayed if certain SQL hotfixes had been applied.
Additional features such as scanning for Exchange, ISA, MS01-022, or Office patches are being considered for a future release of HFNetChk and are not included in this beta.

Questions - please contact [email protected]

If you do not have a beta userid and password and would like to request access for this beta, please complete the Beta Nomination below. It will take approximately 2 business days to process your request. Beta Nomination Form:

username: hfnetchkbeta
password: staysecure

(above is case sensitive. If this username/password pair does not work for you, pls contact [email protected])

Tired of command line tools and you want a real Windows-GUI commercially supported product? Shavlik has 'em. HFNetChk is the stripped down version of this complete tool. You can find them over here:


How is "MainFrame Windows" Doing?

Client Server News reported this week that Unisys has sold about 580 of these mammoth 7000 Series machines. The split is roughly 80-20 in 16-processor and 32-CPU systems. The original 7000 line had the "100" model number attached, but now they are coming out with a "200" model that will allow Intel's new Foster MP chips, either the 1.4GHz or 1.6GHz CPU's. It will also support the new 64-bit Itanium silicon. The new 200's have self-diagnostic/self-healing functionality built in.

Can you imagine? 32 CPU's all 64-bit running the new 64-bit W2K Datacenter? I would not mind having that kind of power in my garage. PS, if you are in the industry, Client Server News is a very good source of information, if you can get your company to pay the $595 US per year. You can find them at:


New Weapon In Network Security And Availability Battle

Network traffic monitoring really is an emerging weapon in the battle for network security and availability. According to our recent survey, (and Gartner agrees with us) the top two areas of concern this year is security and availability. Security and availability tools tend to be distinct from each other and address different types of issues. But in the case of Iris, we have found a best-of-breed product that addresses both areas.

Developed by eEye Digital Security, the team that brought you both SecureIIS and Retina, Iris is a powerful and easy to use network traffic analyzer that allows you to examine the traffic on your network. Iris makes the forensics of a security breach or performance problem quick and effortless, allowing you to take immediate action to resolve the issue.

One of the key features of Iris is its ability to decode and reconstruct network traffic (such as emails, instant messages, Web-browsing sessions and more) in its original format. In other words, you can actually see the web pages viewed by a suspicious employee or follow the trail of a hacker through your network, to quickly determine whether company security has being compromised. Iris even delivers a complete audit trail, giving you the evidence you need to take appropriate action against those committing malicious or non-compliant acts.

With Iris?s ability to monitor network traffic, you?ll be able to proactively recognize (and take steps to eliminate) suspicious or non-compliant behavior before it can become a problem. You can also identify potential performance issues, such as bandwidth abuses, hacker attack damage and more, and take steps to resolve them before they can result in major downtime for your users.

As always, we have picked a best-of-breed product. Iris has claimed several recognitions including being voted to receive the W2Knews Target Award as the best Network Traffic Monitor. Some of the other features of Iris include:

  • Packet logging: Traffic is logged to buffer and then to disk and can be referenced at a later date.
  • Stream decoding: Entire series of packets, even from stored data, can be reconstructed to allow for a "playback" of network traffic
  • Packet manipulation: Modification of captured packets which can be injected back into the network.
  • Keyword filters: Traffic logging can be tuned down to certain events and not just the capturing of all data seen on the wire.
  • Scheduler: Start and stop logging automatically so only certain timeframes of the day or night can be captured without human intervention.
  • "Auto-discover": Any active machine on a network and include them in an address book for easy target/origination selection inside filters and for searching.
  • Statistics: Statistics can be generated by quantity of packets, protocol, and packet size. Bandwidth can also be monitored.
Best news is that this puppy is only $995 a pop.

ELM Version 3.0 Is Finally Here!

We've been waiting for this for a while but the Build of the new version of ELM was really worth the wait. The original ELM has now been broken up in three separate tools, each with its own focus. Everything you had in your original ELM is still in the new Enterprise Manager, and a whole bunch more stuff. The Log Manager and Performance Manager are sub-sets and also cheaper. The good thing is that the price per server has only gone up marginally, and you now have a state of the art, MMC snap-in tool with ELM. It's better than ever. Get your new versions!

To compare the three, here is a nice little grid that explains:

Eval versions here:

ELM Enterprise Manager? 3.0

ELM Log Manager? 3.0

ELM Performance Manager? 3.0

Opportunity To See Interactive Demo of New SecureIIS

Remember the effects of Code Red and Nimba? $11 billion damage worldwide. Microsoft?s IIS web server application is usually the most vulnerable part of a network.

Exclusive to W2Knews readers, SecureIIS developer eEye is offering the unique opportunity to learn first hand about SecureIIS, the IIS application firewall. Created by the company that first discovered Code Red, eEye Digital Security will get you an on-line interactive demonstration; you will have the opportunity to observe SecureIIS in live action.

Learn how this application firewall fits within your overall security infrastructure and the features that make SecureIIS the best tool on the market, voted by Windows 2000 as one of the three great security tools. Through interaction with the eEye team, you will learn about:

  • The Company behind the product
  • The Role of SecureIIS protecting your web server
  • Key features and capabilities of SecureIIS
  • SecureIIS in action
Several sessions are available. Each session is 45 minutes long. Space is limited. Click on the below link to register.

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Very ingenious indeed. This robot solves the 3x3x3 Rubik's Cube.
  • Suppose you could lob a megaton (or so) hit. How much damage would it do? Got a certain spot in mind where company headquarters is? [grin]
  • All the hotfixes of W2K post Service Pack 2. Interesting reading.
  • Need some space? The 300-mile down "perspective"? Now a reality using your frequent flier miles. No kidding.

    BizTalk Server 2000 Developer's Guide for .NET

    BizTalk Server 2000 is part of the .NET family of Enterprise Servers designed to work together to provide e-business solutions. The .NET Enterprise Servers are based on open Web standards, such as XML, to allow an organization to integrate and orchestrate their applications and service needs into a single comprehensive solution. This book shows how to use BizTalk Server 2000 to create, integrate, manage, and automate business processes for the exchange of business documents.