- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Apr 25, 2002 (Vol. 7, #33 - Issue #364)
What Is More Harmful Than Viruses?
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
  2. TECH BRIEFING
    • New Router Security Analysis Tool: Free
  3. NT/2000 RELATED NEWS
    • Windows Soon Hammering
    • Microsoft Defends Baseline Security Analyzer
  4. NT/2000 THIRD PARTY NEWS
    • Pests On Your Users' Systems: More Harmful Than Viruses!
    • So, What Webserver Are These People Running?
    • DiskAlert 2.0 Is About To Be Released
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Windows 2000: Group Policy, Profiles, and IntelliMirror
  SPONSOR: Aelita
Free Testlab guide! Put Aelita in your lab!
Experience greater administrative control and security of Active
Directory and Exchange with Aelita Enterprise Directory Manager.
EDM's powerful "Rules and Roles" automates administrative tasks,
simplifies Group Policy management, and integrates Active
Directory with HR applications. Visit the Aelita Testlab for a
FREE guide for comparing our solutions to our competitors.
Visit Aelita for more information.
  EDITORS CORNER
Hi All!

I just found a new category tool that really blew my mind! Check out the "Pests On Your Users' Systems: More Harmful Than Viruses" item under Third Party News. It found a bunch of stuff on all machines we checked, despite our best defenses.

The latest XBOX Winner is John Bilotti from Maynard, MA!! Congrats John!

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: SWEET SECURITY SOLUTION
ELM Enterprise Manager V3.0 gives you as a Security Admin the power to
see event entries with unrivaled clarity.
With or without installed
Agents, ELM efficiently monitors and collects events with separate and
easy to use Monitor Items. Personal Views and scheduled Reports provide
valuable event summaries. And a unique Alerts feature, one of the 14
Notification Methods, provides a single glance view of the most critical
events allowing prompt action. Download ELM and see "How the First-to-Know
Stay Ahead"(tm)
Visit SWEET SECURITY SOLUTION for more information.
  TECH BRIEFING

New Router Security Analysis Tool: Free

SANS just reported on a new version of the Router Analysis Tool, running on both UNIX and Windows. It was released yesterday by the Center for Internet Security. CERT/CC issued a report late last fall saying routers are a new favorite target of attackers. If you use Cisco routers, it makes sense to test their security settings using this free program. Go to the site below and click on the Cisco IOS Router Security Benchmark Tool:
http://www.w2knews.com/rd/rd.cfm?id=020425TB-Router_Security

  NT/2000 RELATED NEWS

Windows Soon Hammering

It looks like AMD will soon announce that MS will support their new 64-bit Hammer architecture. This is interesting, as it will get some competition in the higher-end server space with Intel, and that is only good for our prices.

AMD's first baby should be out end of this year in a single processor flavor to begin with. They will come out with multi-processor (2 and 4) sets in 2003. Intel is pooh-poohing the AMD efforts and said that it will not influence its sales. But I like the idea of competition!

Microsoft Defends Baseline Security Analyzer

Some reports have surfaced that the MBSA does not provide consistent results. Steve Lipner, director of security assurance at Microsoft said: "MBSA displays everything it sees, but it attempts to color code to give [a user] an indication of what's happening, where HFNetcheck allows you to suppress some of the warnings," Lipner said. "[MBSA] warns you there was this [security] bulletin, you ought to have applied it, [Microsoft] ought to remind you. People may be missing that, saying it's a warning they already got."

Lipner said hotfixes could also lead to MBSA misinterpretation. If a hotfix was applied to plug a code exploit that did not come directly from a MS security bulletin, MBSA will "guess" a system update has occurred since the new patch was released and offer an end-user a standard warning, he added.

Available for free download, MBSA is designed to unearth non-applied MS patches and provide simplified controls for correction in the form of a Web-based XML file containing a list of up-to-date security bulletins with corresponding registry key version number. Lipner said once a patch is installed and the system is scanned again immediately thereafter, MBSA vulnerability results should change. He said the XML file on the Web, employed by both MBSA and HFNetChk, is usually updated in hours from the time a new security bulletin is released by Microsoft. Full article on InfoWorld site available here:
http://www.w2knews.com/rd/rd.cfm?id=020425RN-Security_Analyzer

  THIRD PARTY NEWS

Pests On Your Users' Systems: More Harmful Than Viruses!

So, I went to a website called www.siglets.com. Do not go there yet. I clicked around a bit and it loaded an applet on my system called trickler3016. e x e and it tried to "call home" immediately. All of this without my consent and even being aware of it. My ZoneAlarm (ZA) firewall caught it, and I told ZA to not let it dial out. Then I started digging and found that trickler applet sitting in a temp directory. Could not delete it easily either: "In Use".

CNET recently defined spyware as: "This software often installs itself without your consent. The software might monitor your Web browsing habits or record your passwords, credit card information or other e-commerce data. It usually relays the data to a third-party company or funnels the information for unethical purposes. It's usually difficult to find or delete from your hard drive."

I discussed it a bit with the person who had sent me the link to that site to begin with and she made me aware of a new category tool that specifically looks for these kinds of spyware or adware (pests) executables. I decided to buy it online for 20 bucks and look at if it could do something.

To my great surprise I had a whopping five, (count 'em 5!! of these things on my system. The tool I used to scan the disk and quarantine them is a very smart little tool called PestPatrol. I called up the developer and told them I was flabbergasted that this stuff had made it through all the defenses I have in place.

How does PestPatrol differ from anti-virus products?
Anti-virus products focus on viruses; PestPatrol focuses on every other sort of computer pest, including ANSI bombs, answering machine hacks, carding, denial of service attack tools, disassemblers, virus droppers, hacking guides, hostile Java, icq, mail bombers, password crackers, phreaking, surreptitious remote control, remote monitoring, network scanning, sniffers, spoofers, spyware, surveillance, Trojans, Trojan creation tools, virus creation tools, virus writing tools, and word lists used by password crackers. As a result, PestPatrol detects more such pests than anti-virus products. PestPatrol is much faster than anti-virus scanners...in fact, over twice as fast!

They told me this is a whole new category of tools that does not really get identified specifically, and that it really needs some people with many years of experience in the anti-virus business to execute it right. And when I heard there were also corporate licenses I got to thinking that this might be of interest for you. So that was the reason I decided to pick it up. If you have a bunch of these critters on your users' systems out there, they may do harm in a multitude of ways, and gobble up network resources to boot. So here you go, for less than 20 bucks on the Sunbelt OnlineShop (And this is a special deal for W2Knews readers, normally it is $29.95). Get one for yourself at your house and then you'll understand this is something for your organization as well.
http://www.w2knews.com/rd/rd.cfm?id=020425TP-PestPatrol

So, What Webserver Are These People Running?

Steve Gibson has a free little tool that is quite useful. I quote:

"The IIS Worm Wars of 2001 demonstrated that not all web servers are equally secure. The multiple rounds of rapidly spreading IIS worms dramatized a fact that had been troubling security professionals for quite some time.

"Compared to the other popular web server solutions, MS offerings generate a continuous stream of serious security problems. Moreover, unlike embarrassing but comparatively benign problems such as web site defacement, MS security vulnerabilities usually place the web site's visitor data at risk of theft and malicious exploitation.

"During the last quarter of 2001 we saw an increase in email asking if there was any way to tell what server software any given web site was using. Presumably, these users were either curious, or they intended to use that information, if it were available, to help choose which sites they would prefer not to entrust with their confidential and personal data.

"This information is readily available. Although the make, model, and version of most web site's server software has always been available to client programs, it has never before been important or particularly interesting to most web site users. Recently, for at least some users, this appears to have changed. Since I have also sometimes wondered about the security and server software used by "off the beaten path" web sites, I decided to whip up "ID Serve", a simple, free, small (26 kbytes), and fast, general purpose Internet server identification utility." It's here:
http://www.w2knews.com/rd/rd.cfm?id=020425TP-ID_Serve

DiskAlert 2.0 Is About To Be Released

DiskAlert is a tool that monitors your hard disk health and warns you before a disk goes bad. Quite useful to prevent downtime.

The new DiskAlert 2.0 upgrade is now available for free to existing DiskAlert customers. DiskAlert 2.0 marks the change of its licensing model. Rather than licensing DiskAlert based on the number of hard disks being monitored, it is now licensed it by machine.

HOW TO UPGRADE

The machine you've installed the DiskAlert Administrator Console must have an internet connection. Bring up the DiskAlert console. Highlight the DiskAlert object in the left pane of the console. Click on the ACTION drop down menu. Click on CHECK FOR UPDATES.

This will take you to a web page with a short form to fill out. After you've filled out and submitted the form, you will receive an e-mail with your new licenses, a link to download DiskAlert 2.0 software and simple instructions on adding your new licenses to your DiskAlert 2.0 software. If you do not receive this e-mail within 24 hours or have any other problems relating to this upgrade, please send an e-mail with contact data and a description to [email protected]
http://www.w2knews.com/rd/rd.cfm?id=020425TP-DiskAlert

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • PestPatrol kills spyware, trojans, sniffers, spoofers and other pests:

  • http://www.w2knews.com/rd/rd.cfm?id=020425FA-PestPatrol
  • Pretty cool coded clock you can drag around with your mouse. Fun to play with!

  • http://www.w2knews.com/rd/rd.cfm?id=020425FA-Clock
  • All the USA spamlaws, summarized by State. Interesting reading and you can make some money in the Small Claims Court if you are technically proficient enough to track down the spammers!

  • http://www.w2knews.com/rd/rd.cfm?id=020425FA-Spam_Laws
  • This is really a Sight To Behold! Earth by night: a NASA composite pic.

  • http://www.w2knews.com/rd/rd.cfm?id=020425FA-Earthlights
      PRODUCT OF THE WEEK

    Windows 2000: Group Policy, Profiles, and IntelliMirror

    Why did you buy W2K Server and put W2K desktops everywhere? You wanted more power, control, and efficiency in managing your systems. W2K comes with an arsenal of built-in features that allow you to harness the REAL power of W2K with Group Policy, Profiles, and IntelliMirror. You already paid for the features. Now learn how to use them to their fullest potential and maximize your Windows 2000 investment!

    Inside this book, you'll find real-world, hands-on examples of how to immediately put Group Policy to use in your environment. Whether your environment has 50, 5000, or 50,000 systems, you'll understand how and when to best use Windows 2000 Group Policy. You'll learn how it applies to your systems, how it works to manage your servers and clients, and how it can be used to dramatically reduce the amount of "running around" you do on a day-to-day basis.

    • How would you distribute Office XP to 50,000 users in a single bound?
    • How would you customize and manage those 50,000 Office XP installations?
    • How would you create and distribute your own software packages for distribution?
    • How would you create your own custom policies to augment the policies provided by Microsoft?
    • How would you build and deploy your own custom security policies for all your Windows 2000 systems?
    • How would you set up Roaming Profiles for your users so they can seamlessly hop from machine to machine and maintain their "experience"?
    • How would you force a group of users to use the same Mandatory Profile they cannot change?
    • How would you control how Group Policies react over slow and dial-up links?
    • How would you keep users working offline as if they were online?
    • How would you set up Disk Quotas on your servers and workstations?
    • How would you bring back a Windows 2000 machine from the dead in a matter of minutes (while preserving all the user data) by using RIS?
    • How would you migrate from 95/NT 4.0?style "System Policies" and start using Windows 2000 Group Policies?
    Here you go!

    http://www.w2knews.com/rd/rd.cfm?id=020425BW-Windows_2000