- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 29, 2002 (Vol. 7, #34 - Issue #365)
PestPatrol: A Run-Away Success
  This issue of W2Knews™ contains:
    • PestPatrol: A Run-Away Success
    • So, What Kind Of RATs Are Living In Your LANs?
    • Negotiating Your Best Licensing Deal With Microsoft
    • Do Not Expect .NET Server before Mid 2003
    • Full File Servers Causing Down Time?
    • Windows Update Site Attacked As Patchy
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Windows 2000: Group Policy, Profiles, and IntelliMirror
  SPONSOR: Think You're Fully Protected?
"Think You're Fully Protected? Think Again"
PestPatrol finds what your firewall and anti-virus don't. Who knows what
pests might be lurking on your users' workstations. The amount of these
can be astonishing: Trojans, Spyware, Keyloggers, Hostile Java code and
about 40,000+ other pests that get through your normal defenses. Usually
caused by clueless users surfing the Web. Install PestPatrol on your PDC
and clean your whole domain via Logon Scripts every day! Grab the eval
and you'll see for yourself.
Visit Think You're Fully Protected? for more information.

PestPatrol: A Run-Away Success

Hi All!

If you ordered PestPatrol online since the last W2Knews and ran into some delays, our apologies. This thing overwhelmed even our robust systems a bit. We're caught up now though. A ton of you (thousands) tried it out and decided you wanted one for your own machine to start with. Now is the time to also roll this out on your domains.

Many people asked what the difference was between PestPatrol and freebie tools like Ad-aware. So we changed the PestPatrol page and included a little grid that explains where the differences are. It is pretty much as usual: you get what you pay for. More over, the freebies were created mainly for a home/consumer environment. PestPatrol was made by people with many years of experience in the anti-virus industry and you can implement it in a corporate environment.

Ad-aware is a fine product. PestPatrol was not originally meant to deal with "spyware", which is only one of many pests. It focused on all the other stuff they do *very* well and that Ad-aware doesn't do at all. Based on customer demand they started dealing with Spyware, and are now committed to exceeding the high bar set by Ad-aware.

I don't know if you recall the early days of anti-virus software, but in the early-mid 90s, it was not uncommon for users to run several AV products, as different products had different strengths. And even now you can run several virus engines in the same anti-virus products. It looks very much like "pest world" today is quite similar to the anti-virus world of '91-92.

This is really a new category that has surfaced and is additional to your existing defenses. It does not really compete with firewalls, anti-virus tools or security scanners which all do essentially different things. There is always some overlap possible, but that in itself is GOOD. Think "belt and suspenders".

I'm probably going overboard a bit with this new toy I have found, you'll have to forgive me. Never thought I would discover a whole new category of tools!

James Dracoulis from Provo, Utah, you're our next XBOX Winner! Congratulations!

Quotes of the Day:
1) The truth is out there? Does anyone know the URL? Oh, it's www.thetruth.com!
2) History is not repeating itself. It is stuttering too much.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

ELM Enterprise Manager V3.0 gives you as a Security Admin the power to
see event entries with unrivaled clarity.
With or without installed
Agents, ELM efficiently monitors and collects events with separate and
easy to use Monitor Items. Personal Views and scheduled Reports provide
valuable event summaries. And a unique Alerts feature, one of the 14
Notification Methods, provides a single glance view of the most critical
events allowing prompt action. Download ELM and see "How the First-to-Know
Stay Ahead"(tm)
Visit SWEET SECURITY SOLUTION for more information.

So, What Kind Of RATs Are Living In Your LANs?

A Remote Administration Tool, or "RAT", is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a "client" in the attacker's machine, and a "server" in the victim's machine. The server in the victim "serves" incoming connections to the victim, and runs invisibly with no user interface. The client is a GUI front-end that the attacker uses to connect to victim servers and "manage" those machines. Well-known examples include Back Orifice, NetBus, and SubSeven.

Nearly all of today's 1,359+ RATs have been written since 1999. Contributing to this furious pace is the fact that many RATs are revised every month, to add features and avoid detection by antivirus products. Drawing from nearly 5,000 reports of RATs detected by PestPatrol, the most commonly reported RAT today is SubSeven. Many copies of SubSeven have been distributed through UseNet mail groups as attachments with various names.

Users perceive the likelihood of getting a RAT as high. In a recent survey, 31% of respondents said that in the course of three months of using their computers, the chance of getting a RAT that allowed a hacker to monitor their activity was Moderately Likely, and 10% thought it Extremely Likely. And users worry about RATs. Nearly half of all users surveyed regarded RATs as very serious problems.

A RAT like SubSeven has full power over a machine, as long as there is a live Internet connection. Because SubSeven can be controlled to retrieve a file and run it, it is extensible, and what one attacker can make it do is not necessarily what it was originally equipped to do. For instance, SubSeven could be made to retrieve a program that overwrites every byte of the hard disk repeatedly, the first time that there was no keyboard activity for an hour. Such destructive code is not part of SubSeven, but SubSeven can be made to retrieve and run such code.

PestPatrol stops RATs. It can detect them the moment they load, and detect them no matter how they have been encrypted. It detects all variants of a given RAT, no matter how it might be joined to other files. And PestPatrol can terminate a RAT, find its activation source in the machine, and remove all traces of it, with just a mouse click.

For more info on RATs, including some graphs and charts, see the first PDF in the Whitepaper section:


Negotiating Your Best Licensing Deal With Microsoft

Who: Laura DiDio, Principal, Information Technology Intelligence Corp.
When: April 30 at 2:00 PM EDT (16:00 GMT)

Next Tuesday, expert Laura DiDio will examine the changes you can expect from the new Microsoft Licensing Program 6.0. She'll provide you with the tactical and strategic advice your company will need to negotiate the best deal. After her presentation, Laura will field your questions at an audience Q&A.

Do Not Expect .NET Server before Mid 2003

Why so late? Security. "We have security as the number one priority, so that (release) date is totally security driven. We've established security checks all along the way," said Enrique Murray, Microsoft's Latin America marketing manager.

Interesting they have their Latam guy make these announcements but there you have it. .Net Server was supposed to ship in the first half of 2002, but MS announced it would instead ship in the second half of this year around March this year. Now it will even be later. .Net Server improves on W2K in areas of Active Directory, clustering, security and systems management.

InfoWorld was on the phone with the MS man and said: "(Mid-2003) is the target, but as always security will drive the final decision," Murray said, speaking by phone from the company's annual Latin America Enterprise Solutions Conference, being held in Boca Raton, Florida. Bill Gates said in January: "When we face a choice between adding features and resolving security issues, we need to choose security".


Full File Servers Causing Down Time?

Last year, Steven Varin was dealing with application servers at Bell Canada International Inc. that were available only 85% of the time because scores of file servers they were trying to talk to were 99% full. This was mainly because many of its 46,000 end users were saving personal data to files or nonessential corporate data was remaining on disk far too long.

"It was definitely impacting our service levels. We were getting notes from executive vice presidents saying, 'Fix the problem, or else'" said Varin, a business analyst in the office of the CIO at Bell Canada in Montreal.

Bell Canada's IT department spent a month and a half just to scan one server manually, filtering out executable files, MP3s, movies and duplicate files. The IT shop anticipated installing an additional 6TB of disk space at a cost of $500,000 to deal with storage needs for the next six months.

Instead, the company installed StorageCentral. It then used policies to allocate 200MB of space per user and filter out some 3TB of garbage data on a 17TB storage-area network. The software also notifies employees if they're reaching thresholds.

If employees require more space, they must provide the IT team with a written reason for the space. Then the IT team can run reports to identify how much space an employee is using and what types of files he has.

One of the more difficult parts of the installation, which began in May of last year and took about eight months, was dealing with the politics of setting policies.

"That took more time because people like to scream and yell when you're taking away their space," Varin said. "We were in communication with each city the company is in, saying, 'This is what you're being assigned. Does it meet your requirements?'"

Varin paid about $1,295 per license to install the software on 43 servers, which "once it was installed on five servers, it paid for itself." "That's where we found our biggest savings ... being able to turn off some legacy servers because of the space we saved on production severs," Varin said.

The return on investment also included a 10% drop in backup windows, raising the availability of application servers to 99%, and not having to install the additional 6TB of disk space. Here's your 30-day Eval:

Windows Update Site Attacked As Patchy

The venerable Bugtraq moderator Russ Cooper is not happy with Windows Update. He actually advised people not to use it because of unreliability issues. Windows Update is supposed to give you a fast way to find and download hotfixes. Cooper however claims the site has flaws that can be outright risky. Reports that patches are patched when they are not or the other way around. Ouch.


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Some one stealing your cookies: say bye bye to your MSN Hotmail account:

  • http://www.w2knews.com/rd/rd.cfm?id=020429FA-Cookies
  • Impressions after riding the new segway. I want one.

  • http://www.w2knews.com/rd/rd.cfm?id=020429FA-Segway
  • Getting these offers from Nigerian scam artists? Here is the scoop:

  • http://www.w2knews.com/rd/rd.cfm?id=020429FA-Scam_Artists
  • This site allows you to mix and match you own colored M&M's. How wacky does the web get? Well like this!

  • http://www.w2knews.com/rd/rd.cfm?id=020429FA-MMs

    Windows 2000: Group Policy, Profiles, and IntelliMirror

    Why did you buy W2K Server and put W2K desktops everywhere? You wanted more power, control, and efficiency in managing your systems. W2K comes with an arsenal of built-in features that allow you to harness the REAL power of W2K with Group Policy, Profiles, and IntelliMirror. You already paid for the features. Now learn how to use them to their fullest potential and maximize your Windows 2000 investment!

    Inside this book, you'll find real-world, hands-on examples of how to immediately put Group Policy to use in your environment. Whether your environment has 50, 5000, or 50,000 systems, you'll understand how and when to best use Windows 2000 Group Policy. You'll learn how it applies to your systems, how it works to manage your servers and clients, and how it can be used to dramatically reduce the amount of "running around" you do on a day-to-day basis.

    • How would you distribute Office XP to 50,000 users in a single bound?
    • How would you customize and manage those 50,000 Office XP installations?
    • How would you create and distribute your own software packages for distribution?
    • How would you create your own custom policies to augment the policies provided by Microsoft?
    • How would you build and deploy your own custom security policies for all your Windows 2000 systems?
    • How would you set up Roaming Profiles for your users so they can seamlessly hop from machine to machine and maintain their "experience"?
    • How would you force a group of users to use the same Mandatory Profile they cannot change?
    • How would you control how Group Policies react over slow and dial-up links?
    • How would you keep users working offline as if they were online?
    • How would you set up Disk Quotas on your servers and workstations?
    • How would you bring back a Windows 2000 machine from the dead in a matter of minutes (while preserving all the user data) by using RIS?
    • How would you migrate from 95/NT 4.0-style "System Policies" and start using Windows 2000 Group Policies?
    Here you go!