Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 29, 2002 (Vol. 7, #34 - Issue #365)
PestPatrol: A Run-Away Success
This issue of W2Knews contains:
- EDITORS CORNER
- PestPatrol: A Run-Away Success
- TECH BRIEFING
- So, What Kind Of RATs Are Living In Your LANs?
- NT/2000 RELATED NEWS
- Negotiating Your Best Licensing Deal With Microsoft
- Do Not Expect .NET Server before Mid 2003
- NT/2000 THIRD PARTY NEWS
- Full File Servers Causing Down Time?
- Windows Update Site Attacked As Patchy
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Windows 2000: Group Policy, Profiles, and IntelliMirror
SPONSOR: Think You're Fully Protected?
"Think You're Fully Protected? Think Again"
PestPatrol finds what your firewall and anti-virus don't. Who knows what
pests might be lurking on your users' workstations. The amount of these
can be astonishing: Trojans, Spyware, Keyloggers, Hostile Java code and
about 40,000+ other pests that get through your normal defenses. Usually
caused by clueless users surfing the Web. Install PestPatrol on your PDC
and clean your whole domain via Logon Scripts every day! Grab the eval
and you'll see for yourself.
Visit Think You're Fully Protected? for more information.
PestPatrol: A Run-Away Success
If you ordered PestPatrol online since the last W2Knews and ran into some
delays, our apologies. This thing overwhelmed even our robust systems a bit. We're caught up now though. A ton of you (thousands) tried it out
and decided you wanted one for your own machine to start with. Now is
the time to also roll this out on your domains.
Many people asked what the difference was between PestPatrol and freebie
tools like Ad-aware. So we changed the PestPatrol page and included a
little grid that explains where the differences are. It is pretty much
as usual: you get what you pay for. More over, the freebies were created
mainly for a home/consumer environment. PestPatrol was made by people
with many years of experience in the anti-virus industry and you can
implement it in a corporate environment.
Ad-aware is a fine product. PestPatrol was not originally meant to deal
with "spyware", which is only one of many pests. It focused on all the
other stuff they do *very* well and that Ad-aware doesn't do at all.
Based on customer demand they started dealing with Spyware, and are
now committed to exceeding the high bar set by Ad-aware.
I don't know if you recall the early days of anti-virus software, but
in the early-mid 90s, it was not uncommon for users to run several AV
products, as different products had different strengths. And even now
you can run several virus engines in the same anti-virus products. It
looks very much like "pest world" today is quite similar to the anti-virus world of '91-92.
This is really a new category that has surfaced and is additional to your
existing defenses. It does not really compete with firewalls, anti-virus
tools or security scanners which all do essentially different things.
There is always some overlap possible, but that in itself is GOOD. Think
"belt and suspenders".
I'm probably going overboard a bit with this new toy I have found, you'll
have to forgive me. Never thought I would discover a whole new category
James Dracoulis from Provo, Utah, you're our next XBOX Winner! Congratulations!
Quotes of the Day:
1) The truth is out there? Does anyone know the URL? Oh, it's www.thetruth.com!
2) History is not repeating itself. It is stuttering too much.
(email me with feedback: [email protected])
SPONSOR: SWEET SECURITY SOLUTION
ELM Enterprise Manager V3.0 gives you as a Security Admin the power to
see event entries with unrivaled clarity. With or without installed
Agents, ELM efficiently monitors and collects events with separate and
easy to use Monitor Items. Personal Views and scheduled Reports provide
valuable event summaries. And a unique Alerts feature, one of the 14
Notification Methods, provides a single glance view of the most critical
events allowing prompt action. Download ELM and see "How the First-to-Know
Visit SWEET SECURITY SOLUTION for more information.
So, What Kind Of RATs Are Living In Your LANs?
A Remote Administration Tool, or "RAT", is a Trojan that when run,
provides an attacker with the capability of remotely controlling a
machine via a "client" in the attacker's machine, and a "server" in
the victim's machine. The server in the victim "serves" incoming
connections to the victim, and runs invisibly with no user interface.
The client is a GUI front-end that the attacker uses to connect to
victim servers and "manage" those machines. Well-known examples include
Back Orifice, NetBus, and SubSeven.
Nearly all of today's 1,359+ RATs have been written since 1999.
Contributing to this furious pace is the fact that many RATs are
revised every month, to add features and avoid detection by antivirus
products. Drawing from nearly 5,000 reports of RATs detected by
PestPatrol, the most commonly reported RAT today is SubSeven. Many
copies of SubSeven have been distributed through UseNet mail groups
as attachments with various names.
Users perceive the likelihood of getting a RAT as high. In a recent
survey, 31% of respondents said that in the course of three months
of using their computers, the chance of getting a RAT that allowed a
hacker to monitor their activity was Moderately Likely, and 10%
thought it Extremely Likely. And users worry about RATs. Nearly half
of all users surveyed regarded RATs as very serious problems.
A RAT like SubSeven has full power over a machine, as long as there
is a live Internet connection. Because SubSeven can be controlled to
retrieve a file and run it, it is extensible, and what one attacker
can make it do is not necessarily what it was originally equipped to
do. For instance, SubSeven could be made to retrieve a program that
overwrites every byte of the hard disk repeatedly, the first time that
there was no keyboard activity for an hour. Such destructive code is
not part of SubSeven, but SubSeven can be made to retrieve and run
PestPatrol stops RATs. It can detect them the moment they load, and
detect them no matter how they have been encrypted. It detects all
variants of a given RAT, no matter how it might be joined to other
files. And PestPatrol can terminate a RAT, find its activation source
in the machine, and remove all traces of it, with just a mouse click.
For more info on RATs, including some graphs and charts, see the first
PDF in the Whitepaper section:
NT/2000 RELATED NEWS
Negotiating Your Best Licensing Deal With Microsoft
Who: Laura DiDio, Principal, Information Technology Intelligence Corp.
When: April 30 at 2:00 PM EDT (16:00 GMT)
Next Tuesday, expert Laura DiDio will examine the changes you can
expect from the new Microsoft Licensing Program 6.0. She'll provide
you with the tactical and strategic advice your company will need to
negotiate the best deal. After her presentation, Laura will field
your questions at an audience Q&A.
Do Not Expect .NET Server before Mid 2003
Why so late? Security. "We have security as the number one priority,
so that (release) date is totally security driven. We've established
security checks all along the way," said Enrique Murray, Microsoft's
Latin America marketing manager.
Interesting they have their Latam guy make these announcements but
there you have it. .Net Server was supposed to ship in the first half
of 2002, but MS announced it would instead ship in the second half of
this year around March this year. Now it will even be later. .Net
Server improves on W2K in areas of Active Directory, clustering,
security and systems management.
InfoWorld was on the phone with the MS man and said: "(Mid-2003) is
the target, but as always security will drive the final decision,"
Murray said, speaking by phone from the company's annual Latin
America Enterprise Solutions Conference, being held in Boca Raton,
Florida. Bill Gates said in January: "When we face a choice between
adding features and resolving security issues, we need to choose
THIRD PARTY NEWS
Full File Servers Causing Down Time?
Last year, Steven Varin was dealing with application servers at Bell
Canada International Inc. that were available only 85% of the time
because scores of file servers they were trying to talk to were 99%
full. This was mainly because many of its 46,000 end users were saving
personal data to files or nonessential corporate data was remaining
on disk far too long.
"It was definitely impacting our service levels. We were getting notes
from executive vice presidents saying, 'Fix the problem, or else'"
said Varin, a business analyst in the office of the CIO at Bell Canada
Bell Canada's IT department spent a month and a half just to scan one
server manually, filtering out executable files, MP3s, movies and
duplicate files. The IT shop anticipated installing an additional 6TB
of disk space at a cost of $500,000 to deal with storage needs for
the next six months.
Instead, the company installed StorageCentral. It then used policies
to allocate 200MB of space per user and filter out some 3TB of garbage
data on a 17TB storage-area network. The software also notifies employees
if they're reaching thresholds.
If employees require more space, they must provide the IT team with
a written reason for the space. Then the IT team can run reports to
identify how much space an employee is using and what types of files
One of the more difficult parts of the installation, which began in May
of last year and took about eight months, was dealing with the politics
of setting policies.
"That took more time because people like to scream and yell when you're
taking away their space," Varin said. "We were in communication with each
city the company is in, saying, 'This is what you're being assigned. Does
it meet your requirements?'"
Varin paid about $1,295 per license to install the software on 43 servers,
which "once it was installed on five servers, it paid for itself."
"That's where we found our biggest savings ... being able to turn off some
legacy servers because of the space we saved on production severs," Varin
The return on investment also included a 10% drop in backup windows,
raising the availability of application servers to 99%, and not having
to install the additional 6TB of disk space. Here's your 30-day Eval:
Windows Update Site Attacked As Patchy
The venerable Bugtraq moderator Russ Cooper is not happy with Windows
Update. He actually advised people not to use it because of unreliability
issues. Windows Update is supposed to give you a fast way to find and
download hotfixes. Cooper however claims the site has flaws that can
be outright risky. Reports that patches are patched when they are not
or the other way around. Ouch.
This Week's Links We Like. Tips, Hints And Fun Stuff
Some one stealing your cookies: say bye bye to your MSN Hotmail account:
Impressions after riding the new segway. I want one.
Getting these offers from Nigerian scam artists? Here is the scoop:
This site allows you to mix and match you own colored M&M's. How wacky
does the web get? Well like this!
PRODUCT OF THE WEEK
Windows 2000: Group Policy, Profiles, and IntelliMirror
Why did you buy W2K Server and put W2K desktops everywhere? You wanted
more power, control, and efficiency in managing your systems. W2K comes
with an arsenal of built-in features that allow you to harness the REAL
power of W2K with Group Policy, Profiles, and IntelliMirror. You already
paid for the features. Now learn how to use them to their fullest potential
and maximize your Windows 2000 investment!
Inside this book, you'll find real-world, hands-on examples of how to
immediately put Group Policy to use in your environment. Whether your
environment has 50, 5000, or 50,000 systems, you'll understand how and
when to best use Windows 2000 Group Policy. You'll learn how it applies to
your systems, how it works to manage your servers and clients, and how it
can be used to dramatically reduce the amount of "running around" you do
on a day-to-day basis.
Here you go!
- How would you distribute Office XP to 50,000 users in a single bound?
- How would you customize and manage those 50,000 Office XP installations?
- How would you create and distribute your own software packages for distribution?
- How would you create your own custom policies to augment the policies provided by Microsoft?
- How would you build and deploy your own custom security policies for all your Windows 2000 systems?
- How would you set up Roaming Profiles for your users so they can seamlessly hop from machine to machine and maintain their "experience"?
- How would you force a group of users to use the same Mandatory Profile they cannot change?
- How would you control how Group Policies react over slow and dial-up links?
- How would you keep users working offline as if they were online?
- How would you set up Disk Quotas on your servers and workstations?
- How would you bring back a Windows 2000 machine from the dead in a matter of minutes (while preserving all the user data) by using RIS?
- How would you migrate from 95/NT 4.0-style "System Policies" and start using Windows 2000 Group Policies?