Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jun 17, 2002 (Vol. 7, #45 - Issue #376)
This Time I Stepped Into It
This issue of W2Knews contains:
- EDITORS CORNER
- Windows Update Can Also Break Systems
- TECH BRIEFING
- Tools from the Garden of Good and Evil
- NT/2000 RELATED NEWS
- This Time I Stepped Into It!
- XBOX Now Hacked
- Microsoft Chief Executive Sets Goal to Remake Image
- People Like Their (Linux Based) TiVo
- NT/2000 THIRD PARTY NEWS
- How Does UpdateEXPERT Work Out?
- What's Your Storage Policy?
- New Attack Prevention Solution for MS IIS Web Servers
- Now Your Colleagues And Friends Will Have No Excuse...
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Securing Windows NT/2000 From Policies to Firewalls
FREE SQL Tool from NetIQ
Need to know what's going on in your database environment?
Quickly and accurately identify and investigate specific SQL
Server problems with NetIQ's FREE diagnostic dashboard,
SQLcheck. Get the critical information you need about your
database server hardware, its operating system and SQL Server.
Download SQLcheck today!
Visit NetIQ for more information.
Windows Update Can Also Break Systems
I thought that this experience would be useful to you guys that use
Windows Update, or if your users in their infinite wisdom decide to
use it without you knowing about it...
When this colleague responded to his "Critical Updates" prompt from
the Microsoft Windows Update system, it listed a new driver for his
Promise IDE Raid array: "Promise Technology Scsiadapter Driver Version
He loaded it and the Array promptly disappeared from NT2000 Server.
He had to restore the old driver, and he did manage to get the array
functioning again, but I guess the lesson is that Microsoft still
has some quality control work to do. According to the Device Manager,
the driver it installed failed to start, and came up with a Code (10)
error. Too bad Microsoft's error messages never seem to return in
Knowledge Base searches when they are typed in verbatim.
Michael Fasold from Lebanon, PA is our next winner in our Refer-A-Friend Contest! Congratulations Michael!!
Our Refer-A-Friend Contest is back! Subscribe to either W2Knews or WinXPnews, complete your profile, recommend up to 3 of your friends, have them complete their profiles and each of you could be eligible to win your own Palm m105 Handheld! We're giving away 4 of these puppies! (Sponsored by Computers4SURE, your source for 60,000+ Technology Products.) Use the link at the bottom of each newsletter to update your profile and recommend your friends.
(email me with feedback: [email protected])
SPONSOR: "pcAnywhere Killer"
"I absolutely LOVE the Sunbelt Remote Administrator. I was a bit
crippled after bringing up a new/replacement primary mail server.
I couldn't log on and control it using PCanywhere. I could with the
old, failed server. I remotely administer the server from about 200
miles away. To put it succinctly, Sunbelt Remote Administrator saved
my fanny! It runs unbelievably fast and appears to contribute virtually
no load to the server. I have it running on two servers, and both are
a dream to manage. Before, it was like walking in molasses when I
tried to get anything done, and I didn't dare stay logged on during
high traffic times. Now, the servers could care less!! I had no regrets
buying the products and probably will get more later this year when the
servers are brought on line. -- Lee Woolman
Visit "pcAnywhere Killer" for more information.
Tools from the Garden of Good and Evil
We have received a number of comments from users of PestPatrol that
report "false alarms" on various legitimate security tools and even
the occasional commercial product. As a result, we thought it might
be useful to clarify the "mission" of PestPatrol.
PestPatrol was developed to assist PC users and systems admins to
locate and remove non-viral malicious software (the "non viral" part
means "not viruses or worms", i.e., code that replicates). Under this
general umbrella, we include trojans, spyware/adware, and hacker tools.
Both home and commercial PC users everywhere would agree that Trojan
horses are unwanted and often malicious. Spyware that is installed
without the user's permission is similarly unwanted---whether it is
actually malicious or not is arguable, but it does represent a threat
to privacy, and possible unwanted consumption of corporate bandwidth.
The issue of permission is also worth exploring; for example, does a
user on your network really have the authority to permit the use of
tools that consume bandwidth or that might leak corporate information?
The final category, hacker tools, is where most of the confusion related
to false alarms arises. Because PestPatrol not only detects tools
that were developed by hackers, but also tools that have a legitimate
use in security, systems administration, or performance monitoring.
A gray area arises here, since these tools are valuable in the right
hands, but downright dangerous in the wrong ones. IT personnel have
a legitimate need to run programs such as a sniffer, password cracker,
or a remote administration tool like pcAnywhere, and you can set
PestPatrol to ignore those installations.
But if these tools are found on some other system not authorized for
the use of such tools, you have every reason to be suspicious. In a
recent incident, the Army and Navy found unauthorized instances of
a remote access tool running on their computer systems. This sparked
a service-wide review of military computers, costing thousands of man
hours of effort, in part because they were unfortunately unaware that
PestPatrol could have conducted this review automatically. (We are
naturally attempting to rectify this) [grin].
We have also been asked to address the presence of other unauthorized
programs such as games or peer-to-peer file sharing programs, which
are not malicious but do consume bandwidth (not to mention employee
We'd be interested in your views---do you think PestPatrol should
expand its mission? Are there things that you think we should detect
but that we presently do not? If you ever come across a tool that falls
within our bailiwick and we don't detect it, send us a copy or point
us to the source, and we'll be happy to consider it for inclusion in
a future release.
In the meantime, remember that PestPatrol is not designed to take on
the capabilities of other major categories of security software such
as firewall, IDS, or anti-virus. It is designed to provide an additional
layer of protection against a specific type of threat. Only by using
a variety of products can you hope to keep up with the growing range
of threats deployed by "the enemy". And don't forget that many of the
most dangerous threats to your network security can be perpetrated
by the enemy within - your own employees.
Email us at: [email protected]
NT/2000 RELATED NEWS
This Time I Stepped Into It!
The Issue of June 10 mentioned a security fix with the June 1 date,
and gave a link to the MS website. Actually I was fooled by a hacker.
Yup! They took a recent MS dispatch, forged the headers, and attached
a file. Now, we have the Antigen product running on our Exchange 2000
server, and that file was stripped as it was an e x e. So I did not
see the forged attached file, and since the message seemed genuine,
I took it hook, line and sinker. Ouch! The lesson learned is that
even when it comes from MS (or especially) Double check, and never,
ever run any files that are attached. MS does not do that for obvious
XBOX Now Hacked
Massachusetts Institute of Technology graduate student Andrew Huang
figured out how to hack the MS Xbox. I'm surprised it took so long.
Remember I predicted that it would happen a few weeks after release.
The report he wrote describes how to circumvent the boot block which
prevents unauthorized code from loading on the console. The trick
he used was to sniff the data traffic between a chip where the block
was stored and the CPU.
Now that it is shown to be possible to hack the boot block, other
programmers can port different OS-en to the XBOX, and then of course
there will be applications ported too. Huang did not release the boot
block for copyright reasons, but I expect it to be available via the
Net in the near future.
Microsoft Chief Executive Sets Goal to Remake Image
The Seattle Times had an interesting little article about Steve Ballmer.
It looks like they are getting the message their PR is not too good.
(No wonder with MS Licensing kicking in this August.)
Ballmer sent a companywide four-page strategy memo and presented a
new mission statement and a road map for changing the company's culture,
a remake of its image, and a long term "stable datum" they can hold on
He laid out seven company values and said Microsoft's mission for the
next century is to "enable people and businesses throughout the world
to realize their full potential". He said the values will be used as
criteria in employees' performance reviews, so their pay could be
affected if they don't live up to the principles outlined.
"The events of the last four years and the changes in our industry make
this a good point to take stock of ourselves and our mission, to understand
how others perceive us and to think about how we can do a better job
explaining who we are and what matters to us," Ballmer wrote. The
priorities and values that Ballmer outlined are:
Ballmer will have his hands full with this make-over.
- "Great people with great values."
- "Trustworthy computing."
- "Broad customer connection."
- "Innovative and responsible platform leadership"
- "Enabling people to do new things."
- "A global, inclusive approach."
People Like Their (Linux Based) TiVo
A reader sent me: "I've had a TiVo for over a year now, and I can honestly
say that I'll never go back to watching TV without it again. Between the
season passes, the suggestions and the ability to pause live TV, I am
completely spoiled. I've used my VCRs about zilch since I got it, and
that was only to record some of the baseball playoff games that are on
at the same time. If they come out with a TiVo that can record two
channels simultaneously I'll buy it. My unit has only a 30Gb hard drive,
but I'm going to add another 100Gb drive. The process is quite easy now,
I'm told. There are also some hack codes available, but you have to be
careful with those. Sony and Toshiba took a license on this technology,
so you can expect a bunch more (hackable) devices equipped with Video to
Hard disk technology. Here's some interesting links:
THIRD PARTY NEWS
How Does UpdateEXPERT Work Out?
We just implemented UpdateEXPERT. I am the system administrator for a
US Government WAN and it works like a charm. I mark the patches as
required and it tells me which machines need it and which don't. I
can then install them to all machines from a single workstation.
I've pushed out over 2000 patches this way. When a new patch comes out,
mark it ask required...that simple...then push it out to all machines,
a group of machines or one machine at a time...don't worry, it won't
push a patch to a machine that doesn't need it or isn't the right OS,
even if you try to.
It also makes sure they are installed correctly. It can patch IE, WinNT,
2000, XP, Microsoft Exchange, IIS, Media programs (MS Media Player etc.),
SQL, and MS Office. To purchase, I went through Fred Howe at Sunbelt
Software...very friendly and helpful....probably the best investment
we've made. Check it out...works wonders and is easy to use.
-- Jeff Schafer Sr. Systems Administrator.
What's Your Storage Policy?
Today's Internet-enabled organizations consume data storage like water.
But with a corporate storage usage policy in place, you control the
flow of storage expenditures. StorageCentral? SRM monitors and enforces
your storage usage policy so you can reduce your storage growth rate by
30%, reclaim up to half of your storage space, and ensure high availability,
performance, and efficiency of your storage resources. Translation: cost
control, immediate ROI, and reduced total cost of ownership of your storage
Find out how over 4,000 companies in 50 countries, including Microsoft
and 80 of the Fortune 100, control storage growth with the award-winning
StorageCentral SRM. For a free white paper entitled "Guidelines for
Implementing a Corporate Storage Policy," visit:
New Attack Prevention Solution for MS IIS Web Servers
Enterprise-level Functionality and Centralized Policy Management added
to eEye's SecureIIS Application Firewall
eEye Digital Security released SecureIIS Application Firewall version 2.0.
Developed as the first-ever application specific protection software,
SecureIIS operates within Microsoft's Internet Information Services
(IIS) architecture to actively inspect all incoming and outgoing web
server traffic. SecureIIS 2.0 has been configured to support the enterprise
market with enhanced features and capabilities including centralized policy
and events management.
SecureIIS 2.0 is the only product that integrates with IIS to truly protect
customers with web servers using Microsoft® Windows NT® 4.0, Windows® 2000,
or Windows XP. Because of eEye's extensive knowledge of the many ways in
which IIS servers can be attacked or compromised, SecureIIS has built-in
artificial intelligence capabilities to completely shield IIS servers
from malicious hacker attacks.
The product enhancements found in SecureIIS 2.0, allow for better deployment
at the enterprise level. Specifically, central policy management has been
added to manage settings for any number of machines from a single, central
location. Once a policy is configured and exported from the central machine,
other machines can be set to automatically import the policy and any future
changes made to it.
"We at eEye came to the conclusion last year that there has to be a better
way to manage the security of IIS other than the current approach of
reactive patch management," stated Firas Raouf, Chief Operating Officer
at eEye Digital Security. "With SecureIIS the Microsoft IIS platform becomes
the most secure platform on the market."
SecureIIS is the only IIS specific application firewall which protects
against entire classes of attacks, including: buffer overflow; parser
evasion; directory traversal; general exploitation; high-bit shellcode;
RFC compliancy, and others. For a 30-day eval please visit:
Now Your Colleagues And Friends Will Have No Excuse...
Ever found yourself in a situation where you couldn't find information sent
to you by a friend or a colleague in an email - a long press article, a
detailed agenda, whatever - just because you did not notice?
Or reversely, have you ever suffered from that frustrating feeling, when
nobody seems to care about the emails you send, repeat the same mistakes
despite your memos, or simply don't seem to focus on the essential?
One way you can solve this is to highlight that very crucial info nobody
should miss. Fine, but have you ever tried to do it with your favorite
email client? Forget the hassle, there's a new plug-in that makes it all
very simple, so simple you wonder what the guys in Redmond are paid for.
Annotis, that's the name of the little gem - an Outlook & Outlook Express
Add-on - installs itself neatly and works wonders. Zero learning curve:
it's all there. A flick of the mouse and you're done : highlighter,
sticky notes, office stamps (you can create your own too), funny stamps,
freehand drawing. your emails will never look the same again. and your
colleagues and friends will have no more excuse ;-)
All this from a simple menu bar that fits seamlessly in Outlook/Outlook
Express. Well done. And I was told it's only the beginning : audio,
animation and video functionalities are on the way. A Rich-Media Email
editor that doesn't say its name? At that price it's definitely a must
have. (Hey, it's also a sponsor we're proud of)
This Week's Links We Like. Tips, Hints And Fun Stuff
This Dilbert is software related. A bit of self criticism does not hurt [grin]
Surreal and funny e-commerce website about origami:
New IBM Technology that writes one Terabit on a square inch. Rewriteable!
PRODUCT OF THE WEEK
Securing Windows NT/2000 From Policies to Firewalls
In today's business environment it is no longer safe to conduct any
business on the Internet without first protecting it. Small, medium,
and large corporations require a massive dose of security to protect
themselves and their digital assets from unwanted intruders. A managerial guide and practical technical tutorial, this book provides viable security solutions for your organization. This book includes the steps required to define a corporate security policy, how to implement that policy, and how to structure the project plan. Part two provides the reader with practical hands-on applications for the preparation, installation, and tuning of Windows NT/2000 operating systems. Securing Windows NT/2000 provides step-by-step instructions
that guide you through performing a secure installation and in preparing the system for secure operation on the Internet.