- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jun 17, 2002 (Vol. 7, #45 - Issue #376)
This Time I Stepped Into It
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Windows Update Can Also Break Systems
  2. TECH BRIEFING
    • Tools from the Garden of Good and Evil
  3. NT/2000 RELATED NEWS
    • This Time I Stepped Into It!
    • XBOX Now Hacked
    • Microsoft Chief Executive Sets Goal to Remake Image
    • People Like Their (Linux Based) TiVo
  4. NT/2000 THIRD PARTY NEWS
    • How Does UpdateEXPERT Work Out?
    • What's Your Storage Policy?
    • New Attack Prevention Solution for MS IIS Web Servers
    • Now Your Colleagues And Friends Will Have No Excuse...
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Securing Windows NT/2000 From Policies to Firewalls
  SPONSOR: NetIQ
FREE SQL Tool from NetIQ
Need to know what's going on in your database environment?
Quickly and accurately identify and investigate specific SQL
Server problems with NetIQ's FREE diagnostic dashboard,
SQLcheck. Get the critical information you need about your
database server hardware, its operating system and SQL Server.
Download SQLcheck today!
Visit NetIQ for more information.
  EDITORS CORNER

Windows Update Can Also Break Systems

I thought that this experience would be useful to you guys that use Windows Update, or if your users in their infinite wisdom decide to use it without you knowing about it...

When this colleague responded to his "Critical Updates" prompt from the Microsoft Windows Update system, it listed a new driver for his Promise IDE Raid array: "Promise Technology Scsiadapter Driver Version 2.0.0.28".

He loaded it and the Array promptly disappeared from NT2000 Server. He had to restore the old driver, and he did manage to get the array functioning again, but I guess the lesson is that Microsoft still has some quality control work to do. According to the Device Manager, the driver it installed failed to start, and came up with a Code (10) error. Too bad Microsoft's error messages never seem to return in Knowledge Base searches when they are typed in verbatim.

Michael Fasold from Lebanon, PA is our next winner in our Refer-A-Friend Contest! Congratulations Michael!!

Our Refer-A-Friend Contest is back! Subscribe to either W2Knews or WinXPnews, complete your profile, recommend up to 3 of your friends, have them complete their profiles and each of you could be eligible to win your own Palm m105 Handheld! We're giving away 4 of these puppies! (Sponsored by Computers4SURE, your source for 60,000+ Technology Products.) Use the link at the bottom of each newsletter to update your profile and recommend your friends.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: "pcAnywhere Killer"
"I absolutely LOVE the Sunbelt Remote Administrator. I was a bit
crippled after bringing up a new/replacement primary mail server.
I couldn't log on and control it using PCanywhere. I could with the
old, failed server. I remotely administer the server from about 200
miles away. To put it succinctly, Sunbelt Remote Administrator saved
my fanny! It runs unbelievably fast and appears to contribute virtually
no load to the server. I have it running on two servers, and both are
a dream to manage. Before, it was like walking in molasses when I
tried to get anything done, and I didn't dare stay logged on during
high traffic times. Now, the servers could care less!! I had no regrets
buying the products and probably will get more later this year when the
servers are brought on line. -- Lee Woolman
Visit "pcAnywhere Killer" for more information.
  TECH BRIEFING

Tools from the Garden of Good and Evil

We have received a number of comments from users of PestPatrol that report "false alarms" on various legitimate security tools and even the occasional commercial product. As a result, we thought it might be useful to clarify the "mission" of PestPatrol.

PestPatrol was developed to assist PC users and systems admins to locate and remove non-viral malicious software (the "non viral" part means "not viruses or worms", i.e., code that replicates). Under this general umbrella, we include trojans, spyware/adware, and hacker tools.

Both home and commercial PC users everywhere would agree that Trojan horses are unwanted and often malicious. Spyware that is installed without the user's permission is similarly unwanted---whether it is actually malicious or not is arguable, but it does represent a threat to privacy, and possible unwanted consumption of corporate bandwidth.

The issue of permission is also worth exploring; for example, does a user on your network really have the authority to permit the use of tools that consume bandwidth or that might leak corporate information?

The final category, hacker tools, is where most of the confusion related to false alarms arises. Because PestPatrol not only detects tools that were developed by hackers, but also tools that have a legitimate use in security, systems administration, or performance monitoring. A gray area arises here, since these tools are valuable in the right hands, but downright dangerous in the wrong ones. IT personnel have a legitimate need to run programs such as a sniffer, password cracker, or a remote administration tool like pcAnywhere, and you can set PestPatrol to ignore those installations.

But if these tools are found on some other system not authorized for the use of such tools, you have every reason to be suspicious. In a recent incident, the Army and Navy found unauthorized instances of a remote access tool running on their computer systems. This sparked a service-wide review of military computers, costing thousands of man hours of effort, in part because they were unfortunately unaware that PestPatrol could have conducted this review automatically. (We are naturally attempting to rectify this) [grin].

We have also been asked to address the presence of other unauthorized programs such as games or peer-to-peer file sharing programs, which are not malicious but do consume bandwidth (not to mention employee productivity).

We'd be interested in your views---do you think PestPatrol should expand its mission? Are there things that you think we should detect but that we presently do not? If you ever come across a tool that falls within our bailiwick and we don't detect it, send us a copy or point us to the source, and we'll be happy to consider it for inclusion in a future release.

In the meantime, remember that PestPatrol is not designed to take on the capabilities of other major categories of security software such as firewall, IDS, or anti-virus. It is designed to provide an additional layer of protection against a specific type of threat. Only by using a variety of products can you hope to keep up with the growing range of threats deployed by "the enemy". And don't forget that many of the most dangerous threats to your network security can be perpetrated by the enemy within - your own employees.

Email us at: [email protected]

  NT/2000 RELATED NEWS

This Time I Stepped Into It!

The Issue of June 10 mentioned a security fix with the June 1 date, and gave a link to the MS website. Actually I was fooled by a hacker. Yup! They took a recent MS dispatch, forged the headers, and attached a file. Now, we have the Antigen product running on our Exchange 2000 server, and that file was stripped as it was an e x e. So I did not see the forged attached file, and since the message seemed genuine, I took it hook, line and sinker. Ouch! The lesson learned is that even when it comes from MS (or especially) Double check, and never, ever run any files that are attached. MS does not do that for obvious reasons.

XBOX Now Hacked

Massachusetts Institute of Technology graduate student Andrew Huang figured out how to hack the MS Xbox. I'm surprised it took so long. Remember I predicted that it would happen a few weeks after release. The report he wrote describes how to circumvent the boot block which prevents unauthorized code from loading on the console. The trick he used was to sniff the data traffic between a chip where the block was stored and the CPU.

Now that it is shown to be possible to hack the boot block, other programmers can port different OS-en to the XBOX, and then of course there will be applications ported too. Huang did not release the boot block for copyright reasons, but I expect it to be available via the Net in the near future.

Microsoft Chief Executive Sets Goal to Remake Image

The Seattle Times had an interesting little article about Steve Ballmer. It looks like they are getting the message their PR is not too good. (No wonder with MS Licensing kicking in this August.)

Ballmer sent a companywide four-page strategy memo and presented a new mission statement and a road map for changing the company's culture, a remake of its image, and a long term "stable datum" they can hold on to.

He laid out seven company values and said Microsoft's mission for the next century is to "enable people and businesses throughout the world to realize their full potential". He said the values will be used as criteria in employees' performance reviews, so their pay could be affected if they don't live up to the principles outlined.

"The events of the last four years and the changes in our industry make this a good point to take stock of ourselves and our mission, to understand how others perceive us and to think about how we can do a better job explaining who we are and what matters to us," Ballmer wrote. The priorities and values that Ballmer outlined are:

  • "Great people with great values."
  • "Excellence."
  • "Trustworthy computing."
  • "Broad customer connection."
  • "Innovative and responsible platform leadership"
  • "Enabling people to do new things."
  • "A global, inclusive approach."
Ballmer will have his hands full with this make-over.

People Like Their (Linux Based) TiVo

A reader sent me: "I've had a TiVo for over a year now, and I can honestly say that I'll never go back to watching TV without it again. Between the season passes, the suggestions and the ability to pause live TV, I am completely spoiled. I've used my VCRs about zilch since I got it, and that was only to record some of the baseball playoff games that are on at the same time. If they come out with a TiVo that can record two channels simultaneously I'll buy it. My unit has only a 30Gb hard drive, but I'm going to add another 100Gb drive. The process is quite easy now, I'm told. There are also some hack codes available, but you have to be careful with those. Sony and Toshiba took a license on this technology, so you can expect a bunch more (hackable) devices equipped with Video to Hard disk technology. Here's some interesting links:
http://www.w2knews.com/rd/rd.cfm?id=020617RN-TiVo_Stories
http://www.w2knews.com/rd/rd.cfm?id=020617RN-TiVo_Upgrades

  THIRD PARTY NEWS

How Does UpdateEXPERT Work Out?

We just implemented UpdateEXPERT. I am the system administrator for a US Government WAN and it works like a charm. I mark the patches as required and it tells me which machines need it and which don't. I can then install them to all machines from a single workstation. I've pushed out over 2000 patches this way. When a new patch comes out, mark it ask required...that simple...then push it out to all machines, a group of machines or one machine at a time...don't worry, it won't push a patch to a machine that doesn't need it or isn't the right OS, even if you try to.

It also makes sure they are installed correctly. It can patch IE, WinNT, 2000, XP, Microsoft Exchange, IIS, Media programs (MS Media Player etc.), SQL, and MS Office. To purchase, I went through Fred Howe at Sunbelt Software...very friendly and helpful....probably the best investment we've made. Check it out...works wonders and is easy to use. -- Jeff Schafer Sr. Systems Administrator.
http://www.w2knews.com/rd/rd.cfm?id=020617TP-UpdateEXPERT

What's Your Storage Policy?

Today's Internet-enabled organizations consume data storage like water. But with a corporate storage usage policy in place, you control the flow of storage expenditures. StorageCentral? SRM monitors and enforces your storage usage policy so you can reduce your storage growth rate by 30%, reclaim up to half of your storage space, and ensure high availability, performance, and efficiency of your storage resources. Translation: cost control, immediate ROI, and reduced total cost of ownership of your storage resources.

Find out how over 4,000 companies in 50 countries, including Microsoft and 80 of the Fortune 100, control storage growth with the award-winning StorageCentral SRM. For a free white paper entitled "Guidelines for Implementing a Corporate Storage Policy," visit:
http://www.w2knews.com/rd/rd.cfm?id=020617TP-StorageCentral

New Attack Prevention Solution for MS IIS Web Servers

Enterprise-level Functionality and Centralized Policy Management added to eEye's SecureIIS Application Firewall

eEye Digital Security released SecureIIS Application Firewall version 2.0. Developed as the first-ever application specific protection software, SecureIIS operates within Microsoft's Internet Information Services (IIS) architecture to actively inspect all incoming and outgoing web server traffic. SecureIIS 2.0 has been configured to support the enterprise market with enhanced features and capabilities including centralized policy and events management.

SecureIIS 2.0 is the only product that integrates with IIS to truly protect customers with web servers using Microsoft® Windows NT® 4.0, Windows® 2000, or Windows XP. Because of eEye's extensive knowledge of the many ways in which IIS servers can be attacked or compromised, SecureIIS has built-in artificial intelligence capabilities to completely shield IIS servers from malicious hacker attacks.

The product enhancements found in SecureIIS 2.0, allow for better deployment at the enterprise level. Specifically, central policy management has been added to manage settings for any number of machines from a single, central location. Once a policy is configured and exported from the central machine, other machines can be set to automatically import the policy and any future changes made to it.

"We at eEye came to the conclusion last year that there has to be a better way to manage the security of IIS other than the current approach of reactive patch management," stated Firas Raouf, Chief Operating Officer at eEye Digital Security. "With SecureIIS the Microsoft IIS platform becomes the most secure platform on the market."

SecureIIS is the only IIS specific application firewall which protects against entire classes of attacks, including: buffer overflow; parser evasion; directory traversal; general exploitation; high-bit shellcode; RFC compliancy, and others. For a 30-day eval please visit:
http://www.w2knews.com/rd/rd.cfm?id=020617TP-SecureIIS

Now Your Colleagues And Friends Will Have No Excuse...

Ever found yourself in a situation where you couldn't find information sent to you by a friend or a colleague in an email - a long press article, a detailed agenda, whatever - just because you did not notice?

Or reversely, have you ever suffered from that frustrating feeling, when nobody seems to care about the emails you send, repeat the same mistakes despite your memos, or simply don't seem to focus on the essential?

One way you can solve this is to highlight that very crucial info nobody should miss. Fine, but have you ever tried to do it with your favorite email client? Forget the hassle, there's a new plug-in that makes it all very simple, so simple you wonder what the guys in Redmond are paid for.

Annotis, that's the name of the little gem - an Outlook & Outlook Express Add-on - installs itself neatly and works wonders. Zero learning curve: it's all there. A flick of the mouse and you're done : highlighter, sticky notes, office stamps (you can create your own too), funny stamps, freehand drawing. your emails will never look the same again. and your colleagues and friends will have no more excuse ;-)

All this from a simple menu bar that fits seamlessly in Outlook/Outlook Express. Well done. And I was told it's only the beginning : audio, animation and video functionalities are on the way. A Rich-Media Email editor that doesn't say its name? At that price it's definitely a must have. (Hey, it's also a sponsor we're proud of)
http://www.w2knews.com/rd/rd.cfm?id=020617TP-Annotis

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • This Dilbert is software related. A bit of self criticism does not hurt [grin]

  • http://www.w2knews.com/rd/rd.cfm?id=020617FA-Dilbert
  • Surreal and funny e-commerce website about origami:

  • http://www.w2knews.com/rd/rd.cfm?id=020617FA-Origami_Boulder
  • New IBM Technology that writes one Terabit on a square inch. Rewriteable!

  • http://www.w2knews.com/rd/rd.cfm?id=020617FA-New_Technology
      PRODUCT OF THE WEEK

    Securing Windows NT/2000 From Policies to Firewalls

    In today's business environment it is no longer safe to conduct any business on the Internet without first protecting it. Small, medium, and large corporations require a massive dose of security to protect themselves and their digital assets from unwanted intruders. A managerial guide and practical technical tutorial, this book provides viable security solutions for your organization. This book includes the steps required to define a corporate security policy, how to implement that policy, and how to structure the project plan. Part two provides the reader with practical hands-on applications for the preparation, installation, and tuning of Windows NT/2000 operating systems. Securing Windows NT/2000 provides step-by-step instructions that guide you through performing a secure installation and in preparing the system for secure operation on the Internet.

    http://www.w2knews.com/rd/rd.cfm?id=020617BW-Securing_Windows