- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 15, 2002 (Vol. 7, #49 - Issue #380)
SP3 Indefinitely Postponed
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • NO SP3: It's Manual Patching Time
  2. TECH BRIEFING
    • The Different Categories Of Junk Email Filters
  3. NT/2000 RELATED NEWS
    • Small and Medium Business Survey - Win $1,000
    • Microsoft MOM Is Not The Word, Customers Say
  4. NT/2000 THIRD PARTY NEWS
    • Corporate Users Like iHateSpam
    • So, How Do I Keep My Systems Patched With No SP3?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  SPONSOR: Windows & .NET Magazine
If you haven't seen Exchange & Outlook Administrator, the print
newsletter from Windows & .NET Magazine, you're missing out on key
information that will go a long way towards preventing serious
problems and down time for your enterprise. Get a free sample issue
today, and discover tools you won't find anywhere else to help you
migrate, optimize, administer, and secure Exchange and Outlook.
Order now!
Visit Windows & .NET Magazine for more information.
  EDITORS CORNER

NO SP3: It's Manual Patching Time

The WinInformant site reported that MS has indefinitely delayed the third service pack for W2K according to internal documents they saw recently. SP3 was actually scheduled for release July 17, but they recently discovered several major bugs in the Microsoft Installer (MSI) 2.0 code, which MS had planned to bundle with the update. This will significantly delay the SP3 release. So it is back to manual patching, and the hotfixes are rolling off the assembly line at a regular clip. Personally I would suggest having another look at UpdateEXPERT which is a critical element in automating the security of your networks.

Full WinInformant article:
http://www.w2knews.com/rd/rd.cfm?id=020715ED-WinInformant

Latest release of UpdateEXPERT:
http://www.w2knews.com/rd/rd.cfm?id=020715ED-UpdateEXPERT

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Sunbelt Radmin
"I love your Sunbelt Remote Administrator software. Easy to setup
and use. I can accomplish the same kind of remote (co-located) server
access using pcAnywhere but that is a "pig". But here is the cool
part. I never could copy really large image files using MS VPN, one
packet drops and it dies. But Radmin copied 1.8 GB without crashing!
In fact I tested it on my home LAN. During file copy, I yanked a
patch cable and plugged it back in. Radmin stopped for a moment (of
course, the connection was lost) but quickly resumed and completed
the transfer! That won't normally work with a MS mapped drive.
Very cool! Very reliable! It works great and I'm impressed." R.N.
Visit Sunbelt Radmin for more information.
  TECH BRIEFING

The Different Categories Of Junk Email Filters

Since spam has become such a large irritation and source of lost time, (with no immediate resolution in sight) more and more companies are looking for solutions against this headache, not only for the employee time saved, but also for legal reasons having to do with exposing staff to offensive material.

Eliminating spam can be done in many different ways, and at different locations in the "email stream". This article limits itself to the enterprise where the mail comes in. In some cases the ISP may already have attempted to filter some spam out, using known strategies like existing blacklists or dedicated "filter companies" that charge monthly subscription fees, but looking at the amounts of spam still coming through, it is clear that these solutions are inadequate. The situation is very similar to anti-virus protection companies that are practically always in a "reactive" mode. Time for another layer of defense!

So let's have a look at the three techniques that are used at the moment to filter out junk email at the enterprise level:

  1. Large Community-created filter rules (a la CloudMark/SpamNet/Razor)
  2. Automated Rules Based filters ("artificial intelligence")
  3. Permission-based. ("I do not know you, go away & ask permission first")
Here is a more detailed look at each one:

1 - Community created rules (a la CloudMark/SpamNet/Razor)

This sounds like a nifty idea, until you start thinking about it. A group of people deciding if the email you get is spam or not?? If there are errors in the execution, this group could quickly become a censor that plonks emails from your favorite software company in the spam bucket. Operating System Religious Wars anyone?

Personally I do not feel comfortable with that, and the result is that you still need to look at all the spam to make sure there are no false positives (email tagged as spam that isn't). In the case of CloudMark, its backbone is Razor, a Linux-based open source solution. The community spam filtration algorithms are openly documented, leaving the door open for smart spammers to "fool" the system. Of course, this won't be an issue until CloudMark gets enough users to actually be a headache for spammers--which ironically would make CloudMark highly likely a victim of its own success.

2 - Automated Rules Based filters ("artificial intelligence")

Definitely useful, but sometimes lacking sufficient smarts to tag spam and quarantine it in the junk email folders. The key here is that you need a regular (ideally daily) update of the rule set. With these rules kept up to date by humans that apply their intelligence and common sense this is definitely a good approach.

3 - Permission-based. ("I do not know you, go away & ask permission first")

There are a number of problems with this approach. First, everyone is assumed to be spam unless pre-approved. Assuming all senders are spammers unless pre-approved is not a practical method of spam detection. The reason is simple: what if someone you know but don't have on the pre-approved list emails you? They would have to go through the hassle of becoming approved before they can get a message across. Double or triple the traffic. It happens often that people email you, and you don't have them in your address book.

They may be an old classmate or the message is a potentially very lucrative offer from a yet unknown business associate. You definitely want to get their email without making them jump through the cyber equivalent of burning hoops.

In a corporate environment, not knowing if an email you hoped to get was filtered out or not is a disaster. Trying to find out if an email was sent, if it got filtered or not, why it did not arrive (and the like) will cost so much time and money in both support staff time and lost productivity that a good part of email's advantages will be lost. Just think about the inter-departmental wars that will be fought over who controls the spam filtering rules.

In short, for a variety of reasons (legal not being the least) the end-user needs to be the sole judge regarding the email they receive. The ideal situation at the end-user level is to have powerful rules-based spam filtering combined with an easily manageable pre-approved "whitelist", and also an end-user controlled "blacklist" where they can plonk mail from senders they deem timewasters. From an "internal politics" perspective, this is by -far- the most appealing approach. And the number one concern of the end-user ("I might not receive that important email") is also solved this way.

Now that we have established what the best method to filter spam is, next comes the question how to implement it? And here again are some quite different approaches.

  1. Email Filters at the server level
  2. Separate Proxy Code that sits between the email client and the server
  3. Outlook Add-ins that integrate with the email client itself
And what is the best way?

Server-based filters may technically be a good solution, but for HR, legal, helpdesk support and internal politics reasons they could backflash as they may be considered censorship. Not the ideal approach. Consider this scenario: You go out and purchase an Exchange filter. However, one of your marketing managers gets a "weekly marketing tips" newsletter -- and suddenly finds it removed. Or, on a more mundane (and human level), one of your people in Accounting just loves her daily horoscope. While it is difficult to argue the ethics of getting a daily horoscope at work, there is the reality that a user signed up for particular information and would still like to get it.

A separate proxy running on the client is difficult to maintain. Furthermore, most of these applications only work with POP, which makes them incompatible with Exchange server environments. Finally, in the corporate environment, more applications, more code and more ways things can break is not a good idea. Moreover, having to enter passwords during installation to communicate with the mail server is not an option for thousands of users: it's a recipe for problems. Tools like McAfee's SpamKiller work this way only because they have to. Compatibility with many different email clients forces that kind of cumbersome architecture.

Add-ins for Outlook are small, so called "next-next-next-done" installs, and smoothly integrate in a known environment. The learning curve is close to nothing and no email gets lost ever. It just gets quarantined. No support calls, no complaints about mail not received, no pain installing another client app, and no pain in the budget because for large volume licenses the cost per user is a few bucks and the ROI is probably 5 days. Now here is a chance for corporate IT departments to change their image from the "network nazi" to that of the hero that eliminated annoying and time-wasting junk email by treating the end-user as a grown-up and empower them to control their own inbox.

Above reasons are what made us design the iHateSpam product the way we did:
http://www.w2knews.com/rd/rd.cfm?id=020715TB-iHateSpam

  NT/2000 RELATED NEWS

Small and Medium Business Survey - Win $1,000

We would like to invite you as a key small/medium business decision maker to participate in an important survey. A large market research firm is conducting this survey on behalf of a number of Windows related technology suppliers interested in how companies like yours use different products and services.

-- Survey Basics

In this survey, we would like to understand your organization's current and expected use of different technology. Your input will help shape the direction of new technology products and services that could benefit both you and your organization.

-- What You Get

  • WIN $1,000! Take this survey today and automatically qualify to win $1,000. A drawing will be held for all participants who respond. The survey will take about 10-15 minutes.
  • Research summaries will be sent to all interested participants so they can see how their companies compare to small and mid-sized businesses nationwide.
-- Next Step

To take this survey, click on the link below or paste it into your browser's window:

http://www.w2knews.com/rd/rd.cfm?id=020715RN-Survey

Thank you for taking part in this important research. Please be assured that your individual responses will be held in strictest confidence with results provided only in aggregate, combined with the responses of others.

Microsoft MOM Is Not The Word, Customers Say

VNUnet just reported that the code that MS bought from NetIQ for a whopping 175 Million bucks is a dud. Microsoft Operations Manager (MOM) has not made it in that market. MS admitted that few customers have invested in its Operations Manager systems management tool since it was launched a year ago and, of those who have, many have failed to achieve benefits. Microsoft marketing manager Paul Randle blamed a long sales cycle for the extremely disappointing take-up of MOM.

And why such a long sales cycle? Because the prices were way too high, and there is a thriving third party market for these kinds of tools. Most of these do a great job, are about a third of the price of MOM, and get dedicated and fanatical support by their vendors. I'm admittedly biased because we sell a product like this and MS tried to steamroll that market. It's good to see the 800-pound gorilla fail now and then. Here is a great example of an excellent product that provides you with business continuity and security in one fell swoop: ELM Enterprise Manager.
http://www.w2knews.com/rd/rd.cfm?id=020715RN-ELM_Enterprise_Mgr

  THIRD PARTY NEWS

Corporate Users Like iHateSpam

Just have a look at these first user responses and you'll get the picture.

"iHateSpam is a very nice product. I have tried InboxDoctor and McAfee SpamKiller as well. I like the fact that iHateSpam integrates with Outlook without using MAPI, so the messages get zapped before I see them. Note: I get 900+ spams a month, so I am a bloody expert... My comments as registered user so far:

  • iHateSpam does a better job with almost no tweaking compared to SpamKiller (which needed a LOT of tweaking).
  • iHateSpam filters fewer items that are not spams.
  • Don't know how often you are updating your spam definitions, but SpamKiller had not updated since MAY 7th (two months) for goodness sakes.
  • Your product costs half as much.
NICE WORK! iHateSpam joins your Radmin program as top performing tools that I believe are also exceptional values." -- Rick Wilkes, CTO

Another user is Tech Journalist Al Fasoldt.

He wrote: "I would have been happy if iHateSpam had cut my junk mail total in half. But in fact it slashed the total down at least 99 percent. Better yet, it is giving me back the time that spammers had stolen from me. I can't imagine booting up without this incredible software." His full review is here:
http://www.w2knews.com/rd/rd.cfm?id=020715TP-Review

Get a 30-day iHateSpam eval here:
http://www.w2knews.com/rd/rd.cfm?id=020715TP-iHateSpam

So, How Do I Keep My Systems Patched With No SP3?

There is only one tool out there at the moment that has a functionality set rich enough to professionally support everything you need. The rest of the solutions are essentially subsets and incomplete, which means you need to use two or more tools to get the job done: headache.

You need a really complete update management solution. That solution is UpdateEXPERT. As an example, UpdateEXPERT supports all hotfixes, Service Packs, private hotfixes, instructions, and user defined patches. And for many MS platforms, not just the W2K operating system. Ironically, even when SP3 is available, Microsoft SUS users will not be able to deploy it as Service Packs are not supported by SUS.

You should have a serious look at UpdateEXPERT. The new features in their Version 5.1 are pretty awesome, it now supports Windows XP and the following Microsoft applications. This is THE best-of-breed way to keep your systems secure, patched and bug free.

  • IIS
  • SQL Server
  • Exchange Server
  • Internet Explorer
  • Media Player
  • Windows Media Services
  • Net Meeting
  • MS Office
  • Outlook
You can get an eval over at:
http://www.w2knews.com/rd/rd.cfm?id=020715TP-UpdateEXPERT
  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Spyonit keeps watch over the things you care about on the Internet and lets you know when there's something new to report via email, IM, wireless, Palm, or a personal "My Spies" web page.

  • http://www.w2knews.com/rd/rd.cfm?id=020715FA-SpyOnIt
  • An Etch-A-Sketch that can be controlled from a web page

  • http://www.w2knews.com/rd/rd.cfm?id=020715FA-Etch-A-Sketch
  • The latest Toshiba Pocket PC gets the nod from eWeek Tech Editor. I agree. Cool! You can work from the front porch with this bad boy.

  • http://www.w2knews.com/rd/rd.cfm?id=020715FA-Pocket_PC
  • Use TS a lot? Here is MS's Community Center with lots of resources

  • http://www.w2knews.com/rd/rd.cfm?id=020715FA-MS_Community