Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 2, 2002 (Vol. 7, #59 - Issue #390)
Really Urgent Patch - Do This Now
This issue of W2Knews contains:
- EDITORS CORNER
- From A Stockholm Internet Cafe
- TECH BRIEFING
- Software Deployment - Where We Are Now
- What Do YOU Think The IT Future Is Going To Bring?
- NT/2000 RELATED NEWS
- Really Urgent Patch - Do This Now
- Windows XP SP1 Coming Soon
- MS Licensing 6.0 Gets Some New Goodies
- MS Releases 289 Windows API's
- Correction on .NET Server
- NT/2000 THIRD PARTY NEWS
- pcAnywhere Behind A Firewall Blahs
- Managing The Software Patch Frenzy
- New UltraBac V7.0.2 Supports Backup Over FTP
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Guide to Windows Software Deployment
Serious about security? Track who and what changed with iSMARTset
Firewalls and antivirus leave critical gaps in the security perimeter.
Prevent breaches from inside. Detect system integrity violations.
React with alarms and automatic rules. Track what changed and who
did it, across the enterprise. Support for Windows files, registry,
event logs, services, UNIX SYSLOGs and SNMP devices is included.
Visit iSMARTset for a free White Paper on securing the enterprise.
Visit iSMARTset for more information.
From A Stockholm Internet Cafe
Yup, that is where I am writing this. Middle of town, 15 people
around me tapping away at the keyboards. 4 bucks an hour for access,
and you can stay as long as you want. I asked if they had a firewall
before I started. The answer was no. And when I used Terminal Server
to get into our systems in Tampa Bay, it let me through without fail.
Means they probably have all ports open. Scary. I would block
everything except port 80 if I were them. (When I am abroad I use
TS to do my email and write newsletters. Works OK on a T1 they have
here, but on a 56K dialup it's barely usable. I do not do any actual
system access otherwise I would have used our own remote admin tool.)
Coming back to these Internet cafes though, any cracker that really
wants to stay anonymous can choose a workstation in a quiet corner and
start doing major damage. That is why you need to continue thinking
about redundancy, high availability and uptime. And since WinNuke
has reincarnated, (see Item about urgent patch) let's get to work!
So, for starters, this link has the data on the following: Legislative
Requirements for Business Continuity and Disaster Recovery Planning
for organizations in the USA. And if you are elsewhere, these make
very good suggestions.
(email me with feedback: [email protected])
SPONSOR: Real Time System Monitoring
Be alerted while the threat is still present! ELM Enterprise Manager 3.0,
the powerful successor of the successful Event Log Monitor 2.0, provides
busy admins with comprehensive real time monitoring and alerting of server
health and status. Be the first-to-know when security is threatened, when
your resources are strained, and when applications are struggling. Results?
Reduced downtime, increased security, and time savings. All this with ELM
3.0, a best-selling tool with a simple and affordable licensing policy.
Visit Real Time System Monitoring for more information.
Software Deployment - Where We Are Now
Here's an excerpt from an eBook on the history of software deployment
I found interesting:
In the early days of software deployment (before 1990), you basically
were a developer who focused on distributions. To ensure the application
was deployed properly, you needed to know the details of every file
and setting in the application, the interaction of the file(s) with
the target OS and with other applications, and how to recover from
any condition met along the installation path.
As software applications increased in installation complexity,
packaging an application for distribution tool takes longer and longer.
Current software-deployment software has made great strides in
easing repackaging, and you don't have to be a software developer
to perform the repackaging task. Of course, if you don't use one
of the commercial deployment packages and opt for your own methods
(spray scripts, clock-activated batch files, email and so on) you
will need to perform all the functions the commercial software
does for you.
Do you need to repackage all applications? To some degree, you
most likely will. The answer depends on how much adjustment the
basic package needs to it so that it will fit in your environment.
Remember the core issue is: You are taking a piece of software
that was (most likely) created to be installed on one PC at a
time with the user of the system providing input along the way
and distributing that piece of software out to your entire target
population in a manner that supports your standards (hopefully,
while providing a means for you to remotely administer the software).
("The Definitive Guide to Windows Software Deployment" - Chris Long / Realtimepublishers.com)
And, if you want to read the entire eBook, register to read on-line, or download the eBook in its entirety:
What Do YOU Think The IT Future Is Going To Bring?
Sunbelt and SG Gowen are currently conducting an online study examining
current and future information technology trends. As a leader in the
information technology space, we are very interested in your thoughts
The survey should take no more than 10 minutes to complete. To thank
you for completing the survey, we will enter you into a drawing to win
a cash prize of $1,000.
The data you submit will remain confidential and will not be released,
sold, or used in advertising. It will only be used to compile aggregate
statistics for a summary report. Neither you nor your company will be
identified in any way. Your input is important, so please respond now,
or no later than Sept 5, at 5pm.
Please take part in this research by clicking on the link below or pasting
it into your browser:
NT/2000 RELATED NEWS
Really Urgent Patch - Do This Now
I'm not sure if you are aware of the Sunbelt sponsored NTSYSADMIN
list. There are about 5,000 front-line, in-the-trenches network and
system admins on this list that warn each other for threats and
discuss admin problems. August 27, a thread was started up that is
urgent and you need to take action right away.
Why? The old "WinNuke" from the evil days of Win95 has reincarnated
for NT/W2K/XP and .NET (WinNuke allowed you to shut a system down
remotely with about three clicks). Our techies in Sunbelt downloaded
it and sure enough we could blow systems up with it. Here is a snippet
off the NTSYSADMIN list (which in itself came off another list called
Subject: MS02-045 exploit is out
I haven't seen much noise on this list about MS02-045 (Unchecked
Buffer in Network Share Provider Can Lead to Denial of Service
(Q326830)), but the implications are very nasty. Any unpatched
WinNT/2K/XP or .NET machine on your network that's listening on port
139 and/or 445 can be crashed in about two seconds with a malformed
SMB packet. I highly disagreed with Microsoft's assessment that
this was only a "moderate" threat level to intranet and desktop
systems because the exploit is so easy to perform.
It was bad enough in theory, but now a script-kiddie friendly GUI
version of the exploit has been posted on PacketStorm, and it works
against all of the above. We worked through the weekend to get a
large percentage of our boxes patched - you may have to do the same.
You can try for yourself at:
[Editor's note] The fact this thing is out now with a GUI and
can sit on a desktop as an icon makes it really dangerous. More over, it is infected with the hacktool virus as well, so we tool this link out.
The Patch is here (MS02-45):
Need a fast way to roll out and manage patches, completely automatic?
Subscribe to the free Sunbelt-sponsored NTSYSADMIN list here, but
fair warning, this is a high volume list, meaning up to a few hundred
messages per day so you might want to get the "digest" version:
Windows XP SP1 Coming Soon
Looks like Microsoft opened the kimono for the Bloomberg newsies. They
discussed their strategy with financial reporters last week in the
context of its antitrust agreement with the U.S. Department of Justice.
Changes were made to Windows XP with Service Pack 1 that bring the client
operating system into compliance with a clause of the antitrust agreement.
We expect WinXP SP1 in September.
Starting with this service pack, computer makers will be able to pick and
choose whether to install Microsoft middleware or competitive offerings,
such as the AOL-Netscape Navigator browser, RealNetwork's media player
and Sun's JVM. Similar changes were introduced for Windows 2000 Pro in
SP3. Source: ENT Magazine.
MS Licensing 6.0 Gets Some New Goodies
ENT Magazine came out with an article about Licensing 6.0. They reported
that MS will adopt some licensing incentives this fall that are aimed at
small-and-medium-sized business (SMB) customers, many of whom took the
biggest financial hit when converting to the MS Licensing 6.0 program.
Rebecca LaBrunerie, Microsoft's licensing program manager, declined to
provide details about the SMB program, except to say that the SMB market
will see financial incentives that were unseen in Licensing 6.0.
The move to Licensing 6.0 was a marketing disaster for Microsoft because
it infuriated customers who believed that they would be forced to break
the bank to buy software which they weren't even sure they wanted. The flap
was so great and customer interest in seeking out any alternative was so
strong, that it was as if someone flipped a switch within Microsoft.
Suddenly everyone recognized that competition was closing in.
If you have not signed up for Licensing 6.0 yet, you can get a report
on how to negotiate the best deal possible with MS. This report will be
updated the moment Microsoft's new incentives are made public.
MS Releases 289 Windows API's
Microsoft Corp. has opened key components of Windows by making 289
application programming interfaces (API) available for free at the
Microsoft Developer Network Web site as the company takes steps to
comply with the proposed antitrust settlement with the U.S. Dept.
Justice and nine states. The API's are used by its middleware stuff
like Internet Explorer, Media Player, Outlook Express, and Microsoft
Messenger. Full article in ComputerWorld:
Correction on .NET Server
Shadow Copy in Windows .NET Server was not acquired from a 3rd party vendor.
Also, Windows 2000 also included the ability to virtualize networked file
services, it's just even better in .NET Server, with features like
closest-site-selection. See this link (and do try the flash demo)
THIRD PARTY NEWS
pcAnywhere Behind A Firewall Blahs
A user said: "pcAnywhere is a [email protected] to work with behind a firewall. There
are 4 ports to open up. If you have a choice I would recommend a decent
product like Sunbelt Remote Admin. Great small footprint, 2meg, all the
features/functions of pcAny, has faster screen updates, supports multiple
connections, and is 1/5 the cost (35 bucks). Most importantly, uses a
single port for communication which can easily be modified in the setup."
Sunbelt Remote Admin has dirt cheap volume, site- and company licenses.
Check it out here:
Managing The Software Patch Frenzy
The overwhelming quantity of patches is perhaps the biggest
obstacle to keeping software security holes blocked. A recent
NewsFactor Network Special Report stated that companies are too
shorthanded in IT to keep up with the sheer volume of patches.
This severely compromises the ability to minimize security exploits.
According to Forrester analyst Laura Koetzle, when companies have
many patches to deploy on many machines, they can fall behind or
pass altogether on patching. In order to keep up with patches,
Koetzle says it's a good idea for companies to use patch management
products, such as UpdateEXPERT offered by St. Bernard Software.
UpdateEXPERT is a software patch management tool that scans
networks for missing hotfixes and fixes discovered weaknesses.
UpdateEXPERT features an exclusive database of patches that are
completely researched, evaluated, and tested in-house. UpdateEXPERT
does not require a client agent for remote deployment or installation.
Companies trying to maintain a security policy with less IT
resources and more discovered vulnerabilities need some help.
"It basically comes down to getting decent patch management
software," Koetzle said. "Otherwise, companies are just going to
keep having the same problem." Eval copy at:
New UltraBac V7.0.2 Supports Backup Over FTP
Version 7.0.2 provides you the capability to use any FTP server or
IBM's Tivoli Storage Manager (TSM) as storage devices for UltraBac
backup and restore operations.
The new UltraBac FTP Device allows an administrator to perform backup
& restore operations to any FTP server connected to the Internet by
simply entering the FTP server's address as the backup path. UltraBac
then "pushes" a compressed data stream to the designated FTP server.
From the FTP server, the backup can then be copied to tape or disk
using UltraBac's UltraCopy utility. This new feature will allow you
to easily store data offsite or centralize data from remote site backups.
The UltraBac Tivoli Storage Manager Device allows UltraBac to write
data to a TSM server where Tivoli's unique storage management features
can be leveraged alongside UltraBac's rich client-level backup strengths.
Administrators taking advantage of the combined solution will use
UltraBac to manage the administration of the backup and restore
processes while TSM manages the media the backups are written to.
Use of TSM API's guarantees a seamless integration with the TSM
architecture, and has been certified TSM compliant by IBM. Check Eval:
This Week's Links We Like. Tips, Hints And Fun Stuff
Hacking Las Vegas. But not the way you think! Fun article in WIRED.
Some one built a PC into a mini New Beetle. Let's see if you spot
the same problem that I see with this design:
Why is it that when some one becomes successful, they always get attacked?
It makes no sense to me. In this case it's RedHat, see article:
Two cameras next to your screen: you can now type with your eyes!
With new spyware, even your private Hotmail and Yahoo emails can be seen:
A hacker talking about Microsoft:
The most popular comparison-shop site is now affiliated with W2Knews!
PRODUCT OF THE WEEK
Guide to Windows Software Deployment
If you are still having trouble managing software across corporate
PCs and laptops in Windows NT and 2000 (and XP), the author of
"The Definitive Guide to Windows Software Deployment" (published
by Realtimepublishers in connection with Lanovation) discusses
the many concerns you'll want to consider. From remote offices
to the Windows Installer (MSI), Windows guru Chris Long addresses
all the details consuming you, including some you probably haven't
thought of. With detailed instructions on best practices, test
labs/plans, pilot rollouts, etc. "The Definitive Guide to Windows
Software Deployment" is a must-read for every net admin.
As an electronic publication, the eBook can be read on-line, or
downloaded in its entirety as a PDF from:
Long features screen shots from the Prism Deploy and Prism Pack
software packaging and deployment tools you can download, test
and purchase from Sunbelt Software to handle your software
deployment frustrations once and for all.