- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 2, 2002 (Vol. 7, #59 - Issue #390)
Really Urgent Patch - Do This Now
  This issue of W2Knews™ contains:
    • From A Stockholm Internet Cafe
    • Software Deployment - Where We Are Now
    • What Do YOU Think The IT Future Is Going To Bring?
    • Really Urgent Patch - Do This Now
    • Windows XP SP1 Coming Soon
    • MS Licensing 6.0 Gets Some New Goodies
    • MS Releases 289 Windows API's
    • Correction on .NET Server
    • pcAnywhere Behind A Firewall Blahs
    • Managing The Software Patch Frenzy
    • New UltraBac V7.0.2 Supports Backup Over FTP
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Guide to Windows Software Deployment
Serious about security? Track who and what changed with iSMARTset
Firewalls and antivirus leave critical gaps in the security perimeter.
Prevent breaches from inside. Detect system integrity violations.
React with alarms and automatic rules. Track what changed and who
did it, across the enterprise. Support for Windows files, registry,
event logs, services, UNIX SYSLOGs and SNMP devices is included.
Visit iSMARTset for a free White Paper on securing the enterprise.
Visit iSMARTset for more information.

From A Stockholm Internet Cafe

Yup, that is where I am writing this. Middle of town, 15 people around me tapping away at the keyboards. 4 bucks an hour for access, and you can stay as long as you want. I asked if they had a firewall before I started. The answer was no. And when I used Terminal Server to get into our systems in Tampa Bay, it let me through without fail. Means they probably have all ports open. Scary. I would block everything except port 80 if I were them. (When I am abroad I use TS to do my email and write newsletters. Works OK on a T1 they have here, but on a 56K dialup it's barely usable. I do not do any actual system access otherwise I would have used our own remote admin tool.)

Coming back to these Internet cafes though, any cracker that really wants to stay anonymous can choose a workstation in a quiet corner and start doing major damage. That is why you need to continue thinking about redundancy, high availability and uptime. And since WinNuke has reincarnated, (see Item about urgent patch) let's get to work!

So, for starters, this link has the data on the following: Legislative Requirements for Business Continuity and Disaster Recovery Planning for organizations in the USA. And if you are elsewhere, these make very good suggestions.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Real Time System Monitoring
Be alerted while the threat is still present! ELM Enterprise Manager 3.0,
the powerful successor of the successful Event Log Monitor 2.0, provides
busy admins with comprehensive real time monitoring and alerting of server
health and status. Be the first-to-know when security is threatened, when
your resources are strained, and when applications are struggling. Results?
Reduced downtime, increased security, and time savings. All this with ELM
3.0, a best-selling tool with a simple and affordable licensing policy.
Visit Real Time System Monitoring for more information.

Software Deployment - Where We Are Now

Here's an excerpt from an eBook on the history of software deployment I found interesting:

In the early days of software deployment (before 1990), you basically were a developer who focused on distributions. To ensure the application was deployed properly, you needed to know the details of every file and setting in the application, the interaction of the file(s) with the target OS and with other applications, and how to recover from any condition met along the installation path.

As software applications increased in installation complexity, packaging an application for distribution tool takes longer and longer. Current software-deployment software has made great strides in easing repackaging, and you don't have to be a software developer to perform the repackaging task. Of course, if you don't use one of the commercial deployment packages and opt for your own methods (spray scripts, clock-activated batch files, email and so on) you will need to perform all the functions the commercial software does for you.

Do you need to repackage all applications? To some degree, you most likely will. The answer depends on how much adjustment the basic package needs to it so that it will fit in your environment. Remember the core issue is: You are taking a piece of software that was (most likely) created to be installed on one PC at a time with the user of the system providing input along the way and distributing that piece of software out to your entire target population in a manner that supports your standards (hopefully, while providing a means for you to remotely administer the software).

("The Definitive Guide to Windows Software Deployment" - Chris Long / Realtimepublishers.com)

And, if you want to read the entire eBook, register to read on-line, or download the eBook in its entirety:

What Do YOU Think The IT Future Is Going To Bring?

Sunbelt and SG Gowen are currently conducting an online study examining current and future information technology trends. As a leader in the information technology space, we are very interested in your thoughts and opinions.

The survey should take no more than 10 minutes to complete. To thank you for completing the survey, we will enter you into a drawing to win a cash prize of $1,000.

The data you submit will remain confidential and will not be released, sold, or used in advertising. It will only be used to compile aggregate statistics for a summary report. Neither you nor your company will be identified in any way. Your input is important, so please respond now, or no later than Sept 5, at 5pm.

Please take part in this research by clicking on the link below or pasting it into your browser:



Really Urgent Patch - Do This Now

I'm not sure if you are aware of the Sunbelt sponsored NTSYSADMIN list. There are about 5,000 front-line, in-the-trenches network and system admins on this list that warn each other for threats and discuss admin problems. August 27, a thread was started up that is urgent and you need to take action right away.

Why? The old "WinNuke" from the evil days of Win95 has reincarnated for NT/W2K/XP and .NET (WinNuke allowed you to shut a system down remotely with about three clicks). Our techies in Sunbelt downloaded it and sure enough we could blow systems up with it. Here is a snippet off the NTSYSADMIN list (which in itself came off another list called ntbugtraq).

Subject: MS02-045 exploit is out

Hi all,

I haven't seen much noise on this list about MS02-045 (Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)), but the implications are very nasty. Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet. I highly disagreed with Microsoft's assessment that this was only a "moderate" threat level to intranet and desktop systems because the exploit is so easy to perform.

It was bad enough in theory, but now a script-kiddie friendly GUI version of the exploit has been posted on PacketStorm, and it works against all of the above. We worked through the weekend to get a large percentage of our boxes patched - you may have to do the same. You can try for yourself at:
[Editor's note] The fact this thing is out now with a GUI and can sit on a desktop as an icon makes it really dangerous. More over, it is infected with the hacktool virus as well, so we tool this link out.

The Patch is here (MS02-45):

Need a fast way to roll out and manage patches, completely automatic?

Subscribe to the free Sunbelt-sponsored NTSYSADMIN list here, but fair warning, this is a high volume list, meaning up to a few hundred messages per day so you might want to get the "digest" version:

Windows XP SP1 Coming Soon

Looks like Microsoft opened the kimono for the Bloomberg newsies. They discussed their strategy with financial reporters last week in the context of its antitrust agreement with the U.S. Department of Justice. Changes were made to Windows XP with Service Pack 1 that bring the client operating system into compliance with a clause of the antitrust agreement. We expect WinXP SP1 in September.

Starting with this service pack, computer makers will be able to pick and choose whether to install Microsoft middleware or competitive offerings, such as the AOL-Netscape Navigator browser, RealNetwork's media player and Sun's JVM. Similar changes were introduced for Windows 2000 Pro in SP3. Source: ENT Magazine.

MS Licensing 6.0 Gets Some New Goodies

ENT Magazine came out with an article about Licensing 6.0. They reported that MS will adopt some licensing incentives this fall that are aimed at small-and-medium-sized business (SMB) customers, many of whom took the biggest financial hit when converting to the MS Licensing 6.0 program.

Rebecca LaBrunerie, Microsoft's licensing program manager, declined to provide details about the SMB program, except to say that the SMB market will see financial incentives that were unseen in Licensing 6.0.

The move to Licensing 6.0 was a marketing disaster for Microsoft because it infuriated customers who believed that they would be forced to break the bank to buy software which they weren't even sure they wanted. The flap was so great and customer interest in seeking out any alternative was so strong, that it was as if someone flipped a switch within Microsoft. Suddenly everyone recognized that competition was closing in.

If you have not signed up for Licensing 6.0 yet, you can get a report on how to negotiate the best deal possible with MS. This report will be updated the moment Microsoft's new incentives are made public.

MS Releases 289 Windows API's

Microsoft Corp. has opened key components of Windows by making 289 application programming interfaces (API) available for free at the Microsoft Developer Network Web site as the company takes steps to comply with the proposed antitrust settlement with the U.S. Dept. Justice and nine states. The API's are used by its middleware stuff like Internet Explorer, Media Player, Outlook Express, and Microsoft Messenger. Full article in ComputerWorld:

Correction on .NET Server

Shadow Copy in Windows .NET Server was not acquired from a 3rd party vendor. Also, Windows 2000 also included the ability to virtualize networked file services, it's just even better in .NET Server, with features like closest-site-selection. See this link (and do try the flash demo)


pcAnywhere Behind A Firewall Blahs

A user said: "pcAnywhere is a [email protected] to work with behind a firewall. There are 4 ports to open up. If you have a choice I would recommend a decent product like Sunbelt Remote Admin. Great small footprint, 2meg, all the features/functions of pcAny, has faster screen updates, supports multiple connections, and is 1/5 the cost (35 bucks). Most importantly, uses a single port for communication which can easily be modified in the setup." Sunbelt Remote Admin has dirt cheap volume, site- and company licenses. Check it out here:

Managing The Software Patch Frenzy

The overwhelming quantity of patches is perhaps the biggest obstacle to keeping software security holes blocked. A recent NewsFactor Network Special Report stated that companies are too shorthanded in IT to keep up with the sheer volume of patches. This severely compromises the ability to minimize security exploits.

According to Forrester analyst Laura Koetzle, when companies have many patches to deploy on many machines, they can fall behind or pass altogether on patching. In order to keep up with patches, Koetzle says it's a good idea for companies to use patch management products, such as UpdateEXPERT offered by St. Bernard Software.

UpdateEXPERT is a software patch management tool that scans networks for missing hotfixes and fixes discovered weaknesses. UpdateEXPERT features an exclusive database of patches that are completely researched, evaluated, and tested in-house. UpdateEXPERT does not require a client agent for remote deployment or installation.

Companies trying to maintain a security policy with less IT resources and more discovered vulnerabilities need some help. "It basically comes down to getting decent patch management software," Koetzle said. "Otherwise, companies are just going to keep having the same problem." Eval copy at:

New UltraBac V7.0.2 Supports Backup Over FTP

Version 7.0.2 provides you the capability to use any FTP server or IBM's Tivoli Storage Manager (TSM) as storage devices for UltraBac backup and restore operations.

The new UltraBac FTP Device allows an administrator to perform backup & restore operations to any FTP server connected to the Internet by simply entering the FTP server's address as the backup path. UltraBac then "pushes" a compressed data stream to the designated FTP server. From the FTP server, the backup can then be copied to tape or disk using UltraBac's UltraCopy utility. This new feature will allow you to easily store data offsite or centralize data from remote site backups.

The UltraBac Tivoli Storage Manager Device allows UltraBac to write data to a TSM server where Tivoli's unique storage management features can be leveraged alongside UltraBac's rich client-level backup strengths. Administrators taking advantage of the combined solution will use UltraBac to manage the administration of the backup and restore processes while TSM manages the media the backups are written to. Use of TSM API's guarantees a seamless integration with the TSM architecture, and has been certified TSM compliant by IBM. Check Eval:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Hacking Las Vegas. But not the way you think! Fun article in WIRED.

  • http://www.w2knews.com/rd/rd.cfm?id=020902FA-Wired
  • Some one built a PC into a mini New Beetle. Let's see if you spot the same problem that I see with this design:

  • http://www.w2knews.com/rd/rd.cfm?id=020902FA-New_Beetle
  • Why is it that when some one becomes successful, they always get attacked? It makes no sense to me. In this case it's RedHat, see article:

  • http://www.w2knews.com/rd/rd.cfm?id=020902FA-RedHat
  • Two cameras next to your screen: you can now type with your eyes!

  • http://www.w2knews.com/rd/rd.cfm?id=020902FA-Eye_Typing
  • With new spyware, even your private Hotmail and Yahoo emails can be seen:

  • http://www.w2knews.com/rd/rd.cfm?id=020902FA-Spyware
  • A hacker talking about Microsoft:

  • http://www.w2knews.com/rd/rd.cfm?id=020902FA-Hacker
  • The most popular comparison-shop site is now affiliated with W2Knews!

  • http://www.w2knews.com/rd/rd.cfm?id=020902FA-PriceGrabber

    Guide to Windows Software Deployment

    If you are still having trouble managing software across corporate PCs and laptops in Windows NT and 2000 (and XP), the author of "The Definitive Guide to Windows Software Deployment" (published by Realtimepublishers in connection with Lanovation) discusses the many concerns you'll want to consider. From remote offices to the Windows Installer (MSI), Windows guru Chris Long addresses all the details consuming you, including some you probably haven't thought of. With detailed instructions on best practices, test labs/plans, pilot rollouts, etc. "The Definitive Guide to Windows Software Deployment" is a must-read for every net admin.

    As an electronic publication, the eBook can be read on-line, or downloaded in its entirety as a PDF from:


    Long features screen shots from the Prism Deploy and Prism Pack software packaging and deployment tools you can download, test and purchase from Sunbelt Software to handle your software deployment frustrations once and for all.