- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 23, 2002 (Vol. 7, #62 - Issue #393)
The "Silly Putty" Issue
  This issue of W2Knews™ contains:
    • NT's New Name - Results
    • And Now: A SuperCool Link!!
    • Network Downtime Survey Results
    • Solution for HIPAA and Service Pack 3 Situation
    • What Do The Analysts Say About MS?
    • Example Of Chinese Hackers Penetrating W2K Advanced Server
    • New Version 3.1 iHateSpam Has Powerful Features
    • Too Much $ecurity?
    • What You Don't Know Can Hurt You
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Pentax Digibino DB 100 Digital Camera/Binoculars
  SPONSOR: Aelita Software
A ZeroIMPACT? Active Directory migration? It's possible!
Aelita Domain Migration Wizard saves time, money and pain.
Users are migrated with no impact to their productivity while
admins get a flexible, highly automated solution that addresses
each facet of domain migration. Use a product that offers real
world performance. Get a FREE white paper on achieving a
ZeroIMPACT migration to Windows 2000 and Active Directory!
Visit Aelita Software for more information.

NT's New Name - Results

Well, you guys voted like mad, thanks! The overwhelming majority said "call the thing NT6 and be over with it". But as always, things aren't as simple as that, although I agree that would be the best. If you look at the build numbers, in reality Windows 2000 is NT5, Windows XP is NT 5.1 and WinNet is NT 5.2. The next really (really) large new build has the code name Longhorn and will be the true NT6.

More over, the lawyers are throwing a spanner in the works anyway re the "NT" letters. To my best knowledge, Microsoft had to let go of NT as NT is a registered trademark for Northern Telecom. In fact, on some of the older NT4 boxes, there's even a note indicating that. So, for the moment we'll just go with "WinNet" as the indicator for NT 5.2, which was the second most popular vote.

And talking about voting, you have just two days left to vote for the W2Knews Target Awards! We close the poll on September 23-rd, 11:59pm. Please indicate your fave tools. It will help you and your colleagues to have a ready-made shortlist when you need your essential system management tools! Vote here, click on the Target Awards Icon.

And while you are there, here is the new SunPoll as well:
"Which area is your single biggest "admin pain point" at the moment?

  • Network Security
  • Disaster Recovery
  • W2K and AD Migration
  • Storage Management
  • User Administration
It's the leftmost column and takes about 10 seconds to vote. You'll see the results real-time.

PS: W2Knews has a 5 star rating. Freetechmail is a good example. Please forward a copy to a friend and tell them to subscribe?!

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Full Site Failover and Infrastructure Redundancy delivered by the
#1 tool for data replication: Double-Take
. Ensure that your data
and applications are always safe. Help your Company and Homeland
Security by protecting your most valuable resources at the source:
Your Servers. Double-Take will fail over if your source server goes
down. 2001 Editor's Choice of both Windows 2000 and Network Magazine.
Download a 30-day eval copy now and start protecting your data and apps.
Visit Double-Take for more information.

And Now: A SuperCool Link!!

For the last two years, our tech guys were asking for a special project. I finally caved in a month ago. This project had to do with their so-called "physics project". What was the experiment they wanted to do? Well, the discussion had been about the following scientifically very significant matter: What would a 50-pound ball of "silly putty" really DO when you would drop it from a 5-story parking garage? Would it wind up three blocks down the road on top of another building? Would it explode? We had no idea but (nerds that we are) had an urgent need to find out. And, we are relieved to say, the results are in.

We bought 50 pounds of the stuff from a Dow Corning distributor, and last Saturday, the Sunbelt Silly Putty Task Force made the jump. With spectacular results!! We have several camera angles, slo-mo high-speed shots, and the inevitable sponsor (W2Knews) in a really cool video that you can watch RIGHT NOW. Have fun, we sure had. Oh, and please forward this story plus the following link to your friends too:

Network Downtime Survey Results

Zeus Kerravala and Laura Didio of the Yankee Group and Sunbelt Software recently completed a Survey on Network Infrastructure Trends and Issues. Here is the executive summary:

"Two-thirds of corporate enterprises do not implement configuration management software to track changes and network and systems errors ? despite the fact that 70% of companies experience at least one-to-two network outages per month.

Those are the results of the latest joint Yankee Group/Sunbelt Software, Inc. survey on Network Infrastructure Trends and Issues. The survey polled 250 IT administrators worldwide spanning a wide variety of vertical businesses.

Not surprisingly, the corporate respondents cited the lack of available IT capital dollars and a lack of manpower and time as the chief culprits in their decision not to deploy configuration management solutions. Nine out of 10 administrators ?90% -- said they lacked the necessary monetary resources and 75% of those polled said they had no time to implement configuration management solutions. At the same time, the survey respondents noted that the greatest number of errors were attributable to telecommunications outages. In a departure from other recent trends, a majority of the IT administrators polled said that only 15% of network errors are caused by "human error." But the survey also showed that despite the hype and publicity surrounding network security, many organizations are still lax. Nearly nine out of 10 survey respondents admitted that they still employ shared passwords. And only a small percentage of organizations presently employ any secure ID mechanisms.

Key Findings

Other key survey findings included:

  • More than two-thirds of organizations -- 69% -- said they experience at least one or two network outages per month. Eight (8%) percent of the survey respondents claimed they had three-to-five network outages per month.
  • Of the reported errors, 52% of those polled claimed that 1-15% of the errors were caused by operator error. By contrast, only 13% of the respondents claimed that more than 15% were caused by human errors.
  • Telecommunications outages were the largest cause of network and systems errors. One-quarter or 25% of respondents pointed to telecommunications failures as the cause of 60% or more of their network errors.
  • And in another statistic that buttresses recent trends, 84% of the IT managers who responded to the survey acknowledged that their firms routinely use shared passwords. By contrast only eight percent (8%) used TACACS+, only 14% use Radius and only 13% used any kind of secure ID methodology.
  • Two-thirds of organizations -- 65% -- admitted they currently have no accurate means of tracking operator changes and only 11% have a method of correlating changes with errors, which would explain the number of "human errors."
The network infrastructure survey underscored the tactical toll that the economic downturn is having on daily operations. The combination of lack of IT funds, a shortage of skilled in-house administrators ? most of whom are overworked ? is creating a potential minefield of security and reliability issues which could be triggered at any time. The practice of sharing passwords for example, which is widely denounced by security practitioners and vendors, leads to an increase in network errors. This leaves IT departments and administrators with no way to control or account for network equipment configuration changes. The more control and accountability in a configuration management system, the more likely the company is to have process in place to ensure that configuration changes are made accurately.

Overall, the most recent Yankee Group/Sunbelt Software poll underscored the fact that IT departments are taking a tactical, defensive reactionary approach to daily network operations. That is, they are spending money on bare essentials and struggling to "put out fires" as they occur. With budgets curtailed and staffs slashed, IT departments are hard pressed to keep their networks up and running and have little time to deploy the very products which would ease their administrative burdens. Given the uncertain economic climate, this situation is unlikely to change anytime soon.


Solution for HIPAA and Service Pack 3 Situation

As you know, HIPAA is a set of rules in the USA that requires the health care organizations to comply with a series of privacy regulations. And it requires them to protect their IT infrastructure vigilantly. But MS' new end user license agreements (EULA) for SP3 basically give them free reign on your machine to change stuff. At least it's worded that way. (Lawyers - grumble) MS mainly refer to updates and fixing security holes with their new EULA.

Here is a possible solution though that was cooked up by someone smart: Since the automatic update/security holes only apply to Microsoft, the health care industry needs to go to Microsoft with a joint NDA (non-disclosure agreement) and indemnification agreement, requiring Microsoft to hold their HIPAA-compliant customers harmless should patient information be leaked via this mechanism. Let the lawyers have at it!

What Do The Analysts Say About MS?

Often you might want to know what the industry pundits are thinking about MS or their product strategy. But it is difficult to find some place where all this stuff is. And even more, who has the time to do all that research? The Analyst Views site can help. Run by TechRepublic alum Jim Zimmermann, Analyst Views tracks and links to all the free research that analysts publish, every business day. Check it out at:

Example Of Chinese Hackers Penetrating W2K Advanced Server

This is a good example of an intrusion analysis that shows Chinese hackers having penetrated several systems. The report is of 8-26-2002, and the machine compromised was a Windows 2000 Advanced Server.

"An active system compromise on two of the three client systems in the domain was discovered. SystemA (Windows 2000 Advanced Server, IIS, SQL Server, Commerce Server 2000, Content Management Server) and systemB. (Windows 2000 Advanced Server, IIS, Commerce Server 2000, SQL Server) had both been compromised, and had been used to scan other computers for security vulnerabilities. These systems were in need of various security hotfixes and service packs from Microsoft, and also appeared to be configured in a manner that created opportunities for attackers to gain unauthorized access. In addition, system logging was not properly configured, making evidence of the original attack vector(s) difficult, if not impossible, to find."

We found a nice surprise. Security experts are using PestPatrol to scan for hacking tools and other files that are unwanted guests on the systems of their customers. "The use of Pest Patrol was very helpful in this, and other instances, to help find tools hidden in obscure directories, as well as tools that I was not personally familiar with."

But read through the whole analysis and see why it is important to scan for vulnerabilities and patch the holes that are found. Essentially, you need a toolkit of security software that creates several layers of security and protection, plus a separate kit to scan systems for evidence of having already been penetrated and clean them up. Here are three very popular tools (all Top 10 Sellers) that you may want to check out:

PestPatrol: http://www.w2knews.com/rd/rd.cfm?id=020923RN-PestPatrol

Retina: http://www.w2knews.com/rd/rd.cfm?id=020923RN-Retina

UpdateExpert: http://www.w2knews.com/rd/rd.cfm?id=020923RN-UpdateExpert

Link to full intrusion analysis article:


New Version 3.1 iHateSpam Has Powerful Features

New features:
Spam Abuse Reporting:
The spam abuse reporting feature, designed for the advanced user, allows an end user to simply click on a spam email and report a spammer to both the spammer's ISP as well as Spamabuse.org. Additional contact information is provided on other agencies, such as the FTC (general spam); the Spam Recycling Center (which collects statistics on spam); the SEC and the North American Securities Administrators Association (to report securities fraud); and the USDA (to report medical fraud).

Since the program relies on potentially forged or incorrect header information from the email to detect the primary and secondary relay servers, users are cautioned in the program to be careful with using this feature to avoid misreporting.

Other improvements:
Additionally, the Outlook and Outlook Express versions both have been beefed up. Since the Outlook and Outlook Express versions are architecturally different products, the specific improvements by version are listed below.

New features in Outlook version:

  • Spam abuse reporting.
  • Improved management of quarantine folders: In the 3.1 version, users can have their quarantine folders located in either the Deleted Items folder or under their inbox. There is also an option to have only one quarantine folder, or four separate folders.
  • Customization: Users can now customize the iHateSpam toolbar.
  • Toolbar enhancement: Added the ability to empty the quarantine folder(s) with one click.
  • Statistics and diagnostics: The program now provides a statistic of the amount of spam caught, and adds diagnostic information for technical troubleshooting.
  • Getting Started Wizard is accessible as an option: iHateSpam's simple "Getting Started" wizard had previously been only available on the first use of the program. Now, this feature is accessible at any time.
  • Improved bounce functionality: iHateSpam's bounce functionality, which attempts to send a message to a spammer that the user's email address is invalid, is now improved.
  • More information in the Quarantine Window: iHateSpam Outlook has an option to show what spams have been caught, known as the Quarantine Window. This window has been improved to tell the user under what primary criteria the message was determined to be spam.
  • Seamless support of Hotmail accounts in Outlook XP: Previously, Hotmail support had primarily been available to the Outlook XP user as a manual function?the user had to actually initiate a spam cleaning process. Now, the spam detection in Hotmail is completely automatic. (Note: Hotmail is only supported in Outlook XP).
New features in Outlook Express version:
  • Spam abuse reporting.
  • Enemy Phrases: Basic rule functionality has been added in that users can create their own "enemy phrases", which are phrases that occur in the email message body, subject or "To" line. Emails with enemy phrases will be automatically quarantined.
  • Diagnostics: The program now provides diagnostic information for technical troubleshooting.
  • Getting Started Wizard is accessible as an option: iHateSpam's simple "Getting Started" wizard had previously been only available on the first use of the program. Now, this feature is accessible at any time.
  • Improved bounce functionality: iHateSpam's bounce functionality, which attempts to send a message to a spammer that the user's email address is invalid, is now improved.
Get an eval copy here, or buy online while you still can for the special intro price of $19.95. Prices will go up to $29.95 shortly.

Too Much $ecurity?

Here's a better way to manage security and keep costs under control. Managing a growing number of incomplete security utilities that only do part of the job is a major headache. And what's worse is that it consumes valuable staff time better spent elsewhere. The result? Managing your security utilities can be more work than managing your overall IT security.

Check out VigilEnt Security Agent for Windows -- an integrated security product that provides complete vulnerability assessment, correction, real-time event detection and coordinated security management -- enabling you to accomplish more with fewer staff resources than ever before. Want effective security with reduced cost of ownership? Take a close look at VigilEnt Security Agent for Windows. We can give you a 15 minute web-demo that shows you everything you need.

What You Don't Know Can Hurt You

Have you ever thought your Windows network was under control only to discover half a dozen "extra servers" in your network --- all running unpatched versions of IIS? VigilEnt Security Agent for Windows identifies the workstations and servers on your network, shows you the services running on those machines, and even identifies any missing service packs or patches. So now what do you do?

VSA for Windows provides you with built-in knowledge about what vulnerabilities to look for along with integrated security tools to identify and correct those vulnerabilities.


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Go here. Move the cursor. WEIRD !! (but fun)

  • http://www.w2knews.com/rd/rd.cfm?id=020923FA-Eye
  • A British site with technical comic relief.

  • http://www.w2knews.com/rd/rd.cfm?id=020923FA-Tech_Comic_Relief
  • Remember that Word document hack? (Word deleting files) This quick fix from GRC may help you if you are still on the fence regarding installing SP1.

  • http://www.w2knews.com/rd/rd.cfm?id=020923FA-XPDite
  • Microsoft's .NET Architecture site. Great stuff.

  • http://www.w2knews.com/rd/rd.cfm?id=020923FA-dotNET_Architecture
  • A really useful page with any tech definition you ever wanted to know

  • http://www.w2knews.com/rd/rd.cfm?id=020923FA-Tech_Definitions
  • PocketPC-based LAN Analyzer software

  • http://www.w2knews.com/rd/rd.cfm?id=020923FA-LAN_Analyzer

    Pentax Digibino DB 100 Digital Camera/Binoculars

    More than a pair of binoculars. More than a digital camera. It's two-in-one! The Pentax DigiBino DB100 is the world's first combination digital camera and binocular. Ideal for birdwatchers, outdoorsmen, sports fans or anyone looking to capture images electronically that you normally only see with a pair of binoculars. Cool to check out at the W2Knews PriceGrabber where you always find the best price on-line.