Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 17, 2003 (Vol. 8, #11 - Issue #417)
This issue of W2Knews contains:
- EDITORS CORNER
- MCSE Mutiny!
- New AD Tool: Directory Inspector
- TECH BRIEFING
- WormWatch: Deloder Worm Threatens DDos Attack
- Experts' Top Five: AD Migration Tips
- New Variant Of Code Red In The Wild
- Very Useful Windows Glossary
- Data Security Survey: How are you doing?
- NT/2000 RELATED NEWS
- Survey Results: W2K3, WinXP and Active Directory Deployment
- MS Server License Changes Could Save You Money
- Windows Gurus Teach Internals Class in Washington
- I'm A Contrarian. I Want To Get MCSE Certified
- NT/2000 THIRD PARTY NEWS
- New AD Tool: Directory Inspector
- eEye Announces Availability of Retina Remote Manager
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hacking Exposed - Fourth Edition (with live DVD)
SPONSOR: Directory Inspector
Finally got Active Directory rolled out (or plan to this year)?
And now you are stuck with having to keep it secure and pass the
audits? Need to analyze and report on AD but lack the tool to do
it? Do not have the utility that enables you to get insight in your
AD data in a uniform, homogeneous manner? Sunbelt's Directory
Inspector is a brand new, wizard-based tool that provides you
with a suite of analyzers addressing structure, security and
integrity. Directory Inspector is a crucial element of keeping
your directories secure. Get your evaluation copy here:
Visit Directory Inspector for more information.
Almost two thousand people answered our SunPoll last week. And
dang, a whopping 50%+ is not going to renew their MCSE! Another
25% is on the fence, leaving only less than 25% to renew. This is
shocking news. Looks like MS needs to make some definite changes
in their program or else lose well over half of their certified
people. Here are the percentages from the recent SunPoll:
Question: Are you going to upgrade your MCSE to W2K3?
That spells trouble for Redmond. Remember, you heard it here first!
- Sure thing, I need to stay up to date and the company pays: 11.67%
- Heck yes, even if I have to shell out the dollars myself: 9.25%
- Not so sure anymore... But I'll keep learning on my own: 25.4%
- Not likely, no time and money plus the returns are not there: 21.74%
- No Way! Seems like certification has become an MS profit center: 31.91%
And here is your next SunPoll:
Q: Does your organization have an active business continuity or
disaster recovery program in place?
Vote here. Leftmost column:
- No, but we are currently implementing one
- No, but we will have within the next 12 months
- No, and it will be more than 1 year before we do
- No, and we have no plans for one
Also participate in our Data Security Survey. See Tech Briefing below.
New AD Tool: Directory Inspector
Sunbelt is excited to announce a new AD tool: Directory Inspector.
Read the announcement in the Third Party News Section. And remember, Sunbelt sponsors a forum where you can discuss AD-related issues with hundreds of colleagues. Read the charter and subscribe here:
PS, we'll report in next week's issue on Microsoft's Management
Summit that will start in Vegas coming Monday. They'll announce
that SMS and MOM will be merged, together with other tools for
Quote Of The Day:
Numbers are like people; torture them enough and they'll tell you anything... but don't be surprised if they tell you only what you wanted to hear.
(email me with feedback: [email protected])
Sick and Tired of Irritating Advertising Popups?
Hate being "spammed" like that? Need something to kill Popups?
Fight back with iHatePopups. Fast, easy protection from annoying
popup advertising. Special Intro Price for W2Knews subscribers:
only $9.95. iHatePopups blocks a wide range of annoying popup
advertising. Let's face it - popup windows can make surfing the
net an act of pure frustration. iHatePopups is an unobtrusive
and elegant utility. Buy your copy right away. Click below!
Visit iHatePopups for more information.
WormWatch: Deloder Worm Threatens DDos Attack
The Deloder worm threatens a massive DDos attack. This worm uses
the VNC remote control freeware to make machines into zombies:
ugly. This particular critter is similar to previous worms on
TCP445 and spreads via network shares. Your corporate environment
should be protected because you do not allow untrusted connections
into your network. But, there are some scenarios where this could
happen after all:
A: Laptops connected to unprotected Internet hookups when out of
your sanitized corporate environment, (home or business trips)
and then brought back into the office.
B: (and worse) boxes that use VPN connections into your corporate
LAN network but are not properly protected from the Net. Make sure
these machines have protection, as in up-to-date AV signatures and
Personal Firewalls. You could also envision tools like PestPatrol
that scan for nonviral malware. More at these links:
Experts' Top Five: AD Migration Tips
Patience and humility, always good qualities, are a must when it
comes to AD, which is notoriously unforgiving, the experts say.
In this story at TechTarget, they provide AD tips that are bound
to save you time and aspirin. Click here for the full tip:
New Variant Of Code Red In The Wild
It uses the same method to infect servers as the original Code
Red (i d q.d l l). However, expect to start seeing an increase in
the well known code red signatures, many machines are still unprotected. You are protected if you have done any of the following:
If you are running the UpdateEXPERT patch management tool, verify
that you have installed the MS01-033 patch (first added to
UpdateEXPERT in June 2001).
- Applying SP3 or MS01-044 to Windows 2000
- Applying the post SP6a security rollup to NT4
- Block any request for .i d q, .i d a , and .h t w
- Removing the application mappings routing requests i d q.d l l,
but remember that prior to SP3, applying a Service Pack to W2K
would reinstall the .i d q application mappings, ouch. Check the
MS KB Number Q308268 for this.
If your systems aren't updated with critical security patches,
they are vulnerable to the next security exploit. You can 'harden'
your systems with UpdateEXPERT. This is a patch remediation tool
featuring an exclusive patch database that has been tested for
deployment interdependencies. Remember, security is a process.
UpdateEXPERT scans networks for missing hotfixes, and fixes the
discovered weaknesses. Supports Windows NT4/2000/XP, SQL Server,
Exchange Server, IE, Outlook and other critical apps. It scans,
validates, and installs updates remotely without a required client
agent. No charge 15-day live trial and Whitepaper at:
While CodeRed.F has yet to cause major damage, the new variant
bypasses firewalls and signature-based IDS due to the code
variation. There are two products available from eEye which
enable you to detect and protect against CodeRed.F. eEye's award-winning network vulnerability scanner, Retina, will scan your
entire network and identify weaknesses so you can be sure your
organization is not at risk for CodeRed.F and other vulnerabilities
that can be exploited by intruders.
To protect your Microsoft IIS web servers, eEye offers SecureIIS,
the world's first application designed to specifically protect
Microsoft IIS and provide comprehensive protection against both
known and unknown attacks -- including CodeRed.F and future
variants. Both products are available for trial download from
Retina Network Security Scanner:
SecureIIS Web Server Protection:
Very Useful Windows Glossary
There are so many Window acronyms and terms and so little time to
figure them all out. SearchWin2000.com has gathered and defined
some of the industry's top used acronyms and terms to help you
stay abreast of the older and upcoming lingo out there. If you're
puzzled by a term not seen there, you can email them at
[email protected] and they'll add your definition to the list:
Data Security Survey: How are you doing?
It's getting more and more important: Data Security. That is why
Sunbelt Software and NSI Software (developer of Double-Take) have
a few very interesting questions we'd like you to answer. We'll
report next week how you are doing compared to your peers! If
you'd like to know how your peers are coping with questions like
these, fill out the survey!
It's going to take less than 5 minutes:
- How often are you asked to restore files that users have deleted or become corrupt?
- Is your backup window shrinking?
- Have you had any difficulty in the past implementing a remote
replication solution for your data storage?
- Does the amount of your current bandwidth prevent you from
implementing a remote storage replication solution?
NT/2000 RELATED NEWS
Survey Results: W2K3, WinXP and Active Directory Deployment
As promised, here's the Executive Summary of the survey results.
Thanks to all of the 1,000 of you who responded to the two surveys
in last week's issue that we conducted with the Yankee Group. The
results are in and they show some very interesting buying and
It's hardly a mad dash. But after three years of relative inertia,
a significant portion MS Windows and Office corporate enterprises
appear poised for major migrations to the newest Microsoft platforms within the next 12 to 18 months. Those are the results of the latest independent joint Yankee Group/Sunbelt Software poll of one thousand IT Administrators worldwide.
The most compelling factors spurring the upcoming wave of migrations are the need to get current for security and competitive business reasons and preparing the environment to support extranet and Web services applications.
Nearly 20% of the survey respondents indicated they would upgrade
to Windows Server 2003 within the first 12 months of shipment and
another 26% said they would upgrade to Office 11 aka Office 2003
within the first year of shipment. And nearly 18 months after it
first shipped, businesses finally appear ready to embrace the WinXP
client operating system. Close to two-thirds of those polled -- 63% -- said they'd switch to Windows XP within the next 12 months.
These figures pale in comparison to the stampede that
ensued -- literally -- when Windows 95 shipped eight years ago. But they
are highly respectable when viewed in the context of the current
economic slump that has caused IT departments to cut staff and
budget to the bone.
The mood among corporate enterprises remains cautious and pragmatic
owing to this prolonged downturn. Hence, businesses need to construct a business case to justify any migration. Additionally, the
IT admins surveyed indicated that their top concerns remain a lack
of capital expenditure budget for new equipment and migrations;
network security; under-staffing in their IT departments and migration issues associated with moving to the forthcoming Microsoft
Windows Server 2003, Active Directory and Office 2003 platforms.
Among the other survey highlights:
-- Laura DiDio, Senior Analyst, The Yankee Group.
- Some 59% of respondents indicated they will use Active Directory
- Approximately one-third -- 34% -- of those polled currently have
no plans to migrate to Windows XP
- Nearly four percent of the IT managers said their firms will
switch their enterprise desktop environment from Windows to Linux
- To date, approximately 28% of organizations have upgraded to
the Microsoft Licensing 6.0 plan
- Only 19% of businesses presently have definitive Web Services
- The administrative areas of greatest concern are a lack of IT
budget for new software and equipment purchases; network security;
the under-staffing of the IT department and tactical migration
issues to next generation Windows, Office and Active Directory
MS Server License Changes Could Save You Money
The Analystview site has a good short article about the changes
to MS's per-processor server licensing model. It could significantly reduce licensing costs. But Microsoft will give no refunds, and the new model will not cover everyone.
On 6 March 2003, Microsoft announced that on 1 April 2003 it would
change its per-processor licensing model to accommodate the physical and logical partitioning of multiprocessor servers.
First Take: Microsoft's move could save enterprises money if they
use partitioning to segregate different applications running on
the same multiprocessor server. Previously, some Microsoft customers complained about having to license all CPUs on a multiprocessor server even though not all of them access the software. This situation arose especially with enterprises consolidating several single- or dual-processor servers onto one larger server
containing up to 32 CPU's as a way to control hardware and systems
management support costs. More at:
Windows Gurus Teach Internals Class in Washington
David Solomon and Mark Russinovich, authors of "Inside Windows
2000, 3rd edition", will be teaching a public offering of their
3-day Windows Internals and Advanced Troubleshooting class in
Bellevue April 21-23. The course covers the Windows 2000/XP/Server
2003 kernel architecture, as well as the internals of processes,
thread scheduling, memory management, cache manager, registry,
security, the I/O system, startup and shutdown, and basic crash
dump analysis. Can't attend the class? Check out the Internals
video that Microsoft licensed for their internal training - see:
For complete details or to register online, visit:
I'm A Contrarian. I Want To Get MCSE Certified
We were sent the following question: "Can you tell me the replacement exam and study for the old networking essentials exam and workstation 4 exam?" Our MCSE Guru Ed Tittel answered as follows:
There really is no direct analog for the old Networking Essentials
exam (70-058). However, the workstation 4 exam (70-073, I think)
is replaced by either 70-210 Windows 2000 Professional or 70-270
Windows XP Professional.
Because the Windows Server 2003 exams aren't going to be out until
summer and fall, I'll describe the exams for the Windows 2000 MCSE
here (and provide a link to information about the newer MCSE program as well). Most experts, including myself, recommend that you tackle the MCSE for Windows 2000 Exams in the following order:
- Windows Desktop Core Exam
Take either 70-210 or 70-270 to begin with
- Windows 2000 Server Core Exams
Take the following exams in numerical order:
70-215: Windows 2000 Server
70-216: Windows 2000 Network Infrastructure
70-217: Windows 2000 Directory Services
- Choose and take your electives:
You must pick any 2 of the electives described in the Windows
2000 MCSE requirements online at:
Of those exams, 70-218 Managing a Win2K Network Environment will
let you get an MCSA along the way to getting your MCSE, and 70-227
ISA Server is also a very popular option.
- Take your design core exam, which means taking one of the
following, (listed in order of popularity):
70-219: Designing a Win2K Directory Services Infrastructure
70-221: Designing a Win2K Network Infrastructure
70-220: Designing Security for a Win2K Network
70-226: Designing Highly Available Web Solutions with Win2K
Of these exams, hardly anybody takes 70-226, but you should feel
free to go after any of the first 3. For a preview of upcoming
Windows Server 2003 MCSE requirements and exams, please visit:
THIRD PARTY NEWS
New AD Tool: Directory Inspector
Need to analyze and report on AD but lack the tool to do it? Do
not have the utility that enables you to get insight in your AD
data in a uniform, homogeneous manner?
Well, here is your solution.
Sunbelt's Directory Inspector is a brand new, wizard-based tool
that provides you with a suite of analyzers addressing topics
such as directory structure, security and integrity, and standards
and policy compliance. Perfect for use in an AD-only environment,
and even more useful when you run multiple directories. Directory
Inspector is a crucial element of keeping your directories secure.
It helps uncover weaknesses in your users' security settings,
standards and corporate policy non-compliance.
Here are just a few examples:
And Directory Inspector is unique in that it not only works great
for Microsoft Active Directory, it has support for ALL the major
industry standard directories: IBM, Microsoft, Netscape, Novell
and LDAP. We've got a good PDF reviewer's guide on the page as
- Identify user accounts that are no longer in use
- Ad hoc query tool to generate reports on filtered directory
- Easy Templates to report on objects, memberships, access
- Identify user accounts with insecure logon property values
- Much, much more.
The Security of your Directory really is crucial. Better start
with this early. The cost for this tool is super low. Check it
eEye Announces Availability of Retina Remote Manager
eEye Digital Security announces the immediate availability of
Retina Remote Manager to enable centralized, trustworthy access
to its Retina vulnerability assessment scanners. As leaders in
vulnerability assessment technology, eEye developed a remote
management software product to augment the usage of its scanners
and to provide Retina users with an intuitive web-based interface
and concurrent user access.
With Retina Remote Manager, administrators can establish a secure
scanning station inside or outside the perimeter of the network to
conduct vulnerability assessment tests. Administrators are able
to log in via the secured HTTPS interface and schedule perimeter
scans to run as often as needed. In an enterprise setting with
multiple scanners, Retina Remote Manager serves as the secure data
transfer catalyst for eEye's comprehensive Enterprise Vulnerability
This Week's Links We Like. Tips, Hints And Fun Stuff
The Ultimate Karaoke Challenge!
Afraid of heights? This will make you ill!
The latest. Internet psychic [grin]:
Need a free tool to check your software compliance?
Sick and Tired of Irritating Advertising Popups? W2Knews $9.95
Here's a collection of computer humor directly from Microsoft KB:
Xbox Hacking continues. The Neo Project presents 'Operation
Project X' software, similar to [email protected], with distributed
computing. Juicy detail, the cracking code is written in MS.NET:
Time to Refer a Friend to W2Knews and Win great prizes!
PRODUCT OF THE WEEK
Hacking Exposed - Fourth Edition (with live DVD)
A lot of computer-security textbooks approach the subject from a
defensive point of view. "Do this, and probably you'll survive a
particular kind of attack," they say. In refreshing contrast,
Hacking Exposed, Second Edition talks about security from an
offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are
out there, get a rundown on what the programs can do, and benefit
from detailed explanations of concepts (such as wardialing and
rootkits) that most system administrators kind of understand, but
perhaps not in detail. The book also walks through how to use the
more powerful and popular hacker software, including L0phtCrack.
This new edition has been updated extensively, largely with the
results of "honeypot" exercises (in which attacks on sacrificial
machines are monitored) and Windows 2000 public security trials.
There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.