- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, May 12, 2003 (Vol. 8, #19 - Issue #425)
"All Your [email protected] Are Belong To Us"
  This issue of W2Knews™ contains:
    • Data Networking Research; Your Help is Needed!
    • Is It Ethical For IT Professionals To Receive Free Software?
    • Seven Questions: Are You Preventing Insider Attacks?
    • What's That "WINDOWS" Key Really For?
    • W2K3's New Storage Power
    • So, What Does The iHateSpam Server End-User See?
    • Why DO Companies Choose Double-Take For Data Protection?
    • New Class of Spyware
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • iHateSpam Server: You Asked For It, So We Built It
  SPONSOR: Panda Software
Minimums Lowered For *No Cost* Corporate Anti-Virus!
"It's a scandal!" claims Panda USA's General Manager. "Why shouldn't
the smaller networks get deals usually reserved for big IT shops?"
Now, Panda offers Competitive Renewals to networks over 25 seats.
That's no cost AV software, even subscription buyouts! Why Panda?
Simple: you'll find and stop more viruses, guaranteed. A major
review just ranked Panda FIRST for "superb detection rates".
Click here NOW for more info on this limited time, US only program!
Visit Panda Software for more information.

"All Your [email protected] Are Belong To Us"

Why the @ sign instead of the letter a? Ironically, to prevent this newsletter from getting filtered by junk mail filters. Well, it's HEEERE! iHateSpam Server Edition is ready for your testing. Actually, it's been like that for about 2 weeks, but we wanted to roll it out slowly, making sure we were getting you a stable V1.0. And just as well, there was indeed a last minute snag that pushed the actual detection rates of junk mail down. Fixed now though! And the sales are rolling in already. Here are some first reactions:

Dan Keldsen, senior analyst with the Delphi Group, says "Sunbelt's focus on solving both end-user and administrator's problems is the key to their success. Certainly, if you're using Exchange 2000 for your e-mail system, you should have IHateSpam Server on your short-list of purchase options for filtering [email protected] and inappropriate e-mail in general."

"Initial installation and setup was very quick and easy - within less than an hour users were 'protected' and by later the same day I was getting positive feedback from users," said beta tester Bob Eadie, computer system manager for the Bedford School.

"After just two days of evaluating iHateSpam Server Edition, we were hooked on its ease-of-use (both installation and client-use) and its accuracy in properly identifying [email protected]," said beta tester Paul Stemper, of Minneapolis-based Magenic Technologies.

Run Exchange 2000? Time for you to have a look at the most recent, brand new and (we think) the most powerful and flexible solution out there, with a killer price:

Why Dot.Net Was Killed

Nobody ever really got the concept. That's why. Just look at these quotes from the Big Dogs that were supposed to understand it.

"One question might be, and I'll be as direct as I can be about this, what is .Net? Unlike Windows, where you could say it's a product, it sits in one place, it's got a nice little box. In some sense, it's a very good question." - Microsoft CEO Steve Ballmer, at a Microsoft .Net briefing day in July.

"We don't have the user-centricity. Until we understand context, which is way beyond presence -- presence is the most trivial notion of context." - Microsoft chairman Bill Gates, on the same topic at the same briefing.

"Our biggest problem was policing the use of .Net. Things like .Net Enterprise Servers. That's a great example of where the confusion came from, because it looked like we were slapping .Net on a bunch of random products." - Charles Fitzgerald, general manager of MS's platform strategy group, in August on ZDNet News.

"It's about connecting people to people, people to information, businesses to businesses, businesses to information, and so on. That is the benefit." - Steve Ballmer, trying again, in an October interview with News.com.

Our quote: "Oh." [grin]

PS Come see us at Tech.Ed over at booth 366 the first week of June in Dallas.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

Has your manageability roadmap taken you down the wrong path?
Are you struggling to manage and secure your enterprise
infrastructure while ensuring ROI? Get the advice you need now
with NetIQ's FREE eBook, "From Chaos to Control: The CIO's
Executive Guide to Managing andSecuring the Enterprise."
Register now!
Visit NetIQ for more information.

Data Networking Research; Your Help is Needed!

Sunbelt and Survey.com are currently conducting a very important piece of research surveying high-level technology professionals and CFOs about current and future data networking trends. As an IT "opinion leader" in your organization, we are particularly interested in your thoughts. (If you do not live in the USA, ignore this item.)

Knowing your time is important, we've crafted this survey to take no more than 10 minutes at the most. To thank you for completing the survey, we will enter you into a drawing to win a cash prize of $500 and send you a summary report of our findings. Getting this research data sent back to you is an extremely valuable bonus. For the official rules, see:

Please take part in this important research by clicking on the link:

The data you submit will remain confidential and will not be released, sold, or used in advertising. It will only be used to compile aggregate statistics for a summary report. Neither you nor your company will be identified in any way. Thank you very much for contributing!

Kevin M. Taylor, Director of Research Operations Survey.com
Stu Sjouwerman, Founder / COO Sunbelt Software

Is It Ethical For IT Professionals To Receive Free Software?

Last week, Panda Software started giving away a full, free copy of its professional anti-virus software, with integrated firewall, to IT influencers like you for your own protection at home. You can do it yourself, right now, at:

They'll even give you multiple copies, if you ask. Riggs Eckelberry, their new General Manager, is quite candid about the reasons why: "We've found that users who install our Platinum 7 at home become Panda advocates in the workplace."

Amusingly, he also told me that a French industry pal thought he was doing something quite unethical! We do it ourselves - the recent iHateSpam client giveaway on Amazon.com that introduced many IT professionals to the effectiveness of our server edition was hugely popular, as is the Panda promotion.

So ? is it cultural differences or a real ethical conflict? Which leads me to the next SunPoll:

Q: Should publishers give away full product to get it known?

  1. Sure, it's a legitimate way to get people to know the product.
  2. No, I think they should work through analysts and reviews.
  3. I won't touch anything that's not a major brand.
  4. I think it's an unethical practice.
  5. Who cares?
Vote here, leftmost column:

Seven Questions: Are You Preventing Insider Attacks?

  1. Do some employees have access to systems they don't really need?
  2. Are your identity management and password systems tied directly to the Personnel systems?
  3. Have you established basic access policies? You should have organizational firewalls between things like accounts payable and accounts receivable.
  4. Is there clear and accessible corporate policy for inappropriate employee behavior?
  5. Have you enforced strong passwords, AV-software, and personal firewalls for telecommuters?
  6. Did you do a risk analysis on your key IT assets? You need to determine the potential damage from a loss, and vulnerability.
  7. Do you have (redundant) logging systems to deter malicious behavior?

What's That "WINDOWS" Key Really For?

The 'Windows' ( ) key is on most modern keyboards but most people simply do not know how to use it. You might want to send this item to your users and enlighten them!

Beyond just clicking on it to open the Start menu, you can use it for many, much more useful things:

Minimize all Windows: + D
To show all the windows again: + Shift + M

Jump to Explorer: + E

Cycle across the Taskbar: + Tab
(Alt + Tab will do the same thing)

Search: + F
Is it Search or is it Find? It's called Search on the menu but the shortcut harks back to the days when it was called Find.

Run: + R
Some people never use the Run command but others do it all the time.

System Properties: + Break
This is the equivalent of clicking the System icon in Control Panel or the Properties option under the My Computer desktop icon.


W2K3's New Storage Power

MS has put a lot more storage power in W2K3, there is a pretty impressive list of improved features: better performance, better file and volume management, and more support for networked storage.

To start with, there is now built-in support for the up-and-coming iSCSI storage networking protocol. This gives you the opportunity to start using a bunch of APIs named VDS (Virtual Disk Services).

So, what are VDS-en? Really a way to script (or use the MMC) to easily and dynamically change volume allocations, regardless of the hardware maker of that device. Obviously MS worked together with the storage hardware vendors in making this reality. Result? No more headaches when you grab a new disk volume. No more grab-bag of disk management tools that only work on just one RAID set.

The Next Buzzword? VSS!

And what the heck are those? Volume Shadow-copy Services. They have been improved. There is now a VSS app called "Shadow Copy Restore". This puppy allows you to recover user files that were deleted or updated by accident. Keep in mind that MS threatens (again) to kill off a whole category of third party "undelete" tools with this. Keep in mind that the minimum environment for Shadow Copy Restore is a W2K3 file server that shares your users' folders across the network.

For example, you can kick shadow copy in gear on a DC with AD and DFS (Distributed File Sharing), and on cluster configurations. You basically create a schedule to automatically take a volume snapshot of files and folders that have changed. You do need to plan these snapshot intervals, but they offer a wizard to do that.

W2K3 also includes an update to Windows Explorer for client PCs, which allows your users to access a so called Previous Versions tab. That way they can recover their own lost or damaged files. Caveat: that "Previous Version" only works on WinXP clients. It's useful for sure, but somewhat limited: only 64 snapshots and they overwrite each other. I'm sure that third-party people will grab these API's and come out with stuff that's way better than the currently provided somewhat bare bones functionality.


So, What Does The iHateSpam Server End-User See?

Well, suddenly three new folders appear in their Outlook: Blacklist, Quarantine, and Whitelist. Here is an example:

All email that the rules-engine determines is junk, goes into their quarantine folder. You can actually delete it on the server level, but many organizations like to have their end-user determine what they feel is junk and what not. Remember, "one man's junk is another man's treasure".

Users can create their own whitelist and blacklists by simply dropping a copy of an email in these folders. Extremely simple, and no changes in any Outlook Client. No support on the client level needed. This tool was designed with the admin in mind!

So, you're invited to download the latest build from our website. It was tested in-house and we're happy with it. I am running it myself (I live in Outlook) and it works great. Following are the instructions for installation of this build:

If you do not have iHS SE installed currently there are no special installation instructions for installation. Simply download from the link below and follow the prompts during install. Reminder: The default policy is disabled by default meaning that by default there will be no [email protected] captured. You must either enable this policy or create a new (enabled) policy and clear the Smart Cache for [email protected] to be captured. Protect your users within the hour. This is a full function 30-day eval, and already operating in dozens of production sites:

Why DO Companies Choose Double-Take For Data Protection?

The Company Northcliffe Newspapers Group Ltd is one of the largest and most successful regional newspaper publishers in the UK. Established in 1928, Northcliffe is a wholly owned subsidiary of the Daily Mail & General Trust and produces more than 9 million newspapers in an average week.

The Problem

For many years Northcliffe has been successfully using PC server technology for the production of publications. Resilience and uptime had been managed by using a combination of RAID technology and redundant servers that could be brought on line relatively quickly.

However for two key reasons this strategy was not going to be good enough to meet the future requirements. Roy Martin, Northcliffe Group IT Director, explains "We had reached a position that if a server failed at the wrong time of day we would not have time to bring it back on line, so we needed to consider real time redundancy cost of the critical nature of producing newspapers. We needed a sophisticated resilient system that was simple to support"

The Solution

Basic Business Systems Ltd has supplied computer products and services to the Northcliffe Newspapers Group for more than 12 years. Working with Basic a number of options were identified. These systems were evaluated with Northcliffe strategy in mind, resilience but with a low cost of ownership. Following a six month project a clear winner became apparent, Double-Take. Basic went to Sunbelt Software, and worked out a support arrangement for this important customer.

NSI's Double-Take was chosen based on its simplicity when failing over to backup servers and its flexibility of configuration. Double-Take sat neatly in the background of the Windows server and did not affect the server efficiency or flood the network with traffic when replicating data.

Double-Take replicates data in real-time in transactional mode. It has the ability to replicate efficiently SQL Databases and Exchange servers and as it replicates at bit level (i.e. data changes only) - the bandwidth used between servers is very minimal.

How it Works

In the event of a source server becoming unavailable, the target server will produce a prompt Window requesting a failover process. At this point, the IT support person has the ability to either start the failover process (because the source server has completely failed) or reject the failover process (because the source server for example has simply been rebooted).

The system was also tested with Northcliffe's key Editorial and Advertising systems and found to work perfectly with some minor modifications. The Target Servers do not need to match the exact configuration of any of the source servers it is backing up just as long as it has sufficient processing power and disk storage.

In Summary

Having met the criteria Roy Martin makes this assessment "A simple and effective solution, which provides protection to Northcliffe's critical data and significantly reduces the risk to the business from server failure. Working in partnership with Basic Business Systems has helped us achieve our goal and realize the potential of Double-Take." Northcliffe have now successfully protected 50% of their sites, and, by the end of October 2003 plan to have all sites upgraded with the Double-Take standard. Download a 30-day eval here:

New Class of Spyware

They are called malicious browser helper objects. A browser helper object, or BHO, is a component that Internet Explorer loads whenever it starts, shares IE's memory context, and can perform many actions on available windows and modules. This is actual code that has been placed on a browser. Systems affected are those using Internet Explorer 4.x or higher.

While some BHOs are helpful to users, PestPatrol has tracked a whole new class of malicious BHOs that are used as spyware; in most instances, users are not even aware that these malicious BHOs have been installed on their systems. BHOs can detect events, create windows to display additional information on viewed pages, and monitor messages and actions. They are being harnessed by hackers to collect information or even bundled with a trojan that resets the browser's home page and/or search settings to point to other sites. There are many ways in which these malicious BHOs are being used, but the end result is always a blatant invasion of privacy.

IGetNet is a keyword-search service, implemented as an IE Browser Helper Object that installs itself invisibly onto users' machines and executed at Windows start-up. It then modifies the Host's file so that every time users try to open either the MSN or Netscape search site, they are re-routed through the IGetNet servers. The IGetNet server checks to see whether the search includes a keyword they have sold to one of their advertisers, and if so, redirects users to that site. If not, users are forwarded to the real MSN or Netscape search page. This happens without the user ever knowing that a switch has been made. Not only does IGetNet compromise privacy and system integrity, but there is no uninstaller, and manual removal is both difficult and risky.

Besides this privacy violation, IGetNet may also cause Internet Explorer to hang when closing, or trigger an error in Windows XP if the user who installs the BHO is not logged in as admin. To detect and remove IGETNET and other spyware, check out PestPatrol Corporate Edition at:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Here we have the mechanics of a spammer dictionary attack:

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-Attack
  • Intel Personal Server...cool!

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-Server
  • It's strange, addictive and mysterious. Who would be the target audience for this?

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-Mysterious
  • Smart Robot Autos Tough It Out:

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-Robot_Autos
  • Astronomy Picture of the Day. Meteorite destroying printer. Really.

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-Pic_ofthe_Day
  • Leaked Spy Shot of Microsoft's Stinger Mobile Phone (get the joke?)

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-MS_Phone
  • How to hack into your neighbor's X10 camera video streams...

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-Hack_X10
  • Not for the weak of heart. Surgery instruments of the Ancient Rome. Just thinking about it... Yikes!

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-Rome
  • Last but not least, while we are on the topic of gruesome surgeries, here is a guy who had to amputate his own arm with a pocket knife. Worse than the Roman times if you ask me!

  • http://www.w2knews.com/rd/rd.cfm?id=030512FA-News

    iHateSpam Server: You Asked For It, So We Built It

    Here are the features that system admins just love in iHateSpam Server Edition:

    • Exchange 2000/2003 AD integration
    • End User manages their own white- and blacklist
    • No workstation installation
    • Updatable [email protected] engine
    • Easy, flexible and powerful policy-based settings
    Get a 30-day eval here and protect users within the hour, for a killer price:


    PS Come see us at Tech.Ed over at booth 366 the first week of June in Dallas.