- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, May 26, 2003 (Vol. 8, #21 - Issue #427)
Is MS Really More Secure?
  This issue of W2Knews™ contains:
    • Is MS Really More Secure?
    • So, What Will The Next SQL Server Look Like?
    • How To Tweak The iHateSpam Server Filters
    • Different Ways Admins Utilize LanHound
    • MS Teams With Unix Against Linux
    • Will Microsoft Drop Out of the Server-Software Market?
    • MS's Report Card
    • Microsoft Looks Beyond Windows With Datacenter Plan
    • MS and Symantec Differ On Anti-spam Efforts
    • iHateSpam Server Edition First Customer Results
    • Nevada Hospital Hacked by Russian Mafia
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Lower Your Windows Storage TCO
FREE CIO eBook for Managing and Securing the Enterprise
Need in-depth best practices for systems and security management?
Register now for the FREE ebook, "From Chaos to Control: The CIO's
Executive Guide to Managing and Securing the Enterprise," brought
to you by NetIQ and Realtimepublishers.com. Topics covered include:
Top 10 Corporate Manageability Policies; Top 10 Overlooked Vulne-
rabilities; Top 10 Corporate Security Breaches.
Visit NetIQ for more information.

Is MS Really More Secure?

We're wondering. And you guys are the best to answer this question. So here is the next SunPoll:

Describe the impact of Microsoft's Trustworthy Security initiative on your firm:

  • None. It's all hype
  • Some, we're happy that Microsoft is doing it but not sure if it will really help
  • Positive. This is a good first step and we feel Microsoft software is somewhat more secure
  • Very positive. It has restored/increased our confidence in the security of Microsoft products
  • Unsure. We applaud Microsoft's efforts but believe the hackers will continue to wreak havoc
Vote here, leftmost column:

And next week we'll give you the results and come out with a bigger survey on security that will give you the real status about where we are regarding this hot topic.

Talking about security, I'm reading a very cool book at the moment called 'Stealing the Network: How to Own the Box'. It's a unique book, as it combines fictional stories, with technology that is real. While none of the stories have happened, there is no reason why they could not. You could argue it provides a road map for criminal hackers, but I say it does something else; it provides a glimpse into the creative minds of some of today's best hackers, and even the best hackers will tell you that the game is a mental one." Syngress published it and you can see it on Amazon at:

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Quest Software
Quest Software: Lower Your Windows Storage TCO
How much could you save *right now* by eliminating junk and duplicate
data? Do you want to plan more effectively for server consolidation
or storage deployments? Get out of reactive mode! Register for your
FREE Windows Storage Utilization Review and get answers before you
spend another cent. Forecast storage demands and delay new storage
expenses until you're really ready to purchase. The Storage Review
is a limited time offer, so register today!
Visit Quest Software for more information.

So, What Will The Next SQL Server Look Like?

Definitely interesting reading here. Its code name is "Yukon" and MS calls it their "Next-Generation" Database Management.

MS has a page on their website where they go into a little more detail, and provide a sneak peak of future functionality. It starts with the usual MS PR, but then it gets interesting. I quote: [PR HYPE ON] "Yukon will provide organizations with next-generation capabilities across database development and management, availability, scalability, security, and business intelligence while enabling them to control costs." [PR HYPE OFF]

The rest of the article provides an overview of major feature enhancements in three key areas: enterprise data management, developer productivity, and business intelligence. If you use SQL now, I suggest you read up on where you will live a few years from now:

How To Tweak The iHateSpam Server Filters

This is an interesting little exchange between Sunbelt people and a customer that was fine tuning the spam filters. We do this by sending 880 known spams to their machine. Bob is the Sunbelt guy who is the List Moderator of our spam forum. Here is the start:

Bob: 880 on the way... You might want to clear your quarantine folder.

Daniel: 598 messages were caught by iHSSE, 26 passed through - I thought you said there were 880 total messages? My account is set to what we're calling "Medium Tolerance"; the same settings as the old default policy (120 threshold).

Bob: Drop the threshold to 60, it's where ours are set. Other emails may have been blocked by any rules or filters or DNS blocking you may have. If you feel funny about 60 on the Quarantine Threshold, well no worries, you won't lose anything. But have you tweaked the default delete threshold? Some of those spam are pretty offensive.

Daniel: I checked the reporting and it says for my account 860 messages were caught so far today. I may have had a couple (less than 10, I don't remember exactly) messages in the Quarantine when I arrived this morning, so it looks like I technically "received" the messages, but they didn't arrive in the Quarantine folder. I have my Delete Threshold at 600 and No Action Threshold at -1000.

Bob: So here is what happened: over 300 of those spams were so offensive that their points went way above your 600 delete threshold and they were deleted. (6,000 THOUSAND is default)

Daniel: Ah, yes...that makes sense. After I hit send on my last message, I thought about the delete threshold setting of 600 and figured that's where the extra messages went. Those messages must have been pretty offensive!

Bob: Seeing as how your delete threshold is so low you might be getting false positives and not know it since they are deleted, see? I think we saw that earlier. Let's lower the threshold on your mailbox policy to 60, put the delete threshold back at 6000, hit update, update the smart cache and let's do it again? This way we KNOW we are not deleting legit email.

Daniel: The second attempt yielded the following results: Quarantined - 814, Misses - 3, Total - 817. I feel rather confident that I didn't receive any other spam during this period. So I can only concluded that the 38 messages not appearing in my quarantine were above the 6000 delete threshold. As for the 35 messages of the 880 that are missing, I have no idea where they are. Would it be too much trouble to ask for another attempt? This time I want to try it on a fresh mailbox. Are there some other settings I should tweak?

Bob: Cool! That's a lot better huh? Watch for false positives. Some are getting blocked, some other guys are getting all 880 spams. If you have Delete Blacklisted emails checked (In the Policy) and your users have some of those spams blacklisted that could account for the missing emails :) Not a bad thing in any case.

Daniel: Let's try again to a fresh account? The account is established and ready to go. And this account is in the policy with a quarantine threshold of 100 and a delete threshold of 6000.

Bob: Ok...880 On the way...

Daniel: Hits - 876, Misses - 4 (2 of which were red-herring legit emails to see if we went too far) Total - 880

Bob: Wow, great percentages. Does not get much better than this. OK to publish results?

Daniel: YES! Thanks for all your help and a great product.

Want to do this yourself and see if you can get over 98% spam trapping hit rates? Get a full function 30-day demo here:

Different Ways Admins Utilize LanHound

LanHound has become very popular very fast. It's a great packet sniffer at extremely low cost. We asked system- and network admins who bought it what they are using it for:

Slow response times: See traffic congestion quickly.

Broadcast or multicast storms: Set an alarm for unusually high traffic of these types.

Traffic by station: View traffic generated by each station and server to see which stations are consuming the most bandwidth.

Hanging network sessions: Find who sent the last packet, and which system failed to respond.

User can't logon: Capture login negotiations, retransmits and response times to determine where the problem is, and where to focus your attention.

Security Lapses: Find out if users are checking POP3 email or going to FTP sites using unencrypted passwords.

Duplicate IP numbers: See if there are duplicate IP addresses on a monitored segment.

Try it out for yourself over here:


MS Teams With Unix Against Linux

Or not? A firestorm of conspiracy theory is doing the rounds at the moment. MS has taken a multimillion-dollar license to the Unix technology owned by SCO, including SCO's controversial SVR5 patents and source code. People immediately interpreted this as Redmond's latest broadside in the Linux Wars. Keep in mind that SCO just sued IBM for ungodly amounts of money, alleging that the Linux which IBM is using violates a lot of the copyrights that SCO holds for the Unix code. And very coincidentally, CNET just sent a letter to all the Linux download providers that they will stop allowing Linux to be pulled down from the Download.com, ZD Net and MSN sites. Methinks CNET saw SCO sue IBM and decided to be proactive.

Why does all this sound like "Déjà Vu"? Let me give you some history to put all of this in perspective. MS, about a lifetime ago (late seventies), bought shares in SCO so that MS could produce Xenix. They came on the market with it in '79. Before that, MS has bought a Unix license from AT&T. In 1987, AT&T included parts of Xenix to their own Unix code base because MS feared that AT&T's own Unix apps would not work well on Xenix, and AT&T were paying royalties to MS for that as well. At the end of the eighties, MS basically dropped all Unix related activities so they could concentrate (together with IBM) on what would be OS/2, but then turned out Windows NT. You know the rest of the story.

But now, MS claims it wants to integrate Windows Server better with Unix and needs to license the Unix code so that it can optimize the MS interoperability products called Windows Services for Unix. Hmmm. Right.

This gadgetry is now in V3.0, and basically is a set of different components that bridge the gap between Windows- and Unix-based systems running in the same network. It includes file sharing, remote access and admin, password synch, common directory management, a common set of utilities and a shell.

The Linux community has vehemently denied that SCO has any rights at all, and said the infringement claims have no merit. But last week, SCO also notified all Fortune 1000 and the 500 largest global companies that Linux is an unauthorized derivative of Unix and that using it may involve them in a "legal liability." Whoa Nellie, now we're talking big bucks.

Well, from my perspective this is a very crafty move on MS's part. MS can legitimately claim it is a normal attempt to honor SCO's copyrights. But if you read between the lines, you could see that MS is rewarding and supporting SCO for attacking Linux. I think the term applicable here is 'plausible deniability'? [grin]

Will Microsoft Drop Out of the Server-Software Market?

Interesting article at the AnalystViews site. The title of this article may sound like a weird question. Windows, after all, is shipped on more than 40 percent of all new servers, and MS' Server Platform group revenue continues to grow at 16 percent per year. In fact, it is the only one of the five divisions outside of MS's core desktop software (client OS and Office) groups to be operating at a profit. The company is also preparing a flurry of major new server releases, including Windows Server 2003 as well as new versions of Exchange and SQL Server. So, there are absolutely no indications that Microsoft is preparing to beat a retreat from the server market. But, when one takes the long view-?as Microsoft always does?-the signs are a bit more ambiguous. Why? Read the article here:

MS's Report Card

Though IT managers and administrators are still upset about licensing policies and upgrade cycles, they are generally more upbeat about quality, security and product support than they were in 2002. W2K Server is the top-rated product this year; Windows XP wins first place for most-improved.

Some other highlights:

  • One-third of all respondents say they will deploy Windows Server 2003 within 12 months.
  • Active Directory is mainstream. Roughly 60 percent of survey respondents have already deployed it; half of the remaining 40 percent will roll it out within a year. The biggest AD benefit cited by users is desktop management.
  • Linux is on the radar screen big-time. More than half of those polled say they are looking at Linux on the server more seriously today than one year ago.
  • Microsoft certification continues to lose its luster. Only a quarter of respondents say it is important to their career. Four out of ten say it's less important than it has been in the past.
The full story is over at the SearchWin2000 site:

Microsoft Looks Beyond Windows With Datacenter Plan

Microsoft hopes its initiative for simplifying the management of datacenters will play with Unix and Linux as well as with Windows. Redmond plans to open up its nascent architecture for datacenters, called SDM (system definition model), so that servers running operating systems other than Windows can be part of a datacenter that employs the Microsoft technology. Full story at InfoWorld:


MS and Symantec Differ On Anti-spam Efforts

Microsoft wants a multifaceted approach involving legislation, increased enforcement and industry self-regulation; Symantec has called for a more incremental effort. Article at ComputerWorld:

iHateSpam Server Edition First Customer Results

Here are some first customers that have the product and their first impressions of iHateSpam Server in an Exchange production environment. There are 80 purchased installations up and running now in less than 3 weeks.

"Thanks for the note... it is downloaded, installed and running. So far it seems to be doing a pretty good job. I've only read the preliminary documentation, but I'll say, so far, so good. Thanks for asking, that's a pleasant switch for a software company! I'll let you know if I have any problems or questions. Have a great day!"

"This product is awesome. We have been using [name omitted] and it is not very effective for us. I would wake up to 50 new SPAM messages a morning. My CEO would see over 100 every morning. I installed the trial version last night and I woke up to ZERO, that's right ZERO SPAM messages in my inbox. In the quarantine, I had ZERO false positives. All of this with no configuration whatsoever! So, how much does this cost for a 50 user Exchange 2000 installation? Will this product be ready for Exchange 2003?"

"I am still very pleased with the product. I think I'm down to getting just 4 or 5 spams daily in my Inbox as opposed to 50. I have 830 items in my Blacklist and only 1 in my white list. I think that speaks volumes for how accurate your software is."

"I have noticed that I spend less time sorting my Inbox when I come into work, and that makes me more efficient and progressive in my job. I also had a user yesterday that told me she did not get 1 spam all day. The overall feedback with our users is positive."

"I took the test. Bob bombed my inbox with the 880 messages, on our "out-of-the-box" installation. I watched the network traffic lights glow a little brighter as the bursts came through. The results? Out of the 880 messages, there were a total of 11 that made it through to my Inbox. (actually 13, but 2 were supposedly legitimate). I am sure with a little tweaking on our end, we can get that number down to less than that. Awesome job Sunbelt. Kudos to the team!"

"The changes to the thresholds have really helped. The worse day we have had was 27 out of 30, or about 90%, of SPAM gets filtered. We have also gotten a few false-positives, so I figure that is about where it needs to be (grin). The "norm" seems to be better than 29 of 30 get filtered (which is better than a 97% filter rate). We haven't gotten down to 1% overall, although there have been a few individual days that have made that number! It is going well - I am really enjoying the filtering level we are getting. Especially when we look at how little setup it takes."

Want to try this on your own production systems and become the anti-spam hero within an hour? Download the iHateSpam Server version here. Check out the Spam Sucks T-shirt and Mug when you are there. Full Fledged, no limits 30-day eval:

Nevada Hospital Hacked by Russian Mafia

Last month the Associated Press reported a hacker attack against William Bee Ririe Hospital, a 40 bed facility in the small town of Ely, Nevada. The hospital IT administrator states that the system's security system normally prevents 40-60 electronic attacks per day.

So what makes this attack so special?

Two employees, ignoring established security policy, downloaded a game from the Internet and installed it on a hospital PC. They didn't know the game included a Trojan horse used by the Russian mafia to steal network data. Not only that, the program used the Arab Web site of Al Jazeerah as a conduit, creating the appearance that this was a terrorist action. While they didn't access payroll records, the attack may have accessed employee Social Security and bank information.

The system administrator was suspicious of a problem only when, at 6a.m., he noticed an active connection through the emergency room to the payroll office. He knew no one was in the payroll office. To stop the program, the admin had to run to the active machine and physically unplug it.

There are lots of morals to this story, including;

  1. No one is too small or remote to be the victim of an attack.
  2. Your greatest security risk may be your own employees.
  3. Firewalls and Anti-virus aren't enough to protect you.
What these two employees downloaded was spyware. It's used by hackers to secretly invade networks and hunt for data to send to third parties who will use it for their own purposes. The firewall didn't stop it. Anti-virus didn't stop it. And security policy didn't stop it.

What if this had been a big city hospital with thousands of beds? Who knows how long the connection may have remained open and how much data may have been stolen!

No matter where you, are or how big you are, you need strong security to protect your network from being compromised. Policy was in place, but it's only as good as the people who follow it. You need more. You need anti-spyware to detect Trojan horses, key loggers, password crackers, and others, and prevent them from secretly opening a backdoor to your network.

The best anti-spyware on the market is PestPatrol. Deploy it on your network to fill the security gap left by patch management, firewalls, intrusion detection, and anti-virus. You can try a free download of the corporate version, or order directly:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Seen the Matrix Reloaded? Trinity is using the NMAP hacking exploit!

  • http://www.w2knews.com/rd/rd.cfm?id=030526FA-NMAP
  • Want a coat just like Neo's? Order it in Nepal:

  • http://www.w2knews.com/rd/rd.cfm?id=030526FA-Matrix_Coat
  • Want to see what a whole lot of press had to say about the movie? And not one of them got it right. It's about software:

  • http://www.w2knews.com/rd/rd.cfm?id=030526FA-Matrix_Reviews
  • Why is this movie about software? Read the discussion between Neo and The Architect here. We're at V6.0 and he's still debugging:

  • http://www.w2knews.com/rd/rd.cfm?id=030526FA-Discussion
  • Need to scan the world's news media for a certain topic? This site in the UK is good!

  • http://www.w2knews.com/rd/rd.cfm?id=030526FA-News_Media
  • Here are the complete plans to build a robot from a 3 1/2 floppy drive:

  • http://www.w2knews.com/rd/rd.cfm?id=030526FA-Robot
  • And here is someone that built an Xbox running Linux into his car:

  • http://www.w2knews.com/rd/rd.cfm?id=030526FA-Car_XBOX
  • And what is the best selling too for disaster recovery?

  • http://www.sunbelt-software.com/product.cfm?id=111
  • The Dialectizer: Convert English text to any of several comic dialects:

  • http://www.w2knews.com/rd/rd.cfm?id=030526FA-Dialectizer

    Lower Your Windows Storage TCO

    How much could you save *right now* by eliminating junk and duplicate data? Do you want to plan more effectively for server consolidation or storage deployments? Get out of reactive mode! Register for your FREE Windows Storage Utilization Review and get answers before you spend another cent. Forecast storage demands and delay new storage expenses until you're really ready to purchase. The Storage Review is a limited time offer, so register today!