- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jun 9, 2003 (Vol. 8, #23 - Issue #429)
Tech.Ed News Storm
  This issue of W2Knews™ contains:
    • Tech.Ed News Storm
    • Show News Roundup
    • Did You Survive An MCSE Boot Camp?
    • Redmond Details Exchange Server 2003
    • A Sneak Peak at Microsoft's 70-290 Exam
    • iHateSpam Client: PC World's World Class 2003 Award
    • Case Study: Cornell University deploys iHateSpam Server
    • BUG BEAR.B and Layered Security - Now More Than Ever
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Amazon iHateSpam Give-away Special Ends June 14
  SPONSOR: Panda
You Deserve Complimentary Protection At Home!
Tired of spending up to $50 on AV and firewall licenses every
year for each machine in your home? Qualify on our industry perks
program and never pay again! (Cover all of your home machines too
? for no charge.). You'll get Panda Software's professional AV +
firewall, the one that catches More Viruses, Faster?, even on
machines you thought were protected!
(Limited time, US-only program for qualified entrants only.)
Visit Panda for more information.

Tech.Ed News Storm

There is a tre-MEN-dous amount of news this week, so I'm going to keep the Editor's corner short. Keep in mind we have a really big security survey going and we'd like your input. The results will show where MS' perceived security really is at in the trenches!

I'm going to use the Tech Briefing for a news roundup, just giving you all the highlights to keep you up to date.

First things first though. If you could not make it to Tech.Ed, (and the combined MS-Exchange Show) Microsoft made a catalog available with all the current tools for Exchange. You do not have to pay for the catalog, only for the shipping. This is a 250-page book you definitely want to have. Here is where you can order the new Exchange Partner Directory:

Quote Of The Day:

  • Always tell the truth, then you won't have to try to remember what you said. Corollary: The truth is the best lie.

    PS: Our refer-a-friend program ends this June with a really GREAT prize. Check out this netsurfer chair!

    If you're already a subscriber to W2Knews go to your profile and refer your friends to give you and them a chance at winning the NetSurfer Chair:
    My Profile

    Warm regards,
    Stu Sjouwerman (email me with feedback: [email protected])

  •   SPONSOR: Double-Take
    "Winner of Security Magazine 2003 Best Buy Award". Double-Take has
    been reviewed for the SC Magazine June 2003 issue, and the product
    did very well. It was awarded an overall 5 Star rating and the SC
    Best Buy award with a verdict of "...very useful and complete data
    recovery system..." Sold more than all other High-Availability tools
    combined. It is even certified for W2K Datacenter. No other HA tool
    is. How it works? "Server A goes down--Server B takes over". Get
    the eval copy here, this is your ultimate job-security:
    Visit Double-Take for more information.

    Show News Roundup

    • Exchange Server 2003 RC1 Released: The former "Titanium" has a bunch of enhanced deployment tools to get you from Exchange 5.5 to E2K3 while maintaining high availability. Also, you can get E2K3 in two editions: Standard and Enterprise. Surprise: RC1 was designed for W2K3, but will run fine on W2K. You can roll out E2K3 in stages and supposedly coexist with E2K and 5.5. Nice detail: You can use Standard as a front-end to deploy Outlook Web Access, and you do not have to shell out moolah for Enterprise.
    • MS announced they are going to spend 2 cool Billions (yes, that is a "B") in their fiscal year (starts July) on both programs for developers and key products. Some areas that will benefit from the investment are security, directory, application schema, management and general Windows Server System family architecture.
    • SQL Server Reporting Services are expected to ship end 2003 What is it? An app on the server that hopes to increase business insight by providing real-time information "from any data source to any device". Could be cool. Let's wait and see.
    • They finally admitted it. Patch Management is broken. They will cut down its confusing batch of patch management tools from eight to two by the end of the year, according to the Redmond's chief security strategist. Scott Charney put it simply, "patch management is broken." He then promised to repair the damage and ease the headache of patch management. I'll believe it when I see it. Don't want to wait for MS? Here is a link to UpdateEXPERT:
    • The web browser that ships with 2003 (supposedly the most secure ever, just showed two serious bugs that were also in IE 5.01, 5.5, 6.0 and 6.0 for W2K3. Check their bulletin MS03020.
    • MS just shipped AD-Lite last Wednesday. This is the first public beta and they say it will go RTM end of the month. It's technically called Active Directory Application Mode (ADAM) and it's designed to be a stand-alone version of AD, but dedicated to a single app, and maintained separate from your core AD. It's based on LDAP and an alternative to the standard full install AD.
    • MS also introduced Windows Storage Server 2003- the successor to its popular Windows Powered NAS product. OEMs like HP, EMS and Dell are lining up to license and release the latest version at the same time that MS does, late September 2003.
    • Yukon, the next version of SQL Server is delayed. You will not get it in your hands until second half of 2004.
    • Redmondians announced Security Certs! Here they are: Microsoft Certified Systems Administrator, Security on Microsoft W2K, and Microsoft Certified Systems Engineer. The company will build the Security certs on top of the MCSA and MCSE credentials. Here is a story about it in ComputerWorld:
    And last but not least, if you could not make it to Tech.Ed, but want to know what was said at the keynote speech: Here is the link to the MS PressPass site that has the whole thing:

    Did You Survive An MCSE Boot Camp?

    With sponsorship from Certification Magazine (www.certmag.com), contributing editor and regular columnist (and occasional Sunbelt Software newsletter contributor and Cert Guru) Ed Tittel has prepared a survey for IT professionals interested in that intensive form of certification training often called the "boot camp."

    The results of this survey will supply the focus for a feature story on boot camps in the September issue of Certification Magazine. All interested IT professionals--especially those who've attended one or more boot camps--are invited to take this survey at:

    Three winners will be selected from the pool of people surveyed who also supply an e-mail address; winners can select 3-5 titles of their choice from Tittel's and Certification Magazine's extensive collection of IT and certification books. Please help Ed out with his "Bootcamp Survivor" stories and take this survey:

      NT/2000 RELATED NEWS

    Redmond Details Exchange Server 2003

    At Tech.Ed, they provided more details on Exchange Server 2003, as it made Release Candidate 1 (RC1) widely available last Monday. Everyone that wanted one, could get the CD at the MS booth. The InfoWorld site has a good story about it:

    Not at TechEd? You can also download it here. You need a fat pipe:

    What is new in Titanium?

    A Sneak Peak at Microsoft's 70-290 Exam

    This is Part One of an article about MS's new 70-290 and 70-291.

    Are you ready for the new Windows Server 2003 exams? Microsoft has put exams 70-290 and 70-291 into beta from June 4, 2003 - June 15, 2003. In a move designed to dramatically reduce the number of beta exams given and increase the quality control of the beta process, beta exam takers were required to obtain an individually identifying voucher from Microsoft for the beta exams. If you haven't already gotten your vouchers for exams 70-290 and 70-291 (and 70-293 and 70-294 for that matter), then you will have to wait until the exams go live later this summer. With that out of the way, let's take a brief look at the first two exams and see what they hold in store for you.

    First off, I would like to thank Microsoft for getting the Windows Server 2003 exams right! The question style and format of the new exams is absolutely outstanding and I was not able to find a single grammatical or technical error in either of the first two exams. New to many exam takers will be the introduction of new ways of getting you to demonstrate your knowledge--at least for "implementing" exams. You will be presented with the following question types during your exam experience:

    • Standard question and answer with single and multiple answer selections required.
    • Drop and drag (similar to how the Windows 2000 design exams worked) where you may be asked to place items such as IP addresses, subnet masks, services or applications in the correct location on a provided diagram.
    • Dialog box configuration--where you will actually need to know what options to select and what information to supply in order to achieve the results required by the question at hand.
    I was also very happy to see how closely my exams actually matched the objectives that Microsoft has posted online at:

    When preparing for your Windows Server 2003 exams, ensure that you do so by using the posted objectives and be sure to check the objectives up until the time that you actually take the test--Microsoft has been known to perform minor objective modifications in the period between the beta exam conclusion and the public availability of the live exam. Next week: The 70-291 Exam.

    By: Will Schmied, BSET, MCSE, CWNA, TICSA, MCSA, Security+, A+, N+ Area 51 Partners, Inc. www.area51partners.com


    iHateSpam Client: PC World's World Class 2003 Award

    This is no small deal. It basically means the client edition is the best anti-spam tool they could find. See the review at:

    Oh yeah, remember to read the Product Of The Week section below, as you can get your hands on the client copy via Amazon, gratis.

    And if you want to check out the other "Gear of the Year", here is your complete guide to 50+ hardware, software, and service winners--including today's number one product:

    Case Study: Cornell University deploys iHateSpam Server

    The Cornell University Computer Science department consists of 300 professors, staff, and students, all receiving email via Microsoft Exchange mail servers. Most of the department reads their mail in Outlook, but incoming mail for some department members is routed from Exchange to UNIX servers and read in Pine.

    The amount of spam hitting the department servers gradually mounted to the point where action was required. "Our users in the department were being inundated, as everybody is, with this garbage," said William Holmes, IT Area Manager for the Computer Science department. "When you came into the office in the morning and opened up Outlook, you were looking forward to spending half an hour finding the mail you wanted and tossing out the rest. It's such a horrific problem ? it's wasting a huge amount of everyone's time." The full case study is in PDF format over here:

    BUG BEAR.B and Layered Security - Now More Than Ever

    A Virus a Week. Fizzer, Palyh... and now Bug bear. version B, a biggie. On Friday, Panda Software estimated that over 400K computer workstations could be affected by this one.

    As reported by Panda's labs in Spain, "23% of computers around the world are currently infected, a percentage which is double that normally registered... In less than 24 hours, Bug bear.B has infected more computers than Klez did during the whole of May." (More on this below.)

    Virus manufacturers are having varying degrees of success with this one, and this is my point: invest in Layered Security, because any one brand is going to miss the occasional virus or fail to update quickly enough.

    So it makes prudent sense to interleave AV vendors in your stack. Make sure you don't have an "artesian well" all the way from your gateway to your desktops. Just add Perimeter Scan, Exchange AV or an AV Appliance from someone like Panda. Drop it in - buy some peace of mind.

    Speaking of Panda, they're buying market share with some screaming deals, call 1-888-303-4974 or email [email protected] and tell them Stu said to... bend over backwards for you. Especially EDU - did I hear your budgets were tight?

    And, once again, they're giving away full licenses of their pro Platinum AV + Firewall at no charge to W2Knews subscribers, for your personal use. Don't delay, the deal won't last (US only). You can even get multiple copies for your home office, if you ask:

    The Bug Bear.B Story

    Here's the Bug bear story as told by Patrick Hinojosa, CTO at Panda USA (Panda has some good resources at http://www.pandasoftware.com.)

    "In early Sep 2002 the original Bug bear was released. It was an e-mail worm that took advantage of the Iframe Exploit vulnerability. Mainly, it disabled some AV and firewall programs. AV programs were able to control this one with standard signature based scanning.

    "Fast forward to the present. Bug bear's author improved on the original to make detection much more difficult. Version B uses polymorphism (constant modification) so that only the most advanced AV scanners can consistently detect this menace. It also includes a key logging program with a trojan capability so that someone can retrieve the data gathered. But mainly, polymorphism is achieved through encryption. This technique causes the file to change every time it is run or replicates, making it difficult for standard AV programs to get a match using signature file based scanning. Panda Software uses a special technology that allows its antivirus engine to effectively detect polymorphic viruses. This system, called Generic Decryption Engine or GDE, decrypts polymorphic viruses, making it possible to detect them.

    Polymorphic Virus Protection Backgrounder

    Before a polymorphic virus can be decrypted, it must first be run, and running a virus on a computer results in infection. Obviously this isn't a viable approach to use while trying to protect a system. To keep the system clean and at the same time reliably detect this type of malware, Panda Software developed an emulator, which simulates the virus being run, in a special secure zone in the memory of the computer. As soon as the virus has been decrypted, the antivirus engine will be able to find the sequence of bytes that identifies the virus, or in other words, detect it. For the sake of performance, this process must be completed in real time without the user being aware of the extremely complex task that the antivirus is carrying out in order to detect the virus.


    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Hacker Takes a Crack at TiVo. I admit I'm biased as I own one!

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-TIVO
  • The worst of all the Internet black holes? (RBL's):

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-RBLs
  • System Administrator Appreciation Day Friday - July 25th, 2003:

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-SysAdminDay
  • The 3rd Annual Nigerian EMail Conference. [Humor]:

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-Conference
  • This guy is building a homemade cruise missile and has been featured everywhere in the last couple of days (CNN, etc., etc.):

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-CruiseMissile
  • What IT companies are people complaining about the loudest?

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-Complaints
  • Critics say NO to "challenge-response" anti-spam system:

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-Critics
  • Hmmmm, looks like I'm in good company? Yours truly quoted in an article at MSNBC: The anatomy of a P3nis Pill Swindle: [grin]

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-Stu
  • MS is preparing its SPOT information service. Get your Dick Tracy watch ready!

  • http://www.w2knews.com/rd/rd.cfm?id=030609FA-SPOT

    Amazon iHateSpam Give-away Special Ends June 14

    Time is running out. Amazon.com is running a special and literally gives away the full boxed client version of iHateSpam. Actually, when you send in the rebate coupon you even make a buck. But this offer ENDS JUNE 14, so you have to be quick to benefit from it. We created a link to the rebate coupon on this page. Print it, fill it out, and send it in. A great gift for either yourself or someone else who hates spam. Be quick: