- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 21, 2003 (Vol. 8, #29 - Issue #435)
Tech Support Salaries Rise
  This issue of W2Knews™ contains:
    • Thinking About Wireless?
    • W2Knews Via Email Or The Web?
    • MS Financials: Steady As She Goes
    • New List Server Invitations:
    • MS AV Version 2.0?
    • Doing An End Run On the Microsoft Framework?
    • Home Automation Question
    • Tech Support Salaries Rise Despite Layoffs/Cost-Cutting
    • Windows Server 2003 Gets First Patch
    • Offline Files And DFS Don't Play Well Together
    • Group Policies Gotcha
    • Personal Web Server Security
    • VPNs Are Not Enough To Stop Spyware
    • What's New in Version 5.0 of Print Manager Plus?
    • Who Changed Your AD And Group Policy Settings?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Extremely Low-Cost Packet Sniffer: LanHound
  SPONSOR: ScriptLogic
Cut Your Help Desk Support Calls by 50%
"Every once in a while a product comes along that just seems to get
the pieces right, providing both simplicity and power. ScriptLogic
fits the bill on both counts." - MCP Magazine
  • Logon, logoff and shutdown scripting
  • Install/update software packages
  • Create Outlook mail profiles
  • Create/remove shortcuts
  • Enforce security policies
    ... And Much More
  • Fully functional 45 day DOWNLOAD
    Caffeine-free Desktop Administration T-shirt offer is available to US residents only.
    Visit ScriptLogic for more information.

    Thinking About Wireless?

    Here is a way to find out more about it. Survey.com is currently conducting a survey on wireless services used in large companies. This survey is for you if you have some involvement in selecting and evaluating wireless services for your company OR monitoring trends/providing strategic vision regarding use of future technologies by your company. Taking this survey gives you an interesting look at what direction this market is going to take.

    To access the survey, please click on the following link:

    In appreciation for your time and effort, upon completion of the survey, you will be entered in a drawing to win 10 prizes of $200 each. In addition the first 100 qualified respondents will receive a $10 Amazon gift certificate. Be sure to take the survey before 2 pm EST, July 21! The survey is open to US residents only. And of course all information provided will only be used in aggregate form, and will be kept strictly confidential. To access the survey, please click on the following link:

    W2Knews Via Email Or The Web?

    Here is the new SunPoll:

    More and more people complain they are no longer receiving our newsletter via mail as they get filtered out. We're considering sending a short text reminder instead with a link to read the newsletter on our webpage, or get you the content via new web updates like RSS. (Google RSS to see what it is) How would you like that?

    • Sure! Makes no difference to me, reading it offline or online
    • Maybe. I'm still on dialup so that would cost me money
    • Noo! I want to keep receiving my W2Knews via email
    Vote here, leftmost column:

    MS Financials: Steady As She Goes

    The MS ?mammoth oil tanker? continues to move along just fine.

    Redmond in its fourth quarter (ending June 30) reported a net income of $1.92 billion, or 18 cents a share, on revenues of $8.07 billion.

    It?s interesting to look at the server platforms. The revenues in Q4 grew 17% year-over-year to $1.93 billion. There was a 24% increase in Windows Server shipments, a whopping 34% growth in SQL Server revenues and a pretty healthy 20% increase in Exchange revenues. As an aside, just because it?s cool, their Xbox sales reached a total of 9.4 million units since the intro. MS said they think their server platform will grow about 8%-12% for the full year.

    Quote Of The Day:

  • "If you're not thoroughly confused by now, then you just don't understand the situation."

    Warm regards,
    Stu Sjouwerman (email me with feedback: [email protected])

  •   SPONSOR: Verisign-The Value Of Trust
    Secure your servers with 128-bit SSL encryption! Grab your copy
    of VeriSign's FREE Guide, "Securing Your Web site for Business,"
    and you'll learn everything you need to know about using 128-bit
    SSL to encrypt your e-commerce transactions, secure your corporate
    intranets and authenticate your Web sites. 128-bit SSL is serious
    security for your online business. Get it now!
    Visit Verisign-The Value Of Trust for more information.

    New List Server Invitations:

    Wireless LANs
    Sunbelt Software hosts this list to invite the free and open discussion of Wireless Local Area Network (WLAN) issues. This list is intended to be a forum to discuss how to keep WLANs operational and secure in a home or production environment.

    iHateSpam Server Edition
    Sunbelt Software hosts this list to invite the free and open discussion of our own iHateSpam Server Edition (iHS SE) for Microsoft's Exchange Server. This list is intended to be a forum to discuss how to install, configure and maintain iHS SE in a production environment.

    Sunbelt Software hosts this list to invite the free and open discussion of consulting in a Microsoft environment. This list is intended to be a forum to discuss how to get consulting jobs, how to handle these gigs, network with other consultants and exchange experiences.

    And last but not least, (has been operating for a year now)

    Active Directory
    Sunbelt Software hosts this list to invite the free and open discussion of Microsoft Active Directory Administration Issues. This list is intended to be a forum to discuss how to keep AD up & running in a production environment, and as help to pass the Certification Exams that have AD-related topics.

    PS, All lists are down Sunday mornings for weekly maintenance. Subscribe here:

    MS AV Version 2.0?

    Remember back in 1993, when Microsoft bundled a stripped-down version of Central Point anti-virus with DOS 6? That was a failure, with virus-catching rates reportedly in the 50% range.

    Ten years later, they're back! We asked you recently what you thought. You can check the results of our "unscientific" SunPoll here: http://www.sunbelt-software.com/sunpoll.cfm?id=66

    The results are clear: you agree that Microsoft is just building out more OS infrastructure. Plus, you're not about to buy AV from MS. Right again - for now. I'll explain.

    Anti Virus as Content
    Established AV vendors took a stock price hit on MS's announcement. They built infrastructure that Microsoft is replacing. Security Supersite's Larry Seltzer remarks: "If every Windows desktop had antivirus protection and definition updates were built into Automatic Updates, it would mark a serious improvement to the overall security of what Microsoft likes to call the "ecosystem," even if the protection were all to come from one vendor."

    In other words, someday soon you may think of Symantec, McAfee, Trend Micro and Panda as content providers. Content Providers? Panda?? Sure, as analyst Robert Deane of the(451) put it, "by not allocating enormous resources to building its own infra- structure, Panda may be leveling playing field as it competes against AV market leaders that have already spent millions of dollars on proprietary systems."

    It's all About the Viruses
    This eventual repositioning as content providers won't be good for the Big Three AV companies, and it will help the smaller players, who often catch viruses the big guys don't. Odds are you'll find viruses even on a fully-protected machine. Don't believe it? Take up Panda on their free software offer at

    You'll win in the process; because if it's designed right, Microsoft's framework will let you add multiple AV engines to your defenses, a security Best Practice (See our Layered Defense article in last week's issue)

    The Other Shoe Drops
    Microsoft will no doubt want to sell its own virus updates with the framework. Fully 18 months ago, John Dvorak accurately predicted this announcement, and went on to say: "What is important is the underlying reason for all this-and it's not computer security. Microsoft wants people to get used to the idea of 24/7 online connections to Microsoft."

    He's probably right. Over time, users and managers will leave the default MS AV engine in place. Now you might supplement that protection, but now it's a lot like buying ads in the Yellow Pages: the leading edition gets the lion's share, and MS AV will own the leading edition.

    It will take time, but it will happen. That means that over the next few years, we'll see a shakeout in what we will come to think as supplemental virus protection providers. Inevitable exploits by hackers against standardized Microsoft AV defenses will offset that trend, and smart people will always maintain Layered Security. You'll always stay smart, right?

    Doing An End Run On the Microsoft Framework?

    Exclusive to W2Knews: Panda Software has launched limited beta testing of its new Antivirus ASP, a hosted solution which features browser-based thin console, remote deployment and an ActiveX client on desktops and servers. This is one way to avoid buying into the new framework.

    To find out more and sign up as a beta tester, click here:

    I'd love to hear your thoughts on this concept.

    Home Automation Question

    Q: I was just wondering if you are happy with your selection of the HA Omni II Pro system you installed in your house. I remember reading about your selection at the time you were installing it, but I was wondering if you are happy with it now that you have had a chance to "play" with it for a while. I just built and have pre-wired everything, and now it's time to choose the brain box. I was contemplating the same unit, so I'd be interested to hear if you are happy with it.

    A: Extremely satisfied. One of the best (if not THE best component of the whole project now that I'm here for a year. The OmniPro saved our sweet behinds quite a few times already. A MUST BUY. (and I'm not giving those recommendations lightly) Even CompUSA is getting on board with selling HA products. The HA Omni II Pro website: http://www.homeauto.com

    Tech Support Salaries Rise Despite Layoffs/Cost-Cutting

    The Association of Support Professionals has released its eighth annual Technical Support Salary Survey, which reflects compensation data supplied by 206 participating support organizations with a total of more than 37,000 support employees. Despite difficult economic times, the survey found that median support pay actually rose by 4%-10% in the seven job categories that the survey tracks.

    The most impressive pay gains showed up among support executives, managers, and senior professionals. Although entry-level support reps and customer service employees saw some pay gains in the last year, those raises were relatively modest.

    According to the report, "It's likely that the recent gains in support pay are primarily the result of a kind of 'survival of the fittest' shakeout in the job market. Most of the reductions in support headcount have taken place among employees with the poorest skills and least experience. The survivors tend to be the best performers--who also tend to be the best paid support employees."

    Here's how support employees fared in the 2003 survey's seven major job categories (salaries are medians):

    Senior Support Executive
    2001: $100,000
    2002: $110,000
    Change: +10%

    Department Manager
    2001: $65,000
    2002: $70,000
    Change: +7.7%

    Analyst/Project Manager
    2001: $55,000
    2002: $60,000
    Change: +9.1

    Senior Support Technician
    2001: $47,000
    2002: $50,000
    Change: +6.4%

    Field Support Technician
    2001: $43,000
    2002: $45,500
    Change: +5.8%

    Support Technician
    2001: $36,000
    2002: $38,000
    Change: +5.6%

    Customer Service Rep
    2001: $30,000
    2002: $31,200
    Change: +4.0%

    The ASP survey also provides more detailed compensation data for support salaries based on such variables as skill level, company revenues, support organization size, product price, and geography (California and Massachusetts).

    The Association of Support Professionals is a membership organization that publishes research reports for software tech support managers and professionals, operates a network of regional chapters, and conducts an annual competition for the "Ten Best Web Support Sites."

    Copies of the survey are free to ASP members and survey participants; non- member price is $60. For more information, visit the ASP Web site here:

      NT/2000 RELATED NEWS

    Windows Server 2003 Gets First Patch

    Windows Server 2003, the operating system Microsoft delayed for a complete security code review, got its first formal patch from Microsoft last week. But the underlying vulnerability isn't as serious for the new server operating system as it is for the raft of other Microsoft operating systems that are affected. That flaw prompted one of three security bulletins out of Redmond last week. The other two flaws were rated "important" by Microsoft. Read more:

    Offline Files And DFS Don't Play Well Together

    Contributed by Toby Everett. -- Every time I see an article regarding DFS or Offline Files, I start banging this drum. Nobody seems to acknowledge it, but I think it's important to mention that Offline Files and DFS don't play well together. It's not exactly widely disseminated by Microsoft, but Knowledge Base article Q302934 acknowledges this in passing.

    I don't know if I was responsible for this KB or not, but I complained pretty loudly about the problems with using Offline Files in conjunction with DFS in early September 2001, and the KB article is dated Sept 25th, 2001. At the time I was furious that not only were there problems, but that there was _nothing_ in the Knowledge Base acknowledging the issues. I had found a few posts on Google Groups and a few third-party web sites that hinted that there were issues. I found one entry in an ancient (I think it was dated middle of 1999) Win2K guide on Microsoft's site - I'm not finding that document anymore, but find similar text that says "If you are using Offline Folders you should not use DFS." :

    Also, I noticed that MS mentioned that in XP Pro "the Distributed Files System (DFS) and Offline Files work together . . ."

    So I called up Microsoft to verify that there were indeed problems, and the line I was given was that they weren't designed to work together, and so it wasn't a bug that they didn't work together, and so they saw no reason it should be in the Knowledge Base. I told them that it was beyond dishonest to tout these features over and over again without a) mentioning that they were mutually exclusive and b) designing the UI so that it prevented people from shooting themselves in the foot. They've addressed the second issue, but they're still doing their best to ignore the first one. I spent hours tracking down this problem, because they do sort of work together. It's just that the machine keeps randomly deciding the server isn't there, and applications that try to access the files have varying degrees of success.

    Interestingly, I did a quick search in the KB today and I noticed that Q262845 _does_ explicitly acknowledge the issue. "Offline files are not supported in Distributed File System (DFS) on Windows 2000-based computers because the correct path cannot be maintained under a Universal Naming Convention (UNC) or drive mapping." Also, "Support for the use of offline files in a DFS tree is provided in Microsoft Windows XP. Because of the nature of the problem, Microsoft could not include a fix that provides the same functionality in a Windows 2000 service pack." Interestingly, the first published date on this article is "May 12 2000 7:25AM". That said, I've searched the KB over and over again since early September 2001 and haven't seen it before, and Microsoft frequently publishes KB articles internally before it disseminates them publicly, and I suspect this is one of those cases. Hope this helps some of you.

    Group Policies Gotcha

    Jonathan Schober sent this one. Application deployment via group policy in W2k3, this is a neat "gotcha" for all of us Windows geeks. If a customer is using Group Policies to deploy apps and they no longer deploy silently, here's the solution...

    In Win2k the default selection for adding a Application for deployment was "Basic" This allowed silent installs via group policies. The other option was "Maximum" which does not allow silent installs. For 1000 points, can you guess what the default changed to in W2K3? [grin]


    Personal Web Server Security

    Many admins tend to test-drive applications for corporate use on their personal and test networks. Once passing the non-critical litmus tests, they are often selected as tools of choice in enterprise settings if they?re able to make the grade and scale accordingly. With this in mind, eEye Digital Security has launched a no-charge version of its intrusion prevention solution for Microsoft Web Servers called SecureIIS Web Server Protection.

    The Personal Edition of SecureIIS Web Server Protection is available from Sunbelt Software as a way to test the power of SecureIIS in its ability to prevent known and unknown attacks from penetrating MS web servers.

    The full edition of SecureIIS is fully supported by eEye and able to protect an unlimited number of web servers as opposed to a single site. Additionally, the full edition of SecureIIS has enterprise level management capabilities above and beyond what the Personal Edition offers. Nonetheless, SecureIIS Personal Edition offers the same level of protection against Microsoft IIS vulnerabilities as its full-featured counterpart.

    SecureIIS utilizes a user-friendly GUI and provides a sophisticated methodology to block requests at any point if it resembles one of the many types of attack patterns. SecureIIS is able to stop all classes of attack (e.g. buffer overflows, parser evasions, directory traversals, etc.) and prevent unauthorized access and/or damage to the web server. So, download this version here:

    VPNs Are Not Enough To Stop Spyware

    The weakest link in network security is often, remote access. The most widely used means of securing the connection between a remote user and the network is a Virtual Private Network (VPN). VPNs create an encrypted link between the client and network. Usually deployed along with some form of authentication, VPNs prevent unauthorized access to the network and protect data during transmission. Sounds like pretty solid security, doesn?t it? VPNs certainly defeat a hacker?s attempts at a direct connection. But is it enough to keep them out of your network?

    Most remote users routinely use their computers for personal use. Through personal email, web surfing, instant messaging, and other online activity, programs known as spyware can be invisibly loaded onto a computer without the user?s knowledge or permission. These programs silently collect data and transmit the information to third parties. For example, a key logger can be hidden inside a game or MP3. When the user opens the file, the key logger is loaded onto the computer. It will log all keystrokes on the machine and transmit that data to the hacker. Most users will never even know the program is running.

    What does this have to do with VPNs?

    Let?s say Bill Salesman finds a cute animated file on the web and wants to share it with a couple sales reps in the home office. He dials up the home office, enters his ID and password, and waits for the firewall and VPN client to establish the secure tunnel. He?s now ready to send an email to them with his little file attachment. What he doesn?t know is that the file is also hiding a key logger. The key logger is already installed on his machine. And when each of his friends opens the file, it will be installed on their machines as well. The spyware will be undetected by the firewall and anti-virus program running on the network and desktop. It will be safely sent through the tunnel and deposited inside the network, ready to transmit records of every tap of their keyboards to an anxious hacker. And since most firewalls are configured to allow all outbound requests, no mechanism will recognize a problem, sound a warning, or prevent the transmission from occurring.

    To prevent spyware from using your VPN as a channel into the network, strong security policy and employee education are essential. Personal file sharing should be prohibited. But it takes more. To provide a maximum defense against spyware requires anti-spyware both on the network and the remote clients.

    PestPatrol anti-spyware is specifically designed to detect over 70,000 recognizable pests, including hacker tools, trojan horse programs, key loggers, adware, and much more. It detects, notifies, quarantines, or cleans your system from programs designed to send data to outsiders without your knowledge or permission.

    PestPatrol is a Check Point OPSEC Partner. With the Secure Configuration Verification (SCV) interface, networks using the VPN-1 firewall can enforce PestPatrol as a policy on the remote client. Before allowing the VPN connection, SCV checks that PestPatrol is running on the remote client. If not, the connection is denied. To evaluate PestPatrol?s capabilities and find out what pests may already be hiding on your system, click on the Corporate Version download here:

    What's New in Version 5.0 of Print Manager Plus?

    With our new Version 5.0, we've added control of plotters, an administrative console for centralized service control, date and time scheduling for updating of quotas, individualized printer restrictions and much more. Vitally needed management reports have been expanded and updated with new information and a sharper, cleaner look. Additionally, the new Client Billing Module provides sophisticated account expense tracking that allows print jobs to be assigned, tracked, reported and billed to specific departments, projects or clients. Check it out over here:

    Who Changed Your AD And Group Policy Settings?

    Small Wonders Software?s Active Administrator, version 3.0 tells you Who, When and What changes were made. This new version adds to its arsenal the ability to track, in real time, changes made to Active Directory and Group Policy. Active Administrator, v3.0, expands on its exceptional Active Directory security features, logging exactly who made changes to Active Directory and notifying you via optional email alerts when any specific event is triggered. Furthermore, this latest version implemented new auditing features, informing you of Group Policy changes, including WHO changed it.

    Active Directory and Group Policy are quickly becoming key components of a corporation?s network. Inappropriate changes in either can result in weaker security and odd behavior on the client?s desktop. Auditing these changes is necessary to the health of your enterprise and will aid in passing audits such as HIPAA and GLBA.

    Active Administrator, version 3.0, audits and logs changes to users, groups, group memberships, Group Policies, computers, contacts, organizational units, and more. Be notified of any changes via an email or review/report all events which have been logged to a centralized MS SQL 2000 database. From this auditing, we can tell when a Group Policy is changed, and WHO changed it. When this trigger occurs, we create a new backup of the GPO and mark it as a new version. You can run reports on older versions and rollback if necessary.

    Active Administrator offers several features that GPMC (the MS tool) does not, such as:

    • View and report delegated permissions across your domain.
    • Search for permissions on Active Directory objects.
    • Report on the number of each class of objects in Active Directory.
    • Manage all users, groups and computers in Active Directory, regardless of OU location
    Interested in previewing Active Administrator? Download a 21-day trial version from:

    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Here is a very appropriate Dilbert strip

  • http://www.w2knews.com/rd/rd.cfm?id=030721FA-Dilbert
  • What "Pres Bush" has to say about spam. [grin]
  • This flight simulator example comes from the MacOS camp, interesting.

  • http://www.w2knews.com/rd/rd.cfm?id=030721FA-Xplane
  • Move over, Dick Tracy! MS announces the service plans for their new Smart Watches:

  • http://www.w2knews.com/rd/rd.cfm?id=030721FA-Smart_Watch
  • Some one who uses a Mac, and decided to make an Apple-like ad about it. Funny as heck. I hope this site stays up...

  • http://www.w2knews.com/rd/rd.cfm?id=030721FA-Mac
  • Network World Mag: "MS identity mgmt. announcement is puff"

  • http://www.w2knews.com/rd/rd.cfm?id=030721FA-MS_Identity
  • And here is a commercial flight simulator option, definitely the best stuff out there that isn't a $25 million dollar sim used by the airlines.

  • http://www.w2knews.com/rd/rd.cfm?id=030721FA-Flight_Sim
  • Looks like the US and Europe might combine anti-spam legistation:

  • http://www.w2knews.com/rd/rd.cfm?id=030721FA-Legislation
  • SearchWin2000 is running a Spam Survey. Interesting results already, Vote and check them out here:

  • http://www.w2knews.com/rd/rd.cfm?id=030721FA-Spam_Survey

    Extremely Low-Cost Packet Sniffer: LanHound

    LANHOUND has become very popular very fast. It's a great packet sniffer at extremely low cost. We asked system- and network admins who bought it what they are using it for: Slow response times: See traffic congestion quickly. Broadcast or multicast storms: Set an alarm for unusually high traffic of these types. Traffic by station: View traffic generated by each station and server to see which stations are consuming the most bandwidth. Hanging network sessions: Find who sent the last packet, and which system failed to respond. User can't logon: Capture login negotiations, retransmits and response times to determine where the problem is, and where to focus your attention. Security Lapses: Find out if users are checking POP3 email or going to FTP sites using unencrypted passwords. Duplicate IP numbers: See if there are duplicate IP addresses on a monitored segment. Try it out for yourself over here: