- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 8, 2003 (Vol. 8, #36 - Issue #442)
[email protected] Blocking Methods
  This issue of W2Knews™ contains:
    • Spam Blocking Methods: Which is Best?
    • Rights Management Finally Becoming a Reality
    • URLScan: No Longer Needed?
    • SMS 2003 Soon to Go Gold
    • Patch Management Webcast from Microsoft
    • Business Plans for Microsoft's "Magnificent Seven"
    • New Certification Exam for Small Business Server Pros
    • Another Critical Flaw Discovered in Office
    • St. Bernard Software: Patching is more than a Technology Issue
    • Print Manager Plus Saves You Money by Tracking and Controlling Printer Usage
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Extremely Low-Cost Packet Sniffer: LanHound
  SPONSOR: ScriptLogic
NEW ScriptLogic Version 5.0 Now Available
Reduce help desk support calls by 50%, simplify desktop administration,
eliminate redundant tasks and reduce other time-consuming activities
- without writing or debugging a single line of code!
  • NEW - Supports Windows Server 2003, Office 2003, Outlook 2003
  • NEW - Enhanced performance  NEW - Multi-threaded and COM
  • NEW - 'Friendly' labels for network drives...And Much More
  • Check out all the new features and DOWNLOAD a 45 day trial verison.
    T-shirt offer is available to US residents only.
    Visit ScriptLogic for more information.

    Spam Blocking Methods: Which is Best?

    In a recent post from Slashdot, ariehk writes "As of today, Osirusoft, distributer of the SPEWS and open relay blocklists, among others, is no longer operational. Servers using these lists (including the FTC) are currently rejecting ALL email. This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft, SPEWS and others, resulting in both sites being down. This has caused much discussion on n.a.n-a.e, including the suggestion that the attack is somehow related to the SoBig worm. The spammers must be hurting if they can devote these kinds of resources to attacking blacklists."

    Ouch! If you were one of many companies using one of these blacklists, we feel your pain. Spam is, for many individual Internet users and businesses, high on the list of biggest annoyances these days. Consequently, a number of different methods have been developed to try to cut down on the amount of unsolicited advertising that reaches users' mailboxes. There are software programs to block spam at the ISP level, at the internal mail server, or at the client machine. The challenge is in determining exactly what mail is spam - probably the second most frequent spam-related annoyance is that of "false positives," when the filtering software filters out mail that you do want to receive.

    Different software programs have different ways of doing this. Some flag key words in the subject line or content, while others rely on blacklists (or blocklists) that contain the IP addresses and/or domain names of suspected or verified spammers. Services such as SPEWS compile these lists and distribute them, saving admins the time and effort of putting together their own. However, one of the problems inherent in using a blacklist service is that it's vulnerable to attacks such as the one discussed above. Another is the fact that no one really knows exactly what criteria is used to build the lists, and innocent non-spammers end up getting blacklisted.

    That's why we believe user-controlled spam filtering software, such as Sunbelt's iHateSpam, offers a better solution. You get all the same convenience and ease of use, without the problems and vulnerabilities. The Outlook/OE version of iHateSpam uses sophisticated analysis technology to determine whether a particular message is likely to be spam and quarantining those that come up suspicious. But mail sent by people who are in your address book will always get through - eliminating one of the most frustrating problems associated with spam filtering. The Server Edition is designed for Exchange/Active Directory and uses policy based filtering with parameters that you can fine tune. Why leave the decisions in someone else's hands when you can achieve better results using a robust spam busting software package that leaves you in control?

    Here's what IHateSpam user Michael J. Stone has to say: "Honestly I was skeptical at first. I reluctantly uninstalled GFI Mail Essentials, which I was quite happy with at the time, and installed iHateSpam. I now see the ease with which individual users can control messages they want to receive, by just dragging and dropping. The reporting feature has also won me over. I can see which addresses are really getting hammered. Just wanted to let you know that I'm now a true believer!"

    I find the great thing in this world is not so much where we stand, as in what direction we are moving.
    - Oliver Wendell Holmes (1809-1894)

    Warm regards,

    Stu Sjouwerman (email me with feedback: [email protected])

      SPONSOR: DoubleTake
    New surveys show: Disaster Recovery and Security are #1 priority!
    This means you have to have a tested plan and reliable tools in
    place for the moment your site goes down. DOUBLE-TAKE is that tool.
    Sold more than all other High-Availability tools combined. It is
    even certified for W2K Datacenter. No other HA tool is. How it
    works? "Server A goes down--Server B takes over". Get the eval
    copy here, this is your ultimate job-security:
    Visit DoubleTake for more information.

    Rights Management Finally Becoming a Reality

    Those of us who create copyrighted and/or sensitive content have been looking forward to the release of Microsoft's Windows Rights Management Services (RMS) software that will run on Windows Server 2003 and integrate with Office 2003's Information Rights Management (IRM) feature. This is a solution that will let you share protected documents with others but retain control over their ability to copy and redistribute those documents, or even set a date on which their access to the document will expire.

    Microsoft took a step forward last Tuesday when they put the rights management client software up on their download web site at:

    It runs on Windows 2000 (with SP3), XP, Server 2003, ME and W98 SE (the last two must have the Active Directory Client extension, DSClient, installed for full functionality).

    For more info on RMS, see the white paper titled Microsoft Rights Management Solutions for the Enterprise: Persistent Policy Expression and Enforcement for Digital Information, at:

    URLScan: No Longer Needed?

    URLScan is a familiar tool to web server administrators running IIS 4 and 5. It's a security tool from Microsoft that lets you restrict and define what kind of HTTP requests are processed by IIS. You can block specific request types, an important element of securing your web servers and protecting them from attack. If you run either of these versions of IIS, you'll find URLScan to be invaluable, and you can download it at:

    But what if you've upgraded to Server 2003 and IIS 6.0? Do you still need URLScan, or will IIS 6.0's new security enhancements do away with the need for this venerable utility? Here's a good article that compares the features of URLScan to IIS 6.0's security features and helps you to answer that question:

    SMS 2003 Soon to Go Gold

    Systems Management Server is Microsoft's change and configuration management package for Windows clients and servers, used by many enterprise level businesses for asset management, software distribution, remote troubleshooting and more. The next version, SMS 2003, is expected to be released to manufacturing sometime prior to November 11th, when it is scheduled to debut during the Microsoft IT Forum 2003 in Denmark.

    The new version of SMS promises better support for mobile users, better ability to track application usage, integration with Active Directory and simplified administration.

      NT/2000 RELATED NEWS

    Patch Management Webcast from Microsoft

    We've been hitting hard on the issues related to patch management recently, because it's a topic that's of vital importance to anyone who's responsible for maintaining a secure business network. We obviously aren't the only ones who think so. On August 28th, Microsoft's Senior Technology Specialist Mark Mortimore held a live webcast on TechNet addressing this problem and outlining Microsoft's long term plans for simplifying the patching process. According to Mortimore, enhanced versions of both the TechNet Web Bulletin security page and the Microsoft Business Security Analyzer (MBSA) are in the works and should be available soon. You can view a recording of the webcast at:

    Warning: it's a 14MB download, but well worth watching if patching demands have you dazed and confused.

    Business Plans for Microsoft's "Magnificent Seven"

    As those who follow the industry news know, Microsoft is divided into seven business units: Client (desktop client operating systems), Information Worker (Office, SharePoint, Project and other business productivity software), Server Platforms (server operating systems and server applications such as Exchange and SQL), Business Solutions (business management software), Home and Entertainment (consumer entertainment products such as Xbox), Mobility and Embedded (CE/Pocket PC and embedded operating systems), MSN (MSN services and web sites).

    Here's an interesting look at the business plans for each unit for fiscal year 2004, from Directions on Microsoft, a research firm that focuses on Microsoft's strategies and technology. It provides some insight into expectations for each area of the business, as the units become more autonomous and Microsoft matures as a company.

    New Certification Exam for Small Business Server Pros

    Until now, there has been no Microsoft certification exams for those who want proof of their knowledge and skill related to Small Business Server, but that's about to change. Microsoft has announced the beta of Exam 70-282, Designing, Deploying and Managing a Network Solution for a Small and Medium Sized Business, set to go later this month. The SBS exam will serve as an elective for the Server 2003 MCSE track.

    Another Critical Flaw Discovered in Office

    Users of Microsoft Office 97, 2000 and XP (2002) applications may be vulnerable to buffer overflow attacks due to a critical flaw in Visual Basic for Applications (VBA), and Microsoft put out several security alerts this week to notify customers. Patches are available to address the problem. For more information, see Security Bulletin MS03-037.


    St. Bernard Software: Patching is more than a Technology Issue

    In evaluating the latest threats to our networks, you might chalk up the success of Sobig.F to naive users clicking on attachments. However, Blaster and its many variants were preventable by installing a Microsoft patch that was released a month before the attack. This is another example of how a patch management policy can help prevent organizations from attacks.

    The success of Blaster, despite its preventability (and flawed code), is indicative of a larger problem - the widespread view of patch management as purely a function of network administration, instead of as a business critical process. In fact, St. Bernard Software, makers of the patch remediation tool UpdateEXPERT(r), openly assert that a technology solution alone isn't always enough. St. Bernard advises that an effective patch management solution should be accompanied by an executive level commitment to the patch management process. This commitment requires defined policies, established responsibilities for ensuring network security and assistive technology tools. Without this commitment, St. Bernard maintains that organizations will continue to fall victim to preventable attacks.

    SBS's UpdateEXPERT plays perfectly into a structured policy for patch management, as it gives you the tools to quickly assess patch levels throughout the network, and then deploy the necessary patches for your unique IT environment. Until virus attacks can be stopped indefinitely, patch management will continue to remain a critical business process. Get your 15 day eval right here:

    Print Manager Plus Saves You Money by Tracking and Controlling Printer Usage

    Remember the paperless office? Despite the increase in the amount of digital data, it's a concept that hasn't happened and isn't likely to happen in the near future. Printed documents are still an integral part of doing business and printing costs make up a large portion of most companies' budgets. The capital expenditure for the printer is only the beginning; it's the "hidden" costs - maintenance, toner, ink cartridges, paper and other supplies - that really add up fast.

    Although workers need to print, some of those costs could be averted by better management of printing resources. For example, some employees might be using more expensive color printers when it's not necessary.

    While companies have, for a long time, imposed tracking and even limitations on copy machine usage, many don't have any kind of controls when it comes to use of their network printers. But there is an easy, cost-effective way to keep track of who's using the printers and enforce quotas on users. Software from Software Shelf International makes it easy to do cost accounting with Print Manager Plus v5.0, which provides admins with a user- friendly console that centralizes the control of printers and lets you restrict usage, saving money in the process. It's well worth checking out if your printing budget is out of control.


    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Doing Nothing - and Doing it Well:

  • http://www.w2knews.com/rd/rd.cfm?id=030908FA-NaDa
  • Save the Servers!

  • http://www.w2knews.com/rd/rd.cfm?id=030908FA-Servers
  • IRS Loses in Court!

  • http://www.w2knews.com/rd/rd.cfm?id=030908FA-IRS
  • Don't Just Remember the Alamo - see it on Webcam:

  • http://www.w2knews.com/rd/rd.cfm?id=030908FA-Alamo
  • Word Puzzles:

  • http://www.w2knews.com/rd/rd.cfm?id=030908FA-Puzzles
  • Build your own Roller Coaster:

  • http://www.w2knews.com/rd/rd.cfm?id=030908FA-Coaster
  • Feeling smart? Join MENSA:

  • http://www.w2knews.com/rd/rd.cfm?id=030908FA-MENSA
  • Coming up soon: Talk Like a Pirate Day!

  • http://www.w2knews.com/rd/rd.cfm?id=030908FA-Pirate

    Extremely Low-Cost Packet Sniffer: LanHound

    LANHOUND has become very popular very fast. It's a great packet sniffer at extremely low cost. We asked system- and network admins who bought it what they are using it for: Slow response times: See traffic congestion quickly. Broadcast or multicast storms: Set an alarm for unusually high traffic of these types. Traffic by station: View traffic generated by each station and server to see which stations are consuming the most bandwidth. Hanging network sessions: Find who sent the last packet, and which system failed to respond. User can't logon: Capture login negotiations, retransmits and response times to determine where the problem is, and where to focus your attention. Security Lapses: Find out if users are checking POP3 email or going to FTP sites using unencrypted passwords. Duplicate IP numbers: See if there are duplicate IP addresses on a monitored segment. Try it out for yourself over here: