- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 29, 2003 (Vol. 8, #39 - Issue #445)
Good Security Tools 10 Years Away?
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Security Scanner Survey Results
  2. TECH BRIEFING
    • REVIEW: Microsoft Broadband Networking Wireless-G
    • Good Security Tools 10 Years Away?
  3. NT/2000 RELATED NEWS
    • MS Announces Beta Win XP for 64-Bit AMD Chips
    • Update on Software Update Services
  4. NT/2000 THIRD PARTY NEWS
    • What's New In iHateSpam Version 1.1?
    • Recent Windows Flaws Validate the Need For Patching Tools
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • BOOK: Incident Response
  SPONSOR: NetIQ
Active Directory Essentials eBook. Gain the technical information
you need to harness the power of Active Directory. Register now for
the FREE eBook, "Windows 2003: Active Directory Administration
Essentials," brought to you by NetIQ. Industry expert Jeremy
Moskowitz will detail best practices for deploying, implementing
and managing Active Directory in a Windows 2003 environment. Take
control of Active Directory. Download it now.
Visit NetIQ for more information.
  EDITORS CORNER

Security Scanner Survey Results

Almost 400 of you answered the survey last week, thanks a lot! First of all, a whole bunch of you are not using vulnerability scanners yet, the W2Knews survey shows 45% not using one, but the recent research by InfoWeek Magazine only counts 23% using a scanner. (The biggest reason for not using a scanner is budget and the perceived time needed to run one.)

But 80% of you like the scanner you are running, and only 11% pay per IP-range. The favored way to license scanners is per admin, well over 50% indicated this is the way they like it. The obvious biggest benefit of using one is to detect security vulnerabilities before the bad guys find them. Quite a few of you (30%) use two or more scanners which makes quite a bit of sense. Different databases and different teams compiling holes can definitely help making sure you get them all!

More about security scanners in coming issues. Let's have a look at all the news:

Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: Deploy Updates Fast
Prism Deploy installs and updates software on every local, mobile
and remote PC or laptop across your entire organization starting
today. Unlike other software deployment solutions, Prism Deploy is
easy to learn and use, is 100% reliable and delivers a return on
investment in just one or two uses. With Prism Deploy, you can
finally get software from shrink wrap to desktop in less than a
week, even a single day ? quickly, reliably, easily. Really.
Visit Deploy Updates Fast for more information.
  TECH BRIEFING

REVIEW: Microsoft Broadband Networking Wireless-G

Paul Thurrott's SuperSite for Windows just released a pretty thorough review that I think you are going to find very interesting for either home or perhaps limited office use. I'll copy the first paragraph of the review, but you need to read the rest on his site! Start quote:

"One year ago this week, Microsoft introduced its first-ever broadband networking products, a suite of hardware that includes wired and wireless networking adapters and base stations. The wireless products are based on 802.11b (Wi-Fi), still the most popular wireless technology available, with Wi-Fi access points now springing up everywhere from airports and coffee shops to shopping malls, restaurants, and even entire city blocks. 802.11b Wi-Fi has a huge weakness, however: Despite reported bandwidth of 11 Mbps, most 802.11b devices struggle along at 4-5 Mbps, fine for email, Web browsing, digital music streaming, and small amounts of file sharing, but inadequate for streaming video, fast action gaming, and heavy-duty file sharing.

Since then, the IEEE standards body has ratified the standard for 802.11g Wi-Fi (sometimes called Wireless-G), a faster wireless specification that offers throughput up to 54 Mbps (though true 22-25 Mbps speeds are more typical). At this level of performance, wireless suddenly becomes viable for virtually any home networking need, including the fast-paced, low-latency gaming requirements of Xbox owners. Embracing this faster wireless networking standard, Microsoft this week released its second generation broadband networking products, which include Wireless-G products. Let's take a look:
http://www.w2knews.com/rd/rd.cfm?id=030929TB-Broadband_Networking

Good Security Tools 10 Years Away?

The SearchSecurity Site came up with an interesting statement from the VP of Information Security at Bindview. He claimed that IT security staff need to learn how to batten down the hatches more quickly, because it doesn't look like software security will get better any time soon.

"The reality for IT security professionals for the foreseeable future is patching and preparing to deflect the next vulnerability. According to security expert Scott Blake, there is no end in sight to the invasion of worms and viruses. "I would say we are five to 10 years away from the underlying technology getting to where we can begin to stop worrying about this stuff anymore," Blake said.

Hmmm. Not sure if I agree with that, simply because I don't WANT to have to continue patching. Sigh. Rest of the article here:
http://www.w2knews.com/rd/rd.cfm?id=030929TB-Security_Tools

  NT/2000 RELATED NEWS

MS Announces Beta Win XP for 64-Bit AMD Chips

Redmond announced last week the beta availability of a native 64-bit version of its XP operating system designed to support 64-Bit Extended Systems, including platforms based on AMD64 technology.

Redmond made the announcement at AMD's launch of the AMD Athlon 64 processor in San Francisco. The code will run natively on AMD Athlon 64 processor-powered desktops and AMD Opteron processors for stuff like gaming, digital content creation and video editing.

Customers who currently have Windows XP-compatible 32-bit apps can run those applications on the 64-bit operating system. The WOW64 architecture takes advantage of the AMD64 architecture to enable compatibility with 32-bit applications without a loss of performance in nearly all cases.

"We've heard from our customers that, until now, the inability to efficiently run 32-bit applications on 64-bit systems has been a major barrier to investing in 64-bit technologies," said Chris Jones, corporate vice president for the Windows Client Division at Microsoft. "With the combination of Windows XP and the new AMD64 processors, customers can be assured of having all the computing power and memory they need, now and into the future, while still being able to run their current applications."

The beta version of Windows XP 64-Bit Edition for 64-Bit Extended Systems is available to MSDNŽ subscribers, and a final release is expected to be available in the first half of 2004. More at:
http://www.w2knews.com/rd/rd.cfm?id=030929RN-Beta_XP_64bit

Update on Software Update Services

First the good news: Like we reported in the last issue, Windows customers can now use Software Update Services -- Microsoft?s freebie patch management application -- to distribute service packs. The bad news is that the beta for a new and improved SUS has been postponed. The eagerly awaited SUS 2.0, which is due out in late 2003, will be expanded from just patching Windows to patching all products, such as Office, SQL Server and Exchange. But as always, "buyer beware." Freebies don't always get you what you need. For details, read this:
http://www.w2knews.com/rd/rd.cfm?id=030929RN-Update_Services

  THIRD PARTY NEWS

What's New In iHateSpam Version 1.1?

Here are the new features, from most requested ones on down.

  • Centralized Quarantine Mailbox
    This feature allows spam to be redirected to a different mailbox.
  • Ability to automatically delete quarantine items.
    Instead of quarantined spam building up forever you can now set it to automatically delete messages older than XX days.
  • Support for SQL7 and Access reporting, a new report viewer and reporting engine.
  • Exchange 2003 Support Added
  • Replication setup via the Management console, and automatic
  • replication of changes in clusters
  • Extended Diagnostic ability
  • Ability to mark quarantined messages as unread
  • X-Headers for non-quarantine e-mail, so you can see what score a message received.
  • Ability to mark quarantined messages as unread
PS: The Gateway version (which supports Exchange 5.5, 2000 and 2003) will be released in Q3 as promised, the beta's are doing well.

Get your copy/upgrade of the Server Version 1.1 here:
http://www.w2knews.com/rd/rd.cfm?id=030929TP-iHateSpam

Recent Windows Flaws Validate the Need For Patching Tools

September proved to a busy month for IT Managers responsible for managing Microsoft patches. No less than 6 patches were released by Microsoft in the first 10 days - two of which were branded as "critical", as they fixed severe vulnerabilities that could open up networks to MSBlaster-style attacks.

If you haven?t already installed critical patches MS03-037 and MS03-039, we recommend that you do so immediately - along with the four other less critical patches also released in September. If you?re concerned about patch interdependencies or confused about which patches are really applicable to your IT environment, you?re not alone.

This is one of the top concerns among IT admins. It's nearly impossible to manually keep up with the frequency and number of patches being released each month. Although Microsoft remains committed to improving the security of its software, in all likelihood there will always be an ambitious hacker that finds a way in. This dose of reality makes intelligent third-party software solutions like UpdateEXPERT highly desirable in today?s IT environment, especially over some freeware out there which may not be smart enough to do it right.

UpdateEXPERT takes the guesswork out of the patch management process. This powerful patch management and remediation tool tells you which patches are missing and then allows you to automatically deploy the patches that are relevant and compatible for your environment. You don't have to worry about waiting for the latest patches either; 95 percent of critical patches released by Microsoft are tested and added to St. Bernard?s database within 24 hours. Eval here:
http://www.w2knews.com/rd/rd.cfm?id=030929TP-UpdateExpert

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Want Faster Wireless Data Transfer? This site is a riot.

  • http://www.w2knews.com/rd/rd.cfm?id=030929FA-Wireless
  • Modified car, driving backwards thru traffic. Interesting clip, but 14Meg:

  • http://www.w2knews.com/rd/rd.cfm?id=030929FA-Backwards_Car
  • Newest Xbox controllers: Home built by a Sunbelt tech:

  • http://www.w2knews.com/rd/rd.cfm?id=030929FA-Xbox
  • Tired of complaining end-users? This Remote Control Tank will help.

  • http://www.w2knews.com/rd/rd.cfm?id=030929FA-RC_Tank
  • No, not a milkshake, check out this new "meatshake shite"! (pun intended):

  • http://www.w2knews.com/rd/rd.cfm?id=030929FA-Meatshake
  • Want a sneak peek of the new version of Windows, code name Longhorn? The GUI is called "Aero".

  • http://www.w2knews.com/rd/rd.cfm?id=030929FA-Longhorn
  • Cool. A Silent pump for water-cooled PCs has been developed:

  • http://www.w2knews.com/rd/rd.cfm?id=030929FA-Silent_Pump
  • The things people come up with to develop a splitting headache. Here is some one in Canada using cellophane to convert a laptop computer screen into a three-dimensional display:

  • http://www.w2knews.com/rd/rd.cfm?id=030929FA-Cellophane
      PRODUCT OF THE WEEK

    BOOK: Incident Response

    A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is happening.

    Written by FBI insiders, this updated best-seller offers a look at the legal, procedural, and technical steps of incident response and computer forensics. Including new chapters on forensic analysis and remediation, and real-world case studies, this revealing book shows how to counteract and conquer today's hack attacks.

    http://www.w2knews.com/rd/rd.cfm?id=030929FA-Incident_Response