- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 2, 2004 (Vol. 9, #5 - Issue #461)
MyDoom Can Make You Into a Spammer
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Miss Out On New Version and New Product Alerts?
  2. TECH BRIEFING
    • How To Keep Up With Wireless Flavors
    • Sunbelt Community Forums - Get Help From Peers
    • Fast-Spreading MyDoom Virus Can Make You Into a Spammer
    • More Anti-worm Measures
    • US Govt Steps Into Cyber Alerts
  3. NT/2000 RELATED NEWS
    • Another Hole In IE You Can Drive A Truck Through
    • Avoiding Active Directory's Trouble Spots
    • Reader's Choice: Best Windows Books
    • Get 10 Amazon Bucks For This Survey
  4. NT/2000 THIRD PARTY NEWS
    • WebCast: Learn Why LanHound Wins Product Of Year Award!
    • New iHateSpam Server 1.5: A Customer Experience
    • Gates: "Spam Gone In Two Years." Yeah, sure.
    • Patching Policies and Procedures
    • Quest Software Buys Aelita
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • New iHateSpam V4.0 Supports Hotmail, Eudora, and more...
  SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
network?
Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda
Antivirus GateDefender 7200
(500 seats+) provide the highest
scalability with native load balancing that transparently adapts
to traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.
  EDITORS CORNER

Miss Out On New Version and New Product Alerts?

Need to stay up to date with new products and new versions? Sometimes email does not make it. It's more and more likely that it gets filtered out somewhere along the line, without your approval(!) This could cause you to miss important product updates, upgrades or bug reports. We have two new RSS-feeds that will prevent that from happening.

RSS-readers call your fave websites "channels". You can add as many channels as you like, and have all your news in one spot, and no spam with it either. So, here is a link to one of the many free RSS-readers, download and install it:
http://www.w2knews.com/rd/rd.cfm?id=040202ED-RSS_Reader

Next, add these two specialized channels for new versions and new products:
http://www.w2knews.com/rd/rd.cfm?id=040202ED-Updates
http://www.w2knews.com/rd/rd.cfm?id=040202ED-New_Products

And now, go to your other fave sites, see if there is a little orange box that has either RSS or XML in it, click on it, and there's another channel you can add! Good luck and have fun.

Quotes of the Day:
"EVERY day is a good day to die! SAY it with me!" -- Klingon Motivational Speaker
"Never trust a computer you can't throw out a window." -- Steve Wozniak

PS, check out the video in the fave links!

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Are your servers protected? Disaster Recovery is #1 priority.
New: Professional Services - A Guarantee to make it work in your
environment for a fixed price! Ask your Rep for details.
Do you have to have a tested plan and reliable tools in place for
the moment your site goes down? DOUBLE-TAKE is that tool. Sold
more than all other High-Availability tools combined.
It is even certified for W2K Datacenter. No other HA tool is.
Visit Double-Take for more information.
  TECH BRIEFING

How To Keep Up With Wireless Flavors

The number/alphabet soup is remarkably thick in the wireless world. The most popular and very successful one is the 802.11b standard for wireless high-speed data communications. The problem with it is that 802.11b has bandwidth limitations. So, we'll explore two additional standards -- 802.11a and 802.11g -- that overcome 802.11b's problem.

802.11a
802.11a can transport data at speeds of up to 54 Mbps. It operates in the higher 5 GHz frequency range. That higher speed supports the transmission of video files within the home. Another benefit is that 802.11a's higher frequency minimizes potential interference with other wireless electronic devices.

Sony's RoomLink wireless networking system is adopting this new standard. You can stream video recordings on your hard drive to your TV. The cons are: 1) WAPs are not compatible: anyone with a laptop with an embedded 802.11b chipset will not be able to talk to an 802.11a WAP. Bummer. Some manufacturers now ship access points that have dual 802.11a and b compatibility. Problem number two is that 802.11a's higher frequency limits its range: you cannot wander off as far as you used to be able to.

802.11g
The most recent flavor of 802.11 is 802.11g. This version was developed to take the best features of 802.11a and b: a's improved throughput speed and b's longer range. There are now WAP's (Wireless Access Points) that can support both the 802.11b and 802.11g standards. They will auto-negotiate between the 11 Mbps 802.11b transmissions and the 52 Mbps 802.11g transmissions.

Unfortunately, the issue with 802.11g is that it still works in the same 2.4 GHz frequency band as 802.11b. That means it has the same interference problems that 802.11b devices run into.

Coming Standards
Two new 802.11 specifications are being drafted at the moment. They hope to solve the current problems with the 802.11b/a/g spectrum. First one is 802.11e. It's trying to address quality of service problems in both voice and video data. Second is 802.11i, that one hopes to improve security of transmissions with improved client verification and authentication procedures. Don't expect any products that use these standards until late 2005.

Sunbelt Community Forums - Get Help From Peers

Did you know that Sunbelt now has 18 forums you can participate in? There is nothing like a bunch of sharp colleagues that you can ask questions, and now and then help out some one with a 'gotcha' that you got licked in your own network. The forums are free, and extremely popular. Subscribe here:
http://www.w2knews.com/rd/rd.cfm?id=040202TB-Community_Forums

Fast-Spreading MyDoom Virus Can Make You Into a Spammer

Netcraft reported on Tuesday that a fast-spreading e-mail virus appears to be using infected machines to launch a distributed denial of service attack (DDoS) on the sco.com web site. Several hours after the virus began spreading at about 9 p.m. GMT, the SCO web site was offline briefly. The virus, known variously as W32/MyDoom, [email protected] or WORM_MIMAIL.R, masquerades as a returned e-mail and attempts to disguise an attachment as a text file, similar to ones that often accompany errant e-mails.

Later, reports started to show up that it attacks the MS-site, and that it opens up a Trojan backdoor on infected machines as well. This is a nasty, nasty worm. Below is a link to the graph of the SCO site uptime. SCO Offers a bounty for the arrest and conviction of the Mydoom virus author(s), and so does Microsoft. (Both to the tune of a quarter million dollars.) This thing is mutating rapidly, and by now has infected millions of computers.

The copycat MyDoom.b stuck up its head on Wednesday and aimed at taking out Microsoft's web site as well as SCO's. MyDoom.b is a particularly nasty piece. It prevents infected machines from reaching computer support and anti-virus sites like Network Associates and Symantec. It also prevents access to Office and Windows update sites. The real target could be hidden, like mass identity theft or the need for spammers to have zombies. There may be a link to organized crime. There is no proof of that yet, but it could easily be. MyDoom could be used for harvesting credit card numbers, or bank account log-ins.

Some of your end-users (perhaps telecommuters) may have been silly enough to open these attachments, and their machines might now be infected. This could make your company into a spammer, as the backdoors seem to be used by illegal junk emailers. Worms like this might be an unintended effect of the CAN-SPAM law coming to think about it. Hmmm. MyDoom, after it was released has now caused an estimated 23 Billion in damage (still rising) and may well eclipse 2003's SoBig which caused 37 Billion of damage.

Link to SCO site uptime:
http://www.w2knews.com/rd/rd.cfm?id=040202TB-SCO

More and more it's a requirement to scan systems for malware with tools like PestPatrol:
http://www.w2knews.com/rd/rd.cfm?id=040202TB-Pest_Patrol

More Anti-worm Measures

Some subscribers sent me some more anti-worm suggestions: Here they are:

  • AV on every SERVER as well as desktop and laptop.
  • Use a content filter program and stop all executables (and scripts) from crossing your firewall.
  • Do NOT use 'insecure by default' software.
  • Use a secure web browser and mail client.
  • Prefer software diversity, avoid monoculture
  • Announce capital punishment for users that open up attachments they did not ask for. ;-)
  • Scan all systems regularly with specific anti adware/spyware tools.

US Govt Steps Into Cyber Alerts

The National Cyber Alert System provides timely information about current and emerging threats and vulnerabilities as well as advice about protecting your computer and networks. People can sign up for the alerts here:
http://www.w2knews.com/rd/rd.cfm?id=040202TB-Cyber_Alert

  NT/2000 RELATED NEWS

Another Hole In IE You Can Drive A Truck Through

InfoWorld reported that a security hole in MS's Internet Explorer could prove devastating. Following the exposure of a hole in WinXP earlier this week, "http-equiv" of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables. A demonstration of the hole is currently on security company Secunia's website and demonstrates that if you click on a link, and select "Open" it purports to be downloading a pdf file whereas in fact it is an HTML executable file.

It is therefore only a matter of imagination in getting people to freely download what could be an extremely dangerous worm -- like, for instance, the Doom worm currently wreaking havoc across the globe. Story here:
http://www.w2knews.com/rd/rd.cfm?id=040202RN-Security_Hole

Avoiding Active Directory's Trouble Spots

If you're like nearly half of Microsoft's enterprise customers, you are still in the process of moving servers off of NT and onto W2K or W2K3, and you are still sweating over building your Active Directory. AD still finds ways to vex IT managers, with most issues occurring in the design phases. Kenton Gardinier, a senior consultant with Oakland, Calif.-based Convergent Computing -- and an author, public speaker and Windows expert -- points out some of the common misperceptions of Active Directory and ways to navigate around problem. Here goes:
http://www.w2knews.com/rd/rd.cfm?id=040202RN-Active_Directory

Reader's Choice: Best Windows Books

Feel like some light Windows reading? Every week SearchWin2000 posts a fresh chapter from one of the many excellent Windows books written by the industry's leading technical authors. Find out what topped the reading list in 2003.
http://www.w2knews.com/rd/rd.cfm?id=040202RN-Windows_Books

Get 10 Amazon Bucks For This Survey

Do you share at least some management or administrative responsibility for your organization's enterprise applications, including ERP, CRM, and supply chain management? If so then please share your opinions with us. This short business survey will only take 5 minutes of your time. And in return, the first 100 qualified respondents will receive a $10 Amazon.com gift certificate. (Unfortunately open to US residents only.)
http://www.w2knews.com/rd/rd.cfm?id=040202RN-Amazon_Survey

  THIRD PARTY NEWS

WebCast: Learn Why LanHound Wins Product Of Year Award!

Here is what the SearchWin2000 site wrote about it: "Our Silver Award winner for Network/Systems Management, LanHound, scored highest of all products in this category for value. The low-priced network monitoring solution also scored well in ease of use and ease of integration.

At practically half the price of comparable products, "LanHound is a good low-cost, low-overhead alternative to other network monitors that doesn't sacrifice much of anything that I could see in the feature set," said one of our judges.

LanHound troubleshoots network problems and monitors network activity through its traffic views, packet capture and packet decoding features. It also supports switched segments through its remote agents. The product supports Windows 98, NT, 2000 and XP. Because total disk space required is less than 10 MB, many customers use LanHound as a convenient "portable" solution for analyzing networks in the field, using their notebook PCs. LanHound pricing starts at $595, with three free remote agents included. Additional agents are $149 each.

Learn about the affordable network and protocol analyzer - LanHound! You will see the most used features in action and immediately see how you can troubleshoot your network. Speakers will be Alex Eckelberry, President and Greg Kras, CTO with Sunbelt Software.

Time: Tuesday, 3 Feb 2004, 1:00 PM EST
Meeting URL:
http://www.w2knews.com/rd/rd.cfm?id=040202TP-LanHound_Webinar

Call in at the numbers below and enter code 104764:
800-416-4956 USA
888-633-2105 Canada
302-709-8433 International

New iHateSpam Server 1.5: A Customer Experience

Jay Griffin sent us this, and I might add, it was unsolicited.

"I honestly didn't think I could love IHS SE any more, but version 1.5.178 is INCREDIBLE. We started with iHateSpam for Outlook and it was great. Huge improvement over the Outlook Junk Rules we were trying to use. We moved to the Server Edition when it became available. It has been wonderful -- consistently filtering 80-90% of SPAM.

"Still, with version 1.1 I was receiving on average 30 SPAM messages into my inbox per day. Since upgrading to 1.5.178 I am averaging ONE SPAM per day in my inbox. Unbelievable improvement. After 1 week and having over 1,500 messages quarantined I have found 1 false positive. And when I looked at that message I could understand why it was quarantined -- I wouldn't even consider it a false positive. It had the criteria of SPAM, it just so happens I wanted to keep it so I just added them to my Whitelist for any future messages from this sender.

"Also -- Love the Outlook forms for Whitelist and Blacklist. Automatically updating the definitions is another great addition. FYI, I had set the spam threshold for version 1.1.110 at 65. For version 1.5.178 it is 110. Some users don't like it that aggressive, so I setup 2 other policies which I called Medium Aggressive (150) and Low Aggressive (200) -- most users have opted for the High (110) or the Medium. Thanks for a tremendous product!" -- Jay Griffin.

Run MS-Exchange? Get the best selling anti-spam tool 30-days for free on your own server. More than 2,500 Exchange admins can't be wrong:
http://www.w2knews.com/rd/rd.cfm?id=040202TP-iHateSpamSE

Gates: "Spam Gone In Two Years." Yeah, sure.

BillG promised in Switzerland last week that spam will have disappeared within two years. He was speaking at a late-night session of the World Economic Forum. I guess he was jet-lagged. Gates stated MS was working on three ways to keep spam out of computers.

Methods one and two would have computers reply automatically to any e-mail messages from senders not known to that computer (not in the address book) with a request to solve a problem that could be handled by a person but not by a computer. This is the 'challenge-response' method, which most people think is a headache. The problem could be visual or computational, but having to reply would presumably deter those who send out millions of junk e-mail messages. Hmmm. Double the work to send an email? I don't think so.

The third option, likely to arrive later according to Gates, would require that e-mail messages sent by strangers come with postage attached, the equivalent of a postage stamp. "If the sender is your long-lost brother," he said, the payment can be declined, so no cost for the sender. Recipients who want to fight spam would of course accept the payment, and that makes sending spam uneconomic.

Well, I hope it will work but I'll believe it when I see it. I'll bet BillG a billion bucks that spam is not eliminated in 2006. In the same interview, Gates indicated that his predictions do not always come true. I guess he's not going to take that bet. Too bad. [grin]
http://www.w2knews.com/rd/rd.cfm?id=040202TP-BillG_vs_spam

Patching Policies and Procedures

Microsoft's new patch release cycle requires adaptation from admins: you still need to establish a methodology to inventory and install patches.

Microsoft wisely created a new patch release cycle last November to mitigate the amount of emergency software deployments you have to undertake, making new hotfixes available for download on the second Tuesday of every month versus weekly. This change followed Redmond's alteration of its rating system, adding an "important" category to better measure the required urgency level of each patch release.

While these improvements lighten some of your load, it still requires you to develop a methodology to inventory and install patches across your systems with high accuracy and speed. The root problems continue - networks must preserve their security integrity in accordance with established policies. The execution of this strategy still rests with... you.

As such, third-party patch management solutions like UpdateEXPERT remain a critical asset for organizations to reduce the time and effort to safely deploy hotfixes, while helping you comply with security policies. UpdateEXPERT offers you the added benefit of independently validating patch effectiveness as well as related patch histories and co-dependencies. More info and eval copy here:
http://www.w2knews.com/rd/rd.cfm?id=040202TP-UpdateEXPERT

Quest Software Buys Aelita

Quest Software Inc. announced they will acquire privately-held Aelita Software for $115 million, in a deal announced by the companies late Wednesday. This deal creates a company with a deep set of Active Directory and Windows-specific migration and management technologies. They expect to close the deal in Q2, 2004.

Aelita raised $10-million in a first round of funding from Insight Venture Partners in November 2002. Quest plans to keep the majority or all of Aelita's 400 employees (of which about 250 are Russian developers), as well as their Ohio office. Aelita president and CEO Ratmir Timashev will become head of Quest's Microsoft infrastructure management group.

With gobbling up Aelita, Quest Software adds to its sizable line-up which includes more than 70 products in three main categories: 1) database management, 2) application performance management and 3) Microsoft infrastructure. This third category splits out in Windows/Active Directory management, Exchange management, migration and file server consolidation.

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

New iHateSpam V4.0 Supports Hotmail, Eudora, and more...

Eliminate Annoying Spam with iHateSpam. It is a great spam filter that will dramatically reduce the junk email you find in your mailbox! Super simple installation, available for Outlook Express, Outlook 2000, 2002 and 2003. The new Version 4.0 also works for Hotmail, Incredimail and Eudora. Only $19.95 so this is a no-brainer. Winner of the PC Mag's Best Buy Award, and their exclusive World Class 2003 Award. Download:

http://www.w2knews.com/rd/rd.cfm?id=040202PW-iHateSpam