Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 16, 2004 (Vol. 9, #7 - Issue #463)
Is The Big One Coming?
This issue of W2Knews contains:
- EDITORS CORNER
- Is The Big One Coming?
- Survey: Linux In Your Domains
- TECH BRIEFING
- How Microsoft Prepares For DDos Attacks
- MS's response and auto-removal for Mydoom Virus
- Clearing Saved Auto-Complete E-Mail Addresses In Outlook
- Build An Affordable Test Lab At Home
- The Lighter Side: Japanese Error Messages
- NT/2000 RELATED NEWS
- Microsoft Software Assurance On Trial
- Review: Microsoft System Management Server 2003
- WinFS: Microsoft's Data Management Vision
- W2K SP1 Source Code Leaked
- NT/2000 THIRD PARTY NEWS
- Server Sales Heated Up in Q4
- Spam By Numbers: CAN-SPAM Does Not Work!
- Best-of-the-web On Exchange Security
- Microsoft and Sunbelt Software Jointly Announce...
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Secure Your AD with Directory Inspector For Just $495
SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda
Antivirus GateDefender 7200 (500 seats+) provide the highest
scalability with native load balancing that transparently adapts
to traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.
Is The Big One Coming?
I'm hearing it more and more. Some kind of doomsday agreement
that a new killer virus is going to delete everyone's hard disk.
Personally I think that kind of thinking is dangerous. It's also
somewhat silly. A virus lives off its host. It is in its own best
interest to keep the host alive, or else it dies itself. Not all
biological virii out there do this, but one would assume a human
virus writer has some intelligence. There are two kinds of
virus writers; the ones that do it for notoriety and the ones
with a "criminal/profit/other nefarious" motive.
Think about it. Neither of these two kinds get any real benefit
by actually killing machines. More over, the virus writer that
has a true malicious payload must have a death wish because he
will be hunted down mercilessly by an Internet posse and probably
be physically lynched before the authorities even get to him.
The third and last possibility is cyber-warfare. I do not think
a single virus writer will be stupid enough to unleash a real
killer virus. A government or a radical group just might.
Unlikely but not impossible. So it pays to keep your defenses up
to date and keep them layered. Do not rely on just one type of
defense either, and keep your systems patched. Redmond just found
another urgent hole that you need to fix. Another reason to keep
your systems patched is more and more litigation starts up for so
called IT Security 'negligence'. See link below. The price of
freedom is constant alertness and constant willingness to fight
Survey: Linux In Your Domains
The Yankee Group and Sunbelt are surveying Windows Sites to
find out the real direction Linux is taking. This is going
to be very interesting, and the exclusive executive summary
will appear here in W2Knews! You are invited to answer these
questions and show all of us how your organization actually
is responding to the Linux phenomenon and the TCO question:
It's all multiple choice and takes less than 5 minutes. Have
a look at the questions, they are interesting:
Quotes of the Week:
- "Of all the things you wear, your expression is the most important!"
- "I thoroughly disapprove of duels. If a man should challenge me, I would take him kindly and forgivingly by the hand and lead him to a quiet place and kill him." -Mark Twain
PS, Sorry for a confusion in last week's issue. The two Top IT headaches was a fave link, but the title was altered. They actually are viruses and spam.
(email me with feedback: [email protected])
Is managing hotfixes and service packs to keep your networks
secure becoming a nightmare? UpdateEXPERT enables you to
scan for and patch security holes. Prevent intrusions and keep
your networks up & running. Use UpdateEXPERT as your hotfix
research, inventory deployment, validation and (remote) security
enforcement tool for your Windows NT/2000/XP/2003 networks. This
is not just a blind update of MS-released patches. UpdateEXPERT
offers an exclusive updates database tested by an elite team of
Visit UpdateEXPERT for more information.
How Microsoft Prepares For DDos Attacks
In short, they have backup websites ready that can kick in at
5 minutes notice. But even that is sometimes not enough. They
were out of the air for a few hours last Monday. The Netcraft
website points to the new MyDoom virus that caused this DDos
attack. Here is a picture of the Microsoft website uptime:
There are now at least three MyDoom variants around, the more
widespread variant, called Doomjuice, launched a denial of
service attack on the Microsoft.com website. The other variant,
called Deadhat, uninstalls existing versions of Mydoom it finds
and then tries to sabotage a PC's anti-virus protection. The news
is that unlike the original Mydoom.A, neither Doomjuice or
Deadhat travel via e-mail. Instead, both randomly scan net
addresses and upload themselves to any infected machines they
find: pretty ugly.
Microsoft in trying to deflect these attacks has replicated
their sites in case the main domain gets overwhelmed. It also
changed the "time-to-live (TTL)" to 5 minutes. Here is the
how and why of shortening the TTL.
MS's response and auto-removal for Mydoom Virus
This page has the following sections:
Full page at:
- Installing and Enabling a Firewall
- How to Tell If Your Computer Is Infected with Mydoom.A,B, or C
- What to Do If You Are Having Trouble Accessing Some Sites
- How to Remove Mydoom.C From Your Computer
- Visit Antivirus Software Vendors for More Information
- What the Severity Ratings Mean
Clearing Saved Auto-Complete E-Mail Addresses In Outlook
Thanks! A whole lot of you pointed me in the right direction
regarding turning off the auto-complete of email addresses.
Justin Herrick sent this to me, and it's pretty complete. The
link below (where this originated) has an FAQ with more similar
good stuff. Here goes:
"When typing an address into the To:, Cc: or Bcc: lines of a
new message in Outlook, Outlook will use auto-complete and
automatically suggest an address based on addresses it has cached.
"To turn off this feature, so that addresses are never suggested:
"To remove one address from the list so that it won't be
suggested again, open a new message and begin typing in the
address. Use the up and down arrow keys to select the address to
be removed from the addresses suggested. When the address to be
removed is highlighted, hit the Delete key.
- Go to the Tools pull-down menu, choose Options.
- Click the E-Mail Options button, and the Advanced E-mail Options button.
- Uncheck the box for "Suggest names while completing the To, Cc and Bcc fields".
"To correct a single auto-complete entry add a second entry that
uses the same first three letters as the original, and then
delete the incorrect entry. In a new e-mail message, in the To
box, type the correct name (the first three letters must be
the same as the old incorrect one). In the CC box, type the
first three letters of the recipient to reveal the auto-correct
name list with both entries now showing. Use the arrow keys to
move the selection to the incorrect entry, and then press the
"To remove all the saved addresses, delete the .NK2 file where
Outlook stores them. The file is normally located in C:\Documents
and Settings\username\Application Data\Microsoft\Outlook folder
for each Outlook profile. Some of these folders are hidden so you
will need to turn on the unhide file feature to in Windows
Explorer to see them (Click Tools -> Folder Options and select
the View tab)."
More FAQ items over here:
Build An Affordable Test Lab At Home
A virtual IT training lab? SearchWin2000.com readers were
intrigued by one member?s suggestion to use virtual server
software to help pass his MCSE exam. Find out more in this
collection of advice and news, including a tip from cert guru
Ed Tittel and readers? own, in-the-trenches recommendations.
The Lighter Side: Japanese Error Messages
Here are 14 actual error messages seen on the computer screens
in Japan, where some are written in Haiku. Aren't these better
than "your computer has performed an illegal operation"?
- The Web site you seek cannot be located, but countless more exist.
- Chaos reigns within. Reflect, repent, and reboot. Order shall return.
- Program aborting: Close all that you have worked on. You ask far too much.
- Windows NT crashed. I am the Blue Screen of Death. No one hears your screams.
- Yesterday it worked. Today it is not working. Windows is like that.
- Your file was so big. It might be very useful. But now it is gone.
- Stay the patient course. Of little worth is your ire. The network is down.
- A crash reduces your expensive computer to a simple stone.
- Three things are certain: Death, taxes and lost data. Guess which has occurred?
- You step in the stream, but the water has moved on. This page is not here.
- Out of memory. We wish to hold the whole sky, but we never will.
- Having been erased, the document you're seeking must now be retyped.
- Serious error. All shortcuts have disappeared.
- Screen. Mind. Both are blank.
NT/2000 RELATED NEWS
Microsoft Software Assurance On Trial
InfoWorld has a good article about your current MS maintenance
contracts. Here are the first paragraphs and below is a link
to the full article.
"Many of Microsoft Corp.'s customers will get to pass judgment
on its software maintenance plan this year when their current
contracts come up for renewal. Some analysts see it as the
biggest challenge yet for the much-critiqued Software Assurance
"The main reason to buy SA is that it gives customers the right
to the latest software at no charge over the three-year course
of their agreement, users and analysts agreed. But with the next
big wave of new Microsoft products not expected before 2006 --
the Longhorn-timeframe, in Microsoft-speak -- the software maker
could see a customer backlash.
"We agreed to SA primarily because of pending upgrades and for
the fact that it simplified things. Going forward, we will
always weigh whether we should continue with SA or revert back
to the pay-as-you-upgrade model, given the frequency of
upgrades," said Randy Keefer, vice president of information
systems at Microsoft customer NetJets Inc., a seller of partial
ownership of private jets based in Woodbridge, New Jersey. Full
Here is a very in-depth report that will help you save budget
money in deciding to go for Software Assurance or not:
Review: Microsoft System Management Server 2003
The guys at Network World Fusion torture-tested SMS 2003. Good
read! The last time they looked at MS System Management Server,
it was in the middle of a long beta-test cycle. While the basic
features of the product haven't changed, there have been some
minor improvements, including a heavy focus on security. They
recently tested the latest version and found it a marked
improvement over earlier ones.
WinFS: Microsoft's Data Management Vision
Tom's hardware guide has a very good article about the new file
system that MS is developing. Here is the intro, and if that
whets your appetite, the link to the full article is below:
"Over the past year, Microsoft has managed to create a perfect
smokescreen around its new WinFS file system. It has spent this
time touting a new, database-supported filing system to replace
NTFS and FAT. Compatibility doubts were not long in bubbling to
the surface. During the PDC (Professional Developers Conference)
held in Los Angeles at the end of October, we spoke with
Microsoft brass to gain an exclusive insight into the planned
W2K SP1 Source Code Leaked
BetaNews has learned that Thursday's leak of the W2K source code
originated not from Microsoft, but from long-time Redmond partner
The leaked code includes 30,915 files and was apparently removed
from a Linux computer used by Mainsoft for development purposes.
Dated July 25, 2000, the source code represents Windows 2000
Service Pack 1.
Analysis indicates files within the leaked archive are only a
subset of the Windows source code, which was licensed to Mainsoft
for use in the company's MainWin product. MainWin utilizes the
source to create native Unix versions of Windows applications.
Mainsoft says it has incorporated millions of lines of untouched
Windows code into MainWin. Full article at eWeek:
THIRD PARTY NEWS
Server Sales Heated Up in Q4
Industry Analyst Gartner claimed that server shipments were up
a whopping 25% year-over-year in the fourth quarter to 1.59
million units. Of that, 91% were x86 machines. These numbers are
the best in the last three years. Better yet, for all of the year
2003, they were up a very healthy 20%. In Servers, HP made first
place with 462K, Dell was second with 319K machines, IBM was
third with a respectable 274K and Sun a distant fourth with only
84K boxes. You can also look at it from a quarter-over-quarter
growth, and then the numbers look a little different.
IBM grew fastest with 39%, Sun second with 33%, Dell made third
with 30%. HP was slowest with 21% growth, and lost a point of
market share arriving at 29%. Dell's market share was up just a
tiny bit, and IBM gained almost two points to close at 17.2%. All
this shows more IT confidence, and budget space. About time.
Spam By Numbers: CAN-SPAM Does Not Work!
The SunPoll last week was revealing. Well over 750 unique sites
answered our last week's SunPoll about spam. It's not pretty.
Here are the results of the question what impact has CAN-SPAM
had on your email servers:
This year the ratio of virus-infected messages to other email
traffic increased by nearly 85 percent. Millions of PCs now
serve as open relays and give spammers launch pads for their
attacks. More than 66 percent of all spam is now sent by these
kinds of zombie systems.
- We're getting significantly fewer spam: 1.19%
- We've experienced only a slight drop off: 3.7%
- None; we get about the same number: 29.4%
- None; in fact, we seem to be getting more: 63.57%
- Don't know/undecided: 2.11%
Here are more spam related statistics:
iHateSpam Server Version 1.5 is now running on well over 2,600
enterprise systems, with a wealth of powerful features and a
killer spam detection engine. Get 30 spam free days here:
- Half the spam sent to American in-boxes originates with servers that are out of the country. One more reason that the CAN-SPAM act will never work.
- And how important is email? A recent study showed that nearly 90% of companies conduct business transactions using e-mail, and almost 70% say e-mail is tied to their means of generating revenue.
- A new study by MX Logic has found that over a recent 30-day period only 3% of sample spam complied with the new CAN-SPAM federal anti-spam law.
Best-of-the-web On Exchange Security
Mydoom, firewalls, security policy management, spam -- these
are high on the list of Exchange managers' concerns. You don't
need to be a victim when expert advice is a click away. Check
out this best-of-the-web collection of articles at the new
www.SearchExchange.com, TechTarget?s latest search site dedicated
to the needs of Microsoft messaging admins.
Microsoft and Sunbelt Software Jointly Announce...
Put this one in your planner for March 3rd! Microsoft and Sunbelt
Software jointly announce the Microsoft Executive Circle Webcast:
How to Protect Your Enterprise from Spam: Solutions for Microsoft
Exchange. Get more information and register on the web here:
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
Secure Your AD with Directory Inspector For Just $495
The Sunbelt Directory Inspector is a new, wizard-based tool that
provides you with a suite of analyzers addressing topics such as
directory structure, security and integrity, standards and policy
compliance. Supports directories from IBM, Microsoft, Netscape,
Novell and generic LDAP-based directories. The licensing was
recently changed to admin-seat, and if you see what amount of
power you get for this money, it's a killer deal. Read the recent
review in WinNet Magazine on this page: