- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 16, 2004 (Vol. 9, #7 - Issue #463)
Is The Big One Coming?
  This issue of W2Knews™ contains:
    • Is The Big One Coming?
    • Survey: Linux In Your Domains
    • How Microsoft Prepares For DDos Attacks
    • MS's response and auto-removal for Mydoom Virus
    • Clearing Saved Auto-Complete E-Mail Addresses In Outlook
    • Build An Affordable Test Lab At Home
    • The Lighter Side: Japanese Error Messages
    • Microsoft Software Assurance On Trial
    • Review: Microsoft System Management Server 2003
    • WinFS: Microsoft's Data Management Vision
    • W2K SP1 Source Code Leaked
    • Server Sales Heated Up in Q4
    • Spam By Numbers: CAN-SPAM Does Not Work!
    • Best-of-the-web On Exchange Security
    • Microsoft and Sunbelt Software Jointly Announce...
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Secure Your AD with Directory Inspector For Just $495
  SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda
Antivirus GateDefender 7200
(500 seats+) provide the highest
scalability with native load balancing that transparently adapts
to traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.

Is The Big One Coming?

I'm hearing it more and more. Some kind of doomsday agreement that a new killer virus is going to delete everyone's hard disk. Personally I think that kind of thinking is dangerous. It's also somewhat silly. A virus lives off its host. It is in its own best interest to keep the host alive, or else it dies itself. Not all biological virii out there do this, but one would assume a human virus writer has some intelligence. There are two kinds of virus writers; the ones that do it for notoriety and the ones with a "criminal/profit/other nefarious" motive.

Think about it. Neither of these two kinds get any real benefit by actually killing machines. More over, the virus writer that has a true malicious payload must have a death wish because he will be hunted down mercilessly by an Internet posse and probably be physically lynched before the authorities even get to him.

The third and last possibility is cyber-warfare. I do not think a single virus writer will be stupid enough to unleash a real killer virus. A government or a radical group just might. Unlikely but not impossible. So it pays to keep your defenses up to date and keep them layered. Do not rely on just one type of defense either, and keep your systems patched. Redmond just found another urgent hole that you need to fix. Another reason to keep your systems patched is more and more litigation starts up for so called IT Security 'negligence'. See link below. The price of freedom is constant alertness and constant willingness to fight back.

Survey: Linux In Your Domains

The Yankee Group and Sunbelt are surveying Windows Sites to find out the real direction Linux is taking. This is going to be very interesting, and the exclusive executive summary will appear here in W2Knews! You are invited to answer these questions and show all of us how your organization actually is responding to the Linux phenomenon and the TCO question: It's all multiple choice and takes less than 5 minutes. Have a look at the questions, they are interesting:

Quotes of the Week:
- "Of all the things you wear, your expression is the most important!"
- "I thoroughly disapprove of duels. If a man should challenge me, I would take him kindly and forgivingly by the hand and lead him to a quiet place and kill him." -Mark Twain

PS, Sorry for a confusion in last week's issue. The two Top IT headaches was a fave link, but the title was altered. They actually are viruses and spam.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

Is managing hotfixes and service packs to keep your networks
secure becoming a nightmare?
UpdateEXPERT enables you to
scan for and patch security holes. Prevent intrusions and keep
your networks up & running. Use UpdateEXPERT as your hotfix
research, inventory deployment, validation and (remote) security
enforcement tool for your Windows NT/2000/XP/2003 networks. This
is not just a blind update of MS-released patches. UpdateEXPERT
offers an exclusive updates database tested by an elite team of
Visit UpdateEXPERT for more information.

How Microsoft Prepares For DDos Attacks

In short, they have backup websites ready that can kick in at 5 minutes notice. But even that is sometimes not enough. They were out of the air for a few hours last Monday. The Netcraft website points to the new MyDoom virus that caused this DDos attack. Here is a picture of the Microsoft website uptime:

There are now at least three MyDoom variants around, the more widespread variant, called Doomjuice, launched a denial of service attack on the Microsoft.com website. The other variant, called Deadhat, uninstalls existing versions of Mydoom it finds and then tries to sabotage a PC's anti-virus protection. The news is that unlike the original Mydoom.A, neither Doomjuice or Deadhat travel via e-mail. Instead, both randomly scan net addresses and upload themselves to any infected machines they find: pretty ugly.

Microsoft in trying to deflect these attacks has replicated their sites in case the main domain gets overwhelmed. It also changed the "time-to-live (TTL)" to 5 minutes. Here is the how and why of shortening the TTL.

MS's response and auto-removal for Mydoom Virus

This page has the following sections:

  • Installing and Enabling a Firewall
  • How to Tell If Your Computer Is Infected with Mydoom.A,B, or C
  • What to Do If You Are Having Trouble Accessing Some Sites
  • How to Remove Mydoom.C From Your Computer
  • Visit Antivirus Software Vendors for More Information
  • What the Severity Ratings Mean
Full page at:

Clearing Saved Auto-Complete E-Mail Addresses In Outlook

Thanks! A whole lot of you pointed me in the right direction regarding turning off the auto-complete of email addresses. Justin Herrick sent this to me, and it's pretty complete. The link below (where this originated) has an FAQ with more similar good stuff. Here goes:

"When typing an address into the To:, Cc: or Bcc: lines of a new message in Outlook, Outlook will use auto-complete and automatically suggest an address based on addresses it has cached.

"To turn off this feature, so that addresses are never suggested:

  • Go to the Tools pull-down menu, choose Options.
  • Click the E-Mail Options button, and the Advanced E-mail Options button.
  • Uncheck the box for "Suggest names while completing the To, Cc and Bcc fields".
"To remove one address from the list so that it won't be suggested again, open a new message and begin typing in the address. Use the up and down arrow keys to select the address to be removed from the addresses suggested. When the address to be removed is highlighted, hit the Delete key.

"To correct a single auto-complete entry add a second entry that uses the same first three letters as the original, and then delete the incorrect entry. In a new e-mail message, in the To box, type the correct name (the first three letters must be the same as the old incorrect one). In the CC box, type the first three letters of the recipient to reveal the auto-correct name list with both entries now showing. Use the arrow keys to move the selection to the incorrect entry, and then press the Delete key.

"To remove all the saved addresses, delete the .NK2 file where Outlook stores them. The file is normally located in C:\Documents and Settings\username\Application Data\Microsoft\Outlook folder for each Outlook profile. Some of these folders are hidden so you will need to turn on the unhide file feature to in Windows Explorer to see them (Click Tools -> Folder Options and select the View tab)."

More FAQ items over here:

Build An Affordable Test Lab At Home

A virtual IT training lab? SearchWin2000.com readers were intrigued by one member?s suggestion to use virtual server software to help pass his MCSE exam. Find out more in this collection of advice and news, including a tip from cert guru Ed Tittel and readers? own, in-the-trenches recommendations.

The Lighter Side: Japanese Error Messages

Here are 14 actual error messages seen on the computer screens in Japan, where some are written in Haiku. Aren't these better than "your computer has performed an illegal operation"?

  1. The Web site you seek cannot be located, but countless more exist.
  2. Chaos reigns within. Reflect, repent, and reboot. Order shall return.
  3. Program aborting: Close all that you have worked on. You ask far too much.
  4. Windows NT crashed. I am the Blue Screen of Death. No one hears your screams.
  5. Yesterday it worked. Today it is not working. Windows is like that.
  6. Your file was so big. It might be very useful. But now it is gone.
  7. Stay the patient course. Of little worth is your ire. The network is down.
  8. A crash reduces your expensive computer to a simple stone.
  9. Three things are certain: Death, taxes and lost data. Guess which has occurred?
  10. You step in the stream, but the water has moved on. This page is not here.
  11. Out of memory. We wish to hold the whole sky, but we never will.
  12. Having been erased, the document you're seeking must now be retyped.
  13. Serious error. All shortcuts have disappeared.
  14. Screen. Mind. Both are blank.

Microsoft Software Assurance On Trial

InfoWorld has a good article about your current MS maintenance contracts. Here are the first paragraphs and below is a link to the full article.

"Many of Microsoft Corp.'s customers will get to pass judgment on its software maintenance plan this year when their current contracts come up for renewal. Some analysts see it as the biggest challenge yet for the much-critiqued Software Assurance (SA) program.

"The main reason to buy SA is that it gives customers the right to the latest software at no charge over the three-year course of their agreement, users and analysts agreed. But with the next big wave of new Microsoft products not expected before 2006 -- the Longhorn-timeframe, in Microsoft-speak -- the software maker could see a customer backlash.

"We agreed to SA primarily because of pending upgrades and for the fact that it simplified things. Going forward, we will always weigh whether we should continue with SA or revert back to the pay-as-you-upgrade model, given the frequency of upgrades," said Randy Keefer, vice president of information systems at Microsoft customer NetJets Inc., a seller of partial ownership of private jets based in Woodbridge, New Jersey. Full article:

Here is a very in-depth report that will help you save budget money in deciding to go for Software Assurance or not:

Review: Microsoft System Management Server 2003

The guys at Network World Fusion torture-tested SMS 2003. Good read! The last time they looked at MS System Management Server, it was in the middle of a long beta-test cycle. While the basic features of the product haven't changed, there have been some minor improvements, including a heavy focus on security. They recently tested the latest version and found it a marked improvement over earlier ones.

WinFS: Microsoft's Data Management Vision

Tom's hardware guide has a very good article about the new file system that MS is developing. Here is the intro, and if that whets your appetite, the link to the full article is below:

"Over the past year, Microsoft has managed to create a perfect smokescreen around its new WinFS file system. It has spent this time touting a new, database-supported filing system to replace NTFS and FAT. Compatibility doubts were not long in bubbling to the surface. During the PDC (Professional Developers Conference) held in Los Angeles at the end of October, we spoke with Microsoft brass to gain an exclusive insight into the planned technological advance."

Article here:

W2K SP1 Source Code Leaked

BetaNews has learned that Thursday's leak of the W2K source code originated not from Microsoft, but from long-time Redmond partner Mainsoft.

The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes. Dated July 25, 2000, the source code represents Windows 2000 Service Pack 1.

Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications. Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin. Full article at eWeek:


Server Sales Heated Up in Q4

Industry Analyst Gartner claimed that server shipments were up a whopping 25% year-over-year in the fourth quarter to 1.59 million units. Of that, 91% were x86 machines. These numbers are the best in the last three years. Better yet, for all of the year 2003, they were up a very healthy 20%. In Servers, HP made first place with 462K, Dell was second with 319K machines, IBM was third with a respectable 274K and Sun a distant fourth with only 84K boxes. You can also look at it from a quarter-over-quarter growth, and then the numbers look a little different.

IBM grew fastest with 39%, Sun second with 33%, Dell made third with 30%. HP was slowest with 21% growth, and lost a point of market share arriving at 29%. Dell's market share was up just a tiny bit, and IBM gained almost two points to close at 17.2%. All this shows more IT confidence, and budget space. About time.

Spam By Numbers: CAN-SPAM Does Not Work!

The SunPoll last week was revealing. Well over 750 unique sites answered our last week's SunPoll about spam. It's not pretty. Here are the results of the question what impact has CAN-SPAM had on your email servers:

  • We're getting significantly fewer spam: 1.19%
  • We've experienced only a slight drop off: 3.7%
  • None; we get about the same number: 29.4%
  • None; in fact, we seem to be getting more: 63.57%
  • Don't know/undecided: 2.11%
This year the ratio of virus-infected messages to other email traffic increased by nearly 85 percent. Millions of PCs now serve as open relays and give spammers launch pads for their attacks. More than 66 percent of all spam is now sent by these kinds of zombie systems.

Here are more spam related statistics:

  • Half the spam sent to American in-boxes originates with servers that are out of the country. One more reason that the CAN-SPAM act will never work.
  • And how important is email? A recent study showed that nearly 90% of companies conduct business transactions using e-mail, and almost 70% say e-mail is tied to their means of generating revenue.
  • A new study by MX Logic has found that over a recent 30-day period only 3% of sample spam complied with the new CAN-SPAM federal anti-spam law.
iHateSpam Server Version 1.5 is now running on well over 2,600 enterprise systems, with a wealth of powerful features and a killer spam detection engine. Get 30 spam free days here:

Best-of-the-web On Exchange Security

Mydoom, firewalls, security policy management, spam -- these are high on the list of Exchange managers' concerns. You don't need to be a victim when expert advice is a click away. Check out this best-of-the-web collection of articles at the new www.SearchExchange.com, TechTarget?s latest search site dedicated to the needs of Microsoft messaging admins.

Microsoft and Sunbelt Software Jointly Announce...

Put this one in your planner for March 3rd! Microsoft and Sunbelt Software jointly announce the Microsoft Executive Circle Webcast: How to Protect Your Enterprise from Spam: Solutions for Microsoft Exchange. Get more information and register on the web here:


This Week's Links We Like. Tips, Hints And Fun Stuff


Secure Your AD with Directory Inspector For Just $495

The Sunbelt Directory Inspector is a new, wizard-based tool that provides you with a suite of analyzers addressing topics such as directory structure, security and integrity, standards and policy compliance. Supports directories from IBM, Microsoft, Netscape, Novell and generic LDAP-based directories. The licensing was recently changed to admin-seat, and if you see what amount of power you get for this money, it's a killer deal. Read the recent review in WinNet Magazine on this page: