- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 1, 2004 (Vol. 9, #9 - Issue #465)
The "Patch Gap"
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • The "Patch Gap"
    • Last Call: MS and Sunbelt Software Jointly Announce...
    • 2004 W2Knews Target Awards
    • SunPoll: Product Eval Time
  2. TECH BRIEFING
    • Building Boot Floppies For Win XP Installations
    • Windows 2003 Gotcha: Opportunistic File Locking
  3. NT/2000 RELATED NEWS
    • Network World: Windows 2003 = Winner
    • Microsoft To Beef Up SMTP Relay For Exchange
    • Active Directory Security Best Practices
  4. NT/2000 THIRD PARTY NEWS
    • Missed The iHateSpam for Exchange Webinar?
    • New Vulnerability Scanner Released: SNSI V1.0
    • Wake Up Call: Critical Windows Vulnerability Alerts
    • Mobile Showcase 2004
    • sonicadmin Conquers MyDoom Virus
    • Need To Recover Deleted Files Domain-wide?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Dell's Privacy Protection Pack:
  SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
network?
Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda
Antivirus GateDefender 7200
(500 seats+) provide the highest
scalability with native load balancing that transparently adapts
to traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.
  EDITORS CORNER

The "Patch Gap"

Microsoft has heard and understood they need to work on one thing: Security, security, security. It is Redmond's biggest downfall. It's going to take time but their "Trusted Computing" initiative will pay off in my opinion. The question is if it will be soon enough. The method they now use to build software is: "Secure by Design, Secure by Default, and Secure by Deployment".

Redmond has undergone a 'Security Mobilization' and all new products must meet these Trusted Computing guidelines. Here is a new MS acronym for you: NGSCB. It stands for Next Generation Secure Code Base. It's the latest buzzword in Seattle.

But MS can produce secure code as much as it wants, if we don't keep up with patches everyone is still at risk. And it does not get any better either. For instance, there is a worm out there now, using an IE vulnerability that does not even have a patch for it. The grim reality is that if you look at the time between release of a patch and when hackers have developed a virus exploiting the vulnerability it gets awfully short:

  • Nimda: 331 Days
  • SQL Slammer: 180 days
  • Welchia/Nachi: 151 days
  • Blaster: 25 days
It's easy to see where this goes. It will be less than one day after a patch is released that a virus will be released that exploits it. Think this through for a moment, it means that the 'second Tuesday of the Month' patch release schedule is doomed: always too late. You need to have a layered security posture with both scanning and patching elevated to a high art. See the Third Party Tools section for some help on this, and the Fave Links for a list of known but yet unpatched IE holes.

Last Call: MS and Sunbelt Software Jointly Announce...

Put this one in your planner for March 3rd! Microsoft and Sunbelt Software jointly announce the Microsoft Executive Circle Webcast: How to Protect Your Enterprise from Spam: Solutions for Microsoft Exchange. Get more information and register on the web here:
http://www.w2knews.com/rd/rd.cfm?id=040301ED-MSWebcast

2004 W2Knews Target Awards

It's the Oscar Weekend for the movie industry, but it's time to vote for your favorite system admin tool at the 2004 W2Knews Target Awards! Voting starts next week. Winners will be announced at Tech.Ed 2004 in San Diego, CA (May 23-29). Check out the finalists here:
http://www.w2knews.com/rd/rd.cfm?id=040301ED-TargetAwards

SunPoll: Product Eval Time

We'd like your feedback on the minimum amount of functionality you require for a security scanner. This is a very quick survey: Here is the question: "To determine if I want to purchase a security vulnerability scanner, as an absolute minimum, I need the evaluation of that tool be as follows:"

  • Scan one machine is sufficient to see if I want the product.
  • I would need to scan a minimum of 8 machines during the eval.
  • I want to see 16 machines over a month to be able to say yes.
  • I need a full, unlimited 30-day eval that times out.
  • I understand there needs to be some limitation, but none of the above options fit what I need.
Please VOTE here, rightmost column:
http://www.sunbelt-software.com

I'd like email feedback on this one as well, if you have any bright ideas in this direction.

The Quotes of the Week are a little longer than usual. The Washington Post's Style Invitational asked readers to take any word from the dictionary, alter it by adding, subtracting, or changing one letter, and supply a new definition. Here are some recent winners: [grin]
- Intaxication: Euphoria at getting a tax refund, which lasts until you realize it was your money to start with.
- Reintarnation: Coming back to life as a hillbilly.
- Foreploy: Any misrepresentation about yourself for the purpose of getting laid.
- Sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
- Inoculatte: To take coffee intravenously when you are running late.
- Ignoranus: A person who's both stupid and an... you got it.

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: MCP Magazine's TechMentor Conference
Get solutions to your toughest networking problems at TechMentor
April 4-8 in New Orleans. Windows networking, messaging and
security experts will lead more than 50 technical training courses
on Windows Server 2003, security, Group Policies, A/D, scripting,
server administration, and more. In less than a week, you?ll gain
practical solutions to manage your network smarter, faster and
more effectively. Register by March 12 and save up to $300!
Visit MCP Magazine's TechMentor Conference for more information.
  TECH BRIEFING

Building Boot Floppies For Win XP Installations

The standard and most commonly-employed method for installing XP, both Home and Professional, involves booting the installation CD and running the install program from it. In a few cases, however, booting from CD may not be possible or practical -- for instance, if the system in question does not support CD booting, or if the installation image for whatever reason is not bootable. If there is no recourse to the original media, a boot floppy may be the only viable solution. Here is how to:
http://www.w2knews.com/rd/rd.cfm?id=040301TB-XPFloppies

Windows 2003 Gotcha: Opportunistic File Locking

With the release of a new server OS there is always associated joy and fear. Here is a horror story for y'all to learn and be warned. This was sent in by a subscriber:

"I have been running W2K3 since it was a beta and had no problems with the OS. I then decided it was becoming time to start offering it to my customers so the first step was to get my office running it first. I upgraded the servers all to Windows Server 2003 and as with most engineers I was rushed back into the wild to fix something and let the office jockeys run on it.

I felt that I had a successful migration after a few weeks so I moved on to a contract customer of mine that I have had for six years. I upgraded his Dell PowerEdge 1500SC from Windows 2000 Server to 2003 and immediately the users started complaining of problem accessing there QuickBooks files, then the no access turned into file corruption. This customer also runs a older Paradox database system on the server and files started becoming corrupt with it as well.

I ran through the basic troubleshooting, then the second phase of troubleshooting all with no victory. I called QuickBooks and they said must be hardware, I called Dell and the said must be Windows Server 2003, so I called MS and they said it must be hardware. To shorten this up some I removed Windows 2003 upgrade and reinstalled Windows 2000 Server and the problems immediately went away. The only thing at time my searches on the internet showed had something to do with Opportunistic File locking features in Windows, but nothing conclusive to me.

So I put it on the back burner until yesterday and started searching again, wow what a difference a month makes, now people all over the place are having the same problems with Windows Server 2003 and Database applications, it seems opportunistic file locking is the problem, I found one news group posting where someone stated that Great Plains was experiencing this problem so I took a shot and called our Great Plains contact at MS and he stated that MS had patched it for them but he was not allowed to release it to anyone not running Great Plains. To wrap this up Microsoft has let down an engineer that lives and breathes their product, I make my living off of this software and to be told first that nothing is wrong (must be hardware) and then told that they have a fix but it is only for the big clients is not pretty."

  NT/2000 RELATED NEWS

Network World: Windows 2003 = Winner

Very interesting test at Network World. Based on testing of five major operating systems geared to run on enterprise-level servers we conducted this year, Microsoft's Windows Server 2003 comes out on top. Network World did an objective test on the current most popular OSes. Guess what: W2K3 came out a winner.

They started the article like this, and there is a link to the full scores below. "Picking the top server or network operating system is like volunteering to sit in the front row at a biblical stoning. You're likely to get hit in the back of the head from every direction. [As per Monty Python: A STONING! A STONING!]

"That said, based on testing of five major operating systems geared to run on enterprise-level servers we conducted this year, Microsoft's Windows Server 2003 comes out on top with Novell NetWare and Red Hat Linux following closely. But note, we base our claims on our testing and acknowledge that they don't necessarily apply across the board.

"We tested the enterprise edition of Microsoft's newest release, NetWare 6.5, Red Hat Linux Advanced Server 9.0, SuSe Linux - as a representative of the UnitedLinux effort - and Apple's OS/X 10.2.5. While this set of individual tests was not pitched as a head-to-head comparison, we used the same performance methodology and evaluation criteria across the tests. We also used the same hardware for all tests, with the exception of OS/X running on Apple's Xserve platform. Check the results for yourself at:
http://www.w2knews.com/rd/rd.cfm?id=040301RN-W2K3_Test

Microsoft To Beef Up SMTP Relay For Exchange

As part of its effort to combat spam and viruses, Microsoft announced last week that it will make improvements to the Simple Mail Transfer Protocol (SMTP) relay for its Exchange messaging platform. More about this at the new SearchExchange site!
http://www.w2knews.com/rd/rd.cfm?id=040301RN-SMTP_Relay

Active Directory Security Best Practices

As an IT administrator or a security officer in any organization, you should take steps to protect and sustain Active Directory from intentional and unintentional damage from authorized and unauthorized users. In any and all situations, layered security is the best method to use when planning and designing a security solution. Here's what the three layers are you need to have:
http://www.w2knews.com/rd/rd.cfm?id=040301RN-ActiveDirectory

And here is a unique tool to get at least part of the first layer in place:
http://www.w2knews.com/rd/rd.cfm?id=040301RN-DirectoryInspector

  THIRD PARTY NEWS

Missed The iHateSpam for Exchange Webinar?

Last week's webinar is posted on all three iHateSpam enterprise edition product pages with the Yellow "Latest webinar" button. The last session was a great combination of iHateSpam features across all platforms - Exchange 5.5, 2000 and 2003. Check it out over here:
http://www.w2knews.com/rd/rd.cfm?id=040301RN-IHS_Webinar

Here is the Jan 2004 Email Abuse Report, showing some very interesting spam related stats. We cannot send this info in W2Knews because every filter would go frantic and throw a hissy fit. [grin]
http://www.w2knews.com/rd/rd.cfm?id=040301RN-Email_Abuse

New Vulnerability Scanner Released: SNSI V1.0

I told you about this puppy before, and it's here now. Let me be frank about this tool in its first incarnation. Like almost every V1.0 product, it works, but ours isn't pretty...yet. You've got wheels, an engine, a body and controls. It gets you from A to B. The reporting is unique in that it gives you easy instructions you can apply FAST how to patch each hole it finds. We wanted to get it out to you ASAP so that you could actually start scanning your networks using a WORLD CLASS vulnerability database, for a KILLER PRICE.

The GUI isn't necessarily pretty, but it gets the job done. SNSI scans Windows machines you see in the Network Neighborhood. It doesn't do IP scanning yet. In a few months it will do that too, and V2.0 will look a lot nicer. We did not go for looks in V1.0. We wanted you to have an affordable tool to secure your networks, using a vulnerability database that is military spec. Compare SNSI to a Bradley fighting vehicle, it ain't pretty but you sure get protection. SNSI is here now. You are invited to take it for a ride on one machine. Ask your Rep if you want to scan more machines. If you buy SNSI now, you have my commitment that when you get your future versions you will be VERY glad you got in on the ground floor with a price this low.
http://www.w2knews.com/rd/rd.cfm?id=040301RN-SNSI

Wake Up Call: Critical Windows Vulnerability Alerts

Patch management solutions remain on the front lines of network security. Closing the gap is the problem. How to decide when ( and if) to patch a hole becomes quite a headache. Microsoft?s recent new patch alerts stand as a visible reminder that networks remain vulnerable. As an IT admin, you need to continue your vigilance to ensure system integrity, as the threat level still ranks extremely high. As of mid-February, the Redmond software giant released seven new hotfixes to protect against newly discovered flaws ? one more than in the same period the year before.

MSO4-007 is the latest and most critical patch, and corrects a security weakness that could allow hackers to take complete control of a compromised system to install malicious programs, modify or delete data, or create new administrative accounts. The MS04-006 patch fixes vulnerability in the Windows Internet Naming Service (WINS), which could allow the launching of denial-of-service attacks on Windows 2003 servers.

Third-party patch management providers have responded by advising their users to verify that the latest Microsoft security fixes are installed in accordance with their organizations' IT policies. If implemented correctly, solutions like UpdateEXPERT can automatically test, validate and deploy the patches in rapid fashion.

The latest Microsoft alerts underscore the critical role that independent patch management tools will continue to have in the coming years to reduce the time and effort in safely deploying hotfixes, while helping system admins comply with security procedures. UpdateEXPERT validates patch effectiveness, histories and co-dependencies, check out the features here:
http://www.w2knews.com/rd/rd.cfm?id=040301RN-UpdateExpert

Mobile Showcase 2004

Free Registration For First 50 Qualified IT People! May 3-5, 2004 - The Hyatt Grand Champions Indian Wells, in CA will feature the Mobile Showcase 2004 which allows enterprise IT decision makers to see the latest and greatest mobile computing and wireless data communications products and services live on stage.

In two days, more than 50 companies will demonstrate their mobile and wireless product/service. The program is complemented by a number of keynote addresses and fireside chats with some of the industry?s leading visionaries. Click below and submit your qualifying form today to be considered for a free registration ? worth $2,495.00. Visit their website for more information on the conference.
http://www.w2knews.com/rd/rd.cfm?id=040301RN-Mobile_Showcase

sonicadmin Conquers MyDoom Virus

NY construction firm wages wireless war with virus! Gottlieb Skanska, Inc., an industrial construction firm based in Valley Stream, N.Y., successfully fended off the MyDoom virus last week using the mobile IT event management capabilities of sonicadmin. CIO Neal LoCurto explains: "We have servers running along the entire east coast and stretching as far west as Texas. If not for sonicadmin, I don't know how we would do it. The amount of outsourcing it has helped us cut back on alone will allow sonicadmin to pay for itself in no time. I no longer have to give one of our consultants a call to reboot a server, or cycle a router."

On the move with their Blackberry wireless PDAs, Mr. LoCurto and his IT manager were able to deal with the many symptoms that had arisen due to the MyDoom virus outbreak. "The past week dealing with Virus issues has only strengthened our love for sonicadmin", added Mr. LoCurto, "sonicadmin has been a real lifesaver (and money saver to boot)." Here's more about the product:
http://www.w2knews.com/rd/rd.cfm?id=040301RN-sonicadmin

Need To Recover Deleted Files Domain-wide?

Sometimes a virus breaks through despite one's best efforts. The recent MyDoom.F deletes all Word and Excel files it finds, and spreads as fast as it can. In such cases, where users have been stilly enough to keep files on their hard disks instead of their user shares, they will make frantic calls to... you guessed it: You.

There is an admin license available for File Rescue Plus, that allows you to undelete files on any machine you manage. It's one of those tools you might want to have in your kit. Here's more about the roaming Admin License ($950.00 USD)
http://www.w2knews.com/rd/rd.cfm?id=040301RN-FileRescuePlus

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

Dell's Privacy Protection Pack:

Want to prevent your identity from being stolen? Keep snoops out of your PC! Fight back with a combo of these three products -- iHateSpam, iHatePopups and PestPatrol! The new iHateSpam Version 4 kills 95% of irritating spam. iHatePopups for IE blocks many of those frustrating popups that waste time as you surf the web. And PestPatrol looks for adware/spyware that might be lurking in your PC, generating advertising popups, and scans your hard disk for spyware (identity thieves often put spyware on people's hard disks). PestPatrol is one of the essential tools to defend your PC against intrusions. This bundle comes with one year of free updates. Dell has a great combo of tools, at a great price:
http://www.w2knews.com/rd/rd.cfm?id=040301PW-Dell_Protection