Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 1, 2004 (Vol. 9, #9 - Issue #465)
The "Patch Gap"
This issue of W2Knews contains:
- EDITORS CORNER
- The "Patch Gap"
- Last Call: MS and Sunbelt Software Jointly Announce...
- 2004 W2Knews Target Awards
- SunPoll: Product Eval Time
- TECH BRIEFING
- Building Boot Floppies For Win XP Installations
- Windows 2003 Gotcha: Opportunistic File Locking
- NT/2000 RELATED NEWS
- Network World: Windows 2003 = Winner
- Microsoft To Beef Up SMTP Relay For Exchange
- Active Directory Security Best Practices
- NT/2000 THIRD PARTY NEWS
- Missed The iHateSpam for Exchange Webinar?
- New Vulnerability Scanner Released: SNSI V1.0
- Wake Up Call: Critical Windows Vulnerability Alerts
- Mobile Showcase 2004
- sonicadmin Conquers MyDoom Virus
- Need To Recover Deleted Files Domain-wide?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Dell's Privacy Protection Pack:
SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda
Antivirus GateDefender 7200 (500 seats+) provide the highest
scalability with native load balancing that transparently adapts
to traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.
The "Patch Gap"
Microsoft has heard and understood they need to work on one
thing: Security, security, security. It is Redmond's biggest
downfall. It's going to take time but their "Trusted Computing"
initiative will pay off in my opinion. The question is if it
will be soon enough. The method they now use to build software is:
"Secure by Design, Secure by Default, and Secure by Deployment".
Redmond has undergone a 'Security Mobilization' and all new
products must meet these Trusted Computing guidelines. Here is
a new MS acronym for you: NGSCB. It stands for Next Generation
Secure Code Base. It's the latest buzzword in Seattle.
But MS can produce secure code as much as it wants, if we don't
keep up with patches everyone is still at risk. And it does not
get any better either. For instance, there is a worm out there
now, using an IE vulnerability that does not even have a patch
for it. The grim reality is that if you look at the time between
release of a patch and when hackers have developed a virus
exploiting the vulnerability it gets awfully short:
It's easy to see where this goes. It will be less than one day
after a patch is released that a virus will be released that
exploits it. Think this through for a moment, it means that the
'second Tuesday of the Month' patch release schedule is doomed:
always too late. You need to have a layered security posture
with both scanning and patching elevated to a high art. See the
Third Party Tools section for some help on this, and the Fave
Links for a list of known but yet unpatched IE holes.
- Nimda: 331 Days
- SQL Slammer: 180 days
- Welchia/Nachi: 151 days
- Blaster: 25 days
Last Call: MS and Sunbelt Software Jointly Announce...
Put this one in your planner for March 3rd! Microsoft and Sunbelt
Software jointly announce the Microsoft Executive Circle Webcast:
How to Protect Your Enterprise from Spam: Solutions for Microsoft
Exchange. Get more information and register on the web here:
2004 W2Knews Target Awards
It's the Oscar Weekend for the movie industry, but it's time to
vote for your favorite system admin tool at the 2004 W2Knews
Target Awards! Voting starts next week. Winners will be announced
at Tech.Ed 2004 in San Diego, CA (May 23-29). Check out the finalists
SunPoll: Product Eval Time
We'd like your feedback on the minimum amount of functionality
you require for a security scanner. This is a very quick survey:
Here is the question: "To determine if I want to purchase a
security vulnerability scanner, as an absolute minimum, I need
the evaluation of that tool be as follows:"
Please VOTE here, rightmost column:
- Scan one machine is sufficient to see if I want the product.
- I would need to scan a minimum of 8 machines during the eval.
- I want to see 16 machines over a month to be able to say yes.
- I need a full, unlimited 30-day eval that times out.
- I understand there needs to be some limitation, but none
of the above options fit what I need.
I'd like email feedback on this one as well, if you have any
bright ideas in this direction.
The Quotes of the Week are a little longer than usual. The
Washington Post's Style Invitational asked readers to take any
word from the dictionary, alter it by adding, subtracting, or
changing one letter, and supply a new definition. Here are some
recent winners: [grin]
- Intaxication: Euphoria at getting a tax refund, which lasts
until you realize it was your money to start with.
- Reintarnation: Coming back to life as a hillbilly.
- Foreploy: Any misrepresentation about yourself for the
purpose of getting laid.
- Sarchasm: The gulf between the author of sarcastic wit and
the person who doesn't get it.
- Inoculatte: To take coffee intravenously when you are running
- Ignoranus: A person who's both stupid and an... you got it.
(email me with feedback: [email protected])
SPONSOR: MCP Magazine's TechMentor Conference
Get solutions to your toughest networking problems at TechMentor
April 4-8 in New Orleans. Windows networking, messaging and
security experts will lead more than 50 technical training courses
on Windows Server 2003, security, Group Policies, A/D, scripting,
server administration, and more. In less than a week, you?ll gain
practical solutions to manage your network smarter, faster and
more effectively. Register by March 12 and save up to $300!
Visit MCP Magazine's TechMentor Conference for more information.
Building Boot Floppies For Win XP Installations
The standard and most commonly-employed method for installing XP,
both Home and Professional, involves booting the installation CD
and running the install program from it. In a few cases, however,
booting from CD may not be possible or practical -- for instance,
if the system in question does not support CD booting, or if the
installation image for whatever reason is not bootable. If there
is no recourse to the original media, a boot floppy may be the
only viable solution. Here is how to:
Windows 2003 Gotcha: Opportunistic File Locking
With the release of a new server OS there is always associated
joy and fear. Here is a horror story for y'all to learn and be
warned. This was sent in by a subscriber:
"I have been running W2K3 since it was a beta and had no problems
with the OS. I then decided it was becoming time to start offering
it to my customers so the first step was to get my office running
it first. I upgraded the servers all to Windows Server 2003 and
as with most engineers I was rushed back into the wild to fix
something and let the office jockeys run on it.
I felt that I had a successful migration after a few weeks so I
moved on to a contract customer of mine that I have had for six
years. I upgraded his Dell PowerEdge 1500SC from Windows 2000
Server to 2003 and immediately the users started complaining
of problem accessing there QuickBooks files, then the no access
turned into file corruption. This customer also runs a older
Paradox database system on the server and files started becoming
corrupt with it as well.
I ran through the basic troubleshooting, then the second phase
of troubleshooting all with no victory. I called QuickBooks and
they said must be hardware, I called Dell and the said must be
Windows Server 2003, so I called MS and they said it must be
hardware. To shorten this up some I removed Windows 2003 upgrade
and reinstalled Windows 2000 Server and the problems immediately
went away. The only thing at time my searches on the internet
showed had something to do with Opportunistic File locking
features in Windows, but nothing conclusive to me.
So I put it on the back burner until yesterday and started
searching again, wow what a difference a month makes, now
people all over the place are having the same problems with
Windows Server 2003 and Database applications, it seems
opportunistic file locking is the problem, I found one news
group posting where someone stated that Great Plains was
experiencing this problem so I took a shot and called our
Great Plains contact at MS and he stated that MS had patched
it for them but he was not allowed to release it to anyone
not running Great Plains. To wrap this up Microsoft has let
down an engineer that lives and breathes their product, I make
my living off of this software and to be told first that nothing
is wrong (must be hardware) and then told that they have a
fix but it is only for the big clients is not pretty."
NT/2000 RELATED NEWS
Network World: Windows 2003 = Winner
Very interesting test at Network World. Based on testing of
five major operating systems geared to run on enterprise-level
servers we conducted this year, Microsoft's Windows Server 2003
comes out on top. Network World did an objective test on the
current most popular OSes. Guess what: W2K3 came out a winner.
They started the article like this, and there is a link to the
full scores below. "Picking the top server or network operating
system is like volunteering to sit in the front row at a biblical
stoning. You're likely to get hit in the back of the head from
every direction. [As per Monty Python: A STONING! A STONING!]
"That said, based on testing of five major operating systems
geared to run on enterprise-level servers we conducted this
year, Microsoft's Windows Server 2003 comes out on top with
Novell NetWare and Red Hat Linux following closely. But note,
we base our claims on our testing and acknowledge that they
don't necessarily apply across the board.
"We tested the enterprise edition of Microsoft's newest release,
NetWare 6.5, Red Hat Linux Advanced Server 9.0, SuSe Linux -
as a representative of the UnitedLinux effort - and Apple's
OS/X 10.2.5. While this set of individual tests was not pitched
as a head-to-head comparison, we used the same performance
methodology and evaluation criteria across the tests. We also
used the same hardware for all tests, with the exception of
OS/X running on Apple's Xserve platform. Check the results
for yourself at:
Microsoft To Beef Up SMTP Relay For Exchange
As part of its effort to combat spam and viruses, Microsoft
announced last week that it will make improvements to the
Simple Mail Transfer Protocol (SMTP) relay for its Exchange
messaging platform. More about this at the new SearchExchange
Active Directory Security Best Practices
As an IT administrator or a security officer in any organization,
you should take steps to protect and sustain Active Directory
from intentional and unintentional damage from authorized and
unauthorized users. In any and all situations, layered security
is the best method to use when planning and designing a security
solution. Here's what the three layers are you need to have:
And here is a unique tool to get at least part of the first
layer in place:
THIRD PARTY NEWS
Missed The iHateSpam for Exchange Webinar?
Last week's webinar is posted on all three iHateSpam enterprise
edition product pages with the Yellow "Latest webinar" button.
The last session was a great combination of iHateSpam features
across all platforms - Exchange 5.5, 2000 and 2003. Check it out
Here is the Jan 2004 Email Abuse Report, showing some very
interesting spam related stats. We cannot send this info in
W2Knews because every filter would go frantic and throw a
hissy fit. [grin]
New Vulnerability Scanner Released: SNSI V1.0
I told you about this puppy before, and it's here now. Let me
be frank about this tool in its first incarnation. Like almost
every V1.0 product, it works, but ours isn't pretty...yet.
You've got wheels, an engine, a body and controls. It gets
you from A to B. The reporting is unique in that it gives
you easy instructions you can apply FAST how to patch each
hole it finds. We wanted to get it out to you ASAP so that
you could actually start scanning your networks using a
WORLD CLASS vulnerability database, for a KILLER PRICE.
The GUI isn't necessarily pretty, but it gets the job done.
SNSI scans Windows machines you see in the Network Neighborhood.
It doesn't do IP scanning yet. In a few months it will do that
too, and V2.0 will look a lot nicer. We did not go for looks
in V1.0. We wanted you to have an affordable tool to secure
your networks, using a vulnerability database that is military
spec. Compare SNSI to a Bradley fighting vehicle, it ain't
pretty but you sure get protection. SNSI is here now. You are
invited to take it for a ride on one machine. Ask your Rep
if you want to scan more machines. If you buy SNSI now, you
have my commitment that when you get your future versions you
will be VERY glad you got in on the ground floor with a price
Wake Up Call: Critical Windows Vulnerability Alerts
Patch management solutions remain on the front lines of network
security. Closing the gap is the problem. How to decide when (
and if) to patch a hole becomes quite a headache.
Microsoft?s recent new patch alerts stand as a visible reminder
that networks remain vulnerable. As an IT admin, you need to
continue your vigilance to ensure system integrity, as the
threat level still ranks extremely high. As of mid-February,
the Redmond software giant released seven new hotfixes to protect
against newly discovered flaws ? one more than in the same period
the year before.
MSO4-007 is the latest and most critical patch, and corrects a
security weakness that could allow hackers to take complete control
of a compromised system to install malicious programs, modify or
delete data, or create new administrative accounts. The MS04-006
patch fixes vulnerability in the Windows Internet Naming Service
(WINS), which could allow the launching of denial-of-service
attacks on Windows 2003 servers.
Third-party patch management providers have responded by advising
their users to verify that the latest Microsoft security fixes
are installed in accordance with their organizations' IT policies.
If implemented correctly, solutions like UpdateEXPERT can
automatically test, validate and deploy the patches in rapid
The latest Microsoft alerts underscore the critical role that
independent patch management tools will continue to have
in the coming years to reduce the time and effort in safely
deploying hotfixes, while helping system admins comply with
security procedures. UpdateEXPERT validates patch effectiveness,
histories and co-dependencies, check out the features here:
Mobile Showcase 2004
Free Registration For First 50 Qualified IT People!
May 3-5, 2004 - The Hyatt Grand Champions Indian Wells, in CA
will feature the Mobile Showcase 2004 which allows enterprise
IT decision makers to see the latest and greatest mobile
computing and wireless data communications products and
services live on stage.
In two days, more than 50 companies will demonstrate their
mobile and wireless product/service. The program is complemented
by a number of keynote addresses and fireside chats with some
of the industry?s leading visionaries. Click below and
submit your qualifying form today to be considered for a free
registration ? worth $2,495.00. Visit their website for more
information on the conference.
sonicadmin Conquers MyDoom Virus
NY construction firm wages wireless war with virus! Gottlieb
Skanska, Inc., an industrial construction firm based in Valley
Stream, N.Y., successfully fended off the MyDoom virus last week
using the mobile IT event management capabilities of sonicadmin.
CIO Neal LoCurto explains: "We have servers running along the
entire east coast and stretching as far west as Texas. If not
for sonicadmin, I don't know how we would do it. The amount of
outsourcing it has helped us cut back on alone will allow
sonicadmin to pay for itself in no time. I no longer have to
give one of our consultants a call to reboot a server, or cycle
On the move with their Blackberry wireless PDAs, Mr. LoCurto
and his IT manager were able to deal with the many symptoms
that had arisen due to the MyDoom virus outbreak. "The past
week dealing with Virus issues has only strengthened our love
for sonicadmin", added Mr. LoCurto, "sonicadmin has been a
real lifesaver (and money saver to boot)." Here's more about
Need To Recover Deleted Files Domain-wide?
Sometimes a virus breaks through despite one's best efforts.
The recent MyDoom.F deletes all Word and Excel files it finds,
and spreads as fast as it can. In such cases, where users have
been stilly enough to keep files on their hard disks instead
of their user shares, they will make frantic calls to... you
guessed it: You.
There is an admin license available for File Rescue Plus,
that allows you to undelete files on any machine you manage.
It's one of those tools you might want to have in your kit.
Here's more about the roaming Admin License ($950.00 USD)
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
Dell's Privacy Protection Pack:
Want to prevent your identity from being stolen? Keep snoops out
of your PC! Fight back with a combo of these three products --
iHateSpam, iHatePopups and PestPatrol! The new iHateSpam Version
4 kills 95% of irritating spam. iHatePopups for IE blocks many of
those frustrating popups that waste time as you surf the web. And
PestPatrol looks for adware/spyware that might be lurking in your
PC, generating advertising popups, and scans your hard disk for
spyware (identity thieves often put spyware on people's hard
disks). PestPatrol is one of the essential tools to defend your
PC against intrusions. This bundle comes with one year of free
updates. Dell has a great combo of tools, at a great price: