- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 8, 2004 (Vol. 9, #10 - Issue #466)
Software Warfare
  This issue of W2Knews™ contains:
    • Software Warfare
    • The Command-Line Diskpart Utility In Windows
    • Microsoft's New Online Training Options
    • A Printer Management Playbook
    • Why Go To XP?
    • Expanding to Windows 2003 Server
    • Uh Oh... Fully Automated XP Patching Looms
    • 15 Amazon Bucks For The First 100: SURVEY
    • iHateSpam Server User Feedback
    • Do Virus Epidemics Create A False Sense Of Security?
    • Kings Of Spam
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • New: Sunbelt Network Security Inspector Goes Gold
  SPONSOR: Ecora Enterprise Auditor
Get 7 must-have security reports for Windows Systems.
Automate multi-platform configuration reporting, change tracking,
and disaster recovery protocols. Developed by Windows experts,
this guide shows you exactly what to look for, and covers
critical configuration settings with security implications. These
reports are templates ready for you to use today in your
Visit Ecora Enterprise Auditor for more information.

Software Warfare

Thanks for all the feedback you sent on patching. I'll mention one in particular: Michael Cherry is the OS Lead Analyst of Directions on Microsoft. He mentioned that apart from the shorter and shorter durations between vulnerabilities and their exploits, there is one thing which may be more alarming than the shrinking "exploit dates". There is an increasing duration between service packs!

While Microsoft has made improvements in Trustworthy Computing, patching (Secure by Deployment) still needs work. It will be interesting to see them deliver the promised improvements this summer. The quote of the day below is definitely applicable.

The picture gets bigger though. The Washington Post just reported that in January 1982, President Ronald Reagan approved a CIA plan to sabotage the economy of the Soviet Union through covert transfers of technology that contained hidden malfunctions, including software that later triggered a huge explosion in a Siberian natural gas pipeline, according to a new memoir by a Reagan White House official.

Thomas C. Reed, a former Air Force secretary who was serving in the National Security Council at the time, describes the episode in "At the Abyss: An Insider's History of the Cold War," to be published next month by Ballantine Books. Reed writes that the pipeline explosion was just one example of "cold-eyed economic warfare" against the Soviet Union that the CIA carried out under Director William J. Casey during the final years of the Cold War.

What goes around comes around. Call it Karma. Someone might well be doing something similar to us. It could be someone in the U.S. or outside it. If you are in a sensitive environment it would pay to be paranoid enough to require the source code be disclosed and/or thoroughly vetted. Seems like a potentially serious security problem if you ask me.

Quotes of the Week:
- "Save The Internet -- Keep Your Systems Patched!"
- "He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself." --Thomas Paine

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Are your servers protected? Disaster Recovery is #1 priority.
New: Professional Services - A Guarantee to make it work in your
environment for a fixed price! Ask your Rep for details.
Do you have to have a tested plan and reliable tools in place for
the moment your site goes down? DOUBLE-TAKE is that tool. Sold
more than all other High-Availability tools combined.
It is even certified for W2K Datacenter. No other HA tool is.
Visit Double-Take for more information.

The Command-Line Diskpart Utility In Windows

DISKPART is a command-line utility for manipulating disk partitions in Windows 2000, Windows XP Home and Professional, and W2K3 Server. Here's a rundown of the most common commands used by DISKPART, over at SearchWin2000:

Microsoft's New Online Training Options

Redmond recently announced a battery of e-learning courses for W2K3 Server topics. At $199 per course, they are a real bargain, and help compress two to five days in the classroom into much shorter lecture periods. Here's a quick overview of the training options.

A Printer Management Playbook

Printer management is a fact of life for most network admins. Consider this required reading for understanding the ins and outs of setting up, fine tuning and troubleshooting those persnickety peripherals.

And if you need a tool to really manage printers and the cost of toner and paper, this is the world's best selling print management tool: Print Manager Plus. It allows you to set quotas for paper, do billing per department for printer use, and much much more:

Why Go To XP?

A discussion on the NTSYSADMIN list this week is interesting enough to summarize here:

Q: "I am having a hard time justifying a move to XP for our company. We are on W2K now and besides the pretty interface (which will actually cause problems with your run-of-the-mill user) I don't see enough benefits to justify the efforts. It has Remote Desktop, but I can load that on W2K if I wanted it. What else am I missing? I think we may just go with Office 2003 on W2K unless there is some great reason for the OS update. -- Charles

A: My reasons for XP over 2000 include:
* Better HyperThreading support
* Better support for mobile computing
* Remote Desktop
* Remote Assistance
* Better Group Policy support
* Better Admin functionality (such as being able to run GPMC)
* Remote Desktop!!
* Better wireless support
* Less reboots
* Better administration (via some extra CLI tools)
* Longer lifecycle
* Support for 64-bit systems

As far as the interface, it can be made to look like 2000 for those who are bugged by the new interface. -- Andrew.

You can subscribe to this list here. (High Traffic)


Expanding to Windows 2003 Server

Oliver Risk is a columnist at InfoWorld. He just wrote an article about W2K3 that nicely summarizes the benefits of what W2K3 brings to your domains. It's worth having a look at, since you may very well be mulling that migration! He starts his article with this:

"The economy is coming back. No, really. President Bush and The Wall Street Journal agree, so it's got to be true. Those indicators notwithstanding, there does seem to be an actual pulse to the tech industry of late, and much of it comes in the form of business expansion. Whether your company just purchased another enterprise or simply expanded its operations to include more locations, I'm here to tell you that Windows 2003 Server can make your life a whole lot simpler.

Uh Oh... Fully Automated XP Patching Looms

Redmond plans to release a new version XP, and that flavor will automatically download and install patches. It's all in the name of security. Looks like that mid this year, XP users will be able to download XP SP2 that includes this functionality, as well as a stronger Internet firewall, new virus protection and a pop-up blocker.

The millions of home computer users who surf the Internet but are not computer security experts are probably benefited by this, but business users should think twice before they deploy this SP2. With this SP2, customers give their consent once and Redmond will download and install patches for them.

SP2 is one of the first results of the "secure computing" project that MS launched in January 2002. It's obvious that this whole scheme is designed to get patches installed before hackers can figure out how to exploit the vulnerabilities. For end-users this may be a good idea. In business domains it may break things left, right and center.

Internet Explorer will block pop-ups, as this is (one of many) ways fraudsters use to install malware and spyware. SP2 will contain a new version of its firewall designed to block spyware and other programs from transmitting information out of the user's computer without permission. Unlike in previous versions, this new firewall will be turned on automatically. This may prevent worms from spreading faster.

Redmond is also looking at strategies to prevent hackers from interfering with the automatic update system. An example is Mydoom.B which tried to block infected systems from downloading patches and communicating with the MS update Web site.

And as always, there is also the contrary viewpoint. Someone sent me this:

"I'm not so sure that Trusted Computing is such a good thing. It sounds like a good idea, but when you read about what it really is, it sounds pretty bad. Microsoft will be able to lock you into their products leaving no easy way to switch to any alternative because all the files you created with Microsoft products will only be able to be read by Microsoft products. You won't have direct control over your hardware anymore, and the licensing fees will keep small soft- and hardware developers from entering the market. A lot of people say this is going to have a huge impact on innovation."

Here's a good website to check out:

15 Amazon Bucks For The First 100: SURVEY

Survey.com is currently conducting a survey among workstation purchasers and users about their satisfaction and experience with technical, high performance workstations running Windows, Linux, or Solaris. If you are workstation user, OR are involved in purchasing/recommending workstations at your company - this is a survey for you! The first 100 people who qualify and take the survey get $15 in Amazon.com gift certificates. Click here to take the survey (US only, please):


iHateSpam Server User Feedback

We received this just yesterday after a customer ran setup.

"So far, so good! As time has permitted, I've worked at fine- tuning policies and rules as well as the levels at which spam is deleted versus quarantined. The amount of spam that we used to receive daily has dropped tremendously. My users have been delighted with the manner in which the Quarantine function works, and I have to admit that it's removed a huge burden from me as well... No longer do I have to spend a couple hours out of my day examining quarantined files as the employees are taking responsibility for their own."

You can have 30 spam free days for your users, and save lots of your own valuable time to boot:

Do Virus Epidemics Create A False Sense Of Security?

Those folks at PandaLabs really have their act together, not just in developing antivirus solutions but also in creating a strong warning system that alerts corporate and consumer end users with up-to-the-minute reports. They also have a unique perspective regarding the dangers of the current virus warfare propagated on the Internet and how the current epidemics seem to lessen the impact on the public.

As antivirus providers work at an unprecedented rate to counter the efforts of virus writers, users and administrators become desensitized to this constant level of alert. This creates a false sense of security where any new alert is just treated as the norm. It's the story of "The boy who cried wolf" all over again. If we stop paying attention to warnings about infections and start taking for granted alert situations, even more systems will fall prey to viruses on the prowl.

PandaLabs is rightly concerned that in this climate of cyber insecurity, it is probable that there will be some kind of attack against Internet servers. Hackers had a 'trial run' with the Santa Cruz Operation and the Mydoom worm so it is easy to imagine large-scale attacks on other server types with potentially serious repercussions; financial servers for example.

This situation is compounded by the constant appearance of new variants, such as J and K of Bagle, and variant G of Mydoom. The code of these new variants includes messages aimed at the author of Netsky that criticize this worm and challenge the Netsky author to a war. The latest variant of Netsky to emerge is F, accepting the challenge of these malicious codes.

"This is the first time," explains Luis Corrons, PandaLabs manager, "that confrontation between virus authors has been so clearly demonstrated. For this reason and due to virus authors' thirst for attention, we can expect new variants to appear that will try to steal the spotlight. It is more important than ever to ensure that you have an effective and updated antivirus installed that is capable of detecting these new malicious codes that infect computers worldwide."

ActiveScan, Panda Software's free online antivirus can scan your network and discover any malicious code that might be lurking undetected by your current antivirus solution, click here!

Kings Of Spam

The US, Canada, China, South Korea and the Netherlands are the top-five countries that originate spam, said Sophos after a recent analysis. They looked at all spam over a period of two days in Feb 2004. These messages were traced to see where they came from. The USA was by far highest with 56,7% of all spam, Canada scored 6,8%, China about 6,2% and Korea en Holland were respectively 5,8% and 2,1%. The other countries in the Top-12 were Brazil, Germany, France, the UK, Australia, Mexico and Spain. Sophos admits that the results are close estimates, as more than 30% of all spam is being sent from infected zombie machines.

And here is something interesting to check out. Doubts dog Microsoft's anti-spam plans. Network World Article:


This Week's Links We Like. Tips, Hints And Fun Stuff


New: Sunbelt Network Security Inspector Goes Gold

A World-Class Scanner That Won't Make a Hole in Your Budget! Close the door on hackers. You can't close the door if you don't know which one is open. That's why we designed SNSI: A low-cost, quick-install, fast-result vulnerability scanner. Uses a top quality, commercial-grade vulnerability database. SNSI is licensed per Admin. Version 1.0 has gone gold, and your Rep can unlock the eval for your full 30-day period.