Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 8, 2004 (Vol. 9, #10 - Issue #466)
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- The Command-Line Diskpart Utility In Windows
- Microsoft's New Online Training Options
- A Printer Management Playbook
- Why Go To XP?
- NT/2000 RELATED NEWS
- Expanding to Windows 2003 Server
- Uh Oh... Fully Automated XP Patching Looms
- 15 Amazon Bucks For The First 100: SURVEY
- NT/2000 THIRD PARTY NEWS
- iHateSpam Server User Feedback
- Do Virus Epidemics Create A False Sense Of Security?
- Kings Of Spam
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- New: Sunbelt Network Security Inspector Goes Gold
SPONSOR: Ecora Enterprise Auditor
Get 7 must-have security reports for Windows Systems.
Automate multi-platform configuration reporting, change tracking,
and disaster recovery protocols. Developed by Windows experts,
this guide shows you exactly what to look for, and covers
critical configuration settings with security implications. These
reports are templates ready for you to use today in your
Visit Ecora Enterprise Auditor for more information.
Thanks for all the feedback you sent on patching. I'll mention
one in particular: Michael Cherry is the OS Lead Analyst of
Directions on Microsoft. He mentioned that apart from the shorter
and shorter durations between vulnerabilities and their exploits,
there is one thing which may be more alarming than the shrinking
"exploit dates". There is an increasing duration between service
While Microsoft has made improvements in Trustworthy Computing,
patching (Secure by Deployment) still needs work. It will be
interesting to see them deliver the promised improvements this
summer. The quote of the day below is definitely applicable.
The picture gets bigger though. The Washington Post just reported
that in January 1982, President Ronald Reagan approved a CIA
plan to sabotage the economy of the Soviet Union through covert
transfers of technology that contained hidden malfunctions,
including software that later triggered a huge explosion in a
Siberian natural gas pipeline, according to a new memoir by a
Reagan White House official.
Thomas C. Reed, a former Air Force secretary who was serving in
the National Security Council at the time, describes the episode
in "At the Abyss: An Insider's History of the Cold War," to be
published next month by Ballantine Books. Reed writes that the
pipeline explosion was just one example of "cold-eyed economic
warfare" against the Soviet Union that the CIA carried out under
Director William J. Casey during the final years of the Cold War.
What goes around comes around. Call it Karma. Someone might well
be doing something similar to us. It could be someone in the U.S.
or outside it. If you are in a sensitive environment it would
pay to be paranoid enough to require the source code be disclosed
and/or thoroughly vetted. Seems like a potentially serious
security problem if you ask me.
Quotes of the Week:
- "Save The Internet -- Keep Your Systems Patched!"
- "He that would make his own liberty secure must guard even his
enemy from oppression; for if he violates this duty he establishes
a precedent that will reach to himself." --Thomas Paine
(email me with feedback: [email protected])
Are your servers protected? Disaster Recovery is #1 priority.
New: Professional Services - A Guarantee to make it work in your
environment for a fixed price! Ask your Rep for details.
Do you have to have a tested plan and reliable tools in place for
the moment your site goes down? DOUBLE-TAKE is that tool. Sold
more than all other High-Availability tools combined.
It is even certified for W2K Datacenter. No other HA tool is.
Visit Double-Take for more information.
The Command-Line Diskpart Utility In Windows
DISKPART is a command-line utility for manipulating disk partitions
in Windows 2000, Windows XP Home and Professional, and W2K3 Server.
Here's a rundown of the most common commands used by DISKPART, over
Microsoft's New Online Training Options
Redmond recently announced a battery of e-learning courses for
W2K3 Server topics. At $199 per course, they are a real bargain, and
help compress two to five days in the classroom into much shorter
lecture periods. Here's a quick overview of the training options.
A Printer Management Playbook
Printer management is a fact of life for most network admins.
Consider this required reading for understanding the ins and
outs of setting up, fine tuning and troubleshooting those
And if you need a tool to really manage printers and the cost
of toner and paper, this is the world's best selling print
management tool: Print Manager Plus. It allows you to set
quotas for paper, do billing per department for printer use,
and much much more:
Why Go To XP?
A discussion on the NTSYSADMIN list this week is interesting
enough to summarize here:
Q: "I am having a hard time justifying a move to XP for our
company. We are on W2K now and besides the pretty interface
(which will actually cause problems with your run-of-the-mill
user) I don't see enough benefits to justify the efforts. It
has Remote Desktop, but I can load that on W2K if I wanted it.
What else am I missing? I think we may just go with Office
2003 on W2K unless there is some great reason for the OS
update. -- Charles
A: My reasons for XP over 2000 include:
* Better HyperThreading support
* Better support for mobile computing
* Remote Desktop
* Remote Assistance
* Better Group Policy support
* Better Admin functionality (such as being able to run GPMC)
* Remote Desktop!!
* Better wireless support
* Less reboots
* Better administration (via some extra CLI tools)
* Longer lifecycle
* Support for 64-bit systems
As far as the interface, it can be made to look like 2000 for
those who are bugged by the new interface. -- Andrew.
You can subscribe to this list here. (High Traffic)
NT/2000 RELATED NEWS
Expanding to Windows 2003 Server
Oliver Risk is a columnist at InfoWorld. He just wrote an article
about W2K3 that nicely summarizes the benefits of what W2K3 brings
to your domains. It's worth having a look at, since you may very
well be mulling that migration! He starts his article with this:
"The economy is coming back. No, really. President Bush and
The Wall Street Journal agree, so it's got to be true. Those
indicators notwithstanding, there does seem to be an actual pulse
to the tech industry of late, and much of it comes in the form
of business expansion. Whether your company just purchased another
enterprise or simply expanded its operations to include more
locations, I'm here to tell you that Windows 2003 Server can
make your life a whole lot simpler.
Uh Oh... Fully Automated XP Patching Looms
Redmond plans to release a new version XP, and that flavor will
automatically download and install patches. It's all in the name
of security. Looks like that mid this year, XP users will be
able to download XP SP2 that includes this functionality, as
well as a stronger Internet firewall, new virus protection and a
The millions of home computer users who surf the Internet but
are not computer security experts are probably benefited by
this, but business users should think twice before they deploy
this SP2. With this SP2, customers give their consent once and
Redmond will download and install patches for them.
SP2 is one of the first results of the "secure computing" project
that MS launched in January 2002. It's obvious that this whole
scheme is designed to get patches installed before hackers can
figure out how to exploit the vulnerabilities. For end-users
this may be a good idea. In business domains it may break things
left, right and center.
Internet Explorer will block pop-ups, as this is (one of many)
ways fraudsters use to install malware and spyware. SP2 will
contain a new version of its firewall designed to block spyware
and other programs from transmitting information out of the
user's computer without permission. Unlike in previous versions,
this new firewall will be turned on automatically. This may
prevent worms from spreading faster.
Redmond is also looking at strategies to prevent hackers from
interfering with the automatic update system. An example is
Mydoom.B which tried to block infected systems from downloading
patches and communicating with the MS update Web site.
And as always, there is also the contrary viewpoint. Someone
sent me this:
"I'm not so sure that Trusted Computing is such a good thing.
It sounds like a good idea, but when you read about what it
really is, it sounds pretty bad. Microsoft will be able to lock
you into their products leaving no easy way to switch to any
alternative because all the files you created with Microsoft
products will only be able to be read by Microsoft products.
You won't have direct control over your hardware anymore, and
the licensing fees will keep small soft- and hardware developers
from entering the market. A lot of people say this is going
to have a huge impact on innovation."
Here's a good website to check out:
15 Amazon Bucks For The First 100: SURVEY
Survey.com is currently conducting a survey among workstation
purchasers and users about their satisfaction and experience
with technical, high performance workstations running Windows,
Linux, or Solaris. If you are workstation user, OR are involved
in purchasing/recommending workstations at your company - this
is a survey for you! The first 100 people who qualify and take
the survey get $15 in Amazon.com gift certificates. Click here
to take the survey (US only, please):
THIRD PARTY NEWS
iHateSpam Server User Feedback
We received this just yesterday after a customer ran setup.
"So far, so good! As time has permitted, I've worked at fine-
tuning policies and rules as well as the levels at which spam
is deleted versus quarantined. The amount of spam that we used
to receive daily has dropped tremendously. My users have been
delighted with the manner in which the Quarantine function works,
and I have to admit that it's removed a huge burden from me as
well... No longer do I have to spend a couple hours out of my
day examining quarantined files as the employees are taking
responsibility for their own."
You can have 30 spam free days for your users, and save lots of
your own valuable time to boot:
Do Virus Epidemics Create A False Sense Of Security?
Those folks at PandaLabs really have their act together, not just
in developing antivirus solutions but also in creating a strong
warning system that alerts corporate and consumer end users with
up-to-the-minute reports. They also have a unique perspective
regarding the dangers of the current virus warfare propagated
on the Internet and how the current epidemics seem to lessen
the impact on the public.
As antivirus providers work at an unprecedented rate to counter
the efforts of virus writers, users and administrators become
desensitized to this constant level of alert. This creates a
false sense of security where any new alert is just treated
as the norm. It's the story of "The boy who cried wolf" all
over again. If we stop paying attention to warnings about
infections and start taking for granted alert situations, even
more systems will fall prey to viruses on the prowl.
PandaLabs is rightly concerned that in this climate of cyber
insecurity, it is probable that there will be some kind of
attack against Internet servers. Hackers had a 'trial run'
with the Santa Cruz Operation and the Mydoom worm so it is
easy to imagine large-scale attacks on other server types with
potentially serious repercussions; financial servers for example.
This situation is compounded by the constant appearance of new
variants, such as J and K of Bagle, and variant G of Mydoom.
The code of these new variants includes messages aimed at the
author of Netsky that criticize this worm and challenge the
Netsky author to a war. The latest variant of Netsky to emerge
is F, accepting the challenge of these malicious codes.
"This is the first time," explains Luis Corrons, PandaLabs
manager, "that confrontation between virus authors has been
so clearly demonstrated. For this reason and due to virus
authors' thirst for attention, we can expect new variants
to appear that will try to steal the spotlight. It is more
important than ever to ensure that you have an effective and
updated antivirus installed that is capable of detecting
these new malicious codes that infect computers worldwide."
ActiveScan, Panda Software's free online antivirus can scan
your network and discover any malicious code that might be
lurking undetected by your current antivirus solution, click
Kings Of Spam
The US, Canada, China, South Korea and the Netherlands are the
top-five countries that originate spam, said Sophos after a
recent analysis. They looked at all spam over a period of two
days in Feb 2004. These messages were traced to see where they
came from. The USA was by far highest with 56,7% of all spam,
Canada scored 6,8%, China about 6,2% and Korea en Holland
were respectively 5,8% and 2,1%. The other countries in the
Top-12 were Brazil, Germany, France, the UK, Australia, Mexico
and Spain. Sophos admits that the results are close estimates,
as more than 30% of all spam is being sent from infected zombie
And here is something interesting to check out. Doubts dog
Microsoft's anti-spam plans. Network World Article:
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
New: Sunbelt Network Security Inspector Goes Gold
A World-Class Scanner That Won't Make a Hole in Your Budget!
Close the door on hackers. You can't close the door if you don't
know which one is open. That's why we designed SNSI: A low-cost,
quick-install, fast-result vulnerability scanner. Uses a top
quality, commercial-grade vulnerability database. SNSI is
licensed per Admin. Version 1.0 has gone gold, and your Rep
can unlock the eval for your full 30-day period.