Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 29, 2004 (Vol. 9, #13 - Issue #469)
Cursing At Windows Code
This issue of W2Knews contains:
- EDITORS CORNER
- Kevin Mitnick On "The Big One"
- Stay Up To Date With The Latest Software Versions
- Vote For Your Fave Tools
- TECH BRIEFING
- Group Policy, Profiles and IntelliMirror for W2K(3) and XP
- Why Redmond's Delivery of Patch Tools Slips Again
- Deploying Secure Domain Controllers
- Crash Course: Certification
- Improve Mailbox Availability
- First Release Candidate For Windows XP Service Pack 2
- NT/2000 RELATED NEWS
- Cursing At Windows Code
- Speech Server 2004 Announced
- NT/2000 THIRD PARTY NEWS
- iHateSpam Server Finalist in SC Magazine Poll
- The Latest Worm Warcraft: Security App Attack
- Double-Take Reason Dell's New NAS Wins
- The Buddy List Plague
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- LanHound Gets Silver Award For Network/System Management
SPONSOR: Microsoft Tech·Ed 2004
Announcing Microsoft Tech·Ed 2004, May 23 - 28, San Diego, CA.
Microsoft?s definitive technical event for building, deploying,
securing and managing connected solutions. Experience
comprehensive technical content for IT professionals. Choose from
nearly 400 sessions in 11 major technology tracks. Preview new
products, network with peers, and view solutions in action. See
what's new, what's hot, and how to put it to work for you.
Visit Microsoft Tech·Ed 2004 for more information.
Kevin Mitnick On "The Big One"
I was over at InfoSec in Orlando this week. Good sessions, and
a great little Tradeshow. It was buzzing with people looking for
security solutions, and almost a hundred vendors presenting
their wares. Attendance was up 20% over last year. I also had a
chat with Kevin Mitnick, who is now running his "defensive
thinking" consultancy outfit. (I have his business card to prove
When he was asked what the current biggest security hole was
that he knew of, there was no hesitation at all with the answer:
"802.11b". Often employees plug in a WAP unbeknownst to IT, and
haven't got the slightest clue about security or encryption.
Kevin said: "People believe WAPs are like cordless phones."
Social engineering is also still an all-time fave to break into
companies. Security is a people-issue and needs to be handled
with both training and a layered IT defensive posture. He
said he was working on his new book called 'Art of Intrusion'
and when I asked him what he thought of the possibility of
"The Big One" killer virus he said it was possible but he did
not know if it would really happen. Not particularly shocking
news, but talking to him was cool. He showed us a trick with a
cell phone. He called up some one in the room, and was able to
make the Caller-ID show exactly the number he wanted to appear.
In other words, you cannot trust Caller-ID anymore.
I also have some interesting security related stories in the
Third Party Software section.
Stay Up To Date With The Latest Software Versions
Sunbelt has implemented a separate RSS-feed to warn you when new
versions come on-line. We strongly recommend that you get an RSS-reader and add the link below, so you get alerted every time a
new version of your product gets released:
Other useful Sunbelt RSS-Links:
W2Knews via RSS:
WinXPnews via RSS:
Vote For Your Fave Tools
There are a couple of very close races going on! Let your voice
be heard for the fave system admin tools in the 2004 W2Knews
Quote of the Week:
"Companies pray to the god of security every Sunday and sin the
rest of the week." -- Pete Lindstrom, Research Director of the Spire
(email me with feedback: [email protected])
SPONSOR: MILITARY STRENGTH SECURITY SCANNER
Need to close the door on hackers? But "no budget and no time" are
your biggest problems? SNSI solves this problem: a world-class
scanner that does not make a hole in your budget. Better yet,
there is a KILLER competitive upgrade price. Compare that to
other high-end scanners out there. It's easy to see why SNSI is
rapidly becoming a Security Best Seller: The exception to "you
get what you pay for."
Visit MILITARY STRENGTH SECURITY SCANNER for more information.
Group Policy, Profiles and IntelliMirror for W2K(3) and XP
Jeremy Moskowitz's site and book have been overhauled and is a
great place to learn about above topics. You can apply 90-95% of
the material to Windows 2000 users. Even if you have just one
Windows XP machine in your domain, you'll want to take a look.
Why Redmond's Delivery of Patch Tools Slips Again
MS claims customers should not have to pay for patching, and will
continue to provide "basic" patch management for free, Windows
Server executive Steve Anderson says. In an interview, Anderson
describes what customers get gratis, but why it is delayed again.
And here is another interesting quote: "Microsoft Baseline
Security Analyzer 1.2 will be the scanning engine for WUS.
Shavlik is out." Steve Anderson, Windows Server, Marketing
director. More at:
Deploying Secure Domain Controllers
There are 84 services that will appear on a Windows 2003 Server
system when a new fresh installation is performed. This tip
provides a table detailing the default services and what the best
settings are for security. Part four of a series.
Crash Course: Certification
Security and messaging credentials are the newest additions to
Microsoft's ever-changing world of certifications. Here's a wrap-up of the latest in certification and career advancement.
Improve Mailbox Availability
In the past, admins have had two choices on how to perform
restorations in Exchange 2000. You could use an alternate
recovery forest and move the store back to a production server.
Or you could take the store offline. With Exchange 2003, there
is now a recovery storage group. Read how it can save you time
and minimize disruption to your users.
First Release Candidate For Windows XP Service Pack 2
RC 1 offers features that weren't part of the December beta such
as a Windows Security Center accessible from the Windows Control
Panel, a pop-up blocker that's turned on by default and a Windows
Update V5 RC 1 for consumers. The Security Center monitors data
on firewalls, Automatic Update and third-party anti-virus
software. When turned on, the pop-up blocker is supposed to
prevent pop-ups from automatically launching in the IE browser
but let customers to permit pop-up messages on selected sites.
The Windows Update V5 code has been updated to make it easier to
install security updates. Redmond plans to ship Windows XP SP2 by
the end of first half 2004. Here are some screenshots from Paul
If you'd like to get a copy of SP2 RC1 yourself, or just find out
more about it in anticipation of the final release, visit MS's
Technical Preview Program site at:
NT/2000 RELATED NEWS
Cursing At Windows Code
Some one looked at the recently leaked Windows 2000 Sources.
Looks like MS coders are sometimes unhappy with the code that they
produce if you believe their sometimes very embarrassing comments
in the code. And the comments appear in realistic places. Reading
this web site is safe for programmers since there is no actual
code copied, but just the comments.
I'm copying a little bit of the comments the writer made here:
"In the struggle to meet deadlines, I think pretty much all
programmers have put in comments they might later regret,
including swearwords and acerbic comments about other code or
requirements. Also, any conscientious coder will put in prominent
comments warning others about the trickier parts of the code.
Comments like "UGLY TERRIBLE HACK" tend to indicate good code
rather than bad: in bad code ugly terrible hacks are considered
par for the course. It would therefore be both hypocritical and
meaningless to go through the comments looking for
embarrassments. But also fun, so let's go".
We cannot repeat the language in this issue, it would be filtered
out before you'd see it. The writer ends off with an interesting
conclusion. "Microsoft does not steal open-source code. Their
older code is flaky, their modern code excellent. Their
programmers are skilled and enthusiastic. Problems are generally
due to a trade-off of current quality against vast hardware,
software and backward compatibility." The whole story is here:
Speech Server 2004 Announced
Redmond claimed "First!" to offer a single platform combining
the following technologies: 1) web, 2) speech processing and 3)
telephony. It is currently only available for US English, but
more natural language support will be added.
Their new Speech Server was built so that you can unify your web
and telephony infrastructure, and add to that ASP.NET web apps
for speech-enabled access (of course via the phone). The product
includes engines for speech recognition (speech input and
output), a telephony platform, and a voice browser. Looks to be
pretty cool stuff actually.
Speech Server Standard Edition costs $7,999 per processor. The
Enterprise Edition is a whopping $17,999 per processor. More at:
THIRD PARTY NEWS
iHateSpam Server Finalist in SC Magazine Poll
SC Magazine recently ended their yearly poll that asked IT
people for their favorite security tools. In the anti-spam
category, there were 29 products people could vote for, including
products from leading vendors like Brightmail, FrontBridge,
GFI, SurfControl, Symantec and Trend.
Customer votes for iHateSpam Server defeated all these big names,
and made it in the last 4 Finalists. The winner will be revealed
end of April. Here are the 2004 Finalists in all categories, it
is interesting reading to see who made it:
The Latest Worm Warcraft: Security App Attack
Last weekend, the Witty Worm left a trail of destruction behind
itself. It was something new as it specifically targeted apps
from Internet Security Systems like BlackICE en RealSecure.
Experts were surprised by the speed with which Witty replicated,
and its destructive power. Its power was also the reason it
died relatively fast as it killed the systems it attacked.
It was really only active from Saturday through Monday, and hit
about 30,000 systems. Witty sent about 20,000 copies of itself,
after which some parts of the hard disk were overwritten. And
this pattern repeated itself, until the machine crashed because
of this. Other worm writers would call this sloppy design. More:
A related general anti-worm link is how to Configure Outlook to
Block Additional Attachment File Name Extensions:
Double-Take Reason Dell's New NAS Wins
The SearchStorage Site has a good article about choosing NAS.
They started out with: "It's getting harder and harder to tell
network-attached storage (NAS) boxes apart, especially when it
comes to systems based on the Windows Storage Server 2003
"On Monday, Dell Inc., Round Rock, Texas, tried to differentiate
its network-attached storage (NAS) servers with the launch of
PowerVault 745N, a 1U rack system with processor speeds of up
to 3.2 GHz and storage capacity ranging from 160 GB to 4 TB.
The system uses external SCSI-attached storage.
"The 745N, which is designed to help small businesses, workgroups
and branch offices meet growing storage demands, will replace
Dell's own PowerVault 725N -- not to be confused with a separate
line of co-branded storage products sold through a partnership
with EMC Corp."
Kouri ultimately decided on Dell because "the Dell solution
supported a product from NSI Software called Double-Take. Double-Take gave us tons of flexibility when we defined plans for
replication in our overall backup and disaster recovery scheme.
IBM also supported Double-Take, but their solution was much more
expensive and didn't provide the same storage capacities Dell
Here's more about Double-Take and a 30-day eval:
And Double-Take made The SC Mag Judges Awards: 2004 Finalists.
Finalists have been selected in each product category based
on votes cast by the SC Awards Council, a group of over 100
senior infosecurity professionals around the world, supported
by judges deliberations. You can see the Judges List here:
The Buddy List Plague
WIRED Magazine tipped me off about a new kind of virus you need
to look out for. It replicates via IM. A small obscure virus
called Jitux. It spread through networks in Mexico, Portugal and
Spain. The critter did not do any damage, but it certainly was
a successful proof of concept: it propagated via Microsoft's
Instant Messaging Network instead of email.
Security experts have long warned that IM services will become
the next frontier for virus writers. In 2007 there are expected
to be almost 900 million IM accounts, and most of these are not
running in encrypted mode. IM was developed for ease-of-use and
scalability, not security. In 2003, there were more than 20
viruses and worms using IM, compared to just 5 in 2002. These
types of worms can be written in a way that no user has to click
on anything. That would mean hundreds of millions of machines
infected in less than an hour. Yikes!
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
LanHound Gets Silver Award For Network/System Management
TechTarget Wrote: "Our Silver Award winner for Network/Systems
Management, Sunbelt Software's LanHound, scored highest of all
products in this category for value. The low-priced network
monitoring solution also scored well in ease of use and ease
At practically half the price of comparable products, "LanHound
is a good low-cost, low-overhead alternative to other network
monitors that doesn't sacrifice much of anything that I could
see in the feature set," said one of their judges.
LanHound troubleshoots network problems and monitors network
activity through its traffic views, packet capture and packet
decoding features. It also supports switched segments through its
remote agents. The product supports Windows 98, NT, 2000 and XP.
Because total disk space required is less than 10 MB, many
customers use LanHound as a convenient "portable" solution for
analyzing networks in the field, using their notebook PCs.
Get the Hound. LAN's best friend. US $743 which includes one
year full maintenance.