- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 26, 2004 (Vol. 9, #17 - Issue #473)
Top 15 Reasons Why Admins Use Security Scanners
  This issue of W2Knews™ contains:
    • Spam Filters: A Double-Edged Sword
    • SunPoll: How do you receive your W2Knews?
    • Microsoft Is Doing Well
    • Live In The UK? Don't Miss This!
    • Survey on Server Operating Systems: 15 Amazon Bucks
    • How To Do Things In Active Directory
    • Comparing the TCO of Linux, Windows and UNIX
    • Top 15 Reasons Why Admins Use Security Scanners
    • Spyware Emerges As New Online Threat
    • Volume of SPAM Doubled in Past Two Years
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • LanHound Gets A Killer Review In The UK
  SPONSOR: iPrism
There is no better time to choose a new Web filter. Software
filters like Websense, SurfControl and N2H2 can't give you the
ease of use and low maintenance that you'll get with iPrism, the
leading Internet filtering appliance. Whether you are switching
to an appliance or just starting out, iPrism's low cost and
powerful features may be the perfect fit. Discover the appliance
advantage - download 5 free tools from iPrism now and ask how you
can qualify for a free year of Web filtering.
Visit iPrism for more information.

Spam Filters: A Double-Edged Sword

It's ironic. Sunbelt provides a best selling anti-spam filter, but there are other players in this market of course. Some of these filters are not smart enough to let W2Knews through. [grin] We are keeping this one a bit short to see if it is the size of the file that triggers them.

We find that some of you simply do not get W2Knews anymore, and you ask us "what happened?" Well, somewhere in between the two of us, W2Knews got filtered out. There are several ways to solve this problem. One is subscribe to the text version, as a lot of HTML is banned by filters. One is RSS, which will get you a notification a new issue has arrived. Another is a short note via email that the new version is on the website. To solve this problem, we will send you a separate SUBSCRIPTION VERIFICATION this week. You can indicate which way you'd like to receive W2Knews to make sure you continue to get it. (The verification is going to be a short text message.)

SunPoll: How do you receive your W2Knews?

We'd like your feedback. Please indicate your favorite way to receive W2Knews:

  • HTML Email
  • TEXT Email
  • RSS
  • Short TXT notification it's available on the website
Please VOTE here, rightmost column:

Microsoft Is Doing Well

Microsoft reported strong Q3 Revenues. Revenues are $9.18 billion for the quarter ended March 31, 2004, a 17% increase over $7.84 billion in the prior year. Their net profits were down due to legal settlements (Sun, EU), but business in Redmond is booming. That spells good news for the rest of IT as well.

Quote Of The Week:
"You can't build a reputation on what you are going to do."
- Henry Ford

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: DOUBLE-TAKE For Exchange 2000(3)
Double-Take now has high availability for Exchange 2000 and 2003.
It can automatically (you could even say automagically) failover
for both of these. This is HUGE for many of you that needed
this feature. Double-Take's companion product for MS-clusters
(called GeoCluster) now officially works with Exchange 2000 and
2003 as well. Check the latest version.
Visit DOUBLE-TAKE For Exchange 2000(3) for more information.

Live In The UK? Don't Miss This!

Windows Internals/SysInternals Class
by David Solomon & Mark Russinovic

Join David Solomon & Mark Russinovich, authors of Inside Windows 2000 3rd edition, for 3 days of digging into the internals of Windows NT/2000/XP/2003. Topics covered include processes, thread scheduling, memory management, I/O, the registry, security, the boot process, and crash dump analysis. Learn how to apply the advanced troubleshooting tools from www.sysinternals.com to solve a variety of system problems.

Advanced discount pricing ends May 26th. To register, visit:

Survey on Server Operating Systems: 15 Amazon Bucks

As an IT Pro, Survey.com invites you to participate in their survey on server operating systems. On average, this survey will take about 10 minutes. To thank you for completing the survey, they will enter you into a drawing to win one of 100 prizes of $15 Amazon.com certificates. Simply click on the Web address shown below to be connected directly to the survey.

How To Do Things In Active Directory

This is a brilliant link on how to do Active Directory things. From a fellow geek who, believe it or not, found it with MS's own search engine.


Comparing the TCO of Linux, Windows and UNIX

The Yankee Group Presents an Application Infrastructure & Software Platforms Audioconference that is going to be very interesting. Remember the BIG Windows/Linux survey you participated in? Here is an in-depth conference about it.

Tuesday, April 27, 2004, Hosted by Laura DiDio, Yankee Application Infrastructure & Software Platforms Research and Consulting Senior Analyst.

Eight out of 10 businesses will undertake a major software upgrade in 2004. Many of those businesses face difficult migration decisions such as whether to upgrade to a new version of their current Windows or UNIX platform or consider a switch to Linux. Does Linux deliver significantly better performance, reliability, manageability and ultimately lower total cost of ownership (TCO) and faster return on investment (ROI) than the rival Windows and UNIX operating system platforms? The answer is Yes and No. It depends on your individual environment.

New Yankee/Sunbelt survey data indicates there are specific situations in which any of the major server operating system platforms-Linux, Windows or UNIX-may provide the best TCO and ROI. DiDio will review the latest findings and tell you how your peers in enterprise organizations rated each of these platforms for performance, reliability, security, manageability and ease of use.

This audioconference will provide a detailed overview of the factors that affect your Linux, Windows and UNIX deployments and deliver a detailed overview of the criteria and issues you must address to accurately determine which operating system platform or combination of OS platforms makes the most business sense for your organization.


  • Background
  • Survey Highlights
  • TCO Costs During the First 12 Months
  • Conclusions
  • Questions & Answers
Tuesday, April 27, 2004
12:00 to 1:00 p.m. Eastern
9:00 to 10:00 a.m. Pacific
17:00 to 18:00 GMT
18:00 to 19:00 Central European

To Register:
Register directly on our Web site at:

If you need assistance, send Yankee an e-mail at: [email protected] or call at: 617) 956-5000, ext. 465.

Space is limited, so please register early to reserve your seat. The deadlines for registration on Tuesday, April 27, 2004, are: North America: 10:00 a.m. EDT - EMEA: 12:00 GMT

Registrations are on a first-come, first-served basis. All confirmed registrants will receive an e-mail prior to the call with the dial-in number and a URL link to the presentation.


Top 15 Reasons Why Admins Use Security Scanners

I asked the NTSYSADMIN, Exchange, and Security List participants for the reasons (in their own words) why they were running security vulnerability scanners. These were interesting to see actually. Although they all revolve around fixing holes, they are quite varied. Here goes:

  • Am I sure that I have found all vulnerabilities in my network?
  • Have I configured my network properly?
  • Am I finding and closing security holes fast enough?
  • How do I know which machines have a missing patch?
  • Are we resistant enough to network-savvy viruses that spread via known exploits?
  • Are we in compliance with HIPAA, Sarbanes-Oxley and other regulations?
  • What have I missed in locking down a server or environment?
  • Do I have my network perimeter and interior sufficiently protected?
  • Have I identified and protected my network resources from external threats?
  • Do I know which systems are now well protected?
  • How vulnerable are we from the inside?
  • How will I ever pass my IT Security Audits?
  • How do I locate computers on my network, that are not within compliance?
  • How do I report to Management that we have done all we could to lock down?
  • How do I detect unknown and/or rogue devices/connections?
We are working hard to get our Sunbelt Network Security Inspector into a total world-class scanner for a killer price. We scan Windows machines now, but will show at Tech.Ed in May we also do Scans by IP-range. There are other exciting features being added later this year. This insanely cheap intro price per admin is not going to last forever. SNSI was updated today, and the new vulnerability checks for this release include 9 new Windows checks, bringing the total Windows checks to 2162. New Vulnerability updates:

W2154OpenSSH Buffer Management Error
W2155OpenSSH PAM Vulnerability
W2156OpenSSH Remote Challenge Vulnerability
W2157OpenSSH sshd Buffer Overflow Vulnerability
W2158Guest Logons Enabled in FTP
W2159Rundll32.exe File Location Vulnerability
W2160Mscnt.exe Detected
W2161PCT 1.0 Protocol Not Disabled
W2162DameWare vulnerability

In addition, there were improvements in the following checks:

W2146SSL check
W2152MHTML URL (Outlook Express) check
W2152Microsoft Jet check

I suggest you check SNSI out, as you have the opportunity to get in on the ground floor and buy it now. IP-Scanning will be available soon, and you will be very pleasantly surprised with the SNSI roadmap. Do not buy any other scanner until you have looked at SNSI. The value cannot be beat. The eval is here, you can test one machine right away and you can get a full 30-day key from your Rep or Reseller. SPECIAL OFFER: Install a FREE demo and get your own black "Hack My Network and Die" T-shirt.

Spyware Emerges As New Online Threat

The MSNBC website has a good little article about spyware. The world is waking up to this finally. Remember I started talking about this more than a year ago. Here is a little blurb from their page:

"WASHINGTON - Internet users have learned to keep an eye out for viruses, worms and 'spam' e-mail. Add another online hazard to the list: spyware.

Programs that hide in users' computers and secretly monitor their activities are emerging as the next high-tech plague, experts say. Spyware can sap computing power, crash machines and bury users under a blizzard of unwanted ads. It can capture passwords, credit-card numbers and other sensitive data."

Here is the article:

The PestPatrol people featured a Beta of a corporate spyware solution at the SANS show. I saw the console that can do scans for whole domains. Pretty cool and I suggest you start asking budget for this. It's going to come up more and more. You can test PestPatrol here, but keep in mind this version still relies on scripting, it's not the console version yet!

Volume of SPAM Doubled in Past Two Years

According to a new landmark study conducted by IDC, "The True Cost of SPAM and Value of Anti-SPAM Solutions", the surge in spam poses a growing threat to productivity. IDC estimates that spam represented 32% of all email sent on an average day in North America in 2003, essentially doubling from 2001.

"Spam has become more than just a nuisance; it is quickly becoming both a major productivity drain and potential legal liability in organizations across the globe," said Mark Levitt, research vice president for Collaborative Computing at IDC. "Spam clogs networks, servers, and inboxes with unwanted and often offensive content. The business impact of spam only grows more serious as the volume of spam continues to rise."

Investing in anti-spam solutions yields a positive ROI and rapid payback based upon the research conducted by IDC on the cost of spam and the value of anti-spam solutions. Anti-spam solutions have helped organizations save millions of dollars in lost email user and IT staff productivity (see table).

Average Productivity Cost of Spam and Savings of Anti-Spam Solutions for Average Firm with 5,000 Email Users

.                                       Without         With
.                                       Anti-spam       Anti-spam
.                                       Solution        Solution
.                                       ----------      ----------
Email Users                                   
Daily time spent by each user           10 minutes      5 minutes
Average Annual (cost)/savings to firm   ($4.1 million)  $783,000

IT Staff ------------------------------------- Daily time spent by each user 43 minutes 19 minutes Average annual (cost)/savings to firm ($85,800) $13,000

Note: Other costs and benefits unrelated to productivity are not included here. Source: IDC's The True Cost of SPAM and Value of Anti-SPAM Solutions Study, 2004.

A recent poll of just under 4,000 small & medium businesses showed that 80% of companies found that the spam floods caused lowered productivity at work, but only 28% have an anti-spam solution in place at the moment.

Run Exchange V5.5 and have not yet decided for an anti-spam tool? The best-selling tool for Exchange is here now for V5.5 and you do not pay a penny when you move to either Exchange 2000 or 2003. There is no upgrade penalty!


This Week's Links We Like. Tips, Hints And Fun Stuff


LanHound Gets A Killer Review In The UK

Here is what they said: "VERDICT: There's no need for deep pockets with LanHound at your side, as it offers a wealth of network analysis and protocol decoding tools at a very sensible price.

"Hardware network analysis and protocol decoding tools have for too long commanded premium prices. As we've already seen in the last analyser group test, this attitude has left the way open for the lower-cost but equally well specified software solutions. Sunbelt's LanHound falls into the latter category, as it delivers an impressive range of capabilities for a shade over 400." Rest of the article at:

Here is where you can Get the Hound on the Sunbelt OnlineShop: