- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, May 10, 2004 (Vol. 9, #19 - Issue #475)
Email Is Broken
  This issue of W2Knews™ contains:
    • Email Is Broken
    • iHateSpam Server Wins Prestigious Award
    • W2Knews Has A Sister Publication: WinXPnews
    • Lawmakers Push For New Anti-Spyware Laws
    • To Migrate? MS Offers Free Tool
    • Your Global Address List Up To Date
    • MS Server Roadmap Update
    • AD Admin Tip: Hiding Service Administrator Accounts
    • Microsoft Short Takes
    • Choosing A Disaster Recovery Solution for Exchange
    • Locked Admin Passwords In An AD Environment
    • Monitoring Your Server Status
    • SNSI Catches The Sasser Worm
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • NEW BOOK: Anti-Spam Tool Kit
  SPONSOR: Still Run Exchange V5.5?
And need an anti-spam solution? The new iHateSpam for Exchange
V1.5 is now the best selling anti-spam tool for your environment
with well over 3,100 licenses in production sites. If you plan
to upgrade to Exchange 2000(3), there is NO upgrade penalty;
just download the correct iHateSpam for Exchange build and use
your existing License Key. Spam Sucks. Your life shouldn't!
Visit Still Run Exchange V5.5? for more information.

Email Is Broken

The Fathers of the Internet never imagined that junk email could constitute 50% or more of email traffic. SMTP was never built with this in mind, there is no authentication functionality. That causes people to think up all kinds of solutions. BillG has some ideas about e-stamps, but that caused an uproar and people voted it down in a recent SunPoll.

A new way to stop spam was originated by the appliance vendor IronPort Systems. They created the Bonded Sender Program and this allows companies to send e-mail to Hotmail and MSN users without the messages being subject to normal Hotmail or MSN antispam controls. Recipients can then choose to receive e-mails from the bonded senders by opting in for the commercial e-mail. Good idea, but it will not really stem the flow of spam.

It's a "patch" and not a structural solution. We need to recreate email for the Net. It's going to take a while, but there is no other choice! New mail transfer protocols are being proposed as we speak, and I expect within 3-5 years that a vast majority will have implemented these new versions. Now it's the question if email will survive the coming challenging period or if it will have lost most of its significance by that time. Personally I think that it will find a role, like radio still has a role today.

iHateSpam Server Wins Prestigious Award

You may be familiar with SC Magazine. It's one of the three major players in the security space. They recently held their yearly Readers Trust Awards. iHateSpam Server was present in the more than 20 Finalists of the leading anti-spam solutions. After due process (they took almost a month) it was chosen as WINNER, beating out all other solutions, both hardware- and software-based. Made us exceedingly happy of course. You can see the list with all the winners here:

W2Knews Has A Sister Publication: WinXPnews

Not sure if you knew, but WinXPnews sends hints, tips and tech stuff about WinXP every week. It's more consumer oriented than W2Knews but still has lots of good tech stuff in there. Subscribe here:

Quotes Of The Week:
- "Those who do not read and understand history are doomed to repeat it." -- Harry Truman
- "According to aerodynamic laws, the bumblebee cannot fly. Its body weight is not the right proportion to its wingspan. Ignoring these laws, the bee flies anyway." -- M. Sainte-Lague
- "No enterprise is more likely to succeed than one concealed from the enemy until it is ripe for execution. ?- Niccolo Machiavelli

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: DOUBLE-TAKE For Exchange 2000(3)
Double-Take now has high availability for Exchange 2000 and 2003.
It can automatically (you could even say automagically) failover
for both of these. This is HUGE for many of you that needed
this feature. Double-Take's companion product for MS-clusters
(called GeoCluster) now officially works with Exchange 2000 and
2003 as well. Check the latest version.
Visit DOUBLE-TAKE For Exchange 2000(3) for more information.

Lawmakers Push For New Anti-Spyware Laws

The FTC doesn't like it much, but last week, U.S. lawmakers claimed they would pass legislation to stop spyware. They proposed a bill where companies that use spyware would be required to clearly notify people before loading new software on their PC. The bill also wants to make the spyware easily removable.

The FTC is of the opinion that there are already enough laws in place to combat the spread of spyware. They claimed: "The problem is not one of legal authority. It is one of developing and bringing a case in federal court". Moreover, the FTC fears that the proposed bill would be anti-productive for legitimate software companies.

In the mean time, spyware is now acknowledged to be the next major threat to corporate security because of its fast proliferation. Sunbelt is happy to announce the imminent release of PestPatrol Corporate Edition with a console you can run centrally and scan many hundreds of machines from your admin workstation. Stay Tuned.

To Migrate? MS Offers Free Tool

I found a good little article on the SearchWin2000 site. Redmond is offering a free migration tool for the last of the NT 4.0 holdouts, but some customers say the gesture is too little too late. Still, worth it if you are running some NT4 machines and are getting antsy about the coming lack of patches that will make it impossible to keep your servers secure. Here is the article:

And here is the link to the MS Website where you can get your hot little hands on that tool!

Your Global Address List Up To Date

The (new) SearchExchange Site had an item I thought was worth it. One of the challenges in running an Exchange organization is keeping the Global Address List up to date. If you are running Exchange 5.5, you can take advantage of a tool found in the BackOffice Resource Kit (version 4.5) called the Global Address List Modify for Web tool. Here's more (free registration required):


MS Server Roadmap Update

Redmond updated its server road map last week. There were not a lot of details though. MS Veep Jim Allchin stated that the next major version of Windows is now more in line with the desktop version and that you can expect both to be in beta next year.

Allchin told WinHEC attendees: We're "building it in sync,", and commented that that this represents a change of plans, if you look at how Redmond looked at it a year ago. He also mentioned that there will be a "Windows Server 2003 update" next year. Not much detail on that though. Mind you, this update is in addition to W2K3 SP1, which you will see later this year.

Allchin also went into a new security feature that will allow VPNing PC's to be quarantined until you can test them for viruses. This year you will see portable Windows Media Center devices, an update to Windows Media Player and MSN Music, an online music store.

AD Admin Tip: Hiding Service Administrator Accounts

Windows Server 2003 automatically protects the essential security descriptors on the service level administrator accounts in the local domain. This ensures that these accounts do not become compromised through intentional or accidental modification that results in an unusable account, group or system. This automated self-correction mechanism runs automatically on the PDC Emulator FSMO DC. Free registration at SearchWin2000 required to view article.

Microsoft Short Takes

- MS is investing 60 million bucks to update Windows Update, its patch distribution engine -- Windows XP shipments from Oct 2001 till now are well over 210 Million -- MS is pushing hardware vendors to write drivers for the 64-bit Windows code -- MS reported that almost 1.5 Million people downloaded their free Sasser cleanup tool -- You'll see an interim Windows Small Business Server -- W2K3 SP1 gets closer, beta testers are now playing with a 64-bit support version.


Choosing A Disaster Recovery Solution for Exchange

Email is crucial for your business continuity. We'd like to give you some ammo on why you should look at Double-Take for your DR/ HA needs.

  1. Double-Take has been shipping for over eight years and its developer NSI has been in business for 12. Double-Take has been supporting Exchange installations since Ex40 on NT4.
  2. In addition, you might check out:
    1. SunGard webinar on protecting Exchange with NSI at:
    2. Dell?s replication solution for Windows at:
    3. HP?s replication solution (Open View Storage Mirroring), which is powered by Double-Take at:
    4. IBM already certified NSI's Double-Take as ClusterProven about two years ago and use it in their Global Services Group.
    5. Microsoft?s whitepaper for protecting Windows storage at:
  3. And Double-Take's developer NSI is a member of TSAnet, to ensure that joint solutions are supported with companies, like Microsoft, Dell, HP, IBM, etc.
The BOTTOM LINE: Exchange is complex. Business Continuity is complex. Check out the above links and get expert opinions before you commit to any data protection strategy. And then try one. If it works for you in your specific implementation and the TCO-ROI makes sense then buy it. And for those that are looking at HA/DR - consider whom your hardware server vendor chose to partner with: Double-Take.

Locked Admin Passwords In An AD Environment

This unfortunately happens now and then. NTAccess can help with resetting Active Directory passwords:

Normally NTAccess sets a new password in the SAM file. However this does not help for Servers with Active Directory because the password in the SAM is only used when booting the Server in maintenance mode e.g. "Directory Services Repair Mode" when pressing F8 in the boot menu).

For Servers with Active Directory, NTAccess has a special feature called "Logon Command Prompt". It will give you a command prompt immediately before the Logon Prompt appears. From this Command Prompt the Management Console for Active Directory can be started and all the passwords including the Administrator password can be changed. After leaving the "Logon Command Prompt" you can immediately log on with the new password you just set.

BTW, the "Logon Command Prompt" can be used for other things too. All applications started from there run with very high privileges. For example REGEDIT can be started, it can modify nearly all registry keys with those high privileges. Check it out over here:

Monitoring Your Server Status

Monitoring the status of your servers isn?t supposed to a challenge. It should be fast and easy, and with our new ServerVision?, it is. ServerVision gives you powerful server and event log monitoring, with automated actions and alerts based on criteria you set, at an affordable price.

Easy and powerful server and event log monitoring: Get a quick view of server status, as well as key indicators, prioritized event logs, disk space, memory, CPU, performance, and more -- all without having to sift through a mountain of details. And setting it all up is a snap with our straightforward wizards.

Automated responses and alerts: Create automated actions such as running a program, restarting a service, or rebooting a system?as well as sending you alerts? based on events or thresholds you define.

Detailed analysis reporting: Create detailed reports on event logs, performance, services, key indicators and more. Configurable trend analysis: Create and view performance trends, in intervals from seconds to months. Easy to afford: Priced starting at $245 per server with a sliding scale volume discount, ServerVision is easy on your budget. Download a 30-day full-function trial copy at:

SNSI Catches The Sasser Worm

The latest update of the Sunbelt Network Security Inspector (SNSI) Version (released May 6, 2004) checks your networks and finds the Sasser Worm vulnerability.

To update from within the SNSI console, select Settings, enter your full registration key and click on Check Now button. To purchase NOW, visit:

New vulnerability updates for this release include:
W2166 - Sasser Worm Detected
W2167 - Gaobot Worm Detected
W2168 - QuickTime Sample-To-Chunk Vulnerability

In addition, there were improvements in the following vulnerability checks:
W2092 - Shell Value Name Altered

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

Sunbelt Software recommends you download the new SNSI Version and scan and patch your machines today. To get the latest SNSI version, visit:


This Week's Links We Like. Tips, Hints And Fun Stuff


NEW BOOK: Anti-Spam Tool Kit

The publisher sent me a review copy of this one, and it's worth it. Sunbelt cooperated with this book and checked for accuracy.

With the Anti-Spam Tool Kit, you get the tools you need to significantly reduce junk email. Through real-world software and examples, the authors demonstrate how to identify spam, deploy the best-suited anti-spam system for a business, keep legitimate email from being mistaken for spam, adapt and improve anti-spam systems, and stay one step ahead of spammers. They also cover the latest and most popular technologies available on the market for the proactive systems administrator. The CD-ROM includes all the tools discussed in the book.