- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 23, 2004 (Vol. 9, #33 - Issue #489)
OK, So What Is LongHorn Really All About?
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • A Very Good Fire Drill
    • OK, So What Is LongHorn Really All About?
    • Fave RSS Link Of The Week
    • Next Week: A Sample Issue of Stu's News
  2. TECH BRIEFING
    • Executive Summary: 2004 OS Deployment Survey
    • The Average Phishing Site Lives 54 Hours
    • Sir! Step Away From That Service Pack!
    • Hunt For XP SP2 Flaws Seen In Full Swing
    • More On: Vendors Not Allowing Patches
  3. NT/2000 RELATED NEWS
    • Use Small Business Server? Here's A Specialized Conference
    • SQL Server Gets In Good Shape
    • Microsoft Keeping Next Exchange Data Store On Layaway
    • Checklist: Hardening User Passwords
  4. NT/2000 THIRD PARTY NEWS
    • Waiting for free MSPatch Tools? Don't. PC's Now Get Infected In Less Than 20 Minutes
    • SNSI Finds Another Batch Of Vulnerabilities
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Sniff Fast. Sniff Easy. Sniff Cheap with LanHound
  SPONSOR: Limited Time Offer -- Free IDC Report
Find out why a true hardware appliance is your best choice for Web
filtering in this important White Paper from the industry analysts
at IDC.
This paper discusses the advantages of using a true appliance
solution for web filtering -- low costs and scalability. This timely
paper, Thinking Inside the Box: Benefits of an Internet Filtering
Appliance, is being offered Free for a limited time, so act today!
Download the Free White Paper:
Visit Limited Time Offer -- Free IDC Report for more information.
  EDITORS CORNER

A Very Good Fire Drill

I promised I'd keep you up to date on the hurricane that was heading our way last Friday. As you know by now it took a hard turn and hit a less densely populated area at Ft. Myers instead. The devastation was enormous and it looks like large sections are without power for at least 2 weeks. No fun in the Florida climate these times! For Sunbelt it sure was a wake-up call and a very good fire drill indeed. And our thoughts are with the still 400,000 people south of us without power. One thing is for sure. Get "gas, lots of gas" for your generators well in advance of one of these events.

OK, So What Is LongHorn Really All About?

The trade rags are full of all the new features of Longhorn, but for the most of us it's all still fuzzy to say the least. Sure, a new file system, big deal. Sure another new GUI, so what? But it all comes together when you see videos of applications of this kind of stuff. It suddenly becomes real and you see the potential.

Carter Maslan from MS's Platform Strategy and Partner Group highlights some of the work being done in various industries to create a new class of connected applications. You can see on this page how the new Longhorn technologies combine to help you coordinate end-to-end business processes across organizations and systems. These videos are fun to watch, this is KEWL stuff!
http://www.w2knews.com/rd/rd.cfm?id=040823ED-LongHorn

Fave RSS Link Of The Week

And here is the next Fave RSS Link: Your weather! Don't have a free RSS Reader yet? Get one. It's worth it.
http://www.w2knews.com/rd/rd.cfm?id=040823ED-Weather

Next Week: A Sample Issue of Stu's News

Coming Tuesday I'll send you a sample of Stu's News, just so that you can have a look at how it is different from W2Knews. These issues are focused on one topic, and in the next one we're going to talk about security event management.

Quote of the Week:
"The Sun shines after every storm; there is a solution for every problem, and the soul's highest duty is to be of good cheer." - Ralph Waldo Emerson.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: PANDA ANTIVIRUS SOFTWARE
What?s the price of inadequate AV protection? If your Anti-Virus
protection isn't completely secure, you could be headed for
trouble. Don't guess whether your anti-virus protection is
working... just take the free Active Scan test and see for
yourself. Then call Panda Software and ask about our competitive
upgrade. Start your free ActiveScan test here!
Visit PANDA ANTIVIRUS SOFTWARE for more information.
  TECH BRIEFING

Executive Summary: 2004 OS Deployment Survey

Laura DiDio, Senior Analyst, Application Infrastructure and Software Platforms at the Yankee Group sent us the Exec Summary back for this large survey that 700 of you participated in. Here goes:

"The long corporate migration drought appears to be over. After three years of relative inertia due to economic constraints, corporate enterprises appear poised for a wave of operating systems, applications and hardware upgrades over the next 12 months.

"Those are the results of the latest independent, joint Yankee Group/ Sunbelt Software, Inc. poll of 700 network administrators. Eight out of 10 respondents ? 80% -- said their business will undertake a major network hardware and/or operating system upgrade project within the next 12 months.

"The responses showed that organizations are embracing Windows XP, Windows Server 2003 and Office 2003. Linux also made a strong showing in planned customer deployment plans ? most surprisingly on the desktop rather than on the server side. Nearly 33% of respondents said their firms are presently running Linux workstations somewhere in their networks, while 19% said they plan to add Linux desktops into their environments. However, less than two percent said that Linux was now or would be their enterprise wide desktop OS.

"Linux has made significant penetration on the server side ? mainly at the expense of mid-range Unix and not Windows. Fully half ? 50% -- of the survey respondents said they have Linux deployed in their shops. That puts Linux ahead of both Unix is present in 30% of businesses and Novell NetWare which is used in 15% of shops.

"Over 90% of companies have at least one version of Windows server in their shop; 63% are running Windows 2000 Server while 49% have migrated to Windows Server 2003. Linux appears to be less competition for Windows Server 2003, than older versions of Microsoft operating systems. Overall, 25% of the respondents said they have no current plans to migrate to Windows Server 2003. Of that number, the largest majority ? 25% said it was because they had ?no compelling business case justification:. By contrast: only 9% of the 25% of said they would not upgrade to Windows Server 2003 because they planned a switch to Linux.

"Monetary woes appear to be diminishing, though the mood is still cautious. Approximately 15% of businesses said they lack capital expenditure funds for new equipment and migrations. Some 42% of survey respondents said their IT spending will increase during the 2004-2005 timeframe. However, the bulk of the budgets ? about one-third ? will only increase by 5% to 10% in the near and intermediate term.

"The mood remains cautious, though and users indicated they need a compelling business reason to migrate and one that includes a tangible Return on Investment and Total Cost of Ownership (TCO) model.

"Among the other survey highlights:

  • Some 55% of respondents indicated they will migrate to Windows Server 2003 within the next six to 12 months.
  • On the Linux side, Dell is the top hardware vendor of choice in the mid-rage server arena. Approximately one-third -- 32% -- of those polled said Dell was their primary hardware vendor. HP was second with 19%; followed by IBM with 15%. The remaining one-third of customers said they used a combination of "other" server hardware.
  • Despite the hype surrounding Novell?s acquisition of SuSE, earlier this year, customers still prefer Red Hat as their Linux software distribution vendor by a nearly two-to-one margin. Some 58% of firms said they use or plan to use Red Hat?s Enterprise Linux solution compared with 29% who said they presently use or plan to deploy Novell?s SuSE Linux.
  • The Linux distribution market appears to be a two-horse race between Red Hat and Novell. Other competitors ? Mandrake and Debian are, or will be used by 6% of customers each and only 1% said they will use Linspire.
  • Corporate customers are using Linux for a wide range of network functions: 52% said they deploy Linux as a combination Web Server, mail server and specialized application server.
  • Windows XP migrations will crest in the near term: 39% of companies said they are in the process of migrating to XP now or within the next three months; another 18% will upgrade to XP within the next six to 12 months.
  • Of the 45% of businesses that have migrated to Microsoft?s Licensing 6.0 program, 27% saw their licensing costs decrease by an average five percent to 30%; about one-third of the respondents said the cost of their licensing plans remain the same; 20% saw licensing costs rise by five percent to 30%, while only 12% saw licensing costs soar by 50% or more.
  • Just over half ? 53% of respondents said they are using Active Directory.
  • Nearly four percent of the IT managers said their firms will switch their enterprise desktop environment from Windows to Linux.
  • Only 25% of businesses presently have definitive Web Services migration plans
  • The administrative areas of greatest concern are a network security; the under-staffing of the IT department, disaster recovery, junk Email management and tactical migration issues to next generation Windows, Office and Active Directory."

The Average Phishing Site Lives 54 Hours

Phishing attacks use 'spoofed' emails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

The average phishing web site stays alive for about 54 hours, the AntiPhishing Working Group (APWG) said looking at June, but some sites stayed up for more than two weeks before being shut down.

People do get aware of this type of scam, so the operating window for phishing crims is likely to shrink. But it's early days still. Warning people about phishing has not stopped the growth of these scams, which combine technology and social engineering to steal login information for web banking and online retail sites. There were 1,422 separate phishing scams in June, according to the APWG, a 52 percent increase from May. Nearly 500 attacks targeted Citibank alone. Warn your end users!
http://www.w2knews.com/rd/rd.cfm?id=040823TB-Phishing

Sir! Step Away From That Service Pack!

Here is another anecdotal one regarding XP SP2: "I downloaded the latest version of SP2 (WindowsXP-KB835935-SP2-ENU.exe) to try on our network. I started with my own computer since its the most complicated, thinking that if it worked on there it would work with all the rest.

"I went to reboot after the installation and it froze on the XP screen. I tried several times with the same result. I then tried safe mode and going to the last known good configuration, but nothing worked. So I put in the XP disc and after running the automated version of repair twice, got back onto XP SP1. Of course, somewhere along the process all of my previous system restore points were deleted. After verifying that a few things were working again, I went to the task manager and shut down all apps which weren't essential to XP, and tried again to install SP2. Same result, totally froze up upon rebooting. Same thing with the automated system repair, it worked after the 2nd try.

"Now I've heard that SP2 has problems with certain apps, but thought that the boot problems were all worked out. Well they're not. I suspect it has to do with the RAID configuration, but have no way to verify this. I then realized that my copy/paste no longer works. I'm sure that there are more problems, but won't spend the time sorting through them all as I need this computer. I'll reformat again and stick with SP1. So my advice to others, is that unless you have the most simple of systems, don't install SP2. Even then, make sure that you won't lose anything, in case your computer will no longer boot. Back up everything beforehand."

Here is a list of 50 applications that break, from the MS-website:
http://www.w2knews.com/rd/rd.cfm?id=040823TB-KB_842242

Hunt For XP SP2 Flaws Seen In Full Swing

While users are testing Service Pack 2 for Windows XP to prevent compatibility problems, hackers are picking apart the security-focused software update looking for vulnerabilities, security experts said. Network World has an interesting article about it:
http://www.w2knews.com/rd/rd.cfm?id=040823TB-Hunt

More On: Vendors Not Allowing Patches

A W2Knews subscriber sent this: "I've been complaining for over a year that Iomega does not recommend installing any MS patches on their Windows based NAS solutions. They actually claim that they test and approve updates, but they haven't approved anything in over a year. See this link:
http://www.w2knews.com/rd/rd.cfm?id=040823TB-Iomega

"This is a major security concern not just for the medical industry, but for the whole IT sector. All of the efforts we're making to increase network security and patching technologies aren't going to fix the problem if vendors won't take responsibility for their Windows based appliances. If you don't want to patch it, don't sell Windows.

"Some of these companies complain that testing is too expensive. I don't mind them charging to test the updates, most of us pay yearly maintenance fees on our appliances already. But it's unacceptable to take that money and say 'sorry, your security needs are irrelevant' or 'buy a firewall, you'll be fine' (because we all know that firewalls will protect us from anything--even the boogie man, right?). That's like saying 'Wear a seatbelt, that way you won't get hurt in a car crash.'

"The situation is even worse in the medical sector, where patients lives are at stake. When the systems controlling medical devices go unpatched, the next "killer app" in the virus world could be just that. I don't mean to imply that Microsoft is responsible (they do, after all, issue the patches) but I'd like to see Redmond ask for some patching commitment from vendors who are licensed to build Windows based devices. These vendors have a responsibility that they're not living up to. I guess we'll have to wait for the lawsuits to roll in after the first few ICUs go down in order to get their attention. In the mean time, you won't see me shopping for any more Windows based devices."

My suggestion: before you buy windows-based devices, carefully check the record of that vendor regarding their patch policy and check in the market with existing users how/if they keep up.

  NT/2000 RELATED NEWS

Use Small Business Server? Here's A Specialized Conference

The world?s only conference dedicated to small and medium business (SMB) technology matters and Microsoft Windows Small Business Server 2003 (SBS) will be held in Seattle from September 10-13, 2004. Hosted by international best selling SBS author Harry Brelsford, SMB Nation is focused on equipping technology consultants, channel partners, resellers, VARs/VAPs with greater technical knowledge and better business practices. Attendees will most assuredly return from the well-received conference, now in its second year, with more SMB and SBS-related knowledge as well as knowing many of the leaders and key players in the SMB technology space.

SMB Nation, lead by HP as the marquee sponsor, will present 25 world class SMB technology speakers including ten Microsoft employees and four best selling authors (including security author Dr. Thomas Shinder, Windows Secrets author Brian Livingston and MCSE author Alan Carter). The conference will have a unique third-party paradigm allowing an arms-length and critical analysis of Microsoft?s wildly successful SBS product. There are also social events planned including a Caribbean Night Party on South Beach at Bainbridge Island. Registered attendees have consistently said the primary draw in coming to Microsoft?s home town is to hear directly from the SBS inventors, including SBS development and marketing team managers. A sampling of specific topics include security, extending Windows SharePoint Services, deep disaster recovery and profitable SMB consulting methodologies. For more information:
http://www.w2knews.com/rd/rd.cfm?id=040823RN-SMB

SQL Server Gets In Good Shape

Redmond came out with their Beta 2 of SQL 2005. It looks pretty good actually. They have completely rewritten the data transformation services (DTS) and it has a ton of new good stuff. There are also changes to the GUI, which is cleaner, and there is a lot of automation of things that needed to be done manually before. The new SQLiMail allows you to take Outlook off your servers, (sigh of relief) it's easy to use and configure and seems very reliable.

Microsoft Keeping Next Exchange Data Store On Layaway

Microsoft is keeping mum about the future of Exchange, but Dave Thomson, the software giant?s top messaging executive revealed in an exclusive interview with SearchExchange.com that the company is working to add storage flexibility to the platform. Read it here (Free registration may be required):
http://www.w2knews.com/rd/rd.cfm?id=040823RN-Microsoft

Checklist: Hardening User Passwords

Don't neglect good password practices. In this checklist from TechTarget?s newest Windows-focused Web site, SearchWindowsSecurity.com contributor Roberta Bragg offers step-by-step advice for establishing strong user passwords as part of a solid Windows defense. Recommended. (Free registration may be required.)
http://www.w2knews.com/rd/rd.cfm?id=040823RN-Checklist

  THIRD PARTY NEWS

Waiting for free MSPatch Tools? Don't. PC's Now Get Infected In Less Than 20 Minutes

Independent patch management solutions still are the most viable option for network administrators - IT shops that opted against buying a third-party patch management solution in anticipation of the release of Microsoft?s free Windows Update Services (WUS) application may want to revisit their decision. The software giant recently informed customers that the program would not make its debut until sometime mid next year. You simply cannot wait that long to get a professional patching solution in place.

Moreover, WUS will initially provide support only for later versions of Windows 2000 Server, Windows Server 2003 and WinXP Pro. WUS? bundling of several patches into one bulletin will also draw skepticism by IT staffs regarding the adequacy of Microsoft?s testing and validation processes. Furthermore, releasing bulletins means the software giant will leave many known vulnerabilities exposed for longer periods of time. Since we now know that the average time window is 10 days before an exploit is in the wild after the announcement of a hole, this is unacceptable.

Network admins need help now, and third-party patch management solutions, like UpdateEXPERT, will continue to play an essential role. Robust packages like this provide independent testing and validation to help you ensure your highest possible security posture in accordance with your organization's policies. These flexible solutions can also deploy hotfixes at your own discretion.

In addition, leading third party offerings like UpdateEXPERT offer support for laptops, disconnected networks and other environments that WUS does not cover. So while some admins play a high stakes waiting game, smart professionals will solve their critical security problems now by implementing robust, independent patch management solutions. The best reason for that is if you connect a new PC to the Internet before applying patches, researchers at the Internet Storm Center warned, it will last for only about 20 minutes before that PC is compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.

The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there. "If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the center, which provides research and education on security issues, said in a statement. Source C|Net's News.com.

Link to the Storm Center:
http://www.w2knews.com/rd/rd.cfm?id=040823TP-Storm_Center

Link to UpdateEXPERT:
http://www.w2knews.com/rd/rd.cfm?id=040823TP-UpdateEXPERT

SNSI Finds Another Batch Of Vulnerabilities

The latest update of the Sunbelt Network Security Inspector (SNSI) Version 1.5.7.0 has been released August 17, 2004. If you MISSED THE RECENT WEBCAST SHOWING THE NEW V1.5, Visit this link, at the right hand side of the page, and select: "Latest Webinar". Remember: the SPECIAL LOW-INTRO PRICE ENDS SEPT 30, 2004.
http://www.w2knews.com/rd/rd.cfm?id=040823TP-SNSI

New vulnerability updates for this release include: Four new Windows checks, bringing the total Windows checks to 2220
W2221 - PuTTy Host Key Verification Vulnerability
W2222 - Libpng Vulnerabilities - Windows
W2223 - SSL Buffer Size Issue - W2K
W2224 - Exchange Server 5.5 OWA Input Validation Vulnerability (MS04-026)

Five new Linux checks, bringing the total Linux checks to 572
L574 - Kernel - file offset pointers - Linux:RH, FC1
L575 - Libpng - Multiple vulnerabilities - Linux:RH, FC, Suse
L576 - Gnome-vfs - extfs backend scripts - Linux:RH
L577 - Glibc - resolver library - Linux:RH
L578 - Mozilla - Multiple vulnerabilities - Linux:RH

Two new Solaris check, bringing the total Solaris checks to 228
S229 - Libpng - Multiple Vulnerabilities - Solaris
S230 - X Display Manager xdmcp Handling Flaws - Solaris 7 - 9

H93 - Apache PHP Header Parsing - HP-UX 11
H94 - Latest Bastille Not Installed - HP-UX 11
H95 - PRM/WLM Data Corruption - HP-UX 11

In addition, there were improvements in the following vulnerability checks:
W61 - Schedule Registry Key
W1276 - Telnet Server - W2K
W1142/W1986/W1999/W2067 - Anti-Virus Signatures
H17,H18,H19,H23,H37,H40,H45,H52,H56,H60,H65,H74 - Superseded Patches

L571 - updated to cover RedHat enterprise 3.0
L566 - updated to cover RedHat enterprise 2.11

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

For a summary of all CERT Security Items from August 4 through August 17, 2004, read this bulletin that provides a summary of new or updated vulnerabilities, exploits, trends and viruses identified between August 4 and August 17, 2004. It is available here:
http://www.w2knews.com/rd/rd.cfm?id=040823TP-CERT

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

Sniff Fast. Sniff Easy. Sniff Cheap with LanHound

Windows &.Net Magazine said in their July 2004 issue "..LanHound is a solid protocol analyzer for the money...". What separates this puppy from the pack is that it is a super affordable tool that helps you troubleshoot NT/2000/2003 LAN, WAN or Internet segments. LanHound has practically all the features of products twice as expensive, and it supports switched networks! Use LanHound to hunt down broadcast storms, analyze protocols, monitor and secure your network. LanHound supports all popular protocols with an easy but powerful graphical interface. Get the Hound. LAN's best friend.

http://www.w2knews.com/rd/rd.cfm?id=040823PW-LanHound