- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 30, 2004 (Vol. 9, #34 - Issue #490)
Something Ultracool at MS-Research
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Don't Get Me Wrong About WinXP SP2
    • Stu's News Sample Feedback
    • iHateSpam for Exchange V2.0: Exciting New Features
  2. TECH BRIEFING
    • WinAmp Media Player Victim Of Zero-Day Exploit
    • Remove Hidden Data In Office Documents
    • SANS Has Set Up An SP2 Page
    • Indiana Man Hacks Into Former Employer's Systems
    • Dell Scores a First Benchmark
  3. NT/2000 RELATED NEWS
    • Something Ultracool at MS-Research
    • Redmond Wraps Up MOM 2005
    • Gartner: Server Sales Up 8%; Linux Does Well
  4. NT/2000 THIRD PARTY NEWS
    • Looking For A Free IDS? Snort Seems To Be The Ticket
    • How Are You Protecting Your Company Databases?
    • AutoPilot for XP Impresses Me
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Is Your WinXP Admin Workstation Maxing Out?
  SPONSOR: Panda Launches TruPrevent Technologies
Finally, unknown viruses are under control.
Panda Software?s proactive technologies, exclusive to Panda,
stop latest generation unknown worms and viruses even
before your signature files are updated! The most intelligent
technologies to combat unknown viruses and intruders.
Contact Panda Software at 877-462-6200, or visit our website.

Visit Panda Launches TruPrevent Technologies for more information.
  EDITORS CORNER

Don't Get Me Wrong About WinXP SP2

A reader wrote me: "While it is true that XP-SP2 might break some machines, it is (IMHO) irresponsible to recommend to not install SP2. There are too many advantages to the increased security model, especially for home users."

Well, in the last issue I certainly warned against it breaking things, but I did not recommend to not install it. What I certainly do recommend is to thoroughly test SP2 in a sandbox with all the apps you have in production before you let this beast loose! Oh, the Microsoft website is now promoting SP2 full blast, it's the main feature on their primary web page, their PR flacks sure are making it a big deal, trying to repair the damaged image.

Stu's News Sample Feedback

Many of you sent me something nice about the Stu's News issue you received as a sample this week. They are published only once a month, and focus on a specific issue. So no more Stu's News for a while but I promise you that when the next one comes out it will be with something very cool. Stay tuned.

iHateSpam for Exchange V2.0: Exciting New Features

The development team here at Sunbelt is going "pedal to the metal" on the new incarnation of iHateSpam for Exchange. It's a new architecture that allows us to build all kinds of interesting plug-ins that you need. We'll come out soon with excellent anti-spam filtering, but also integrated anti-virus. Since we will do way more than just spam, we're going to change the name too. Plug-ins for content filtering, content auditing, disclaimers, server-based auto-replies, and more exciting stuff that I cannot talk about yet will come out after we release the code. Pricing will be extremely competitive, so if you are looking for a full-featured messaging solution for your Exchange, get iHateSpam for Exchange now and benefit from this upgrade path. If you have a good suggestion for a new name for this product, send it to me. If your name gets chosen, we'll award you a $100 Amazon gift cert.
http://www.w2knews.com/rd/rd.cfm?id=040830ED-iHateSpam

Warm regards,
Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: "A Hummer For The Price Of A Hyundai"
Sunbelt's Network Security Inspector (SNSI) is a vulnerability
scanner you shouldn't be without.
Many system admins add it to
their security toolkit because the vulnerability database is top
notch and the price is still ridiculously low. This product is
really at military spec, you'd be surprised to know which
organizations are using this database to protect their domains
(ask your Rep). Get a 30-day eval now, and scan for holes not
only in Microsoft but many other popular applications. Make sure
you benefit from the intro-offer that ends Sept 30!
Visit "A Hummer For The Price Of A Hyundai" for more information.
  TECH BRIEFING

WinAmp Media Player Victim Of Zero-Day Exploit

eSecurityPlanet just reported that the popular skinning feature in Nullsoft's WinAmp media player has left the door wide open for malicious attackers to hijack PCs. Security researchers at K-Otik discovered the vulnerability and released details of a "Skinhead" zero-day exploit that is already spreading in the wild. The exploit, which targets WinAmp versions 3.x and 5.x, is being used to forcefully install spyware and Trojans on infected systems. Secunia has tagged the flaw as "extremely critical," its highest rating. WinAmp skins have a huge following because they allow users to adopt colorful, customizable and interchangeable sets of graphics that change the look and feel of the software. If your vulnerability scanner does not include popular third party products like this, you have a false sense of security that might cause problems down the road. Article at:
http://www.w2knews.com/rd/rd.cfm?id=040830TB-Article

Remove Hidden Data In Office Documents

Even been caught with the embarrassment of some one looking at all the modifications you made in a Word file? Sometimes with contracts this can even become more than just an embarrassement! I found a page on the MS website that has an add-in that allows you to permanently remove hidden data. Quite useful in some situations when you only want to show the final product to come out in Word, Excel or PowerPoint presentations.

The Remove Hidden Data add-in is a tool that you can use to remove personal or hidden data that might not be immediately apparent when you view the document in your Microsoft Office application.
http://www.w2knews.com/rd/rd.cfm?id=040830TB-Hidden_Data

SANS Has Set Up An SP2 Page

W2Knews reader Steven Foust sent me this: "Just a quick note, in case you weren't aware. SANS has a page set up for people to report their ongoing success with SP2. Interesting things I spotted on a quick overview read of all comments:

  1. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost everyone with critical problems was running a Prescott. (One suggestion by a poster was that Intel's NX technology is glitched, and thus is not allowing the boot code to finish running.)
  2. Those with "issues" seemed to find these cleared up either with a fresh install, followed by SP2, or by installing a version of XP that was slipstreamed with SP2. In other words, the problem was caused by something running in memory (an uncaught virus, or spyware?).
  3. Recommendations are very, VERY firm about running a full antivirus scan, followed by a scan for spyware (and other malware) before doing an install.
  4. Some drivers need to be re-installed, especially for devices using USB.
  5. Most all other "issues" were with programs that needed to be added to the firewall. Given that you have to do this with any other firewall software (such as ZoneAlarm), this shouldn't be that big of a problem.
  6. One major problem (for some) was the port speed limitation that Microsoft added. In other words, if you have a single program that opens more than 10 simultaneous connections (Ie, some of the newer file transfer protocols, or NMap to test your system for vulnerabilities), Microsoft automatically limits the thru-put to around that of a 1200bps modem. Under normal conditions, you'll never see this -- but if you try to run NMap (or other software that opens a TON of connections simultaneously), you'll see this -- fast."
Here is the SANS link:
http://www.w2knews.com/rd/rd.cfm?id=040830TB-SANS

And here you can discuss SP2 on a dedicated Sunbelt Forum
http://www.w2knews.com/rd/rd.cfm?id=040830TB-SP2_Forum

Indiana Man Hacks Into Former Employer's Systems

ComputerWorld is running an article about a man called Patrick Angle, who was charged with intentionally deleting the source code for software he had been developing for Massachusetts-based Varian Semiconductor Equipment Associates. The lesson is clear, you need to defend against attacks from the inside as much as from the outside. The article does not say how he got in, if it was a lack of proper procedure (terminating accounts, changing passwords and the like), if he used a known vulnerability to hack in, or if he left a hidden backdoor somewhere. Perhaps we'll find out later. It is the typical disgruntled employee story. Companies really should have defenses in place for this. Here is the article:
http://www.w2knews.com/rd/rd.cfm?id=040830TB-Disgruntled

Dell Scores a First Benchmark

Client/Server Mag reported that Dell has brought home the first benchmark for a clustered configuration of MS Exchange 2003. It clustered four PowerEdge 1750 servers, each fitted out with two 3.2GHz Xeons, backed the system with a Dell/EMC CX600 SAN. The thing scored 15,000 MAPI Messaging Benchmark 3s (MMB3s), which approximates how many typical corporate e-mail users the server can support. The widgetry goes for $7,800 per processor. If you are in the IT industry, Client/Server Mag is a paid-for, warmly recommended publication:
http://www.w2knews.com/rd/rd.cfm?id=040830TB-G2News

  NT/2000 RELATED NEWS

Something Ultracool at MS-Research

Seen Tom Cruise manipulating graphics in Minority Report? Well, that technology is closer than you think. Stewart Tansley at MS-research has cooked up something called "touchlight" technology. There is a video of it at Channel 9 on MSDN and you do want to see those 4 minutes of video. Here is the link, and scroll down to the section called 'Stewart Tansley - First look at MSR's "touch light". Enjoy!
http://www.w2knews.com/rd/rd.cfm?id=040830RN-Channel9

Redmond Wraps Up MOM 2005

The Microsoft Operations Manager 2005 is done, Redmond said this week. There are new features like graphical systems views and the reporting has been improved. It's supposed to be easier to roll out than its predecessor. The latter was definitely needed as deploying MOM has been a challenge to say the least. They also announced MOM 2005 Workgroup Edition, geared to sites with 4-10 machines and only needing simple monitoring.

Redmond has time and again repeated an Accenture mantra that showed admins spend up to 70% of their time doing system management. They claim that by automation it can be brought down to 55%. MS also overhauled MOM 2005 pricing and licensing You can get a license for your central server for $729, and then you need so-called operations management licenses (OML) for every other managed server. An OML 5-pack is estimated priced at retail $2,689. MOM 2005 Workgroup Edition is priced at $499.

There is just one big problem with this Workgroup Edition. It's a "MOM-Lite". Looking back at 25 years in IT, I have never ever seen a big product successfully seen stripped down and sold at a lower price. It's actually a severe error in marketing to do that. I'm quoting marketing Guru Al Ries in his book The Origin Of Brands: "Stripping down an existing product usually means taking out value faster than taking out costs". He continues with : "Virtually every major personal computer manufacturer has tried the stripped-down strategy with very little success, starting with the IBM PC Junior. Some recent examples are 3Com's Audrey, Oracle's NIC, Intel's Dot.station [and more]"

But... competition is a good thing, the consumer benefits. We're excited to announce new prices for ServerVision! It is now basically 50 bucks per server, with a 5-pack as your minimum purchase. Here is a user quote: "It seems to be an impressive product. It has much of the functionality we've been drooling over in MS Operations Manager, but much easier to get going." You can get a 5-pack ServerVision now for $249 + 25% maintenance at $311.25, and a 10 pack for $499 + 25% maintenance for $623.75 at the Sunbelt OnlineShop. Your 30-day full-featured eval is here:
http://www.w2knews.com/rd/rd.cfm?id=040830RN-ServerVision

Gartner: Server Sales Up 8%; Linux Does Well

Gartner just reported that Q2 server revenues grew 7.7% year-over-year to $11.5 billion and that the growth of Linux kept on going. IBM kept its big dog position of 30.7% of the total cash shelled out for servers. HP and Sun were respectively 2 and 3 with 27.3% and 13% of the revenue. Both lost about one percent of their position compared to last year, and it looks like they gave it to Dell who was up from 8.8% to 9.8%. Dell total server sales were up 20% to $1.13 billion.

Worldwide the shipments of servers rose a whopping 24.5% to a total of 1.6 million units in the second quarter. First in total units was HP with 463,489 servers, and number two was Dell with 337,994 boxes pushed out the door, leaving the third place to IBM with 238,721 machines.

The Windows OS was 34.4% of the total OS money worldwide. If you look at the count of the OS-en, Linux kept on going like the energizer bunny with its double-digit growth. Revenues grew 54,6% and shipments went up 61.6%. It looks like the total revenues for Linux is now just under 10% of total server OS sales. And like I said before, Linux continues to eat into the legacy Unix sales as their revenues are down 4.3%.

  THIRD PARTY NEWS

Looking For A Free IDS? Snort Seems To Be The Ticket

Just a few short years ago, an IDS was a luxury. Before the rise of the Web application and the worm, most networks were adequately defended by a firewall at the perimeter and a virus scanner at the mail server. Today, the firewall remains effective against clumsy DoS attacks and run-of-the-mill exploits, but it?s hard-pressed to thwart application-layer attacks that piggyback on welcome protocols and worms that wind their way inside the network through any overlooked port or a mobile user?s laptop. The SNORT open source project makes a very good impression here. Good article at InfoWorld!
http://www.w2knews.com/rd/rd.cfm?id=040830TP-IDS

How Are You Protecting Your Company Databases?

We have a new white paper you should have a look at. Database management systems (DBMS) are the hidden engines behind some of your most critical information applications. The types of critical business applications that depend on DBMS include:

  • Enterprise Resource Management (ERP)
  • Customer Relationship Management (CRM)
  • Accounting
  • Sales force automation
  • Order tracking
  • Inventory management
  • Technical support and customer service help desks
In most cases, all of the data for these business systems is stored in a DBMS. This means that if the DBMS is damaged, not only is the application unavailable, but all the current and historical data is at risk. One of the most common DBMS for Microsoft® Windows ® servers is Microsoft SQL Server? (MS-SQL). Depending on your environment, your Microsoft SQL Server may be your most critical application. Like most database management systems, MS-SQL stores all of the data in a handful of database containers, or files. If one of these containers is damaged or corrupted, all of the data it contains is lost. The end result - a serious failure of one system could close the doors of your business for days, even permanently. This white paper discusses data protection strategies for Microsoft SQL Server, and answers the following questions:
  • What does it really mean to protect a database?
  • What are the alternatives?
  • How do I compare the costs and advantages of different solutions?
  • Why should you consider Double-Take?
Read this white paper here, no registration required:
http://www.w2knews.com/rd/rd.cfm?id=040830TP-DBMS

AutoPilot for XP Impresses Me

Mike Sweeney over at Packetattack sent us this back: "What has impressed me is the new found stability of my XP test box. And here I thought memory management add-ons died in the late 80s ;) Long Live QEMM ;) Honestly, so far I'm impressed with AutoPilot. I have the Google folding protein app running in the background at 50% and along with my normal day to day stuff such VMware, Bloomba and various browsers, everything works together now. Go figure."

I'd like to add something here as the owner of AutoPilot. This product has an interesting history. The concept was originally developed for Cray systems that needed CPU load balancing code. Then that code was ported to generic Unix systems, and later the same concept was rewritten for the NT code base. It's really more than just memory management: AutoPilot looks at all the bottlenecks in your system (can look straight into the CPU(s) bypassing the hardware abstraction layer) and then when your box gets busy, instructs the OS to use more threads and resources for the jobs that need it. AutoPilot is really a neural network, and you could see it as an "intelligence booster" for the OS that can result in better performance. Try it out for yourself at this link. (It works fine with the new SP2 by the way.)
http://www.w2knews.com/rd/rd.cfm?id=040830TP-AutoPilotXP

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

Is Your WinXP Admin Workstation Maxing Out?

You should try AutoPilot for XP in that case. It is a true neural network that bypasses the hardware abstraction layer and looks into the hardware to really see where the bottlenecks are. Next, AutoPilot tells the OS where the resources are really needed. See it as an intelligence boost for the OS, which can increase total throughput. So, if your admin station is getting really busy and bogged down, try 'real-time tuner' AutoPilot. Only buy it (the price is just $29.95) if you see the benefit! 30-day eval:

http://www.w2knews.com/rd/rd.cfm?id=040830PW-AutoPilot