Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 30, 2004 (Vol. 9, #34 - Issue #490)
Something Ultracool at MS-Research
This issue of W2Knews contains:
- EDITORS CORNER
- Don't Get Me Wrong About WinXP SP2
- Stu's News Sample Feedback
- iHateSpam for Exchange V2.0: Exciting New Features
- TECH BRIEFING
- WinAmp Media Player Victim Of Zero-Day Exploit
- Remove Hidden Data In Office Documents
- SANS Has Set Up An SP2 Page
- Indiana Man Hacks Into Former Employer's Systems
- Dell Scores a First Benchmark
- NT/2000 RELATED NEWS
- Something Ultracool at MS-Research
- Redmond Wraps Up MOM 2005
- Gartner: Server Sales Up 8%; Linux Does Well
- NT/2000 THIRD PARTY NEWS
- Looking For A Free IDS? Snort Seems To Be The Ticket
- How Are You Protecting Your Company Databases?
- AutoPilot for XP Impresses Me
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Is Your WinXP Admin Workstation Maxing Out?
SPONSOR: Panda Launches TruPrevent Technologies
Finally, unknown viruses are under control.
Panda Software?s proactive technologies, exclusive to Panda,
stop latest generation unknown worms and viruses even
before your signature files are updated! The most intelligent
technologies to combat unknown viruses and intruders.
Contact Panda Software at 877-462-6200, or visit our website.
Visit Panda Launches TruPrevent Technologies for more information.
Don't Get Me Wrong About WinXP SP2
A reader wrote me: "While it is true that XP-SP2 might break some
machines, it is (IMHO) irresponsible to recommend to not install SP2.
There are too many advantages to the increased security model,
especially for home users."
Well, in the last issue I certainly warned against it breaking
things, but I did not recommend to not install it. What I certainly
do recommend is to thoroughly test SP2 in a sandbox with all
the apps you have in production before you let this beast loose!
Oh, the Microsoft website is now promoting SP2 full blast, it's
the main feature on their primary web page, their PR flacks sure
are making it a big deal, trying to repair the damaged image.
Stu's News Sample Feedback
Many of you sent me something nice about the Stu's News issue
you received as a sample this week. They are published only
once a month, and focus on a specific issue. So no more Stu's
News for a while but I promise you that when the next one
comes out it will be with something very cool. Stay tuned.
iHateSpam for Exchange V2.0: Exciting New Features
The development team here at Sunbelt is going "pedal to the
metal" on the new incarnation of iHateSpam for Exchange. It's a
new architecture that allows us to build all kinds of interesting
plug-ins that you need. We'll come out soon with excellent
anti-spam filtering, but also integrated anti-virus. Since
we will do way more than just spam, we're going to change
the name too. Plug-ins for content filtering, content auditing,
disclaimers, server-based auto-replies, and more exciting stuff
that I cannot talk about yet will come out after we release
the code. Pricing will be extremely competitive, so if you
are looking for a full-featured messaging solution for your
Exchange, get iHateSpam for Exchange now and benefit from
this upgrade path. If you have a good suggestion for a new
name for this product, send it to me. If your name gets
chosen, we'll award you a $100 Amazon gift cert.
(email me with feedback: [email protected])
SPONSOR: "A Hummer For The Price Of A Hyundai"
Sunbelt's Network Security Inspector (SNSI) is a vulnerability
scanner you shouldn't be without. Many system admins add it to
their security toolkit because the vulnerability database is top
notch and the price is still ridiculously low. This product is
really at military spec, you'd be surprised to know which
organizations are using this database to protect their domains
(ask your Rep). Get a 30-day eval now, and scan for holes not
only in Microsoft but many other popular applications. Make sure
you benefit from the intro-offer that ends Sept 30!
Visit "A Hummer For The Price Of A Hyundai" for more information.
WinAmp Media Player Victim Of Zero-Day Exploit
eSecurityPlanet just reported that the popular skinning feature
in Nullsoft's WinAmp media player has left the door wide open for
malicious attackers to hijack PCs. Security researchers at K-Otik
discovered the vulnerability and released details of a "Skinhead"
zero-day exploit that is already spreading in the wild.
The exploit, which targets WinAmp versions 3.x and 5.x, is being
used to forcefully install spyware and Trojans on infected systems.
Secunia has tagged the flaw as "extremely critical," its highest
rating. WinAmp skins have a huge following because they allow
users to adopt colorful, customizable and interchangeable sets
of graphics that change the look and feel of the software. If
your vulnerability scanner does not include popular third party
products like this, you have a false sense of security that might
cause problems down the road. Article at:
Remove Hidden Data In Office Documents
Even been caught with the embarrassment of some one looking at all
the modifications you made in a Word file? Sometimes with contracts
this can even become more than just an embarrassement! I found a
page on the MS website that has an add-in that allows you to
permanently remove hidden data. Quite useful in some situations
when you only want to show the final product to come out in
Word, Excel or PowerPoint presentations.
The Remove Hidden Data add-in is a tool that you can use to remove
personal or hidden data that might not be immediately apparent when
you view the document in your Microsoft Office application.
SANS Has Set Up An SP2 Page
W2Knews reader Steven Foust sent me this: "Just a quick note, in
case you weren't aware. SANS has a page set up for people to report
their ongoing success with SP2. Interesting things I spotted on a
quick overview read of all comments:
Here is the SANS link:
- It appears SP2 doesn't like the Prescott chip, AT ALL. Almost
everyone with critical problems was running a Prescott. (One suggestion
by a poster was that Intel's NX technology is glitched, and thus
is not allowing the boot code to finish running.)
- Those with "issues" seemed to find these cleared up either with a
fresh install, followed by SP2, or by installing a version of XP
that was slipstreamed with SP2. In other words, the problem was caused by something running in memory (an uncaught virus, or spyware?).
- Recommendations are very, VERY firm about running a full antivirus
scan, followed by a scan for spyware (and other malware) before
doing an install.
- Some drivers need to be re-installed, especially for devices using USB.
- Most all other "issues" were with programs that needed to be added
to the firewall. Given that you have to do this with any other firewall
software (such as ZoneAlarm), this shouldn't be that big of a problem.
- One major problem (for some) was the port speed limitation that
Microsoft added. In other words, if you have a single program that opens more than 10 simultaneous connections (Ie, some of the newer file transfer protocols, or NMap to test your system for vulnerabilities), Microsoft automatically limits the thru-put to around that of a 1200bps modem. Under normal conditions, you'll never see this -- but if you try to run NMap (or
other software that opens a TON of connections simultaneously), you'll
see this -- fast."
And here you can discuss SP2 on a dedicated Sunbelt Forum
Indiana Man Hacks Into Former Employer's Systems
ComputerWorld is running an article about a man called Patrick Angle,
who was charged with intentionally deleting the source code for
software he had been developing for Massachusetts-based Varian
Semiconductor Equipment Associates. The lesson is clear, you need
to defend against attacks from the inside as much as from the
outside. The article does not say how he got in, if it was a
lack of proper procedure (terminating accounts, changing passwords
and the like), if he used a known vulnerability to hack in, or
if he left a hidden backdoor somewhere. Perhaps we'll find out
later. It is the typical disgruntled employee story. Companies
really should have defenses in place for this. Here is the article:
Dell Scores a First Benchmark
Client/Server Mag reported that Dell has brought home the first
benchmark for a clustered configuration of MS Exchange 2003.
It clustered four PowerEdge 1750 servers, each fitted out with
two 3.2GHz Xeons, backed the system with a Dell/EMC CX600 SAN.
The thing scored 15,000 MAPI Messaging Benchmark 3s (MMB3s),
which approximates how many typical corporate e-mail users the
server can support. The widgetry goes for $7,800 per processor.
If you are in the IT industry, Client/Server Mag is a paid-for,
warmly recommended publication:
NT/2000 RELATED NEWS
Something Ultracool at MS-Research
Seen Tom Cruise manipulating graphics in Minority Report? Well,
that technology is closer than you think. Stewart Tansley at
MS-research has cooked up something called "touchlight"
technology. There is a video of it at Channel 9 on MSDN and
you do want to see those 4 minutes of video. Here is the
link, and scroll down to the section called 'Stewart Tansley - First look at MSR's "touch light". Enjoy!
Redmond Wraps Up MOM 2005
The Microsoft Operations Manager 2005 is done, Redmond said this
week. There are new features like graphical systems views and
the reporting has been improved. It's supposed to be easier to
roll out than its predecessor. The latter was definitely needed
as deploying MOM has been a challenge to say the least. They
also announced MOM 2005 Workgroup Edition, geared to sites
with 4-10 machines and only needing simple monitoring.
Redmond has time and again repeated an Accenture mantra that
showed admins spend up to 70% of their time doing system
management. They claim that by automation it can be brought
down to 55%. MS also overhauled MOM 2005 pricing and licensing
You can get a license for your central server for $729, and
then you need so-called operations management licenses (OML)
for every other managed server. An OML 5-pack is estimated
priced at retail $2,689. MOM 2005 Workgroup Edition is priced
There is just one big problem with this Workgroup Edition.
It's a "MOM-Lite". Looking back at 25 years in IT, I have
never ever seen a big product successfully seen stripped
down and sold at a lower price. It's actually a severe error
in marketing to do that. I'm quoting marketing Guru Al Ries
in his book The Origin Of Brands: "Stripping down an existing
product usually means taking out value faster than taking out
costs". He continues with : "Virtually every major personal
computer manufacturer has tried the stripped-down strategy
with very little success, starting with the IBM PC Junior.
Some recent examples are 3Com's Audrey, Oracle's NIC, Intel's
Dot.station [and more]"
But... competition is a good thing, the consumer benefits.
We're excited to announce new prices for ServerVision! It
is now basically 50 bucks per server, with a 5-pack as your
minimum purchase. Here is a user quote: "It seems to be an
impressive product. It has much of the functionality we've
been drooling over in MS Operations Manager, but much easier
to get going." You can get a 5-pack ServerVision now for
$249 + 25% maintenance at $311.25, and a 10 pack for $499
+ 25% maintenance for $623.75 at the Sunbelt OnlineShop.
Your 30-day full-featured eval is here:
Gartner: Server Sales Up 8%; Linux Does Well
Gartner just reported that Q2 server revenues grew 7.7%
year-over-year to $11.5 billion and that the growth of Linux
kept on going. IBM kept its big dog position of 30.7% of
the total cash shelled out for servers. HP and Sun were
respectively 2 and 3 with 27.3% and 13% of the revenue.
Both lost about one percent of their position compared
to last year, and it looks like they gave it to Dell who
was up from 8.8% to 9.8%. Dell total server sales were up
20% to $1.13 billion.
Worldwide the shipments of servers rose a whopping 24.5%
to a total of 1.6 million units in the second quarter. First
in total units was HP with 463,489 servers, and number two
was Dell with 337,994 boxes pushed out the door, leaving
the third place to IBM with 238,721 machines.
The Windows OS was 34.4% of the total OS money worldwide.
If you look at the count of the OS-en, Linux kept on going
like the energizer bunny with its double-digit growth.
Revenues grew 54,6% and shipments went up 61.6%. It looks
like the total revenues for Linux is now just under 10%
of total server OS sales. And like I said before, Linux
continues to eat into the legacy Unix sales as their
revenues are down 4.3%.
THIRD PARTY NEWS
Looking For A Free IDS? Snort Seems To Be The Ticket
Just a few short years ago, an IDS was a luxury. Before the rise
of the Web application and the worm, most networks were adequately
defended by a firewall at the perimeter and a virus scanner at
the mail server. Today, the firewall remains effective against
clumsy DoS attacks and run-of-the-mill exploits, but it?s hard-pressed to thwart application-layer attacks that piggyback on
welcome protocols and worms that wind their way inside the network
through any overlooked port or a mobile user?s laptop. The SNORT
open source project makes a very good impression here. Good
article at InfoWorld!
How Are You Protecting Your Company Databases?
We have a new white paper you should have a look at. Database
management systems (DBMS) are the hidden engines behind some
of your most critical information applications. The types of
critical business applications that depend on DBMS include:
In most cases, all of the data for these business systems is
stored in a DBMS. This means that if the DBMS is damaged, not
only is the application unavailable, but all the current and
historical data is at risk. One of the most common DBMS for
Microsoft® Windows ® servers is Microsoft SQL Server? (MS-SQL).
Depending on your environment, your Microsoft SQL Server may
be your most critical application. Like most database management
systems, MS-SQL stores all of the data in a handful of database
containers, or files. If one of these containers is damaged
or corrupted, all of the data it contains is lost. The end
result - a serious failure of one system could close the doors
of your business for days, even permanently. This white paper
discusses data protection strategies for Microsoft SQL Server,
and answers the following questions:
- Enterprise Resource Management (ERP)
- Customer Relationship Management (CRM)
- Sales force automation
- Order tracking
- Inventory management
- Technical support and customer service help desks
Read this white paper here, no registration required:
- What does it really mean to protect a database?
- What are the alternatives?
- How do I compare the costs and advantages of different solutions?
- Why should you consider Double-Take?
AutoPilot for XP Impresses Me
Mike Sweeney over at Packetattack sent us this back: "What has
impressed me is the new found stability of my XP test box. And
here I thought memory management add-ons died in the late 80s ;)
Long Live QEMM ;) Honestly, so far I'm impressed with AutoPilot.
I have the Google folding protein app running in the background
at 50% and along with my normal day to day stuff such VMware,
Bloomba and various browsers, everything works together now.
I'd like to add something here as the owner of AutoPilot. This
product has an interesting history. The concept was originally
developed for Cray systems that needed CPU load balancing code.
Then that code was ported to generic Unix systems, and later the
same concept was rewritten for the NT code base. It's really
more than just memory management: AutoPilot looks at all the
bottlenecks in your system (can look straight into the CPU(s)
bypassing the hardware abstraction layer) and then when your box
gets busy, instructs the OS to use more threads and resources for
the jobs that need it. AutoPilot is really a neural network, and
you could see it as an "intelligence booster" for the OS that can
result in better performance. Try it out for yourself at this
link. (It works fine with the new SP2 by the way.)
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
Is Your WinXP Admin Workstation Maxing Out?
You should try AutoPilot for XP in that case. It is a true neural
network that bypasses the hardware abstraction layer and looks
into the hardware to really see where the bottlenecks are. Next,
AutoPilot tells the OS where the resources are really needed.
See it as an intelligence boost for the OS, which can increase
total throughput. So, if your admin station is getting really
busy and bogged down, try 'real-time tuner' AutoPilot. Only buy
it (the price is just $29.95) if you see the benefit! 30-day eval: