- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 6, 2004 (Vol. 9, #35 - Issue #491)
Spyware Can Foul Up SP2 Deployment
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • A Royal Pain In The Posterior
    • More Cool Display Technology
    • Happy Birthday Internet
  2. TECH BRIEFING
    • Spyware Can Foul Up SP2 Deployment
    • Apache Rejects Sender ID Proposal
  3. NT/2000 RELATED NEWS
    • No WinFS For LongHorn
    • Get Your Network Hacked In 10 Easy Steps
    • Download: Scripting Defrag in Windows Server 2003
    • Information Leakage Through Hidden Word Data
  4. NT/2000 THIRD PARTY NEWS
    • Special 'September 2004 Only' Offer: Security Pack
    • What's New In iHateSpam Version 2.0?
    • "All Other Server Monitors Are Hard To Use"
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Special Sunbelt Security Pack
  SPONSOR: Disaster Recovery Is Now A Must-Have
But there are still a lot of questions about DR, here are a few:
- What is the difference between synchronization and replication?
- Does DOUBLE-TAKE replicate the entire file when it is changed?
- Are changes applied to the target server immediately?
- Can replicated data on the target be accessed by users?
- Will DOUBLE-TAKE replicate encrypted files?
And many more. We have an FAQ in PDF for you here (no registration!)
Visit Disaster Recovery Is Now A Must-Have for more information.
  EDITORS CORNER

A Royal Pain In The Posterior

Lots of stuff happening these days. Spyware is getting to be a royal pain in the posterior. I have spoken personally to about twenty system admins this week about this topic. The picture isn't pretty and getting worse. Machines are getting slow, and sometimes bog down to a point that they get completely unusable and need to be rebuilt. More over, organized cybercrime is using worms, viruses and hybrids of these combined with spyware to invade companies. Microsoft also warns against it, see the Tech Briefing!

More Cool Display Technology

Danny Lee sent me this: Hey Guys! I always enjoy reading your articles... But reading "Something Ultracool at MS-Research" makes me think you haven't visited the IO2 website. These guys are creating displays out of thin air! Not just displays, but INTERACTIVE displays. Check out the videos of their technology. He's right, now THAT'S Ultra-cool, and for sale now.
http://www.w2knews.com/rd/rd.cfm?id=040906ED-Technology

Happy Birthday Internet

The Net, a project that will be an eternal work in progress, turned 35 this past Sunday. It was born at UCLA where someone joined two computers with a 15-foot cable. It mutated into 5 nodes some months later. Look at what we have now! And it's only V1.0. Internet V2 is on the way.

Quotes of the Week:
"There are seldom technical solutions to behavioral problems" -- Ed Crowley
I got inspired and added one of my own: "There are never medical solutions to behavioral problems" -- Stu Sjouwerman

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Panda Launches TruPrevent Technologies
Finally, unknown viruses are under control.
Panda Software?s proactive technologies, exclusive to Panda,
stop latest generation unknown worms and viruses even
before your signature files are updated! The most intelligent
technologies to combat unknown viruses and intruders.
Contact Panda Software at 877-462-6200, or visit our website.

Visit Panda Launches TruPrevent Technologies for more information.
  TECH BRIEFING

Spyware Can Foul Up SP2 Deployment

SP2 is all about security. But SP2 itself cannot do much if a machine is already polluted with spyware -- and that shows to be a problem in some cases. Redmond is warning XP users to clean their systems and remove spyware before downloading SP2. Barry Goff, a MS group product manager, said some spyware could cause computers to freeze up upon installation of the update.

There are many categories of spyware, depending on who you talk to. It often comes as an unwanted parasite with file-sharing programs, starts tracking behavior and then triggers pop-up ads. And that's only one relatively harmless category of at least three dozen.

There are several freeware and for-pay products on the market to clean systems and remove these pests. Redmond recommends that you clean workstations of spyware and make backups before turning on the SP2 auto update feature. IDC estimates that by now, about 260 million copies of WinXP have been sold.

In a corporate environment, spyware is rapidly replacing spam as 'Headache Numero Uno'. It's still early days for spyware removal tools. The freeware is not enterprise ready, and the first generation commercial products available for the enterprise have their roots visibly in end-user products, for instance none of them support Active Directory. Anti-virus vendors are trying to muscle in on this market, but their code was not specifically written to remove spyware and it shows. Their performance cannot stand in the shadow of dedicated tools that were built as anti-spyware from the get go. These early days, the best solution available is PestPatrol Corporate Edition:
http://www.w2knews.com/rd/rd.cfm?id=040906TB-PestPatrol

Apache Rejects Sender ID Proposal

Netcraft News reported that the Apache Project has rejected the Sender ID proposal for e-mail user authentication, saying the terms of Microsoft's license for the underlying technology makes it incompatible with open source software. The decision illustrates how anti-spam efforts have become the latest battleground between the open source community and Microsoft.

Apache's decision, outlined in a letter to the Internet Engineering Task Force (IETF), culminates weeks of discussion among the IETF, Microsoft and open source advocates over whether Sender ID could work as a standard framework for anti-spam measures.

"The current Microsoft Royalty-Free Sender ID Patent License Agreement terms are a barrier to any (Apache) project which wants to implement Sender ID," Apache chairman Greg Stein said in the letter. "We believe the current license is generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0. Therefore, we will not implement or deploy Sender ID under the current license terms."

The full article is at the NetCraft site:
http://www.w2knews.com/rd/rd.cfm?id=040906TB-NetCraft

  NT/2000 RELATED NEWS

No WinFS For LongHorn

The Microsoft Watch site (a good one I might add) reported that Redmond announced that it is cutting some of its planned Longhorn features in order to get the desktop version of the product out the door by 2006. The Windows File System (WinFS) ? technology that was set to simplify information storage and retrieval ? won't make it into the final, shipping versions of Longhorn client, company officials confirmed. WinFS also won't be part of Longhorn server, the server complement of Longhorn that is still due out in 2007, as Microsoft announced earlier this year.

Company officials said they were not sure when and via what version of Windows Microsoft ultimately will make WinFS available. Microsoft has talked about Blackcomb versions of Windows as the next major follow-ons to Longhorn. But they aren't expected to ship until the end of this decade. The full article is here:
http://www.w2knews.com/rd/rd.cfm?id=040906RN-WinFS

And here is a full interview with Gates, going into the nitty gritty:
http://www.w2knews.com/rd/rd.cfm?id=040906RN-Gates

Get Your Network Hacked In 10 Easy Steps

Worms are considered a major security problem today, but Microsoft security expert Jesper Johansson says you may be overlooking a bigger problem -- the damage a single hacker can do inside your network. Read how to avoid 10 common mistakes in this article from SearchWindowsSecurity.com. Free registration may be required.
http://www.w2knews.com/rd/rd.cfm?id=040906RN-10_Mistakes

And when you are done reading it, check out this tool that scans for many of these errors:
http://www.w2knews.com/rd/rd.cfm?id=040906RN-SNSI

Download: Scripting Defrag in Windows Server 2003

Expert Greg Ramsey shares a handy script he uses to enumerate all local hard drives and to check each one sequentially to see if it needs to be defragmented. If the total percent fragmentation is greater than 10%, then Defrag is automatically run. All information is written to the event log. You can download this script from the searchWindowsSecurity.com site. Free registration may be required.
http://www.w2knews.com/rd/rd.cfm?id=040906RN-Defrag_Script

Information Leakage Through Hidden Word Data

The www.user-agent.org download site has a document called "Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents" If you go here, it sits at the last of the list as a PDF document (word_docs.pdf). Some very interesting data in there. It was written by Simon Byers, he's at ATT Research. The document is dated 2003/04/03, and the abstract reads as follows:

"In considering the leakage of information through hidden text mechanisms in commonly used information interchange formats we demonstrate how to automate and scale the search for hidden data in Word documents. The combination of this scaling with typical behaviour patterns of Word users and the default settings of the Word program leads to an uncomfortable state of affairs for Word users concerned about information security. We discuss some countermeasures employable by users and note more general consequences of these effects."

Check the PDF out here:
http://www.w2knews.com/rd/rd.cfm?id=040906RN-Word_Docs

  THIRD PARTY NEWS

Special 'September 2004 Only' Offer: Security Pack

Sunbelt Software decided to give system admins a real break. A unique bundle of security products available for just ONE MONTH. Your PO has to arrive before 12 midnight September 30-th. This is a once-in-a-lifetime super special "end-of-the-third-quarter" blowout. It's really a killer deal, these three security tools have a retail value of $3,237.50, but are now $1,868.75 and that even includes one year maintenance. Make sure you get this bundle soon. It's a must-have for your security toolkit. You'll be surprised with the tools you find in this pack. Check it out!
http://www.w2knews.com/rd/rd.cfm?id=040906TP-Security_Pack

What's New In iHateSpam Version 2.0?

The development team here at Sunbelt is going "pedal to the metal" on the new incarnation of iHateSpam for Exchange. It's a new architecture that allows us to build all kinds of interesting plug-ins that you need. We'll come out late Q4 with excellent anti-spam filtering, but also integrated anti-virus. Since we will do way more than just spam, we're going to change the name too.

Plug-ins for anti-virus, content filtering, content auditing, disclaimers, server-based auto-replies, and more exciting stuff that I cannot talk about yet will come out in stages after we release the V 2.0 code. Pricing will be extremely competitive, so if you are looking for a full-featured message security solution for your Exchange server, get iHateSpam for Exchange now and benefit from this upgrade path. Got any ideas for features you would like to see? Send them to me.

If your maintenance contract is valid, your upgrade from the current version to V2.0 (includes the anti-spam plugin) will be gratis. If you want to add AV, we will make this available to existing customers at extremely attractive pricing. So good that you're going to have to really look at replacing your current solution! Have a good suggestion for a new name for this product? Email me and if your name gets chosen, we'll award you a $100 Amazon gift cert. Here is your link to the current V1.5 30-day full eval of iHateSpam for Exchange. Get it now, and benefit from the upgrade path.
http://www.w2knews.com/rd/rd.cfm?id=040906TP-iHateSpam

"All Other Server Monitors Are Hard To Use"

There is some very good news. Monitoring system health and keeping servers secure has become even easier and more affordable than ever. ServerVision has started selling fast, and the recent price decrease has made it a real no-brainer. For just 50 bucks per machine you have a next-generation monitor that does event logs, uptime, alerts and whole host of other things: easy to afford, easy to set up and easy to use! You should really try ServerVision now, you will be very pleasantly surprised. It's now possible to just throw out that hard-to-use monitor you have, and replace it with ServerVision.
http://www.w2knews.com/rd/rd.cfm?id=040906TP-ServerVision

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

Special Sunbelt Security Pack

This is a special you do not want to lose out on. Sunbelt bundled three security tools and you basically only pay for one. The retail value is $3,237.50. But the cost now is $1,868.75 and that even includes one year maintenance. You'll be surprised with the tools you find in this pack. Check it out here. It's September only though!
http://www.w2knews.com/rd/rd.cfm?id=040906PW-Security_Pack