- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 20, 2004 (Vol. 9, #37 - Issue #493)
Hey, I Need That Security Data Too!
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Hey, I Need That Security Data Too!
    • Spyware Survey Results
    • iHateSpam For Exchange Wins "Oscars For Software"
  2. TECH BRIEFING
    • So, Now The JPEG Technology Leaks?
    • Group Policy Controls Extended To Unix, Linux
    • Rolling Back A Failed Exchange Upgrade
    • Shortcuts To AD Security
    • Tighten Default Settings To Prevent Unauthorized Access
  3. NT/2000 RELATED NEWS
    • Media Center Update October 12-th
    • Q&A: Microsoft's Linux Strategist Martin Taylor
    • AOL Backs Away From Microsoft Antispam Plan
    • WordToys
  4. NT/2000 THIRD PARTY NEWS
    • iHateSpam For Exchange: Reader's Choice Again!
    • ServerVision Gets Excellent Reviews
    • SNSI Now Checks For The New JPEG Holes
    • IDC Reports: Storage Software Biz Growing
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Are Those Servers Behavin'?
  SPONSOR: iHateSpam For Exchange: Reader's Choice Again!
Windows IT Pro Magazine announced this week that Sunbelt Software's
iHateSpam for Exchange was selected a winner in the Mail Server
Administration Utilities category of their Readers' Choice Awards.

"Recognition from peers in the industry is an honor and is the ultimate
"seal of approval" for the products who won." said Kim Paulsen, Group
Publisher, Windows IT Pro. More than 2000 readers chose the best
among more than 700 products and services. Check out iHateSpam for
Exchange for 30 days:
Visit iHateSpam For Exchange: Reader's Choice Again! for more information.
  EDITORS CORNER

Hey, I Need That Security Data Too!

This week some news broke that did not make me all that happy. Looks like for a while already Redmond has made mostly large sites aware what patches were coming down the pike, if they signed a confidentiality agreement. For purposes of planning supposedly. I think this is w-r-o-n-g. Security affects all of us, and we all need to get data as soon as possible for planning and patch deployment purposes. I see no reason to give some people preferential treatment. Email me with what you think?

Spyware Survey Results

Man, it's been a long time since I have had SUCH a strong reaction on anything. The last time was spam, well over two years ago. The survey results are still coming in so, you will have to wait for the Exec Summary for a while longer. I think I will create a separate Stu's News dedicated issue about spyware actually. But I can disclose Question 3 to start off with, which was the same as the recent SunPoll.

The question was: "Today, how much of a problem is end-users' machines getting infected with spyware?"

  • No problem - 1.68% - 28 votes
  • Minor problem - 4.69% - 78 votes
  • It's happening more and more - 32.89% - 546 votes
  • Major problem - 32.95% - 547 votes
  • We are very concerned about this now and need solutions - 27.77% - 461 votes
The immediate upshot is clear: this is something many system admins told us is as bad as, (or worse than) viruses.

iHateSpam For Exchange Wins "Oscars For Software"

Of course everyone in Sunbelt is thrilled we received a Reader's Choice Award for iHateSpam for Exchange a second time in a row. There are now well over 4,000 production sites running it, which makes it the best selling anti-spam solution for Exchange. Version 2.0 which we expect in a few months will have plug-in capability so you can integrate anti-virus, disclaimers, content filtering/auditing, and some more very cool features that I cannot talk about yet.

One tiny little change coming soon for W2Knews. In the sponsor corner (just below this section) there will be a new feature I hope you guys will find useful. Because the "FaveLinks" are such a huge favorite for W2Knews readers, I thought I would start a "ToolBox" with links featuring tools for admins. Think of it as "work-related" FaveLinks!

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: September 2004 Only!
* Special Sunbelt Security Pack - September Only! *

This is a special you do not want to lose out on. Sunbelt bundled
three security tools and you basically only pay for one. The
retail value is $3,237.50. But the cost now is $1,868.75 and
that even includes one year maintenance. You'll be surprised
with the tools you find in this pack. Check it out here. It's
just available during September 2004 though, so be quick.
Visit September 2004 Only! for more information.

  TECH BRIEFING

So, Now The JPEG Technology Leaks?

A lot of MS products are suddenly "leaking". In other words MS has newly discovered a bunch of holes. This week, a bunch of workstations started rebooting here in Sunbelt, and people thought it happened all by itself. Turned out this was the monthly MS critical update! Some smart end-users here had all turned on the automatic update feature on their workstations. So now they were screaming their PC's were misbehavin'. Our system admins said: "Nope, you should not have turned that on." MS does this stuff in the middle of the day, but we of course apply this stuff later at night with UpdateEXPERT. Anyway, the technology that displays a JPEG picture is badly broken it appears. Another critical buffer overflow. If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

And it affects dozens of MS-products. So, get ready updating! The latest update of the vulnerability database of Sunbelt's Network Security Inspector (SNSI) has these holes added to the list. You should really get your copy of SNSI, it's a tool you cannot afford not to run, and the special intro offer ends this month. Check out the eval here:
http://www.w2knews.com/rd/rd.cfm?id=040920TB-SNSI

Here is the Microsoft JPEG Bulletin:
http://www.w2knews.com/rd/rd.cfm?id=040920TB-JPEG

Group Policy Controls Extended To Unix, Linux

A new third-party offering lets administrators bring the functions of Microsoft's group policies to servers regardless of whether they are Windows, Linux or Unix based. SearchWin2000 has the article! Free registration may be required.
http://www.w2knews.com/rd/rd.cfm?id=040920TB-Group_Policy

Rolling Back A Failed Exchange Upgrade

You are upgrading from Exchange 5.5 to 2000 or 2003. About halfway through the process, something goes horribly wrong. What do you do? If you decide to stick with Exchange 5.5, be forewarned: It?s not as simple as restoring a backup. Find out why ? and what to do about it -- in this tip from SearchExchange.com. Free registration may be required.
http://www.w2knews.com/rd/rd.cfm?id=040920TB-Exchange

Shortcuts To AD Security

There are numerous security settings exist in Active Directory. That?s the good news. The bad news is that configuring the wrong settings initially will create massive problems later on. Check out some preventative actions to take in this series of tips from the Administrator shortcut guide to Active Directory security at SearchWindowsSecurity.com. Free registration may be required.
http://www.w2knews.com/rd/rd.cfm?id=040920TB-AD_Security

Tighten Default Settings To Prevent Unauthorized Access

Many people say information security is a journey: No action you take to secure Windows will make much difference if you don't keep doing more and stay one-step ahead. But instead of bemoaning what you don't know, SearchWindowsSecurity.com guru Roberta Bragg offers a default network settings checklist to help you reduce your risk of attack. I liked the checklist so here is the link to the article. Free registration may be required.
http://www.w2knews.com/rd/rd.cfm?id=040920TB-Default_Settings

  NT/2000 RELATED NEWS

Media Center Update October 12-th

Redmond annouced a meeting in LA at October 12 and we expect they will reveal a new version of Windows XP Media Center Edition. They hope it will catapult into the living room, as it has a whole new multimedia GUI and remote control. More over, the first 'Media Center extenders' will be announced: devices that allow to play back stuff you have recorded on a Media Center PC, even in another room. I have one actually. And also a TIVO. The media center PC has one big drawback, which is no second TV-tuner so that I cannot record something and watch something else like I can with the TIVO. I hope they will update that in a later version. Here is more about the current features.
http://www.w2knews.com/rd/rd.cfm?id=040920RN-Media_Center

Q&A: Microsoft's Linux Strategist Martin Taylor

I found an interesting interview in ComputerWorld today about MS and Linux. They started it like this: "With a year under his belt as Microsoft Corp.'s chief Linux strategist, Martin Taylor has a lot to say about where he sees Linux going and how Microsoft plans to compete with the open-source operating system. Here's where to read more:
http://www.w2knews.com/rd/rd.cfm?id=040920RN-Taylor

AOL Backs Away From Microsoft Antispam Plan

America Online Inc. has decided not to fully support the Redmond Sender ID spam-fighting plan. They claim there are intellectual property problems voiced by the Internet Engineering Task Force and the open-source community. If a large ISP like AOL is not jumping on the bandwagon, this initiative is not going to have any legs in the long run. Hmm. ComputerWorld has the story here:
http://www.w2knews.com/rd/rd.cfm?id=040920RN-Antispam_Plan

WordToys

The WordToys Personal Edition has almost 30 free utilities that make Word easier to use. The Professional Edition has twice as many!
http://www.w2knews.com/rd/rd.cfm?id=040920RN-WordToys

  THIRD PARTY NEWS

iHateSpam For Exchange: Reader's Choice Again!

We have some exciting news for all iHateSpam for Exchange users, and we'd also like to thank you for your vote of confidence.

-- Windows IT Pro Magazine Named Sunbelt Software's iHateSpam for Exchange their Readers' Choice Award Winner --

Windows IT Pro Magazine announced this week that Sunbelt Software's iHateSpam for Exchange was selected a winner in the Mail Server Administration Utilities category of their Readers' Choice Awards. "Recognition from peers in the industry is an honor and is the ultimate "seal of approval" for the products who won." said Kim Paulsen, Group Publisher, Windows IT Pro.

"Few people know more about the best values in Windows technology products and services than Windows IT Pro readers -- the people who actually do the buying on behalf of their organizations. By voting for the most outstanding products, IT professionals have rewarded excellence in the Windows technology market," said Karen Forster, Editorial in Chief, Windows IT Pro.

We are thrilled with this recognition from the people that count. You could call it the Oscar for Mail Server Admin Tools. Thanks again for your vote of confidence and we are sure to get you a very exciting Version 2.0 in a few months with a host of powerful new features. Check out what V2.0 will look like here:
http://www.w2knews.com/rd/rd.cfm?id=040920TP-Award

And the official Award Announcement is here:
http://www.w2knews.com/rd/rd.cfm?id=040920TP-Announcement

ServerVision Gets Excellent Reviews

MCPMag, (soon to be Redmond Magazine) reviewed several tools that "Tame Those Servers Behaving Badly", the title of their article. The author Mike Gunderloy, MCSE, MCSD, MCDBA, is a contributing editor for MCP Magazine. He is the author of numerous books and articles on database and development topics. ServerVision is compared to GFI Network Server Monitor, its biggest competitor so the review is interesting.

I'm quoting a few paragraphs, and will include a link to the full article on their website: "ServerVision is Sunbelt's first foray into the monitoring market, and it has come up with a solution that is unique in several ways. The most innovative feature? There's no particular machine that's identified as the central repository of monitoring knowledge. ServerVision can be installed on as many servers as you like and any of these servers can display the status for any group of monitored machines in a single integrated MMC application.

"Once installed, ServerVision sets up a default set of checks for things like errors in the event log, average CPU and memory load, available disk space, failed services and so on. You can adjust the alerting thresholds for all of these, but even without any customization you'll get a decent idea of your network's health.

"An overall Status Summary List node in the console shows at a glance which machines have a problem, and the software can drill down from there. There's also a Web interface that duplicates the MMC functionality and is more readily available from non-Microsoft systems.

"It's simple to integrate multiple ServerVision Consoles into one. A discovery process finds ServerVision-enabled computers and adds them to the console. The console can also perform a remote installation of the software. ServerVision can send e-mail or alerts, start and stop services, restart or shut down computers, and perform other actions in response to various serious conditions.

"Sunbelt threw in some other functionality. There's a basic backup capability to protect critical data by backing up files or databases and then using FTP to move them around. ServerVision also integrates with Shavlik's HfNetChk to keep an eye on the security profile of servers, sending a notification when a required patch hasn't been applied.

"I like having an MMC snap-in for monitoring; this makes it easy to integrate ServerVision with other management tools. On the downside, this can make for a lot of clicking around to find out what's going on (though the Key Indicators and other summary nodes mitigate this problem somewhat). There is a free evaluation version on the Sunbelt Web site.

"Sunbelt's product is incredibly easy to install, and well-configured by default, though the pricing might be hard to swallow once you go beyond a few servers (although the company does offer volume discounts)."

Editor's Note: This was written before the new pricing scheme went into effect. Pricing is now just $50 per server and basically blows away all other products price wise... Here is the full article, with thanks to MCP Magazine:
http://www.w2knews.com/rd/rd.cfm?id=040920TP-MCP_Mag

SNSI Now Checks For The New JPEG Holes

The new vulnerability updates for this release include:

Six new Windows checks, bringing the total Windows checks to 2246:
W2241 - Opera JavaScript Vulnerability
W2242 - WinZip Buffer Overflow Vulnerability
W2243 - WordPerfect 5.x Converter Buffer Vulnerability - MS04-027
W2244 - JPEG Processing (GDI+) Vulnerability - W2K3 - MS04-028
W2245 - JPEG Processing (GDI+) Vulnerability - XP - MS04-028
W2246 - JPEG Processing (GDI+) Vulnerability - Office XP - MS04-028

Twelve new Linux checks, bringing the total Linux checks to 596:
L585 - Openssh SCP directory traversal - Progeny
L586 - Kerberos 5 double-free & loop bugs - FC, RH
L587 - Midnight Commander VFS vulnerability - FC
L588 - Lha - command line processing - RH; FC
L589 - Kudzu - minor memory leak - FC1, 2
L590 - Httpd - input filter bug - RH, Suse
L591 - KDE Libs and Base vulnerabilities - FC1, 2
L592 - Cdrtools local root privilege vulnerability - FC1, 2
L593 - ImageMagick Imlib BMP Heap Overflow - FC1,2
L594 - Mod_SSL - format string - RH
L595 - Samba Server DoS errors - Linux: FC1,2
L596 - Zlib - 'inflate' function - Suse

Five new Solaris checks, bringing the total Solaris checks to 239:
S235 - In.named Dynamic Update Failures - Solaris 8
S236 - Kerberos KDC Realm Compromise - Solaris 9
S237 - Kernel Update Data Corruption - Solaris 8
S238 - Sun Cluster 2.2 ksh Failure - Solaris 8 - 9
S239 - Cassini Ethernet Driver Panics - Solaris 2.6 - 9

One new Cisco check, bringing the total network device checks to 34:
N34 CISCO - Vpn 3000, Krb5 double-free error

In addition, there were improvements in the following vulnerability checks:
H16,24,51,88 - Supsrseded Patches
W1142,W1986,W1999,W2067 - Anti-Virus Signatures
L581, L584, L174, L172, L171, L186, L183, L181, L214, L154 - Red Hat Enterprise 2.1 added L567 - Samba - SWAT administration service - Linux: RH; SuSe; FC1, 2

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

To get the latest SNSI version, visit:
http://www.w2knews.com/rd/rd.cfm?id=040920TP-SNSI

To update from within the SNSI console, select Settings, enter your full registration key and click on Check Now button To purchase NOW, visit:
http://www.w2knews.com/rd/rd.cfm?id=040920TP-Buy_Now

IDC Reports: Storage Software Biz Growing

Storage is booming again. Worldwide, the storage software market grew a very healthy 16.9% in Q2 to a whopping $1.85 billion caused by strong demand for storage resources management (SRM) software, according to IDC. They said that SRM software now is the largest market in the storage software category, as it is growing 30% year-over-year. Archiving and backup are growing at 9.2%. Code that does Storage Replication (like Double-Take) and file system software also had strong results. Here are the top five storage vendors (in millions):

         2Q04     Market    2Q03      Market       Growth
Vendor   Revenue  Share     Revenue   Share        2Q04/2Q03
-----------------------------------------------------------------

EMC      $602     32.5%     $461      29.1%        30.5%
Veritas  $418     22.6%     $339      21.4%        23.4%
IBM      $130     7.0%      $134      8.5%         -3.0%
HP       $130     7.0%      $120      7.6%         8.8%
CA       $123     6.6%      $142      8.9%         -13.3%
Others   $448     24.2%     $389      24.5%        15.3%
  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

Are Those Servers Behavin'?

You have to keep an weather eye on your servers. Are they still up? Is there anything in the event logs I should know about? Has some one tried to break in? Are any resources maxed out? Are they updated with the latest patches? And you want to see all that in really just a few seconds and get alerted before the $#!+ hits the fan. ServerVision is just the tool. It is easy to install, easy to use and now extremely easy to afford. You should really check this product out. Currently use an older, expensive and hard-to-use system monitor? Replace them. The brand new ServerVision is likely going to cost less than the maintenance of your old tool!

http://www.w2knews.com/rd/rd.cfm?id=040920PW-ServerVision