Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 4, 2004 (Vol. 9, #39 - Issue #495)
Open Letter To Microsoft: Security
This issue of W2Knews contains:
- EDITORS CORNER
- Open Letter To Microsoft: Security
- Waiting For Longhorn? Naah.
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Exchange Best Practice Tool Flunks On SBS 2000 Server
- Job Satisfaction Takes A Dive In Salary Survey
- Run A Pirated Windows Copy? No Updates For You Buddy!
- Checklist: Windows Services You Should Disable Today
- NT/2000 RELATED NEWS
- Microsoft's Licensing Takes A Step In A New Direction
- Redmond: WinXP SP2 Downloads 'On Target'
- Microsoft Answers Admins' WUS Questions
- ISA Server 2004 Is A Pleasant Surprise
- NT/2000 THIRD PARTY NEWS
- Hackers Cost Business Billions
- Double-Take Sweetens Data Protection for Hershey
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Are Those Servers Behavin'?
SPONSOR: The Can't Fight Spam Act
Spam still sucks. The percentage still goes up. The legislation
did not make the slightest dent. Productivity still suffers. Your
users ask to manage their own white- and blacklists. You don't
have time to build a Linux box and mess with scripts and open-
source stuff. iHateSpam for Exchange just broke the 4,500 site
mark. It was the #1 Reader's Choice 2004 for Mail Server Admin
tool, and the Reader's Choice 2004 #2 for anti-spam (with an
appliance being the #1 spot and one vote difference) Remember,
no upgrade penalty when you migrate to Exchange 2000 or 2003.
Best of all, Version 2.0 (expected in a few months) will allow
you to plug in AV, and a host of other essential functionality.
The price is very competitive. And 4,500 sites can't be wrong!
Visit The Can't Fight Spam Act for more information.
Open Letter To Microsoft: Security
You all know SANS. If not, it's an organization that promotes IT
security. They work a lot with volunteers, and many of these handle
security threats. They keep a diary about several daily current
hot situations. One of the SANS daily handlers wrote an open letter
to Redmond that I liked. It was well written, fun, and makes a
very good point. Here you go. (I hope MS is listening too.)
PS: If you need ammo to buy security tools, make sure to read the
item in the third party news section about how much money hacking
is costing business.
Waiting For Longhorn? Naah.
The press was all over it. Redmond officially rips their new
database-driven file system (called WinFS) out of Longhorn, the
new Windows version. Using the new file system would allow you
to simplify search and sharing data among apps. And then it
turns out that a pre-beta version of Longhorn has WinFS in
there, and some people in MS even claim it will be in Longhorn
after all. So, should you wait for Longhorn? No, although it's
become a bit "shorthorn", my suggestion is to upgrade to WinXP
on your users workstations and W2K3 for the server. It will improve
your security profile. WinXP SP2 is at a point that (after you
tested thoroughly with all your apps) it makes sense to deploy to
keep your systems as secure as possible, and you might see some
management and/or performance benefits. Best yet, you will be able
to run it (mostly) on your existing hardware. So, will Longhorn
include WinFS after all? SearchExchange has a story about this (free registration may be required):
Quotes of the Week:
"I guess I just prefer to see the dark side of things. The glass
is always half empty. And cracked. And I just cut my lip on it.
And chipped a tooth." -- Janeane Garofalo.
"A little nonsense now and then is relished by the wisest men."
-- Willy Wonka
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
Exchange Best Practice Tool Flunks On SBS 2000 Server
Tony Gore from the UK sent me this. "Good link. However, I used
this on SBS 2000 server and it came up with the fact that the
IFS drive was enabled and that it should be turned off and a post
SP3 rollup. Following these two, Exchange no longer worked.
Re-enabling the IFS drive got exchange to work, but the Symantec
protection for Exchange would not work; fixing this to manual
startup at least got it running (there is a documented problem
in Win2k with services locking). Two things from this:
OK, Redmond, again... anybody listening?
- A lot of the MS advice, KB etc. applies to W2K server, Exchange
server etc. However, this is not the first time that the SBS 2000
has been found to be different. I don't think that Microsoft ever
test most of the fixes on the SBS 2000 product - they assume that
if it works on Windows 2000 server or Exchange 2000 server (or ISA
2000 server etc) separately, then it will work for SBS 2000 server.
My experience is that something like one patch/fix/recommendation
in 20 does not.
- There is no easy way of providing feedback to Microsoft in
these cases - in the UK, you have to call them up and give them
your credit card number before they will talk to you; there is
an online email, but it just seems to go into a black hole. I
don't know why they cannot have a simple link on each KB article
"report problems with this article".
Job Satisfaction Takes A Dive In Salary Survey
Have a college degree, at least five years of experience in IT
and a West Coast address? If so, your annual wage should be among
the highest in the United States for Windows IT professionals.
Find out how your wages and morale compare to your peers based
on the results of SearchWin2000.com's latest salary survey. Free
registration may be required.
Run A Pirated Windows Copy? No Updates For You Buddy!
Redmond is trying something out in their combat to kill pirates.
They are testing something new on their Download Center site,
users can check their machine if the software they are running
is genuine or not. If they are legit, they get their downloads.
But if not, they'll be shown information about piracy before
they can download their software. A whopping 23% of people in
the USA are running pirated software, and may not even know
about it as they got it from a reseller. Here is the FAQ:
Checklist: Windows Services You Should Disable Today
Windows services running by default are exposing your systems
to attack. Which ones should be turned off immediately? Find
out in this checklist by site expert Roberta Bragg. Free
registration may be required.
NT/2000 RELATED NEWS
Microsoft's Licensing Takes A Step In A New Direction
Microsoft summarized some recent improvements to its licensing
program and launched a Web site devoted to providing users with
information about product licensing, terms and conditions.
One of the improvements is the addition of a step-up license,
which lets Software Assurance (SA) customers move from a standard
edition of a product to the enterprise edition without having to
buy a new license. Most of Microsoft's major server platforms
are on this list, including Windows Server 2003, Exchange Server
and SQL Server.
"Step up is a necessary thing for Microsoft to do," said Paul
DeGroot, an analyst at Directions on Microsoft, a Kirkland,
Wash.-based consulting firm. "The original rules on Software
Assurance really prevented customers -- almost penalizing them
-- if they wanted to expand their use of Microsoft's higher-end
software." The full article at SearchWin2000 is here (free
registration may be required):
Redmond: WinXP SP2 Downloads 'On Target'
Redmond seems to be confident of a total of a 100 million upgrades
by end of next month, despite their slow start. So far 20 million
copies have been downloaded and installed. "We are ramping up the
distribution and speeding up the amount of installs per day and
are on target for next month. We're expecting the bulk of new
installations to come from small businesses and home users."
said Paul Randle, product marketing manager for Windows XP SP2.
Microsoft Answers Admins' WUS Questions
In a recent interactive Web forum on Wednesday, Microsoft technical
experts addressed several questions by IT administrators about
the company's forthcoming free patch management tool, but left
unanswered the specifics of when it will be released.
Windows Update Services (WUS), which will replace Software Update
Services, is expected to be released for open beta testing this
year and be generally available in the first half of 2005. The
experts -- a combination of program managers, test engineers and
development managers -- explained several aspects of WUS during
the chat on Microsoft's TechNet site. Here is a link to the
article on the SearchWin2000 site (free registration may be required):
ISA Server 2004 Is A Pleasant Surprise
An InfoWorld tester had a look at the new code. He liked it
a lot, and wrote a good little review about it. If you are
looking at (replacing) a firewall, the new ISA '04 seems to
have a lot going for it. This is a recommended 5 minutes
you are going to find very useful if you are in the market
for one of these puppies. He ends it off with: "I think ISA
is an excellent SMB firewall provided you?ve already got an
anti-spam and anti-virus solution. And you?ll also need a
fairly deep wallet because ISA is most likely to cost you
about $3,000 for the software and another $2,800 to $4,000
for the hardware. Then again, for an IT admin who's harried for
time, those wizards and tight AD integration may make every
penny worthwhile." Here goes:
And if you are looking for an integrated anti-spam and anti-virus solution, check out iHateSpam. The new V2.0 will
have that functionality in a few months.
THIRD PARTY NEWS
Hackers Cost Business Billions
The cost of keeping your enterprise IT systems secure is going up.
InformationWeek research just showed that U.S. companies will
spend 12% of their tech budget on infosec, substantially up from
8% in 2002. Security breaches and malicious code attacks are
considered more threatening to business continuity this year
than in 2003 and many companies feel victim to either a worm
or virus attack over the last 12 months. Smaller companies,
with less than $100 Million revenues were breached more often
in the past year. Downtime attributed to security attacks rose
over the last 12 months caused by vulnerabilities in key
One of the main reasons is that the average time period between
the disclosure of a vulnerability and its first exploit has
gone down from several weeks to less than six days in the first
half of 2004, and in some cases there were global exploits ready
in just two days. The vast majority of the 2004 vulnerabilities
were moderately to highly severe. One of the most recent ones is
the new JPEG hole. Malicious hackers now are seeding porn
newsgroups with JPEG images that take advantage of this hole.
There is also another somewhat disturbing trend that was published
by security company Qualys. They compared the difference in time
frame that holes were fixed for internal and external systems.
"External" in this case is defined as outward facing systems like
Web, e-mail and gateway servers. Compared to 2003, in 2004 the
amount of systems still vulnerable decreased with 50% every 21
days, whereas in 2003 that was 30 days.
However, they observed that internal systems take longer to fix
(a whopping 62 days), giving worms much more time to wreak havoc.
There is definitely a misconception in IT that external systems
have greater exposure. They don't. Another reason internal
systems stay vulnerable longer is that there are many more of
them and patching is more involved. It is still very important
to continue to scan and patch internal systems, as malware has
many vectors to penetrate systems.
There is one solution out there that is getting popular at a
rapid clip: the Sunbelt Network Security Inspector. With over
70 enterprise licenses sold just in September 2004, it has
the features and quality of vulnerability scanners ten times
its price, and gets updated on a very regular basis with the
most recently found holes. This is a tool you want to run, even
right next to an existing scanner like Retina since it's easy to
afford and easy to run. Everyone knows that it's better to run
two anti-virus engines than one, and it's also better to run two
security scanners because there is a high probability you will
find more vulnerabilities that way.
The recent updates of version SNSI 18.104.22.168 are:
W2251 - HP Web Jetadmin Remote Access Vulnerability
W2252 - Mozilla Web Browser vulnerabilities
W2258 - Firefox User Interface Spoofing Vulnerability
L597 - RedHat GTK+ and GDK Pixbuf vulnerabilities
L598 - Openoffice for RedHat
L599 - CUPS - IPP port blocking - RH, SUSE, MDK
L600 - Foomatic - rip filter command execution - FC2; MDK
L601 - Redhat-config-nfs - nfs permissions - RH
S240 - Passwd NIS+ LDAP Login Failures - Solaris 8 - 9
S241 - DVD I/O Corruption - Solaris 8 - 9
S242 - Cluster Node Hang - Solaris 8 - 9
In addition, there were also improvements in several vulnerability
checks. Sunbelt strongly recommends getting SNSI. It is the true
exception to "you get what you pay for". The license price is
only $1,495 per administrator (25% maintenance not included
but required) This license is NOT by IP, and you can scan an
unlimited amount of multi-platform machines. The SNSI features
you get are comparable with products 10 times that price. If
you only knew which organizations rely for their safety on this
vulnerability database, you'd buy SNSI for all your system- and
security admins. To start with, get your 30-day SNSI eval here:
Double-Take Sweetens Data Protection for Hershey
Double-Take Software Provides a Centralized Approach to Disaster
Recovery and Business Continuity; Real-time Replication Supports
Zero Data Loss.
NSI Software announced that Hershey Entertainment & Resorts
Company is using Double-Take data replication software as part
of a centralized approach to disaster recovery and business
continuity. Centralized backup and high availability of business-critical data using Double-Take software is an important element
of Hershey Entertainment & Resorts Company?s business continuity
plan and is critical to protecting the integrity of their business
? a positive guest experience.
For a more in depth look at Hershey Entertainment & Resorts
Company's use of Double-Take read the customer case study (PDF):
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
Are Those Servers Behavin'?
You have to keep an weather eye on your servers. Are they still up?
Is there anything in the event logs I should know about? Has some
one tried to break in? Are any resources maxed out? Are they
updated with the latest patches? And you really want to see all that in
just a few seconds and get alerted before the $#!+ hits the fan.
ServerVision is just the tool. It is easy to install, easy to use
and now extremely easy to afford: just $50 per machine. You should
really check this product out. Currently use an older, expensive
and hard-to-use system monitor? Replace them. The brand new
ServerVision is likely going to cost less than the maintenance of
your old tool!