- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 4, 2004 (Vol. 9, #39 - Issue #495)
Open Letter To Microsoft: Security
  This issue of W2Knews™ contains:
    • Open Letter To Microsoft: Security
    • Waiting For Longhorn? Naah.
    • Admin Tools We Think You Shouldn't Be Without
    • Exchange Best Practice Tool Flunks On SBS 2000 Server
    • Job Satisfaction Takes A Dive In Salary Survey
    • Run A Pirated Windows Copy? No Updates For You Buddy!
    • Checklist: Windows Services You Should Disable Today
    • Microsoft's Licensing Takes A Step In A New Direction
    • Redmond: WinXP SP2 Downloads 'On Target'
    • Microsoft Answers Admins' WUS Questions
    • ISA Server 2004 Is A Pleasant Surprise
    • Hackers Cost Business Billions
    • Double-Take Sweetens Data Protection for Hershey
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Are Those Servers Behavin'?
  SPONSOR: The Can't Fight Spam Act
Spam still sucks. The percentage still goes up. The legislation
did not make the slightest dent. Productivity still suffers. Your
users ask to manage their own white- and blacklists. You don't
have time to build a Linux box and mess with scripts and open-
source stuff. iHateSpam for Exchange just broke the 4,500 site
mark. It was the #1 Reader's Choice 2004 for Mail Server Admin
tool, and the Reader's Choice 2004 #2 for anti-spam (with an
appliance being the #1 spot and one vote difference) Remember,
no upgrade penalty when you migrate to Exchange 2000 or 2003.
Best of all, Version 2.0 (expected in a few months) will allow
you to plug in AV, and a host of other essential functionality.
The price is very competitive. And 4,500 sites can't be wrong!
Visit The Can't Fight Spam Act for more information.

Open Letter To Microsoft: Security

You all know SANS. If not, it's an organization that promotes IT security. They work a lot with volunteers, and many of these handle security threats. They keep a diary about several daily current hot situations. One of the SANS daily handlers wrote an open letter to Redmond that I liked. It was well written, fun, and makes a very good point. Here you go. (I hope MS is listening too.)

PS: If you need ammo to buy security tools, make sure to read the item in the third party news section about how much money hacking is costing business.

Waiting For Longhorn? Naah.

The press was all over it. Redmond officially rips their new database-driven file system (called WinFS) out of Longhorn, the new Windows version. Using the new file system would allow you to simplify search and sharing data among apps. And then it turns out that a pre-beta version of Longhorn has WinFS in there, and some people in MS even claim it will be in Longhorn after all. So, should you wait for Longhorn? No, although it's become a bit "shorthorn", my suggestion is to upgrade to WinXP on your users workstations and W2K3 for the server. It will improve your security profile. WinXP SP2 is at a point that (after you tested thoroughly with all your apps) it makes sense to deploy to keep your systems as secure as possible, and you might see some management and/or performance benefits. Best yet, you will be able to run it (mostly) on your existing hardware. So, will Longhorn include WinFS after all? SearchExchange has a story about this (free registration may be required):

Quotes of the Week:
"I guess I just prefer to see the dark side of things. The glass is always half empty. And cracked. And I just cut my lip on it. And chipped a tooth." -- Janeane Garofalo.
"A little nonsense now and then is relished by the wisest men." -- Willy Wonka

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


Exchange Best Practice Tool Flunks On SBS 2000 Server

Tony Gore from the UK sent me this. "Good link. However, I used this on SBS 2000 server and it came up with the fact that the IFS drive was enabled and that it should be turned off and a post SP3 rollup. Following these two, Exchange no longer worked.

Re-enabling the IFS drive got exchange to work, but the Symantec protection for Exchange would not work; fixing this to manual startup at least got it running (there is a documented problem in Win2k with services locking). Two things from this:

  1. A lot of the MS advice, KB etc. applies to W2K server, Exchange server etc. However, this is not the first time that the SBS 2000 has been found to be different. I don't think that Microsoft ever test most of the fixes on the SBS 2000 product - they assume that if it works on Windows 2000 server or Exchange 2000 server (or ISA 2000 server etc) separately, then it will work for SBS 2000 server. My experience is that something like one patch/fix/recommendation in 20 does not.
  2. There is no easy way of providing feedback to Microsoft in these cases - in the UK, you have to call them up and give them your credit card number before they will talk to you; there is an online email, but it just seems to go into a black hole. I don't know why they cannot have a simple link on each KB article "report problems with this article".
OK, Redmond, again... anybody listening?

Job Satisfaction Takes A Dive In Salary Survey

Have a college degree, at least five years of experience in IT and a West Coast address? If so, your annual wage should be among the highest in the United States for Windows IT professionals. Find out how your wages and morale compare to your peers based on the results of SearchWin2000.com's latest salary survey. Free registration may be required.

Run A Pirated Windows Copy? No Updates For You Buddy!

Redmond is trying something out in their combat to kill pirates. They are testing something new on their Download Center site, users can check their machine if the software they are running is genuine or not. If they are legit, they get their downloads. But if not, they'll be shown information about piracy before they can download their software. A whopping 23% of people in the USA are running pirated software, and may not even know about it as they got it from a reseller. Here is the FAQ:

Checklist: Windows Services You Should Disable Today

Windows services running by default are exposing your systems to attack. Which ones should be turned off immediately? Find out in this checklist by site expert Roberta Bragg. Free registration may be required.


Microsoft's Licensing Takes A Step In A New Direction

Microsoft summarized some recent improvements to its licensing program and launched a Web site devoted to providing users with information about product licensing, terms and conditions.

One of the improvements is the addition of a step-up license, which lets Software Assurance (SA) customers move from a standard edition of a product to the enterprise edition without having to buy a new license. Most of Microsoft's major server platforms are on this list, including Windows Server 2003, Exchange Server and SQL Server.

"Step up is a necessary thing for Microsoft to do," said Paul DeGroot, an analyst at Directions on Microsoft, a Kirkland, Wash.-based consulting firm. "The original rules on Software Assurance really prevented customers -- almost penalizing them -- if they wanted to expand their use of Microsoft's higher-end software." The full article at SearchWin2000 is here (free registration may be required):

Redmond: WinXP SP2 Downloads 'On Target'

Redmond seems to be confident of a total of a 100 million upgrades by end of next month, despite their slow start. So far 20 million copies have been downloaded and installed. "We are ramping up the distribution and speeding up the amount of installs per day and are on target for next month. We're expecting the bulk of new installations to come from small businesses and home users." said Paul Randle, product marketing manager for Windows XP SP2.

Microsoft Answers Admins' WUS Questions

In a recent interactive Web forum on Wednesday, Microsoft technical experts addressed several questions by IT administrators about the company's forthcoming free patch management tool, but left unanswered the specifics of when it will be released.

Windows Update Services (WUS), which will replace Software Update Services, is expected to be released for open beta testing this year and be generally available in the first half of 2005. The experts -- a combination of program managers, test engineers and development managers -- explained several aspects of WUS during the chat on Microsoft's TechNet site. Here is a link to the article on the SearchWin2000 site (free registration may be required):

ISA Server 2004 Is A Pleasant Surprise

An InfoWorld tester had a look at the new code. He liked it a lot, and wrote a good little review about it. If you are looking at (replacing) a firewall, the new ISA '04 seems to have a lot going for it. This is a recommended 5 minutes you are going to find very useful if you are in the market for one of these puppies. He ends it off with: "I think ISA is an excellent SMB firewall provided you?ve already got an anti-spam and anti-virus solution. And you?ll also need a fairly deep wallet because ISA is most likely to cost you about $3,000 for the software and another $2,800 to $4,000 for the hardware. Then again, for an IT admin who's harried for time, those wizards and tight AD integration may make every penny worthwhile." Here goes:

And if you are looking for an integrated anti-spam and anti-virus solution, check out iHateSpam. The new V2.0 will have that functionality in a few months.


Hackers Cost Business Billions

The cost of keeping your enterprise IT systems secure is going up. InformationWeek research just showed that U.S. companies will spend 12% of their tech budget on infosec, substantially up from 8% in 2002. Security breaches and malicious code attacks are considered more threatening to business continuity this year than in 2003 and many companies feel victim to either a worm or virus attack over the last 12 months. Smaller companies, with less than $100 Million revenues were breached more often in the past year. Downtime attributed to security attacks rose over the last 12 months caused by vulnerabilities in key technology products.

One of the main reasons is that the average time period between the disclosure of a vulnerability and its first exploit has gone down from several weeks to less than six days in the first half of 2004, and in some cases there were global exploits ready in just two days. The vast majority of the 2004 vulnerabilities were moderately to highly severe. One of the most recent ones is the new JPEG hole. Malicious hackers now are seeding porn newsgroups with JPEG images that take advantage of this hole.

There is also another somewhat disturbing trend that was published by security company Qualys. They compared the difference in time frame that holes were fixed for internal and external systems. "External" in this case is defined as outward facing systems like Web, e-mail and gateway servers. Compared to 2003, in 2004 the amount of systems still vulnerable decreased with 50% every 21 days, whereas in 2003 that was 30 days.

However, they observed that internal systems take longer to fix (a whopping 62 days), giving worms much more time to wreak havoc. There is definitely a misconception in IT that external systems have greater exposure. They don't. Another reason internal systems stay vulnerable longer is that there are many more of them and patching is more involved. It is still very important to continue to scan and patch internal systems, as malware has many vectors to penetrate systems.

There is one solution out there that is getting popular at a rapid clip: the Sunbelt Network Security Inspector. With over 70 enterprise licenses sold just in September 2004, it has the features and quality of vulnerability scanners ten times its price, and gets updated on a very regular basis with the most recently found holes. This is a tool you want to run, even right next to an existing scanner like Retina since it's easy to afford and easy to run. Everyone knows that it's better to run two anti-virus engines than one, and it's also better to run two security scanners because there is a high probability you will find more vulnerabilities that way.

The recent updates of version SNSI are:

W2251 - HP Web Jetadmin Remote Access Vulnerability
W2252 - Mozilla Web Browser vulnerabilities
W2258 - Firefox User Interface Spoofing Vulnerability
L597 - RedHat GTK+ and GDK Pixbuf vulnerabilities
L598 - Openoffice for RedHat
L599 - CUPS - IPP port blocking - RH, SUSE, MDK
L600 - Foomatic - rip filter command execution - FC2; MDK
L601 - Redhat-config-nfs - nfs permissions - RH
S240 - Passwd NIS+ LDAP Login Failures - Solaris 8 - 9
S241 - DVD I/O Corruption - Solaris 8 - 9
S242 - Cluster Node Hang - Solaris 8 - 9

In addition, there were also improvements in several vulnerability checks. Sunbelt strongly recommends getting SNSI. It is the true exception to "you get what you pay for". The license price is only $1,495 per administrator (25% maintenance not included but required) This license is NOT by IP, and you can scan an unlimited amount of multi-platform machines. The SNSI features you get are comparable with products 10 times that price. If you only knew which organizations rely for their safety on this vulnerability database, you'd buy SNSI for all your system- and security admins. To start with, get your 30-day SNSI eval here:

Double-Take Sweetens Data Protection for Hershey

Double-Take Software Provides a Centralized Approach to Disaster Recovery and Business Continuity; Real-time Replication Supports Zero Data Loss.

NSI Software announced that Hershey Entertainment & Resorts Company is using Double-Take data replication software as part of a centralized approach to disaster recovery and business continuity. Centralized backup and high availability of business-critical data using Double-Take software is an important element of Hershey Entertainment & Resorts Company?s business continuity plan and is critical to protecting the integrity of their business ? a positive guest experience.

For a more in depth look at Hershey Entertainment & Resorts Company's use of Double-Take read the customer case study (PDF):


This Week's Links We Like. Tips, Hints And Fun Stuff


Are Those Servers Behavin'?

You have to keep an weather eye on your servers. Are they still up? Is there anything in the event logs I should know about? Has some one tried to break in? Are any resources maxed out? Are they updated with the latest patches? And you really want to see all that in just a few seconds and get alerted before the $#!+ hits the fan. ServerVision is just the tool. It is easy to install, easy to use and now extremely easy to afford: just $50 per machine. You should really check this product out. Currently use an older, expensive and hard-to-use system monitor? Replace them. The brand new ServerVision is likely going to cost less than the maintenance of your old tool!