- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 8, 2004 (Vol. 9, #44 - Issue #500)
And Now The Big Announcement! Drum roll...
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • 500 Issues! What's That Like?
    • And Now The Big Announcement! Drumroll...
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • Executive Summary: Spyware Worse Threat Than Viruses
    • What's My Take-Home Pay For That New Out-of-state IT Job?
    • Microsoft Boosts Remote Power Of SMS
  4. NT/2000 RELATED NEWS
    • It Helps To Make Noise!
    • Novell Hits Back: Unbending The Linux Truth
    • The Controversy Seems To Never Stop
    • A Fantastic Article About Hacking A Network
  5. NT/2000 THIRD PARTY NEWS
    • First In True Enterprise Ready Anti-Spyware
    • SNSI's Background And Why Buying It Is Really Smart!
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. PRODUCT OF THE WEEK
    • Windows Server 2003: Upgrade or Technology Shift?...
  SPONSOR: SNSI: A World-Class Security Scanner!
Sunbelt Network Security Inspector (SNSI) is a world-class
vulnerability scanner that won't make a hole in your budget.

It's a low-cost, quick-install, fast-result scanner that uses
a mil-spec database with 3000+ ranked vulnerabilities. It supports
multi-platform scanning (now many more Cisco devices) and is
licensed per Admin, not IP! You can finally afford to be proactive
without compromises. Click here for your 30-day evaluation:
http://www.sunbelt-software.com/product.cfm?id=987
Visit SNSI: A World-Class Security Scanner! for more information.
  EDITORS CORNER

500 Issues! What's That Like?

To start with, still fun! Wouldn't do it if it wasn't. The process has now become so grooved in that it is second nature to look out for stuff that helps system admins do their jobs, and a lot of you in return help me write W2Knews by sending me stuff you found that was useful. It's a great "line of communication" and the feedback I get makes it all worthwhile. Let's continue!

And Now The Big Announcement! Drumroll...

Some of you that are on the NTSYSADMIN list already know what is coming, but here is the big news. Sunbelt's development team has been working very hard to create an innovative anti-spyware solution. During this year you told us that spyware infections were getting to be an enormous headache and security risk. It took a LOT of your time cleaning systems off with the few freeware tools out there. The survey you filled out was revealing, and you can see the results below in the Tech Briefing section. I'm thrilled to announce the fact we have a great solution for you: CounterSpy[tm], and CounterSpy Enterprise[tm].

We call it second generation. Why? CounterSpy was built from the ground up as an enterprise tool, 'for admins by admins' and includes a unique way to fight spyware. Not a consumer product that was quickly retooled for a network! And the system admins we showed the product said its features are way above anything else out there.

Since an intelligent agent is required to clean spyware off a workstation, CounterSpy is also available as a stand-alone tool for consumers, but it's really a byproduct of the Enterprise version. The agent detects and deletes, but more important, it protects! We added something called Active Protection[tm] that you can see as a "spy-wall". Well over 50 checkpoints that look for and block spyware from even infecting a machine in the first place. Look for the client edition next week.

We will release a Preview Edition of CounterSpy Enterprise this month as well, and you DEFINITELY want to check THAT out. The features are fantastic and it has a great price. Best thing is though, that we added something unique: The Spyware Fighters Network [tm]. See it as an early warning system that spots new spyware outbreaks and quickly reports to the Sunbelt Spyware Research Center. That team validates the reports and quickly updates the CounterSpy threat database. This technology allows us system admins to band together and fight spyware hard. I'm excited. I'm sure you will be excited too when you see what we've been developing here!

Quote of the week:
"The history of liberty is the history of resistance. The history of liberty is a history of the limitation of governmental power, not the increase of it."
--Woodrow Wilson

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

  TECH BRIEFING

Executive Summary: Spyware Worse Threat Than Viruses

Need ammo to get budget for enterprise anti-spyware? Use these results of a recent survey. It's pretty ugly, and getting worse fast.

W2Knews asked its readers to participate in a new survey to gauge the impact spyware has in 2004 compared to 2003. A total of 1156 self-selected responses came in, amounting to 2% of the open rate of that specific W2Knews issue. The results are nothing but revealing.

Spyware has exploded in 2004. Of the respondents, 58% said it has increased more than 100%, 23% said it increased 50% over 2003 and 13.4% stated it increased somewhat over last year. System Admins told us it has become a worse problem than viruses."

Asked about the level of severity of spyware infections, 1.5% said it was no problem at all, 7.5% said it was a minor problem, 41.3% stated that it was happening more and more, 33% complained it had become a major problem and 16.7% said they were very concerned about this and needed solutions right away.

Those are the results of the latest independent W2Knews poll of 1156 system and security administrators. A large majority of 45% said they were actively looking for scalable anti-spyware solutions for their organization, and another 31% plan to implement anti-spyware in the near future. Over 50% are looking to purchase anti-spyware solutions within a 9-month timeframe.

The responses show that on average 48% of system administrators spend more than 20 minutes per system removing unwanted spyware, 18% say it takes 15-20 minutes per system, and 16.2% of system admin say it takes 10-15 minutes. Over three quarters of admins reported that up to 20% of the machines that are infected need a total rebuild to get rid of persistent malware.

Regarding existing policies in their organization that forbid downloads and installation of unapproved software, 72% indicates that these do indeed exist, but only 21% has the tools to enforce these policies. All others say that they either have no, or at best insufficient means to enforce download policies.

Other survey highlights:

  • Many system admins use free tools to disinfect systems, but none of these catch all the spyware, the vast majority uses two or even three products in their efforts to clean systems.
  • Attempts are made to educate end-users but re-infections of affected systems occurs in the timeframe of a few weeks to a month.
  • Spyware in the HIPAA regulated industries has become a major security threat.
  • The problem with free solutions is no central management or central updates of threat definition databases, no reporting, and no real-time protection.
  • End users tend to shut off anti-spyware tools on their system because they think that these tools cause their PC to slow down.
  • Existing anti-virus tools make an attempt to focus on spyware but do not do an acceptable job in removing it.
  • System administrators complain that spyware has become very time consuming and that especially personal computers used by telecommuters, and laptop devices used by traveling employees get infected and re-infected with a very high frequency. The most recurring terms used to describe spyware are: "insidious", "worse than viruses", "hate it", "very irritated" and "nightmare".
Seeing the fact that spyware comes from two sources, one legal and the other illegal, and is a market of many hundreds of millions of dollars market, it is not likely to go away soon. You need an enterprise solution, and it's time to start talking about budget for this. The above ammo will certainly help to get your ROI story in shape!

What's My Take-Home Pay For That New Out-of-state IT Job?

"When you are looking for a job in a different state wouldn't it be nice to know what you take-home pay will be with your new salary? With this site you can enter your pay info, deductions, state and presto, magico you can get an estimate of what your take-home pay could be. I checked it out on my paycheck from my new raise and it was only off on pennies on the tax calculations. Not a bad site for job hunters." Thanks to Carl Webster for the hint. Click here:
http://www.w2knews.com/rd/rd.cfm?id=041108TB-Salary_Calc

Microsoft Boosts Remote Power Of SMS

New feature packs for Systems Management Server target desktop operating system deployments and management of Windows-based mobile devices, respectively. The feature packs are scheduled for release this month. More in an article here:
http://www.w2knews.com/rd/rd.cfm?id=041108TB-SMS

  NT/2000 RELATED NEWS

It Helps To Make Noise!

Remember that W2Knews reported that select customers got early warning of patches? Well, no more. The playing field has been leveled. Redmond announced that from here on out, security notifications will be available on its Web site three business days ahead of the second Tuesday of each month. They said they want all admins to have the data and plan ahead for patch deployments.
http://www.w2knews.com/rd/rd.cfm?id=041108RN-Bulletins

Novell Hits Back: Unbending The Linux Truth

Remember Steve Ballmer claiming Linux really is more expensive than Windows? Novell CEO Jack Messman took issue with that and with a battle of dueling memos and e-mails, he criticizes Ballmer. Novell created a website that takes apart Ballmer's statements and boldly states that getting your Linux from Novell is a much better idea than Windows. As for me, I like competition. It keeps everyone on their toes and benefits the consumer. Here is Novell on Linux:
http://www.w2knews.com/rd/rd.cfm?id=041108RN-Novell_Linux

The Controversy Seems To Never Stop

Paul Thurrott's WinInfo newsletter just reported the following. "Linux Is Least Secure OS". According to a study the British security firm mi2g, Linux is the world's "most breached" OS and is exploited more frequently than Windows. The company recently analyzed more than 235,000 successful attacks against computers that were permanently connected to the Internet during the past year and concluded that Linux was responsible for most of the successful exploits.

According to mi2g, Linux-based computers accounted for more than 65 percent of all successful electronic attacks during the past year, whereas Windows-based systems were responsible for only 25 percent. The rest of the story is here. Worth a read:
http://www.w2knews.com/rd/rd.cfm?id=041108RN-Linux_Secure

A Fantastic Article About Hacking A Network

It's on the MS website and starts like this: "One of the great mysteries in security management is the modus operandi of criminal hackers. If you don't know how they can attack you, how can you protect yourself from them? Prepare to be enlightened. This article is not intended to show you how to hack something, but rather to show how attackers can take advantage of your mistakes. This will enable you to avoid the common pitfalls that criminal hackers exploit. Before I get started, there are several things you need to know about penetration testing. First of all, a penetration test gone wrong can have dire consequences for the stability of your network. Some of the tools used by hackers (criminal and otherwise) are designed to probe a network for vulnerabilities. Hacking tools and exploits used against a system can go wrong, destabilize a system or the entire network, or have other unintended consequences. A professional knows where to draw the line and how far he/she can push the network without breaking it. An amateur usually does not. Rest is here:
http://www.w2knews.com/rd/rd.cfm?id=041108RN-Hacking_Network

  THIRD PARTY NEWS

First In True Enterprise Ready Anti-Spyware

As you know, Sunbelt Software creates system admin tools 'by admins for admins'. You told us that spyware has become a worse and more insidious problem than viruses. We had a look at the existing (enterprise) anti-spyware tools on the market, and saw two things:

  1. It wasn't even close to what an admin really needs, and
  2. No single product (read company) detects all spyware, you all use two or three of them.
With these above two observations in mind, we decided to design a true enterprise-ready product that gets you everything you need, but we also added something unique to solve the second problem: The Spyware Fighters Network (SFN). The only way we can fight this new spyware plague is to band together and create a worldwide detection network that sends outbreak information back to our central research group in real time. This team tests and updates the CounterSpy threat database on a near real-time basis. CounterSpy Enterprise will be available as a Preview Edition in November 2004. You will be able to put PO's in and get Gold Code product shipped before the end of the year, so start preparing your budget early. Here is an article in Network World that shows spyware is getting to be an enormous headache. They also talk about CounterSpy Enterprise and what Sunbelt comes out with soon.

PS: If you have bought PestPatrol's Corporate Edition from Sunbelt the last few months, call your Rep. They have good news for you. Here is the Network World article: "Spyware stoppers target biz networks"
http://www.w2knews.com/rd/rd.cfm?id=041108TP-Antispyware_Enterprise

SNSI's Background And Why Buying It Is Really Smart!

SNSI just got 4 stars from Windows IT Pro, and hundreds of system admins are using this tool now. Let me give you some background information on SNSI though. It will explain why getting SNSI is such an incredible opportunity. Here is the history:

Sunbelt used to sell Harris's STAT product a long time ago. We liked STAT as it was created by Harris (a multibillion dollar defense contractor) for a few of the largest DOD and U.S. Govt. sites. A lot of "three letter" agencies run this tool to keep their sites safe from hackers. Harris has a team of very savvy security people updating the STAT database on a very regular basis to secure all these government sites. Harris focuses on these customers specifically and keeps them secure. But four years ago they made some licensing changes which made it hard for Sunbelt to continue to sell it. The upshot: A VERY good multi-platform vulnerability database (literally mil-spec) but marketing for small business lagged.

Then eEye, the developer of Retina asked us if we wanted to sell their product instead. It is a sexy product created by a hacker with green hair. We helped them get in the limelight and sales skyrocketed. But like all companies, they went to the next level with Venture Capital and eEye started to make licensing changes that made it hard for us to continue to sell it. Does this pattern sound familiar? Right. ;-)

Fast forward to a year ago. Sunbelt decided to "roll our own". We knew that STAT had a killer vulnerability database and licensed that. It is one of the best out there and continually updated. We wrote our own GUI and reporting, and are able to offer a true military strength product for a Small Business price. Harris is very good at the U.S. Government-type contracts and much better equipped to handle large accounts like that. So Sunbelt focuses on the Small Business market and single administrators and leaves the big stuff to Harris. It's a great working relationship and it is an actual case where "everybody wins".

Most other scanners charge by IP, which our research shows is not affordable for about 80% of the smaller sites out there. But many of these sites are multi-platform and SNSI scans for well over 3,000 known vulnerabilities. Windows IT Pro Mag just reviewed SNSI and gave it 4 stars and thumbs up with: "Excellent vulnerability descriptions and remediation instructions; low cost... user-friendly." The nearest competitor, GFI with their LanGuard NSS product, was shown to only scan for about 300 (mostly Unix) vulnerabilities and was not recommended as a stand alone tool. The link to this recent shootout in Win IT Pro mag is on the SNSI webpage so you can read it all for yourself.

In a nutshell, SNSI has a feature set that other products really charge up to 10 times more for. Do your own homework and you will come to the same conclusion. It's easy to install, easy to run, you do not need a Unix background, it comes with hyperlinks to KB items when you want to quickly fix something. It is BY FAR the best price/performance tool out there. Really. If you find something better I'm going to refund you. There, I said it. It's in writing. [grin]

OK, get SNSI, run it and you'll see. And it's only $1,495 per admin (add 25% maintenance per year). Honestly, with the current security climate SNSI is a tool you cannot afford not to run. And we have done everything in our power to make this thing as easy and affordable as we can. The new V1.6 due out in December will have even stronger reporting options. But what you get in V1.5 is a whole new batch of Cisco devices you can now scan. SNSI is getting better and better at a rapid clip. Get your eval copy here:
http://www.w2knews.com/rd/rd.cfm?id=041108TP-SNSI

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

As a celebration of our Issue #500, we looked at all the earlier issues and figured out the most FAVE links of ALL TIME! It's no surprise they are all either videos or pictures. We do have a full T3 but it might get a bit busy so download times could suffer a bit. If it gets too busy, come back the next day. Have fun though! Stu Sjouwerman

  1. The "odd and creepy eye" has really caught people's attention:

  2. http://www.w2knews.com/rd/rd.cfm?id=041108FA-Eye
  3. This home-made spoof on Mac Advertisements is a riot (WMV).

  4. http://www.w2knews.com/rd/rd.cfm?id=041108FA-Mac
  5. Going almost 200mph on a souped up Suzuki got a lot of hits! (WMV)

  6. http://www.w2knews.com/rd/rd.cfm?id=041108FA-200mph_Suzuki
  7. The old Icon-war site is still fun to watch.

  8. http://www.w2knews.com/rd/rd.cfm?id=041108FA-Icon_War
  9. A Lotus Exige being chased by a chopper. Guess who wins: (WMV)

  10. http://www.w2knews.com/rd/rd.cfm?id=041108FA-Lotus
  11. The effect a fighter jet creates when it crashes into concrete: (WMV)

  12. http://www.w2knews.com/rd/rd.cfm?id=041108FA-Concrete_Plane
  13. Powerpoint file with absolutely gorgeous shots #1

  14. http://www.w2knews.com/rd/rd.cfm?id=041108FA-PowerPoint_Show1
  15. Powerpoint file with absolutely gorgeous shots #2

  16. http://www.w2knews.com/rd/rd.cfm?id=041108FA-PowerPoint-Show2
  17. The spoof on Lord of the Rings they played at the MTV Movie Awards (WMV)

  18. http://www.w2knews.com/rd/rd.cfm?id=041108FA-LOTR_Spoof
  19. A Harrier fighter pilot gets away at the last moment! (MPG)

  20. http://www.w2knews.com/rd/rd.cfm?id=041108FA-Harrier_Ejection
  PRODUCT OF THE WEEK

Windows Server 2003: Upgrade or Technology Shift?...

Looking for Windows Server 2003 migration and installation advice? You'll find installation guides, migration cost calculators, project plans, and other helpful tools pertaining to Windows Server 2003 in one spot. Whether you are debating on making the shift or you are in the throws of installation you will find something to help you through your migration. Price: $19.95
http://www.w2knews.com/rd/rd.cfm?id=041108PW-W2K3_Migration