Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 8, 2004 (Vol. 9, #44 - Issue #500)
And Now The Big Announcement! Drum roll...
This issue of W2Knews contains:
- EDITORS CORNER
- 500 Issues! What's That Like?
- And Now The Big Announcement! Drumroll...
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Executive Summary: Spyware Worse Threat Than Viruses
- What's My Take-Home Pay For That New Out-of-state IT Job?
- Microsoft Boosts Remote Power Of SMS
- NT/2000 RELATED NEWS
- It Helps To Make Noise!
- Novell Hits Back: Unbending The Linux Truth
- The Controversy Seems To Never Stop
- A Fantastic Article About Hacking A Network
- NT/2000 THIRD PARTY NEWS
- First In True Enterprise Ready Anti-Spyware
- SNSI's Background And Why Buying It Is Really Smart!
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Windows Server 2003: Upgrade or Technology Shift?...
SPONSOR: SNSI: A World-Class Security Scanner!
Sunbelt Network Security Inspector (SNSI) is a world-class
vulnerability scanner that won't make a hole in your budget.
It's a low-cost, quick-install, fast-result scanner that uses
a mil-spec database with 3000+ ranked vulnerabilities. It supports
multi-platform scanning (now many more Cisco devices) and is
licensed per Admin, not IP! You can finally afford to be proactive
without compromises. Click here for your 30-day evaluation:
Visit SNSI: A World-Class Security Scanner! for more information.
500 Issues! What's That Like?
To start with, still fun! Wouldn't do it if it wasn't. The process
has now become so grooved in that it is second nature to look out
for stuff that helps system admins do their jobs, and a lot of
you in return help me write W2Knews by sending me stuff you found
that was useful. It's a great "line of communication" and the
feedback I get makes it all worthwhile. Let's continue!
And Now The Big Announcement! Drumroll...
Some of you that are on the NTSYSADMIN list already know what
is coming, but here is the big news. Sunbelt's development team
has been working very hard to create an innovative anti-spyware
solution. During this year you told us that spyware infections
were getting to be an enormous headache and security risk. It
took a LOT of your time cleaning systems off with the few freeware
tools out there. The survey you filled out was revealing, and
you can see the results below in the Tech Briefing section. I'm
thrilled to announce the fact we have a great solution for you:
CounterSpy[tm], and CounterSpy Enterprise[tm].
We call it second generation. Why? CounterSpy was built from the
ground up as an enterprise tool, 'for admins by admins' and
includes a unique way to fight spyware. Not a consumer product
that was quickly retooled for a network! And the system admins
we showed the product said its features are way above anything
else out there.
Since an intelligent agent is required to clean spyware off a
workstation, CounterSpy is also available as a stand-alone tool
for consumers, but it's really a byproduct of the Enterprise
version. The agent detects and deletes, but more important, it
protects! We added something called Active Protection[tm] that
you can see as a "spy-wall". Well over 50 checkpoints that look
for and block spyware from even infecting a machine in the first
place. Look for the client edition next week.
We will release a Preview Edition of CounterSpy Enterprise this
month as well, and you DEFINITELY want to check THAT
out. The features are fantastic and it has a great price. Best
thing is though, that we added something unique: The Spyware
Fighters Network [tm]. See it as an early warning system that
spots new spyware outbreaks and quickly reports to the Sunbelt
Spyware Research Center. That team validates the reports and
quickly updates the CounterSpy threat database. This technology
allows us system admins to band together and fight spyware hard.
I'm excited. I'm sure you will be excited too when you see what
we've been developing here!
Quote of the week:
"The history of liberty is the history of resistance. The history
of liberty is a history of the limitation of governmental power,
not the increase of it."
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
Executive Summary: Spyware Worse Threat Than Viruses
Need ammo to get budget for enterprise anti-spyware? Use these
results of a recent survey. It's pretty ugly, and getting worse
W2Knews asked its readers to participate in a new survey to gauge
the impact spyware has in 2004 compared to 2003. A total of 1156
self-selected responses came in, amounting to 2% of the open rate
of that specific W2Knews issue. The results are nothing but
Spyware has exploded in 2004. Of the respondents, 58% said it has
increased more than 100%, 23% said it increased 50% over 2003 and
13.4% stated it increased somewhat over last year. System Admins
told us it has become a worse problem than viruses."
Asked about the level of severity of spyware infections, 1.5% said
it was no problem at all, 7.5% said it was a minor problem, 41.3%
stated that it was happening more and more, 33% complained it had
become a major problem and 16.7% said they were very concerned
about this and needed solutions right away.
Those are the results of the latest independent W2Knews poll of
1156 system and security administrators. A large majority of 45%
said they were actively looking for scalable anti-spyware solutions
for their organization, and another 31% plan to implement anti-spyware
in the near future. Over 50% are looking to purchase anti-spyware
solutions within a 9-month timeframe.
The responses show that on average 48% of system administrators
spend more than 20 minutes per system removing unwanted spyware,
18% say it takes 15-20 minutes per system, and 16.2% of system
admin say it takes 10-15 minutes. Over three quarters of admins
reported that up to 20% of the machines that are infected need
a total rebuild to get rid of persistent malware.
Regarding existing policies in their organization that forbid
downloads and installation of unapproved software, 72% indicates
that these do indeed exist, but only 21% has the tools to enforce
these policies. All others say that they either have no, or at best
insufficient means to enforce download policies.
Other survey highlights:
Seeing the fact that spyware comes from two sources, one legal and
the other illegal, and is a market of many hundreds of millions
of dollars market, it is not likely to go away soon. You need an
enterprise solution, and it's time to start talking about budget
for this. The above ammo will certainly help to get your ROI story
- Many system admins use free tools to disinfect systems, but none
of these catch all the spyware, the vast majority uses two or even
three products in their efforts to clean systems.
- Attempts are made to educate end-users but re-infections of
affected systems occurs in the timeframe of a few weeks to a month.
- Spyware in the HIPAA regulated industries has become a major
- The problem with free solutions is no central management or central
updates of threat definition databases, no reporting, and no real-time
- End users tend to shut off anti-spyware tools on their system
because they think that these tools cause their PC to slow down.
- Existing anti-virus tools make an attempt to focus on spyware
but do not do an acceptable job in removing it.
- System administrators complain that spyware has become very
time consuming and that especially personal computers used by
telecommuters, and laptop devices used by traveling employees
get infected and re-infected with a very high frequency. The most
recurring terms used to describe spyware are: "insidious", "worse
than viruses", "hate it", "very irritated" and "nightmare".
What's My Take-Home Pay For That New Out-of-state IT Job?
"When you are looking for a job in a different state wouldn't it
be nice to know what you take-home pay will be with your new salary?
With this site you can enter your pay info, deductions, state and
presto, magico you can get an estimate of what your take-home pay
could be. I checked it out on my paycheck from my new raise and it
was only off on pennies on the tax calculations. Not a bad site
for job hunters." Thanks to Carl Webster for the hint. Click here:
Microsoft Boosts Remote Power Of SMS
New feature packs for Systems Management Server target desktop
operating system deployments and management of Windows-based
mobile devices, respectively. The feature packs are scheduled
for release this month. More in an article here:
NT/2000 RELATED NEWS
It Helps To Make Noise!
Remember that W2Knews reported that select customers got early
warning of patches? Well, no more. The playing field has been
leveled. Redmond announced that from here on out, security
notifications will be available on its Web site three business
days ahead of the second Tuesday of each month. They said they want
all admins to have the data and plan ahead for patch deployments.
Novell Hits Back: Unbending The Linux Truth
Remember Steve Ballmer claiming Linux really is more expensive
than Windows? Novell CEO Jack Messman took issue with that and
with a battle of dueling memos and e-mails, he criticizes Ballmer.
Novell created a website that takes apart Ballmer's statements
and boldly states that getting your Linux from Novell is a much
better idea than Windows. As for me, I like competition. It keeps
everyone on their toes and benefits the consumer. Here is Novell
The Controversy Seems To Never Stop
Paul Thurrott's WinInfo newsletter just reported the following.
"Linux Is Least Secure OS". According to a study the British
security firm mi2g, Linux is the world's "most breached" OS
and is exploited more frequently than Windows. The company
recently analyzed more than 235,000 successful attacks against
computers that were permanently connected to the Internet
during the past year and concluded that Linux was responsible
for most of the successful exploits.
According to mi2g, Linux-based computers accounted for more than
65 percent of all successful electronic attacks during the past
year, whereas Windows-based systems were responsible for only
25 percent. The rest of the story is here. Worth a read:
A Fantastic Article About Hacking A Network
It's on the MS website and starts like this:
"One of the great mysteries in security management is the modus
operandi of criminal hackers. If you don't know how they can
attack you, how can you protect yourself from them? Prepare to
be enlightened. This article is not intended to show you how
to hack something, but rather to show how attackers can take
advantage of your mistakes. This will enable you to avoid the
common pitfalls that criminal hackers exploit. Before I get
started, there are several things you need to know about
penetration testing. First of all, a penetration test gone wrong
can have dire consequences for the stability of your network.
Some of the tools used by hackers (criminal and otherwise) are
designed to probe a network for vulnerabilities. Hacking tools
and exploits used against a system can go wrong, destabilize
a system or the entire network, or have other unintended
consequences. A professional knows where to draw the line and
how far he/she can push the network without breaking it. An
amateur usually does not. Rest is here:
THIRD PARTY NEWS
First In True Enterprise Ready Anti-Spyware
As you know, Sunbelt Software creates system admin tools 'by admins
for admins'. You told us that spyware has become a worse and more
insidious problem than viruses. We had a look at the existing
(enterprise) anti-spyware tools on the market, and saw two things:
With these above two observations in mind, we decided to design a true enterprise-ready product that gets you everything you need, but we also added something unique to solve the second problem: The Spyware Fighters Network (SFN). The only
way we can fight this new spyware plague is to band together and
create a worldwide detection network that sends outbreak information
back to our central research group in real time. This team tests
and updates the CounterSpy threat database on a near real-time
basis. CounterSpy Enterprise will be available as a Preview Edition
in November 2004. You will be able to put PO's in and get Gold Code
product shipped before the end of the year, so start preparing
your budget early. Here is an article in Network World that shows
spyware is getting to be an enormous headache. They also talk
about CounterSpy Enterprise and what Sunbelt comes out with soon.
- It wasn't even close to what an admin really needs, and
- No single product (read company) detects all spyware, you all
use two or three of them.
PS: If you have bought PestPatrol's Corporate Edition from Sunbelt
the last few months, call your Rep. They have good news for you.
Here is the Network World article: "Spyware stoppers target biz
SNSI's Background And Why Buying It Is Really Smart!
SNSI just got 4 stars from Windows IT Pro, and hundreds of system
admins are using this tool now. Let me give you some background
information on SNSI though. It will explain why getting SNSI is
such an incredible opportunity. Here is the history:
Sunbelt used to sell Harris's STAT product a long time ago.
We liked STAT as it was created by Harris (a multibillion dollar
defense contractor) for a few of the largest DOD and U.S. Govt.
sites. A lot of "three letter" agencies run this tool to keep
their sites safe from hackers. Harris has a team of very savvy
security people updating the STAT database on a very regular basis
to secure all these government sites. Harris focuses on these
customers specifically and keeps them secure. But four years ago
they made some licensing changes which made it hard for Sunbelt
to continue to sell it. The upshot: A VERY good multi-platform
vulnerability database (literally mil-spec) but marketing for
small business lagged.
Then eEye, the developer of Retina asked us if we wanted to sell
their product instead. It is a sexy product created by a hacker
with green hair. We helped them get in the limelight and sales
skyrocketed. But like all companies, they went to the next level
with Venture Capital and eEye started to make licensing changes
that made it hard for us to continue to sell it. Does this pattern
sound familiar? Right. ;-)
Fast forward to a year ago. Sunbelt decided to "roll our own". We
knew that STAT had a killer vulnerability database and licensed
that. It is one of the best out there and continually updated.
We wrote our own GUI and reporting, and are able to offer a true
military strength product for a Small Business price. Harris is
very good at the U.S. Government-type contracts and much better
equipped to handle large accounts like that. So Sunbelt focuses
on the Small Business market and single administrators and leaves
the big stuff to Harris. It's a great working relationship and
it is an actual case where "everybody wins".
Most other scanners charge by IP, which our research shows is not
affordable for about 80% of the smaller sites out there. But many
of these sites are multi-platform and SNSI scans for well over
3,000 known vulnerabilities. Windows IT Pro Mag just reviewed SNSI
and gave it 4 stars and thumbs up with: "Excellent vulnerability
descriptions and remediation instructions; low cost... user-friendly."
The nearest competitor, GFI with their LanGuard NSS product, was
shown to only scan for about 300 (mostly Unix) vulnerabilities and
was not recommended as a stand alone tool. The link to this recent
shootout in Win IT Pro mag is on the SNSI webpage so you can read
it all for yourself.
In a nutshell, SNSI has a feature set that other products really
charge up to 10 times more for. Do your own homework and you will
come to the same conclusion. It's easy to install, easy to run,
you do not need a Unix background, it comes with hyperlinks to
KB items when you want to quickly fix something. It is BY FAR
the best price/performance tool out there. Really. If you find
something better I'm going to refund you. There, I said it.
It's in writing. [grin]
OK, get SNSI, run it and you'll see. And it's only $1,495 per
admin (add 25% maintenance per year). Honestly, with the current
security climate SNSI is a tool you cannot afford not to run.
And we have done everything in our power to make this thing as
easy and affordable as we can. The new V1.6 due out in December
will have even stronger reporting options. But what you get in
V1.5 is a whole new batch of Cisco devices you can now scan.
SNSI is getting better and better at a rapid clip. Get your
eval copy here:
This Week's Links We Like. Tips, Hints And Fun Stuff
As a celebration of our Issue #500, we looked at all the earlier
issues and figured out the most FAVE links of ALL TIME! It's no
surprise they are all either videos or pictures. We do have
a full T3 but it might get a bit busy so download times could
suffer a bit. If it gets too busy, come back the next day.
Have fun though! Stu Sjouwerman
- The "odd and creepy eye" has really caught people's attention:
- This home-made spoof on Mac Advertisements is a riot (WMV).
- Going almost 200mph on a souped up Suzuki got a lot of hits! (WMV)
- The old Icon-war site is still fun to watch.
- A Lotus Exige being chased by a chopper. Guess who wins: (WMV)
- The effect a fighter jet creates when it crashes into concrete: (WMV)
- Powerpoint file with absolutely gorgeous shots #1
- Powerpoint file with absolutely gorgeous shots #2
- The spoof on Lord of the Rings they played at the MTV Movie Awards (WMV)
- A Harrier fighter pilot gets away at the last moment! (MPG)
PRODUCT OF THE WEEK
Windows Server 2003: Upgrade or Technology Shift?...
Looking for Windows Server 2003 migration and installation advice?
You'll find installation guides, migration cost calculators,
project plans, and other helpful tools pertaining to Windows
Server 2003 in one spot. Whether you are debating on making
the shift or you are in the throws of installation you will
find something to help you through your migration. Price: $19.95