- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Fri, Dec 24, 2004 (Vol. 9, #49 - Issue #505)
The Big Antispyware Announcement!
  This issue of W2Knews™ contains:
    • The Big Antispyware Announcement!
    • Admin Tools We Think You Shouldn't Be Without
    • Executive Summary: Spyware Worse Threat Than Viruses
    • Detecting And Removing Spyware
    • How Come Microsoft Updates Sunbelt With Spyware Definitions?
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Sunbelt Remote Admin: SuperFast Remote Control
  SPONSOR: First in True Enterprise-Ready Anti-Spyware
Spyware is the new Number one IT headache. For the enterprise,
retooled consumer anti-spyware products won't cut it. Meet
CounterSpy Enterprise.
CounterSpy is a policy-based anti-spyware
tool built from the ground up for enterprise deployment and easy
centralized management. It supports AD and has a strong Admin
Console with four different ways to deploy agents. Catch a sneak
peek here and check out the recorded webcast. Then ask for a
Visit First in True Enterprise-Ready Anti-Spyware for more information.

The Big Antispyware Announcement!

Hi All,

Here's the latest hot news from Sunbelt Software. And as this is the last issue of 2004, have a great New Year's everyone.

I haven't been excited like this for a while! I have something very cool to announce today: a true second-generation enterprise-ready antispyware product. During the last 6 months many of you told us that spyware had become your #1 headache: worse than viruses. But you also told us that the first-generation tools out there were so-so at best. A recent SunPoll showed that almost 40% of you were holding out for a real enterprise solution. It was clear that the existing "enterprise" products were retooled from consumer code and did not support things like Active Directory. In other words, not "built for the enterprise", but you bought them because there was nothing else on the market and you needed a solution "N O W".

No more! I'm proud to present the long and hard work of the Sunbelt Development and QA-team: CounterSpy Enterprise. This product was built 'by admins for admins' from the ground up for enterprise deployment.

It is second-generation for two main reasons. First, it was built as a policy-based solution from the get go. And, it interfaces with AD, has many ways you can deploy agents to your workstations, and is admin-friendly. Second is that it uses three strategies to update the spyware definition database: Sunbelt's own dedicated team of spyware researchers, a unique network called the "Spyware Fighters Network" (SFN), and Microsoft is going to send us spyware definition updates! (see article below). These combined will make sure that the threat database is both extensive and up to date, and better than any other product out there, bar none.

The SFN functions as an early warning system (neighborhood watch) and spots outbreaks of new spyware which get sent to our Research Team which will validate them and quickly update your CounterSpy threat database.

We're beyond excited about this development, as you can understand. CounterSpy Enterprise is going to be the best out there. If you have budget to spend before the end of the year, I could not suggest more strongly that you buy CounterSpy Enterprise (CSE) right away. It is a Version 1.0 and you'll be able to tell us what direction you want it developed in. Have a look at it, and tell us what you'd like to see in future versions. This is a great way to fight spyware together!

If your 2004 budgets are tapped out, or if you are doing a big migration and have no time over the holidays, schedule an eval of CSE in early January and ask for Q1 budget, as this is the first true enterprise-ready antispyware solution that you can get your hands on n-o-w! For the specs of CounterSpy Enterprise, check out the Product Spotlight section.

Quotes of the day:

  • "I do not fear computers. I fear lack of them." --Isaac Asimov
  • "Things turn out best for the people who make the best of the way things turn out". -- John Wooden
  • "Democracy is two wolves and a lamb voting on what to have for dinner. Liberty is a well-armed lamb contesting the vote." -Benjamin Franklin

(email me with feedback: [email protected])

Admin Tools We Think You Shouldn't Be Without


Executive Summary: Spyware Worse Threat Than Viruses

Need Ammo to get budget for antispyware? Use these results of a recent Sunbelt Software survey. Spyware/Adware is pretty ugly, and getting worse fast.

W2Knews asked its readers to participate in a new survey to gauge the impact spyware has in 2004 compared to 2003. A total of 1156 self-selected responses came in, amounting to 2% of the open rate of that specific W2Knews issue. The results are nothing but revealing.

Stu Sjouwerman, Editor in Chief of W2Knews stated: "Spyware has exploded in 2004. Of the respondents, 58% said it has increased more than 100%, 23% said it increased 50% over 2003 and 13.4% stated it increased somewhat over last year. System Administrators told us it has become a worse problem than viruses."

Asked about the level of severity of spyware infections, 1.5% said it was no problem at all, 7.5% said it was a minor problem, 41.3% stated that it was happening more and more, 33% complained it had become a major problem and 16.7% said they were very concerned about this and needed solutions right away.

Those are the results of the latest independent W2Knews poll of 1156 system and security administrators. A large majority of 45% said they were actively looking for -scalable- antispyware solutions for their organization, and another 31% plan to implement antispyware in the near future. Over 50% are looking to purchase antispyware solutions within a 9-month timeframe.

The responses show that on average 48% of system administrators spend more than 20 minutes per system removing unwanted spyware, 18% say it takes 15-20 minutes per system, and 16.2% of system admin say it takes 10-15 minutes. Over three quarters of admins reported that up to 20% of the machines that are infected need a total rebuild to get rid of persistent malware.

Regarding existing policies in their organization that forbid downloads and installation of unapproved software, 72% indicates that these do indeed exist, but only 21% has the tools to enforce these policies. All others say that they either have no, or at best insufficent means to enforce download policies.

Other survey highlights:

  • Many system admins use free tools to disinfect systems, but none of these catch all the spyware, the vast majority uses two or even three products in their efforts to clean systems.
  • Attempts are made to educate end-users but re-infections of affected systems occurs in the timeframe of a few weeks to a month.
  • Spyware in the HIPAA regulated industries has become a major security threat.
  • The problem with free solutions is no central management or central updates of threat definition databases, no reporting, and no real-time protection.
  • End users tend to shut off antispyware tools on their system because they think that these tools cause their PC to slow down.
  • Existing anti-virus tools make an attempt to focus on spyware but do not do an acceptable job in removing it.
  • System administrators complain that spyware has become very time consuming and that especially personal computers used by telecommuters, and laptop devices used by traveling employees get infected and re-infected with a very high frequency. The most recurring terms used to describe spyware are: "insidious", "worse than viruses", "hate it", "very irritated" and "nightmare".
Well, we are happy to present CounterSpy Enterprise to solve this ugly issue. Check out the specs here:

Detecting And Removing Spyware

Spyware has quickly become a nightmare for both consumers and the enterprise. Legislation was put on the fast track and signed into law in a matter of months. But just like CAN-SPAM, legislation alone is not going to solve this problem. Spyware is a threat with many sharp edges and attacks from many angles.

In a Feb. 23, 2004 press release, U.S. Senator Conrad Burns (R-Mont) stated, "Computer users should have the same amount of privacy online as they do when they close the blinds in the windows of their house. But this is not the case, as computers across the country are being hijacked every day as users unknowingly download unwanted and deceitful programs that spy into their online world. Computer users must have some sort of defense against these sneaky programs hiding in the shadows of their machines."

To be a bit more specific, spyware really is a generic term. There is a whole "tree" of at least 36 different categories of spyware, starting with relatively harmless tracking cookies to extremely dangerous backdoors that hackers can use to get "root" access and compromise your whole network. The ways an and-user's machine can get infected are various. Some of the spyware gets "piggy-backed" with peer-to-peer file sharing products. There may be corporate policy against that, but you'd be surprised with what end-users think they can get away with. More common in our environment are the infiltrations via a method known as "drive-by-downloads" which could be just a tracking cookie but when your user clicks on anything at all, malware gets copied to their hard disk and here's where a lot of trouble starts.

Spyware is often not detected by anti-virus software and no wonder. AV software wasn't developed for that purpose. And unfortunately, uninstalling the host software that carried the parasite into your end-user's machine does not get rid of the spyware itself. Some of them are very resistant to uninstalling. Practically all of the new Spyware releases have "reinstallers" built-in that get it activated again even if the end-user deletes the spyware. It is only just now getting the same visibility and attention that anti-virus software has had for years. Both consumers and organizations need to take active steps to protect against this new internet plague. We all thought that spam was a major problem, but it is a mild cold compared to spyware which is spreading like a new strain of killer flu.

One of the reasons for this is that spammers over the last few years have found that they get filtered out more and more and have become more resourceful in trying to get around this. Combine that with the fact that several mafias have moved into organized cybercrime (identity theft is a lot less risky and can be more rewarding than selling drugs) and you have an interesting cocktail of malicious code and intentions.

Up to now, removal has not been very structured. Several freeware products like spybot and ad-aware are being used by system admins to get rid of affected machines. Consumer products like PestPatrol have been retooled for the enterprise but without sufficient analysis what the system admin really needs. Only just now some "enterprise tools" are coming on the market. But they have a long way to go. CounterSpy enterprise was built from the ground up as an enterprise tool, 'for admins by admins' and includes a unique way to fight spyware.

Spyware is BIG business. We are talking many hundreds of millions of dollars. And that is the legit side only. There is as much or more money to be made on the criminal side. No one product (and no single company) can fight this on their own. System admins already know this and use two or three antispyware tools to try to clean systems. CounterSpy Enterprise has a threat database that is one of the best in the industry, but its strongest feature is the Spyware Fighters Network (SFN) that allows all admins to band together and fight spyware as a team! The SFN allows faster fixes to be coded and downloaded to CounterSpy Enterprise users. You can check the Preview Edition here:


How Come Microsoft Updates Sunbelt With Spyware Definitions?

For most of you the CounterSpy Enterprise announcement was expected, but the story got a really nice twist at the end last week. You may have seen the recent press on Microsoft acquiring the antispyware company Giant. Let's clarify some things for you admins that have been in the trenches these last weeks.

First, Sunbelt is a Gold Certified Microsoft partner and the two companies have had a strong and friendly partnership for a number of years. Sunbelt is not going to be bought by Microsoft. We have a well known 20-year reputation for never letting our customers down. Example: Everyone that bought PestPatrol Corporate from Sunbelt gets a free upgrade to CounterSpy Enterprise.

So, what happened last week? Microsoft bought Giant. Now what? Microsoft fully owns its anti-spyware product that it acquired from Giant Company. (Giant had previously granted co-ownership rights to Sunbelt for a previous version of Giant's antispyware product. As part of that contract, Sunbelt has the exclusive right to innovate its own product. Similarly, Microsoft has exclusive rights to the Microsoft technology.) In turn, Sunbelt fully owns its own anti-spyware technology. CounterSpy for consumers is a reworked derivative of the Giant code. CounterSpy Enterprise was built from the ground up as a robust, second-generation tool and only uses some of the (now heavily modified) Giant code in the CounterSpy Enterprise workstation agent.

Now, the above is pretty common and nothing really out of the ordinary. But listen to this: "Microsoft will be providing definition file updates to Sunbelt to its spyware database until July 2007. During this time, Sunbelt and Microsoft share in the ownership of these definition files." Awesome news. As you know, the threat database is a crucial part of the quality of any anti- spyware product. Now NO OTHER corporate antispyware product can even get c-l-o-s-e to CounterSpy Enterprise !

We are actively developing new versions of both the consumer and enterprise versions of CounterSpy, and on top of the Microsoft antispyware updates, we will add our own threat database updates to the products. We have our own in-house team of developers, as well as a team of researchers hunting for new spyware, and the rapidly expanding Sunbelt Spyware Fighters Network is contributing too. You should ask for a quote to start with, and you'll be pleasantly surprised with the competitive price. Keep two things in mind though:

  1. Make sure to mention the amount of workstations you want
  2. It's the holiday season so it may take a few days to get a quote back to you!
This is the form to get a price quote:

And here is the official Microsoft statement to clarify some things that were said in the press which were misinterpreted, I'm quoting the section where they confirm that Sunbelt will get the threat updates:

"Anti-spyware solutions require definition updates-signatures of known spyware and other unwanted software-that are necessary to keep the solutions up-to-date. Because of a legal agreement between Sunbelt Software Distribution and Giant that preceded the Microsoft acquisition, Microsoft will provide spyware signature updates to Sunbelt through July 2007." Link to the MS website:


This Week's Links We Like. Tips, Hints And Fun Stuff


Sunbelt Remote Admin: SuperFast Remote Control

Sunbelt Radmin is a superfast, award winning remote control program. You can take over one or more remote systems, and even daisy chain them! The truly crucial features are all there: superfast remote control, file transfer, NT security, telnet and multi-language support. The price is ridiculously low. It has everything you need, and nothing you don't. A user called it a "pcAnywhere killer"! Just the kind of neat tool to use some of that year-end budget. Check it out here: