- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jan 17, 2005 (Vol. 10, #3 - Issue #508)
Big Change To W2Knews!
  This issue of W2Knews™ contains:
    • Big Change To W2Knews!
    • How About a V-10 Powering Your iHateSpam for Exchange?
    • It's Confirmed: Spyware Was Biggest Threat in 2004
    • Admin Tools We Think You Shouldn't Be Without
    • Security Holes Can Be In Hardware Too
    • Spammers Are Breaking DNS
    • Microsoft Enterprise Product Roadmap for 2005
    • Longhorn Throws "Home" and "Pro" Out The Window
    • Growing Microsoft To Expand Redmond Headquarters
    • Redmond: Get Your Malware Tool Here:
    • Sunbelt Software and Cloudmark Partner to Fight Spam
    • New SNSI Vulnerability Update: Now Has MAC Added
    • Always Wanted MOM Functionality? Get ServerVision Now
    • GeoCluster 4.4 New Version Now Available!
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • ServerVision Gets Excellent Reviews
  SPONSOR: First in True Enterprise-Ready Anti-Spyware
Spyware is the new Number one IT headache. For the enterprise,
retooled consumer anti-spyware products won't cut it. Meet
CounterSpy Enterprise.
CounterSpy is a policy-based anti-spyware
tool built from the ground up for enterprise deployment and easy
centralized management. It supports AD and has a strong Admin
Console with many different ways to deploy agents. Ask for a
quote, it's a great price for a second-generation product!

Visit First in True Enterprise-Ready Anti-Spyware for more information.

Big Change To W2Knews!

Beginning this week, you will see a big change to your W2Knews newsletter. To accommodate an increasing number of e-mail client settings and spam filters, we've decided to transfer your W2Knews subscriptions to text-only format. With this change we hope to ensure consistent, on-time delivery. You can still read it in HTML on the http://www.w2knews.com website of course, and you will find all the back-issues there as well.

How About a V-10 Powering Your iHateSpam for Exchange?

You are going to get one! We are replacing the respectable 2-liter, 4-cylinder, 180HP "spam-engine block" with a V-10, 450HP 8-liter Viper powerplant (Cloudmark) that simply RAWKS! It will be released later this month. Although this unfortunately this did push our combined antispam plus antivirus product into Q2, but you'll be blown out of your socks when you see that. More about the new iHateSpam for Exchange Version 1.6 in the Third Party section below.

It's Confirmed: Spyware Was Biggest Threat in 2004

Two AV companies independently confirmed their total 2004 statistics of malicious software. Both McAfee and Panda said that Adware / Spyware were the most damaging to production and security over the last year. Nothing new for us of course, as YOU had already told us well in advance. That's why we're thrilled to tell you the latest "build" of CounterSpy Enterprise has some niggly problems fixed and now has much improved communications and smarter agents.

Looking at the 2004 trend of adware and malware, with e-mail and the Web as their vectors, they will continue to increase in 2005 and become more complex. You will see blended threats and more zero-day attacks, an antispyware app needs to be part of your layered security.

If you have already looked at CounterSpy Enterprise, check this new version out, you are going to like it. And Version 1.1 which is just 'round the corner, will have active protection (real-time scanning for malware). Oh, before I forget, you want to uninstall the old version and reinstall this one.

Quotes Of The Week:
"Those who stand for nothing fall for anything." -- Alexander Hamilton, born in 1757.
"Lack of proper prior planning on your part does not constitute an emergency on mine." In other words, if you failed to plan, you planned to fail. -- Internet, Unknown.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


Security Holes Can Be In Hardware Too

Allen Shaw sent me this feedback which I thought was useful for all of us: "As someone with an always on DSL connection and a home network I went out a couple of years ago and purchased a hardware firewall/router which sits between my internet connection and internal network.

"Now in all your newsletters and warnings about keeping your antivirus definitions up to date, getting a scanner for pests and such, I have never seen you mention the importance of keeping your firewall/router firmware up to date.

Since I purchased my Netgear firewall/router nearly two years ago there have been at least 8 firmware upgrades to the product which not only adds some new features but also enhances its ability to protect my network. So in addition to reminding everyone about keeping there virus definitions and anti spyware products up to date, don't forget to remind your readers that it is equally important to check for firmware updates to their home firewall/ routers."

You are right Allan! As for the process of getting the updates, it varies from vendor to vendor. Some of them are easy and have it built in the web UI and others involve having to download and run the update from a workstation. In the older days you had to FTP and update using command line but hopefully they have become a bit more consumer friendly. Your big vendors in that space that I can pick off the top of my head along with links to their support pages are:


Spammers Are Breaking DNS

eWeek came out with an article that made me scratch my head and wonder what other nasty tricks these guys are up to. What they do now is FIRST send a whole bunch of spam out with a not-yet existing domain name, and then first thing in the morning register it, hoping to escape the CAN-SPAM fines via this technical loophole. But in the mean time, the SMTP servers in the recipient's network attempt DNS lookups for domains that are not there yet, causing all kinds of timeout problems. Ugly. Here is the full story:

Microsoft Enterprise Product Roadmap for 2005

Scott Bekker is ENT's star reporter and he's done some good work these last few weeks. He put together a 2005 roadmap and here's how the article starts:

"Like 2004, this year will be another of those interim years for Microsoft's enterprise operations, with no blockbuster releases of Windows or the Office suite. On the second tier of Microsoft's enterprise software stack, however, it does finally look like SQL Server 2005 will make its long-promised debut. Meanwhile, Microsoft has dozens of major enterprise products, and each one's ongoing need for minor upgrades and tweaks will make for another full year of product releases. The biggest items on Microsoft's checklist for 2005:

  • SQL Server 2005 (Yukon)/Visual Studio (Whidbey) 2005
  • Windows Server 2003 "R2"
  • Windows "Longhorn" client beta
  • Windows Server 2003 Service Pack 1
  • Windows Update Services

We've pulled together a report detailing the expected dates and brief summaries of more than 40 betas, products and conferences in 2005 (with a few notable 2006 and 2007 items thrown in for good measure). The article is here:


Longhorn Throws "Home" and "Pro" Out The Window

At the CSE in Vegas, MS released some interesting data about how Longhorn is going to look. Since a public beta will be released in a few months, more stuff is surfacing. For instance, XP "Home" and "Pro" are out the window. And the new version will be a single product that includes features that you find in today's WinXP Media Center and Tablet PC flavors.

Of course when you throw in the Media Center stuff and Tablet features you are going to have a pretty powerful package. I run a media PC at the house though, and I need to reboot that box a few times a week as it loses its connection to the cable provider. Hmmmmm ;-)

Expect more revelations about Longhorn at the Windows Hardware Engineering Conference, planned for late April but to get your hot little hands on the the final product you'll have to wait till end 2006.

Growing Microsoft To Expand Redmond Headquarters

Reflecting its commitment to remain in the Puget Sound region, Microsoft said this week that it will expand its Redmond, Wash., headquarters to accommodate more than 10,000 new employees over next 10 to 20 years. You can read the story in ComputerWorld: http://www.w2knews.com/rd/rd.cfm?id=050117RN-MS_HQ

Redmond: Get Your Malware Tool Here:

MS has introduced the Microsoft Windows Malicious Software Removal Tool. It checks WinXP, W2K and W2K3 for and removes infections by specific malware like Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report. They will release an updated version of this tool each "Patch Tuesday." They advise to also run up-to-date AV software.

You can run the tool from the web here:
Or you can download it and run it locally from this location:


Sunbelt Software and Cloudmark Partner to Fight Spam

Exciting news! iHateSpam for Exchange has a new engine. Here's the Press Release: Sunbelt Software, a leading provider of Windows infrastructure security and anti-spam solutions, and CloudmarkŪ Inc., the company that delivers the immune system for email, announced a partnership that will enhance Sunbelt's award-winning iHateSpam for Exchange anti-spam application, as well as future messaging security solutions from Sunbelt. Cloudmark was chosen due to its industry reputation and exceptional results from Sunbelt's performance tests. As a part of the agreement, Sunbelt will integrate Cloudmark's award-winning anti-spam technology into its enterprise line of messaging security products.

This functionality will first be implemented in an upcoming version of Sunbelt's iHateSpam for Exchange product, expected for release later this month. "We sought a world-class partner with extensive and complementary anti-spam expertise so that we could bring an even more powerful iHateSpam for Exchange product to market faster," said Alex Eckelberry, president of Sunbelt Software. "Cloudmark's solution was selected for our current and future anti-spam software initiatives, delivering superior technology for faster scanning and better accuracy."

"Sunbelt has thousands of customers who depend on iHateSpam for Exchange to protect their businesses," said Karl Jacob, CEO of Cloudmark. "Sunbelt's award-winning solutions and ten years in business are evidence to its desire to put the best possible offering on the market, and we're excited to be recognized by such a reputable industry player as providing the best anti-spam solution available to help continue their strong heritage of customer satisfaction."

So now that the PR-stuff is out of the way, let me tell you what this means in sysadmin language. We are replacing the respectable 2-liter, 4-cylinder, 180HP "spam-engine block" with a V-10, 450HP 8-liter Viper powerplant (Cloudmark) that simply RAWKS! It will be released later this month. Although this unfortunately this did push our combined antispam plus antivirus product into Q2, but you'll be blown out of your socks when you see that.

New SNSI Vulnerability Update: Now Has MAC Added

SNSI now contains a total of 3,481 vulnerability checks. It has seventeen MAC OS 10.3.5 vulnerability checks and will be adding more with each update. Here are some tips when scanning Macs:

  1. Mac OS X needs to be scanned via SSH - the Unix knowledge base articles cover general SSH aspects.
  2. The Firewall is on by default and blocks SSH by default. If SSH is allowed through it should work.
  3. If the Mac OS is hibernating you will not get SSH access even if everything else is correct. The machine needs to be in the normal running state to be scanned. The desktop tools allow you to configure non-hibernation if this is allowed.
  4. You do not need a root account (same as for other Unix).

New vulnerability updates for this release include:
8 new Windows checks, bringing the total Windows checks to 2371.
17 new Linux checks, bringing the total to 687.
1 new Solaris check, bringing the total to 262.
2 new HP-UX checks, bringing the total to 107.

Always Wanted MOM Functionality? Get ServerVision Now

Here is a recent customer response we received:

"Your products are great! ServerVision is in version 1.0 and there are several improvements that can be made, but for a 1.0 product it is very functional and is making my job easier! I have always been the type of system administrator that did not like using 3rd party products and have been very successful in monitoring our network using my own scripting and notification methods. But your Sunbelt products have made a convert out of me and I am utilizing all the products I ordered from you guys fully! And tech support is great as well!" B.C. - Mgr. Data Center Ops.

ServerVision is just 50 bucks per server and has a host of very powerful features that you simply do not find in similar products. It's really worth trying out:

GeoCluster 4.4 New Version Now Available!

NSI Software is pleased to announce the immediate availability of GeoCluster 4.4. This product is now shipping and will be used to fulfill all new orders. This release brings all of the new features available in Double-Take 4.4 into GeoCluster.

Significant new features for GeoCluster 4.4 include:

  • Intelligent Data Compression
  • Email Event Notifications
  • Management Console Server Filtering
  • Web Software Updates
  • Improved Performance and Scalability

Get an eval copy here:


This Week's Links We Like. Tips, Hints And Fun Stuff


ServerVision Gets Excellent Reviews

Mike Gunderloy, MCSE, MCSD, MCDBA, is a contributing editor for MCP Magazine and said: "ServerVision has come up with a solution that is unique in several ways. The most innovative feature? There's no particular machine that's identified as the central repository of monitoring knowledge. Once installed, ServerVision sets up a default set of checks for things like errors in the event log, average CPU and memory load, available disk space, failed services and so on. You can adjust the alerting thresholds for all of these, but even without any customization you'll get a decent idea of your network's health.

"Sunbelt threw in some other functionality. There's a basic backup capability to protect critical data by backing up files or databases and then using FTP to move them around. ServerVision also integrates with Shavlik's HfNetChk to keep an eye on the security profile of servers, sending a notification when a required patch hasn't been applied. I like having an MMC snap-in for monitoring; this makes it easy to integrate ServerVision with other management tools. Sunbelt's product is incredibly easy to install, and well-configured by default.

We could not have said it any better. Get your 30-day eval here: