- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jan 24, 2005 (Vol. 10, #4 - Issue #509)
Spyware: IT's Public Enemy No. 1
  This issue of W2Knews™ contains:
    • What's Hot In The New SNSI V1.6?
    • New SunPoll
    • First Hand Account
    • Admin Tools We Think You Shouldn't Be Without
    • What's The Future of CounterSpy Enterprise?
    • Here's An Idea; Start Your Own Local Security Group
    • Seven Signs Of Trouble In Endpoint Security
    • SUS Automatic Update Error Codes
    • New Exchange Version: Evolution, No Revolution
    • New Microsoft Malware Tool Calls Home By Default
    • Now, How Many Holes Do You Think WinXP Has?
    • Redmond Throws In Some Free NT4 Patches
    • Trick To Bypass IE Download Warnings
    • SNSI Wins Silver Security Product of the Year
    • Print Manager Plus 5.5 Cluster Version Released
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • The Internet On Wheels: RaySat
  SPONSOR: Spyware: IT's Public Enemy No. 1
Spyware is the new Number one IT headache. For the enterprise,
retooled consumer anti-spyware products won't cut it.
CounterSpy Enterprise: the ONLY antispyware product that gets
threat database updates from Microsoft. CounterSpy is a policy-
based anti-spyware tool built from the ground up for enterprise
deployment and easy centralized management. It supports AD and
has a strong Admin Console with many different ways to deploy
agents. Ask for a quote, you will get excellent value for this
second-generation product!

Visit Spyware: IT's Public Enemy No. 1 for more information.

What's Hot In The New SNSI V1.6?

Just how is SNSI doing? Actually really well. We are selling hundreds of licenses and no wonder; where can you get a high-end vulnerability scanner with a military-strength, multi-platform database, but licensed per admin? Right. The only thing that admins complained about was reporting. Well, that's dramatically improved now! And for good measure we threw in scanning for the MacOSX.

The new V1.6 delivers more informative scan results but also additional reporting capabilities. SNSI now supplies high-level scan results that provide short descriptions of each scan for quick reference. The reports have been re-categorized for easier use and you now have the ability to easily export reports to multiple formats such as pdf, xls, doc, html, xml and DB.

Best of all, SNSI was just chosen as the Silver Product of the Year in the Security Category at TechTarget, (with No. 1 and 3 both being patching tools). This really is a security scanner you should run, even if you already run another scanner. It's part of your layered security defenses and running two scanners is no "luxury" but more a necessity. SNSI allows you to do this without making a hole in your budget. Comparable scanners can be ten times more expensive. Get your 30-day eval at:

New SunPoll

Here is the latest Poll, let's see what you system admins think about this! "Which do you think will pose a greater security threat to your network in 2005?"

  • Phishing
  • Viruses
  • Spyware
  • Other
Vote here, rightmost column:

First Hand Account

Something completely different now. I'd like to encourage you to be generous and (continue to) help out with the tsunami aid. Some one sent me a harrowing first-hand account from a U.S. diving instructor in Thailand:

Quotes Of The Week:
"All truth passes through three stages: First it is Ridiculed. Second, it is Violently Opposed. Third, it is Accepted as being Self-Evident." -- Arthur Schopenhauer (1778-1860)
"Who is General Failure and why is he reading my disk?" -- Unknown, Internet.

Last week's quote:
"By failing to prepare, you are preparing to fail." is actually good old Benjamin Franklin's! This gem of wisdom preceded IT for almost 200 years. [grin]

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


What's The Future of CounterSpy Enterprise?

We're pleased to announce the release of a new version of CounterSpy Enterprise, build 1.0.70. This release fixes a number of issues that became apparent in the first version. If you have downloaded the earlier 1.0 version, you're encouraged to uninstall that and install the server component of this new version; it is significantly improved.

Many of you have asked us "what's the future of CounterSpy Enterprise"? The answer is simple: Everything. CounterSpy Enterprise is the first step in a full desktop security strategy that will be unrolling this year.

What you see right now in CounterSpy Enterprise is a method of restoring spyware infected systems. In the near future (eight weeks), we will be releasing a version with real-time spyware protection on the desktop. This upgrade will be available for free for customers under maintenance.

Then, in the summer, we are going to add antivirus and firewall capability, for a full security solution. These additional features will be available at a small additional fee, but will certainly be cost-competitive with the existing AV and desktop firewall solutions available.

One note about definition files: Anti-spyware solutions require definition updates (signatures of known spyware and other unwanted software) that are necessary to keep the solutions up-to-date. Through an agreement with Microsoft, they will be providing definition file updates to Sunbelt to its spyware database until July 2007. During this time, Sunbelt and MS exclusively share in the ownership of these definition files.

In addition, we add our own additional updates through our research team. And finally, we have the work of the Spyware Fighters Network called ThreatNetŪ, our network of users that report spyware to us. It's just getting started up and we expect good results from that effort as well.

In short, the choice of CounterSpy will provide a uniquely powerful antispyware product to your enterprise that will evolve to become a full desktop security platform. At the moment, CounterSpy has a documented 90%+ catch rate. How did we get to that number? As CounterSpy is based in part on the MS definitions, you can use the Microsoft antispyeare results as an indicator of performance. The review below indicates a catch rate of 91%. We exceed that catch rate, with fewer false positives. Our goal is 100% spyware detection and it looks like we're getting close. In addition, we have significantly enhanced the original code, our scan rates in the enterprise version are very fast. Link to the review at About.com:

Here's a link to the new CounterSpy Enterprise 1.0.70 download:

Here's An Idea; Start Your Own Local Security Group

Brian Bourne from Toronto, Ontario sent me this. "We're working on launching a security user group for Toronto. Our goal is to raise security awareness with all IT professionals and to provide a forum for security pro's to share information. Our website is at http://www.task.to/."

I think this is a great idea and you could do this in your own city as well.

Seven Signs Of Trouble In Endpoint Security

ComputerWorld has a good story about security of mobile devices. Most security investments leave mobile endpoints at risk. This is because mobile computers are difficult to manage with traditional security measures and can become vulnerable in many ways, including the following:

  1. You don't know what software is installed and running or how your mobile computers are configured.
  2. You rely on antivirus and personal firewall software as your total solution to endpoint security.
  3. Your IT management and security tools don't extend to your mobile computers and remote locations.
  4. You can't enforce secure configuration of all of your computers when they are on (and off) your network.
  5. You don't require and enforce current and secure configuration when computers connect to your network.
  6. Your mobile and remote users have administrative rights on their computers.
  7. Your discovery and remediation capabilities aren't able to stay ahead of the shrinking window of time between notice of a vulnerability being published and an exploit spreading in the wild.
All these points are explained in more detail at their site:

SUS Automatic Update Error Codes

Contributed By: Cliff Hobbs [MVP SMS]
Reproduced from the SUS Deployment Guide, the following is a list of the common error code arguments that can be received from Automatic Updates. Please note that this isn't an exhaustive list as SUS returns any errors it encounters which might not have come from a SUS component. Link at FAQ Shop:

New Exchange Version: Evolution, No Revolution

David Thompson, corporate VP, Microsoft gave an interview to the SearchExchange site. Redmond's latest plan for Exchange Server is to offer customers some substantive new features, but no major architectural changes, as had been part of earlier plans for the messaging platform.

The next version of Exchange Server, dubbed "E12," will contain database replication features that will let customers have two synched copies of the Exchange database for better backup, 64-bit support for improved scalability, and the ability to more clearly define the roles of various Exchange elements. Microsoft also plans to add a set of Web services APIs to improve the programmability of business apps to Exchange.

They are also talking about unified messaging, and that means besides email, also voice mail and fax. There are plans to allow you to call the Exchange server and get your voice mail. It will also support SenderID (authenticate the sender of an email and kill the message if it's bogus). Apart from the above, another feature I liked was a 'smart meeting picker' that will choose the ideal time for a meeting based on some criteria you can set. Expect all these goodies in 2007 earliest though. More of this story:


New Microsoft Malware Tool Calls Home By Default

One of the attentive (more than me) W2Knews readers sent me this about the new MS Malware Removal Tool: "I don't know if you read the entire tech note, but this tool sends it's results back to Microsoft. There is a reg key in the 2nd article which describes how to prevent this (e.g. in an enterprise situation). Sounds like a pretty powerful data mining technique!". For people that had not discovered this, here is the direct link to the support page that describes it, look for the FAQ number 21 on how to prevent it from calling home.

Now, How Many Holes Do You Think WinXP Has?

Doing some quick "educated guess math", some one came up with the following numbers:

  • 40 Million: Number of lines of code in Windows XP (60M? in SP2).
  • 5 per 1,000: With high quality coding, you still have an estimated 5 bugs in every thousand lines of a program.
  • 200,000: Estimated number of bugs on every WinXP system
  • 200: The number of security holes in WinXP if only 1 out of 1,000) are remotely exploitable. Might be much higher...

Redmond Throws In Some Free NT4 Patches

Microsoft's first security bulletins of the new year included fixes for the now-unsupported Windows NT Server 4.0. On a related note, administrators are cautioned to apply January's patches in a specific order to avoid problems. There's more on this story at SearchWindowsSecurity.

Trick To Bypass IE Download Warnings

A computer security researcher and Symantec Corp. are warning MS customers about an unpatched hole in the company's Web browser that could allow an attacker to bypass security warnings and download malicious content onto vulnerable systems. ComputerWorld has the story:


SNSI Wins Silver Security Product of the Year

After a review of more than 100 products in five categories, the results of TechTarget's annual Windows Products of the Year are in. The Editors looked at and scored for innovation, performance, integration, manageability, functionality and value.

The panel of judges for TechTarget's annual Windows Products of the Year included independent industry experts and Windows professionals. They reviewed more than 100 products in five major categories:

  • Active Directory
  • Enterprise Desktop Administration
  • Messaging
  • Network and System Management
  • Security

Sunbelt Network Security Inspector (SNSI) version 1.5 won Silver! TechTarget's SearchWin2000 site awarded SNSI their Silver Security Product of the Year Award. They said: "For ease of use and value, Sunbelt Software's Network Security Inspector (SNSI) 1.5 was given this year's Silver Award in the security category.

"Judges noted that SNSI delivers commercial-grade vulnerability scanning that detects more than 3,000 ranked vulnerabilities in multiple operating system platforms and applications. SNSI version 1.0 was released in February 2004, followed by version 1.5 in July.

"SNSI was also given high marks in the areas of functionality and performance. Targeted at the SMB market, SNSI costs $1,495 per administrator. The newest version supports Windows, Solaris, HP- UX, Red Hat, SuSE and Mandrake Linux, Cisco routers and HP printers.

"Its scanning wizards allows custom scan groups by IP range, vulnerability, port, machine or any combination, or you can use predefined scans such as "high risk" or "SANS Institute's top 20."

"You can also search for specific vulnerabilities based on a number of fields, use prioritized and customizable vulnerability reports and eliminate vulnerabilities found using SNSI's recommended solutions, which in many cases include links to related Web sites that provide further information on manually fixing a vulnerability."

Here is a list of the most important improvements in V1.6.


  • Users can export reports
  • All reports were re-formatted
  • New Executive Summary report
  • Report Category grouping in tree was changed
  • Reports now display in separate app - "report view" shows an example jpeg of the report.


  • Consolidated authentication options for domains and IP into same page
  • Allow user to provide credentials on the Auth page without requiring Windows authentication
  • Will not show non-applicable columns in machine discovery (ping/auth) page
  • Added Group Scan wizard
  • Update scheduling - Options in settings pane for automatic update checks now functional

Miscellaneous features

  • Add short description column to scan results
  • Animations in status bar show when scan is in progress or machines are being added to group
  • Evaluation days now shown in help about

To see all the official SearchWin2000 Announcement:

To go directly to SNSI for a 30-day V1.6 download:

Print Manager Plus 5.5 Cluster Version Released

Print Manager Plus Reduces Cost of Printing Across the Enterprise by up to 75%. The primary reasons organizations make use of clustering technology are to provide application availability and data integrity and to reduce costs associated with downtime. Print Manager Plus is the only Microsoft verified and certified print management, reporting and quota technology in the industry.

"The high cost of printing often goes unnoticed by many businesses and institutions," commented Danny Byrnes, Print Manager Plus product manager. By using an easily managed enterprise solution for any number of printers, IT managers can take full control and significantly reduce these costs with minimal time or effort. Print Manager Plus puts complete control of the cost and administration of printing back into the hands of the management".

Print Manager Plus not only provides reports and allows quotas to be set on users, it allows one to bill clients for printing done for them, it enables consultants to assess customer networks to determine what printers or configurations will optimize their printer fleet, and other features which all add up to reducing the cost of printing and simplifying the print enterprise.

Over 10,000 customers use it including Microsoft (who offer it to the Public Sector in Europe, Middle East, and Africa), HP, Dell (who also offer it as part of their standard server software), Oxford University, Siemens, CNN, NASA, the Red Cross, along with schools, universities and companies in nearly every country of the world. Print Manager Plus comes in English or German. For more information, prices, and a fully functional trial version:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • This guy built a little glider with a GPS enabled auto-pilot that drops from a weather balloon and guides itself to the landing site.

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Glider
  • Bloopers bedevil Gates at Consumer Electronics Show. "It no workie!" See the video at:

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-No_Workie
  • Deep Sea 'Things' washed ashore via the recent Tsunami. Fascinating.

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Deep_Sea
  • So, what were the most popular searches in 2004 at Google?

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Google
  • New hardware: Akimbo. It delivers TV over the Internet. I'm tempted!

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Akimbo
  • Want to hear the winds of Titan? They are here now!

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Titan
  • Hasbro has a new toy that actually is really funny: "Darth Tater"

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Darth_Tater
  • Ever wondered what Bill Gates looked like in 1984? These are shots for a magazine called Teen Beat. Hee hee.

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Teen_Gates
  • This is the most expensive flashlight that I have seen up to now:

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Flashlight
  • Eyes getting tired? Here is a massager that runs on your USB port.

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Massager
  • Now here is a car ad (probably spoofed) that has sharp edges on all sides. Some people will call this definitely politically incorrect:

  • http://www.w2knews.com/rd/rd.cfm?id=050124FA-Bomber

    The Internet On Wheels: RaySat

    If you are a road warrior, here is your next weapon: a really fast connection to the net via satellite in your car. RaySat, Inc in Vienna, Va developed an antenna that makes your wheels into a rolling Wi-Fi hot spot: access for your laptop and also live satellite TV. I saw an article about it in the Wall Street Journal and I like the idea. The cost is $3,500 and it will become available in Q3 this year. Their site is over at: