Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jan 24, 2005 (Vol. 10, #4 - Issue #509)
Spyware: IT's Public Enemy No. 1
This issue of W2Knews contains:
- EDITORS CORNER
- What's Hot In The New SNSI V1.6?
- New SunPoll
- First Hand Account
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- What's The Future of CounterSpy Enterprise?
- Here's An Idea; Start Your Own Local Security Group
- Seven Signs Of Trouble In Endpoint Security
- SUS Automatic Update Error Codes
- New Exchange Version: Evolution, No Revolution
- NT/2000 RELATED NEWS
- New Microsoft Malware Tool Calls Home By Default
- Now, How Many Holes Do You Think WinXP Has?
- Redmond Throws In Some Free NT4 Patches
- Trick To Bypass IE Download Warnings
- NT/2000 THIRD PARTY NEWS
- SNSI Wins Silver Security Product of the Year
- Print Manager Plus 5.5 Cluster Version Released
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- The Internet On Wheels: RaySat
SPONSOR: Spyware: IT's Public Enemy No. 1
Spyware is the new Number one IT headache. For the enterprise,
retooled consumer anti-spyware products won't cut it. Meet
CounterSpy Enterprise: the ONLY antispyware product that gets
threat database updates from Microsoft. CounterSpy is a policy-
based anti-spyware tool built from the ground up for enterprise
deployment and easy centralized management. It supports AD and
has a strong Admin Console with many different ways to deploy
agents. Ask for a quote, you will get excellent value for this
Visit Spyware: IT's Public Enemy No. 1 for more information.
What's Hot In The New SNSI V1.6?
Just how is SNSI doing? Actually really well. We are selling
hundreds of licenses and no wonder; where can you get a high-end
vulnerability scanner with a military-strength, multi-platform
database, but licensed per admin? Right. The only thing that
admins complained about was reporting. Well, that's dramatically
improved now! And for good measure we threw in scanning for the
The new V1.6 delivers more informative scan results but also
additional reporting capabilities. SNSI now supplies high-level
scan results that provide short descriptions of each scan for
quick reference. The reports have been re-categorized for easier
use and you now have the ability to easily export reports to
multiple formats such as pdf, xls, doc, html, xml and DB.
Best of all, SNSI was just chosen as the Silver Product of the
Year in the Security Category at TechTarget, (with No. 1 and 3
both being patching tools). This really is a security scanner
you should run, even if you already run another scanner. It's
part of your layered security defenses and running two scanners
is no "luxury" but more a necessity. SNSI allows you to do this
without making a hole in your budget. Comparable scanners can
be ten times more expensive. Get your 30-day eval at:
Here is the latest Poll, let's see what you system admins think
about this! "Which do you think will pose a greater security
threat to your network in 2005?"
Vote here, rightmost column:
First Hand Account
Something completely different now. I'd like to encourage you to
be generous and (continue to) help out with the tsunami aid.
Some one sent me a harrowing first-hand account from a U.S.
diving instructor in Thailand:
Quotes Of The Week:
"All truth passes through three stages: First it is Ridiculed.
Second, it is Violently Opposed. Third, it is Accepted as being
Self-Evident." -- Arthur Schopenhauer (1778-1860)
"Who is General Failure and why is he reading my disk?" --
Last week's quote:
"By failing to prepare, you are preparing to fail." is actually good old Benjamin Franklin's! This gem of wisdom preceded IT for almost 200 years. [grin]
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
What's The Future of CounterSpy Enterprise?
We're pleased to announce the release of a new version of
CounterSpy Enterprise, build 1.0.70. This release fixes a number
of issues that became apparent in the first version. If you have
downloaded the earlier 1.0 version, you're encouraged to
uninstall that and install the server component of this new
version; it is significantly improved.
Many of you have asked us "what's the future of CounterSpy
Enterprise"? The answer is simple: Everything. CounterSpy
Enterprise is the first step in a full desktop security strategy
that will be unrolling this year.
What you see right now in CounterSpy Enterprise is a method of
restoring spyware infected systems. In the near future (eight
weeks), we will be releasing a version with real-time spyware
protection on the desktop. This upgrade will be available for
free for customers under maintenance.
Then, in the summer, we are going to add antivirus and firewall
capability, for a full security solution. These additional
features will be available at a small additional fee, but will
certainly be cost-competitive with the existing AV and desktop
firewall solutions available.
One note about definition files: Anti-spyware solutions require
definition updates (signatures of known spyware and other
unwanted software) that are necessary to keep the solutions
up-to-date. Through an agreement with Microsoft, they will be
providing definition file updates to Sunbelt to its spyware
database until July 2007. During this time, Sunbelt and MS
exclusively share in the ownership of these definition files.
In addition, we add our own additional updates through our
research team. And finally, we have the work of the Spyware
Fighters Network called ThreatNet®, our network of users
that report spyware to us. It's just getting started up and we
expect good results from that effort as well.
In short, the choice of CounterSpy will provide a uniquely
powerful antispyware product to your enterprise that will evolve
to become a full desktop security platform. At the moment,
CounterSpy has a documented 90%+ catch rate. How did we get to
that number? As CounterSpy is based in part on the MS
definitions, you can use the Microsoft antispyeare results as an
indicator of performance. The review below indicates a catch rate
of 91%. We exceed that catch rate, with fewer false positives.
Our goal is 100% spyware detection and it looks like we're
getting close. In addition, we have significantly enhanced the
original code, our scan rates in the enterprise version are very
fast. Link to the review at About.com:
Here's a link to the new CounterSpy Enterprise 1.0.70 download:
Here's An Idea; Start Your Own Local Security Group
Brian Bourne from Toronto, Ontario sent me this. "We're working
on launching a security user group for Toronto. Our goal is to
raise security awareness with all IT professionals and to provide
a forum for security pro's to share information. Our website is
I think this is a great idea and you could do this in your own
city as well.
Seven Signs Of Trouble In Endpoint Security
ComputerWorld has a good story about security of mobile devices.
Most security investments leave mobile endpoints at risk. This is
because mobile computers are difficult to manage with traditional
security measures and can become vulnerable in many ways,
including the following:
All these points are explained in more detail at their site:
- You don't know what software is installed and running or
how your mobile computers are configured.
- You rely on antivirus and personal firewall software as
your total solution to endpoint security.
- Your IT management and security tools don't extend to your
mobile computers and remote locations.
- You can't enforce secure configuration of all of your
computers when they are on (and off) your network.
- You don't require and enforce current and secure
configuration when computers connect to your network.
- Your mobile and remote users have administrative rights on
- Your discovery and remediation capabilities aren't able to
stay ahead of the shrinking window of time between notice of a
vulnerability being published and an exploit spreading in the
SUS Automatic Update Error Codes
Contributed By: Cliff Hobbs [MVP SMS]
Reproduced from the SUS Deployment Guide, the following is a list
of the common error code arguments that can be received from
Automatic Updates. Please note that this isn't an exhaustive
list as SUS returns any errors it encounters which might not have
come from a SUS component. Link at FAQ Shop:
New Exchange Version: Evolution, No Revolution
David Thompson, corporate VP, Microsoft gave an interview to the
SearchExchange site. Redmond's latest plan for Exchange Server is
to offer customers some substantive new features, but no major
architectural changes, as had been part of earlier plans for the
The next version of Exchange Server, dubbed "E12," will contain
database replication features that will let customers have two
synched copies of the Exchange database for better backup, 64-bit
support for improved scalability, and the ability to more clearly
define the roles of various Exchange elements. Microsoft also
plans to add a set of Web services APIs to improve the
programmability of business apps to Exchange.
They are also talking about unified messaging, and that means
besides email, also voice mail and fax. There are plans to allow
you to call the Exchange server and get your voice mail. It will
also support SenderID (authenticate the sender of an email and
kill the message if it's bogus). Apart from the above, another
feature I liked was a 'smart meeting picker' that will choose the
ideal time for a meeting based on some criteria you can set.
Expect all these goodies in 2007 earliest though. More of this
NT/2000 RELATED NEWS
New Microsoft Malware Tool Calls Home By Default
One of the attentive (more than me) W2Knews readers sent me this
about the new MS Malware Removal Tool: "I don't know if you read
the entire tech note, but this tool sends it's results back to
Microsoft. There is a reg key in the 2nd article which describes
how to prevent this (e.g. in an enterprise situation). Sounds
like a pretty powerful data mining technique!". For people that
had not discovered this, here is the direct link to the support
page that describes it, look for the FAQ number 21 on how to
prevent it from calling home.
Now, How Many Holes Do You Think WinXP Has?
Doing some quick "educated guess math", some one came up with
the following numbers:
- 40 Million: Number of lines of code in Windows XP (60M? in SP2).
- 5 per 1,000: With high quality coding, you still have an
estimated 5 bugs in every thousand lines of a program.
- 200,000: Estimated number of bugs on every WinXP system
- 200: The number of security holes in WinXP if only 1 out of
1,000) are remotely exploitable. Might be much higher...
Redmond Throws In Some Free NT4 Patches
Microsoft's first security bulletins of the new year included
fixes for the now-unsupported Windows NT Server 4.0. On a related
note, administrators are cautioned to apply January's patches in
a specific order to avoid problems. There's more on this story
Trick To Bypass IE Download Warnings
A computer security researcher and Symantec Corp. are warning
MS customers about an unpatched hole in the company's Web browser
that could allow an attacker to bypass security warnings and
download malicious content onto vulnerable systems. ComputerWorld
has the story:
THIRD PARTY NEWS
SNSI Wins Silver Security Product of the Year
After a review of more than 100 products in five categories, the
results of TechTarget's annual Windows Products of the Year are
in. The Editors looked at and scored for innovation, performance,
integration, manageability, functionality and value.
The panel of judges for TechTarget's annual Windows Products of
the Year included independent industry experts and Windows
professionals. They reviewed more than 100 products in five major
- Active Directory
- Enterprise Desktop Administration
- Network and System Management
Sunbelt Network Security Inspector (SNSI) version 1.5 won Silver!
TechTarget's SearchWin2000 site awarded SNSI their Silver
Security Product of the Year Award. They said: "For ease of use
and value, Sunbelt Software's Network Security Inspector (SNSI)
1.5 was given this year's Silver Award in the security category.
"Judges noted that SNSI delivers commercial-grade vulnerability
scanning that detects more than 3,000 ranked vulnerabilities in
multiple operating system platforms and applications. SNSI
version 1.0 was released in February 2004, followed by version
1.5 in July.
"SNSI was also given high marks in the areas of functionality and
performance. Targeted at the SMB market, SNSI costs $1,495 per
administrator. The newest version supports Windows, Solaris, HP-
UX, Red Hat, SuSE and Mandrake Linux, Cisco routers and HP
"Its scanning wizards allows custom scan groups by IP range,
vulnerability, port, machine or any combination, or you can use
predefined scans such as "high risk" or "SANS Institute's top 20."
"You can also search for specific vulnerabilities based on a
number of fields, use prioritized and customizable vulnerability
reports and eliminate vulnerabilities found using SNSI's
recommended solutions, which in many cases include links to
related Web sites that provide further information on manually
fixing a vulnerability."
Here is a list of the most important improvements in V1.6.
- Users can export reports
- All reports were re-formatted
- New Executive Summary report
- Report Category grouping in tree was changed
- Reports now display in separate app - "report view" shows an
example jpeg of the report.
- Consolidated authentication options for domains and IP into
- Allow user to provide credentials on the Auth page without
requiring Windows authentication
- Will not show non-applicable columns in machine discovery
- Added Group Scan wizard
- Update scheduling - Options in settings pane for automatic
update checks now functional
- Add short description column to scan results
- Animations in status bar show when scan is in progress or
machines are being added to group
- Evaluation days now shown in help about
To see all the official SearchWin2000 Announcement:
To go directly to SNSI for a 30-day V1.6 download:
Print Manager Plus 5.5 Cluster Version Released
Print Manager Plus Reduces Cost of Printing Across the Enterprise
by up to 75%. The primary reasons organizations make use of
clustering technology are to provide application availability and
data integrity and to reduce costs associated with downtime.
Print Manager Plus is the only Microsoft verified and certified
print management, reporting and quota technology in the industry.
"The high cost of printing often goes unnoticed by many
businesses and institutions," commented Danny Byrnes, Print
Manager Plus product manager. By using an easily managed
enterprise solution for any number of printers, IT managers can
take full control and significantly reduce these costs with
minimal time or effort. Print Manager Plus puts complete control
of the cost and administration of printing back into the hands of
Print Manager Plus not only provides reports and allows quotas to
be set on users, it allows one to bill clients for printing done
for them, it enables consultants to assess customer networks to
determine what printers or configurations will optimize their
printer fleet, and other features which all add up to reducing
the cost of printing and simplifying the print enterprise.
Over 10,000 customers use it including Microsoft (who offer it
to the Public Sector in Europe, Middle East, and Africa), HP,
Dell (who also offer it as part of their standard server
software), Oxford University, Siemens, CNN, NASA, the Red Cross,
along with schools, universities and companies in nearly every
country of the world. Print Manager Plus comes in English or
German. For more information, prices, and a fully functional
This Week's Links We Like. Tips, Hints And Fun Stuff
This guy built a little glider with a GPS enabled auto-pilot that
drops from a weather balloon and guides itself to the landing
Bloopers bedevil Gates at Consumer Electronics Show. "It no
workie!" See the video at:
Deep Sea 'Things' washed ashore via the recent Tsunami.
So, what were the most popular searches in 2004 at Google?
New hardware: Akimbo. It delivers TV over the Internet. I'm
Want to hear the winds of Titan? They are here now!
Hasbro has a new toy that actually is really funny: "Darth Tater"
Ever wondered what Bill Gates looked like in 1984? These are
shots for a magazine called Teen Beat. Hee hee.
This is the most expensive flashlight that I have seen up to now:
Eyes getting tired? Here is a massager that runs on your USB port.
Now here is a car ad (probably spoofed) that has sharp edges on
all sides. Some people will call this definitely politically
PRODUCT OF THE WEEK
The Internet On Wheels: RaySat
If you are a road warrior, here is your next weapon: a really fast
connection to the net via satellite in your car. RaySat, Inc in
Vienna, Va developed an antenna that makes your wheels into a
rolling Wi-Fi hot spot: access for your laptop and also live
satellite TV. I saw an article about it in the Wall Street Journal
and I like the idea. The cost is $3,500 and it will become
available in Q3 this year. Their site is over at: