1. EDITORS CORNER
   • A Microsoft Joke
   • CounterSpy Consumer Wins PC WORLD BEST BUY
   • SunPoll Workstation Results, And A New Poll on Lavasoft
2. ADMIN TOOLBOX
   • Admin Tools We Think You Shouldn't Be Without
3. TECH BRIEFING
   • Two Sunbelt WebCasts on March 8-th!
   • Big Survey, Big Reward
   • Learning Guide: Malware
   • Time To Own The Spyware Problem
   • "Pharming" Attacks: New Identity Theft Tactic?
   • Another Reason For Users Not To Run As Admin
   • March 2005 Web Server Survey Finds 60 Million Sites
   • On Which Platforms Will IE7.0 Really Run?
4. NT/2000 RELATED NEWS
   • Microsoft Takes Another Step In Stemming Piracy
   • Microsoft says 64-bit Windows due in April
   • ISA Server 2004 Enterprise Edition Generally Available
   • Zero Security Bulletins Planned For March
   • Ask Microsoft: Remotely reinstalling SBS
5. NT/2000 THIRD PARTY NEWS
   • SNSI Adds Juniper OS Vulnerabilities
   • Want To See The "Spyware in the Enterprise" Webcast?
   • Get A Free Pass for the InfoSec World Expo
6. W2Knews 'FAVE' LINKS
   • This Week's Links We Like. Tips, Hints And Fun Stuff
7. PRODUCT OF THE WEEK
   • The New iHateSpam For Exchange Version 1.6

A Microsoft Joke

Paul Thurrott had a good joke in his WinInfo Daily Update news-letter: I thought this was a good place to repeat it: "Bill Gates walks into a bar and the patrons--Microsoft customers, all--turn to look at the world's richest man. He announces, "I'm going to devote all my time to Longhorn!" Everyone cheers and lifts Gates to carry him around the room in a victory parade. Two years pass, and Gates returns to the bar. Longhorn hasn't shipped, the project is horribly mismanaged, and it's now something of a joke in the industry. He announces, "I'm going to devote all my time to security!" This time, he's met by silence. So is this joke funny? Not in the classic sense. But that's what just happened, minus the bar, of course. Something to think about.

CounterSpy Consumer Wins PC WORLD BEST BUY

We have some pretty good news. We were not lying [grin] when we said that the CounterSpy spyware database is the best in the industry. It just got independently confirmed by PC World when they tested the consumer version of CounterSpy.

Some highlights of their test: "CounterSpy posted the highest detection rate in our tests. Offers a wide range of real-time protection, including script blocking and preventing infections from the addition of Browser Helper Objects. We saw a significant difference among scan speeds. The most effective scanner --CounterSpy-- was also the fastest, taking only a minute to perform a complete scan of a system with 2.7GB of data.

"Sunbelt Software's CounterSpy proved the most capable of the bunch, finding and stopping 93 percent of all the running processes created by our 45 test programs. CounterSpy was the only product in our tests that was able to shut down and remove the tenacious WinTools from our system."

The Enterprise version will also have these real-time protection features in Version 1.5 which we expect in a few months. If you decide to buy the enterprise Version 1.1 now, real-time protection will be added as a no-cost update. Protect your organization with CounterSpy Enterprise; "the best spyware database in the industry"

Here is the PC WORLD Article:
http://www.w2knews.com/rd/rd.cfm?id=050307ED-CSE_Article

SunPoll Workstation Results, And A New Poll on Lavasoft

Dang! 95% of you are running W2K and above, that's cool. Here are the numbers: "Which client OS does your organization use for the majority of the workstations?

• WinXP SP2: 39%
• WinXP SP1 or earlier WinXP: 19%
• Windows 2000: 35%
• Windows 9x: 4%
• Other: 3%

New SunPoll: "Do you trust Lavasoft's Ad-Aware after they delisted WhenU as Spyware?" Vote here, bottom rightmost column
http://www.w2knews.com/rd/rd.cfm?id=050307ED-SunPoll

Quotes Of The Week:
"How does a project get to be a year behind schedule? One day at a time." -- Fred Brooks, System/360 Chief Designer, IBM
"Humanity is acquiring all the right technology for all the wrong reasons." -- R. Buckminster Fuller
"FAST, CHEAP, SECURE: Pick any TWO " -- Andrew Baker

Two Sunbelt WebCasts on March 8-th!

1) Sunbelt and NSI Present "Data Availability Solutions"

Don't Miss This FREE Webinar - Brought to You by Sunbelt Software and NSI Software. In today's diverse environments, you face a wide variety of data protection and availability issues. These range from protecting key applications like e-mail and databases to protecting branch office data. NSI Software and Sunbelt Software invite you to attend this Webinar that will focus on leveraging replication technology to solve real-world business problems. March 8th, 11AM - 12 PM (EST)Register Today!
http://www.w2knews.com/rd/rd.cfm?id=050307TB-NSI_Webinar

2) Webcast: Fight Spyware with CounterSpy Enterprise.

Attend the "Hit Spyware. Hard." webcast provided by Sunbelt. Learn how to protect your organization from spyware and other malware. Let us show you how easy CounterSpy Enterprise is to install, configure and manage to prevent spyware on your users' machines. Learn how this scalable, policy-based, centrally managed second-generation solution can detect and remove a broad range of spyware and malware from your corporate network.

When: Tuesday, March 8, 2005 1:00 PM (EST)
Audio Information:
1-800-416-4956 or 888-633-2105 (Canada)
Outside the US 302 709 8433
Passcode: 104764#
On the day of the event, click here to attend:
http://www.w2knews.com/rd/rd.cfm?id=050307TB-Webcast

Big Survey, Big Reward

Sunbelt Software and the Yankee Group have a special request for you. As a leading edge enterprise organization, we would like to invite you to participate in an independent, non-sponsored Yankee Group survey. The survey is designed to provide a detailed comparison between the Total Cost of Ownership issues (business and technology) associated with the Linux and Windows platforms.

There are two things that we'd like you to do if you decide to participate.

1. Take the Linux/Windows TCO Comparison Survey. There are 48 questions in the survey. Don't be alarmed; many of these questions can be answered very quickly. You may find that you are unable to answer some of the more detailed, specific TCO questions. We simply ask that you fill out all questions in their entirety, or to the best of your ability. If you don't have specific facts and figures at your disposal, please enter an estimate.

2. Participate in a telephone call to review your survey responses. Once again, the Yankee Group is sensitive to the time constraints of individual IT managers and C-level executives. We would like to spend 15-20 minutes reviewing your responses and to obtain further anecdotal data. All responses will be kept strictly confidential.

The results will be tabulated and published in a written report in the April/May 2005 timeframe. The report will contain PowerPoint graphics, so you'll be able to see exactly how your organization compares to others. In consideration for your participation, you will receive a free copy of the report. This is a several thousand dollar value. Additionally, Sunbelt Software will include a free copy of CounterSpy Client.

Please download this Word file, fill it out, and send it back to this email address: stus@sunbelt-software.com
Here is the file:
http://www.w2knews.com/rd/rd.cfm?id=050307TB-TCO_Survey

Learning Guide: Malware

This guide introduces you to three types of malware: spyware, spam and viruses. Each malware-specific section explains how to recognize the problem, protect Exchange and Windows from attack and handle the clean up if you've already been hit. You will find the best malware articles, tutorials, tips and expert advice compiled from SearchExchange.com, SearchWin2000.com and SearchWindowsSecurity.com to get you up to speed on these critical security issues.
http://www.w2knews.com/rd/rd.cfm?id=050307TB-Malware

Time To Own The Spyware Problem

Recently, Forrester Research released "Anti-Spyware Adoption in 2005", a study by analyst David Friedlander with Natalie Lambert, that included some surprising stats. What struck InfoWorld most was that 39 percent of respondents, dubbed "technology decision makers," did not know the percentage of desktops infected with spyware in their organizations. Perhaps they didn't know because 56 percent were unsure of what percentage of help desk calls were related to spyware issues. Here's the story at InfoWorld:
http://www.w2knews.com/rd/rd.cfm?id=050307TB-Spyware

"Pharming" Attacks: New Identity Theft Tactic?

You've heard about "phishing" schemes, but what about "pharming?" Instead of sending you e-mail that directs you to a Web site pretending to be that of a legitimate site, the "pharmer" hijacks your browser to his own site when you type a legitimate site's URL (such as that of your online bank) into the browser's address bar.

Pharming uses a technique called DNS poisoning. The Domain Name System (DNS) servers contain directories that are used to match Web addresses (such as www.winxpnews.com) to the IP address where that Web server actually resides. DNS poisoning involves changing those records so that the address will take you to a different Web server (usually that of the pharmer's).

This is especially dangerous because security experts have warned users to type in such addresses instead of clicking on links, thus leading them to believe that if you type it in, you're safe. Read more about the pharming threat here:
http://www.w2knews.com/rd/rd.cfm?id=050307TB-Pharming

Another Reason For Users Not To Run As Admin

Mark Joseph Edwards, News Editor at ntsecurity / net came up with a very good point about being logged on as an admin: Spyware is now making use of that fact! Here's a snippet of what he said:

"You're probably well aware that running your desktop while logged on as an administrator can be risky. Spyware peddlers have already developed a way of adding their programs to the Windows Firewall's list of trusted applications. The spyware application simply adds a registry subkey that references the application under the subkey that stores trusted applications. Any trusted application is allowed to send traffic out of the computer. However, adding a subkey to the list of trusted applications works only if the user is logged on with administrative authority. Read more & comments at WindowsITPro:
http://www.w2knews.com/rd/rd.cfm?id=050307TB-Admin

March 2005 Web Server Survey Finds 60 Million Sites

NetCraft reported that they now find more than 60 million web sites on the Internet, as the March 2005 survey received http responses from 60,442,655 sites.

The milestone comes just nine months after the survey crossed the 50-million mark in May 2004, as the growth of the Web continues to accelerate, approaching the dizzying pace of the height of the Internet boom. During the year 2000, the number of sites found by the NetCraft survey doubled from 10 million to 20 million in just seven months. More recently, it took 13 months for the Web to grow from 40 million to 50 million sites. Click here to see the graph:
http://www.w2knews.com/rd/rd.cfm?id=050307TB-NetCraft

On Which Platforms Will IE7.0 Really Run?

Microsoft Takes Another Step In Stemming Piracy

Looks like Redmond has set a new Windows XP activation policy, hoping to close a loophole that allowed resellers to illegally reuse Microsoft Certificates of Authenticity (COA) from larger OEMs. Starting Feb 28, 2005 today they will disable Internet product activation from OEM keys used by the top 20 PC makers.

If a customer tries to activate WinXP from a COA, they will be directed to activate XP through Microsoft support. By requiring users to phone-in activation, Microsoft hopes it can stem the distribution of illegally copied COAs through its large reseller channel. It's promising to be a royal pain in the neck. The forums are already steamed up about it. Read story at betanews:
http://www.w2knews.com/rd/rd.cfm?id=050307RN-Loophole

Microsoft says 64-bit Windows due in April

News.com reported that Microsoft will release 64-bit versions of Windows for desktops and servers in April, according to a top company executive. Jim Allchin, the head of the software maker's Windows unit, told an audience at the Intel Developer Forum that the desktop version is planned for release at the beginning of April and the server version will follow at the end of that month.
http://www.w2knews.com/rd/rd.cfm?id=050307RN-64-Bit

ISA Server 2004 Enterprise Edition Generally Available

Internet Security & Acceleration Server 2004 Enterprise Edition became generally available this week. Microsoft's RTM (release to manufacturing) was mid-February. Redmond also released a service pack for the Standard Edition of ISA Server 2004, it incorporates the improvements in both reliability and stability that the developers made when they were creating Enterprise Edition. You can get it at www.microsoft.com/isaserver.

Zero Security Bulletins Planned For March

After releasing 12 security bulletins in February, Microsoft has zero new security bulletins on tap for March. Read more:
http://www.w2knews.com/rd/rd.cfm?id=050307RN-Zero_Bulletins

Ask Microsoft: Remotely reinstalling SBS

SNSI Adds Juniper OS Vulnerabilities

Here is the latest update of the SNSI (Sunbelt Network Security Inspector Version 1.6.17.0 (released February 25, 2005). In this version we added the ability to identify the Juniper routers operating system (JUNOS) SNSI 1.6.17.0 contains the first Juniper vulnerability check (N44)

New vulnerability updates for this release include:

• 12 new Windows checks
• 17 new Linux checks
• 5 new Solaris checks
• 5 new network device (Cisco and Juniper) checks

Here are the new Windows Checks:

ID	Vulnerability
W2412	Service Pack 1 Installed - XP
W2413	IE Drag and Drop DHTML Vulnerability
W2414	IE URL Decoding Zone Vulnerability
W2415	IE DHTML Heap Memory Vulnerability
W2416	IE Channel Definition Format Vulnerability
W2417	Outlook Express Cumulative Update Missing
W2418	SharePoint Team Services Spoofing/CSS Vulnerabilities
W2419	NTFS Mount Operation Problem
W2420	Service Pack Release Candidate Installed
W2421	Windows NT 4.0 Detected
W2422	Yahoo! Messenger Ping Vulnerability
W2423	Http.sys Coding Error

To update from within the SNSI console, select Settings, enter your full registration key and click on Check Now button. To get the latest SNSI version, visit:
http://www.w2knews.com/rd/rd.cfm?id=050307TP-SNSI

Want To See The "Spyware in the Enterprise" Webcast?

Last week's attendance to the Microsoft LiveMeeting "Spyware in the Enterprise" webcast was excellent! If you were there, thanks! If you could not make it, below is a second chance to view it.

Can I Get the PDF Of The Presentation?
--------------------------------------

Many of you requested a copy of the slide presentation from Thursday's event. It has excellent ammo in case you need to create a business case to get approval for antispyware. You can get it here:
http://www.w2knews.com/rd/rd.cfm?id=050307TP-Webcast_PDF

I Want To See The WebCast
-------------------------------------

The Live Meeting WebCast was recorded and you can now see it at any time that is convenient. Click on the link below, the only thing needed to register is your name and email address. It's available in:

• Basic recording with Windows Media TM formatted streamed audio
• Microsoft Office Live Meeting Replay
• Windows Media-formatted streamed audio & video
• Basic recording with RealPlayer formatted streamed audio
• Basic recording with per-slide audio

http://www.w2knews.com/rd/rd.cfm?id=050307TP-SpywareWC

I Want To See How Infected My Network Is
----------------------------------------

Sunbelt Software develops CounterSpy Enterprise, a centrally managed antispyware tool for the enterprise with policy-based deployment, Active Directory support and a solid Admin Console. It is the ONLY antispyware product with THREE threat database update sources: Microsoft, ThreatNet, and internal research. Download the product, fill out the form on the download page and your Account Rep will send you a 30-day key for as many workstations as you need to find out how badly infected your network really is. Download Link below.

Try The New Version 1.1
----------------------------------------

Monday Feb 28-th, we released the new V1.1.108 which has a series of improvements. Here are a few highlights:

• Full support added for using MS SQL Server as the reporting database.
• New "Deployment Wizard" added to simplify the task of deploying Agents using either a push installation or deployment package.
• New deployment package type added to create an MSI and the corresponding MST file.
• Better user feedback if Agent deploy fails.
• Threat engine now detects threats in user-level folders and registry locations.
• Tools to send configuration data to Sunbelt Support are now included.

You can try the NEW VERSION 1.1 now, Click here and download at:
http://www.w2knews.com/rd/rd.cfm?id=050307TP-CSE_DL

Get A Free Pass for the InfoSec World Expo

Register today for your FREE InfoSec World Expo-Plus Pass! InfoSec World 2005(tm) Conference and Expo, April 4-6, 2005 Disney's Coronado Springs Resort / Orlando, FL.

This Week's Links We Like. Tips, Hints And Fun Stuff

• Track Physical Location by IP Address with the GeoBytes online IP address locator tool. Enter an IP in the box and click select!
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-IPLocator
• Pretty wild animation art project, click Flash, follow instructions
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-Art
• The ultimate SUV when some one p**sses you off. This is a busy server so you may have to try a few times to get through!
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-SUV
• Some more tsunami before/after shots. Quite impressive.
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-Tsunami
• Mystery Fave... something to do with eggs.
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-Eggs
• The "last developer" owning a Ferrari has left Microsoft. Hard times hitting Microsoft? [grin]
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-Hard_Times
• Interesting article about Google's super-redundant architecture:
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-Google
• Edible Art. Made out of all things... melons? You'd be surprised!
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-Melons
• How to kill a Porsche. He's making a good show of it!!
  http://www.w2knews.com/rd/rd.cfm?id=050307FA-Porsche (wmv)

The New iHateSpam For Exchange Version 1.6

The new antispam engine in iHateSpam simply rocks! It's the equivalent of swapping out your old 2-liter 4-cylinder for a 10-cylinder 500 HP powerplant. The sales of V1.6 have increased dramatically, and we find very, very happy end-users at our 5,000+ production sites. And, iHateSpam For Exchange is the 2004 Windows IT Pro Reader's Choice WINNER. Haven't tried it yet? You really should give it a go and get your 30 spam-free days, and then ask about our competitive upgrades: