- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 28, 2005 (Vol. 10, #13 - Issue #518)
Spyware vs. AntiSpyware Battle
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • New Federal Rules Dictate Bank ID Theft Notifications
    • Run A Mainframe? Got Storage Issues?
    • Make Sure To Put W2Knews On Your Whitelist
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • Authentication Learning Guide
    • Free Microsoft Patch Tool Morphs, Nears Completion
    • Step-by-Step Guide: How to set up a VPN
    • Recommended Exchange Mailbox Sizes
    • Spyware vs. AntiSpyware Battle
  4. NT/2000 RELATED NEWS
    • WUGNET Debuts New Windows Support Forums
    • What Is NAP and Will It Be In Longhorn?
    • High-End Windows Features for iSCSI
  5. NT/2000 THIRD PARTY NEWS
    • CounterSpy Clobbers MS AntiSpyware In Test
    • 54% Of Malware Seeks ID Theft
    • Exchange Fault Tolerance Market Leader
    • Three Leaks In Firefox
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. PRODUCT OF THE WEEK
    • iHateSpam For Exchange Prevents BlackBerry Spam
  SPONSOR: Microsoft/Tech.Ed
Learn, solve and grow at Tech?Ed 2005 -- June 5-10, Orlando, FL.
Get the most from the applications, languages, and code for the
Microsoft(r) platform you work with every day. Evaluate and
test-drive the latest software. Meet and talk to the architects
and engineers who built it. Network with thousands of your peers.
See the largest collection of Microsoft and Microsoft Partner
Solutions. Register now while space is still left.
Visit Microsoft/Tech.Ed for more information.
  EDITORS CORNER

New Federal Rules Dictate Bank ID Theft Notifications

The Federal Reserve Board issued new rules this week that require banks and other financial institutions to notify their consumers "as soon as possible" in cases where personal data has been compromised. The Feds together with the FDIC unveiled their "guidance" on how they expect banks to treat personal data theft under federal laws enacted in 2003.

It's no coincidence that these rules are released at the moment when several organizations have come clean that their consumers' personal data has either been stolen or compromised. A spokesman for the FDIC in Washington said that they spent the past year and a half reviewing the Fair and Accurate Credit Transactions (FACT) Act. A lot of people had input in the review, they came from the security- and banking industry, government officials and consumer groups.

Well, you can draw your own conclusions. Rules like these start with banks, usually filter over into healthcare, and then become law for public companies after a while. Work on that layered security model you should already have.

Run A Mainframe? Got Storage Issues?

Here's some questions for you from the Yankee Group. It's no more than 3 minutes if that. And also instructive. We'll get you an exec summary in a coming issue:
http://www.w2knews.com/rd/rd.cfm?id=050328ED-MainFrame

Make Sure To Put W2Knews On Your Whitelist

Don't miss out! Make sure your copy of W2Knews isn't mistakenly blocked by antispam software. Add [email protected] to your list of allowed senders and contacts.

Quotes Of The Week:
""Reality is merely an illusion, albeit a persistent one." --Albert Einstein
"Outsourcing is akin to making a skyscraper taller by taking material from its lower floors." --Byron Katz

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

  TECH BRIEFING

Authentication Learning Guide

Overlooking the importance of strong authentication is like giving hackers and crackers an all-access pass to your Windows systems. Get help locking down authentication for user logon, remote and wireless access, and Web servers in this learning guide from SearchWindowsSecurity.com.
http://www.w2knews.com/rd/rd.cfm?id=050328TB-Auth_Guide

Free Microsoft Patch Tool Morphs, Nears Completion

What was SUS, then WUS will now be known as WSUS. Last week, a release candidate of Windows Server Update Services was made available for review. WUS (Windows Update Services) is the new 2.0 version of the old Software Update Services, which is a no-cost add-on to manage security updates in domains. Last couple of years, everyone was snickering about these names: SUS and WUS. Redmond woke up and made the new name a bit more "official" sounding. It's now Windows Server Update Services, and the official short name is Update Services. More at:
http://www.w2knews.com/rd/rd.cfm?id=050328TB-WSUS

Step-by-Step Guide: How to set up a VPN

Solutions for keeping remote users connected to Exchange Server have traditionally centered around Outlook Web Access. However, there is no reason why remote users can't connect to Exchange using a Virtual Private Network (VPN). This guide will walk you step-by-step through the setup and configuration process.
http://www.w2knews.com/rd/rd.cfm?id=050328TB-VPN

Recommended Exchange Mailbox Sizes

Question: I have a CEO who has allowed his inbox to increase to 10,000 items despite feeble attempt by the LAN manager to get him to stop. There are another 10K items in various folders and the total mailbox size is about 2GB. Apart from that he has a PST with another 15K items for another Gig. The PST sits on the fileserver. The CEO is regularly missing emails because he travels over 50% of his time, the 10K items in his inbox gets synced every day, often remotely over modem... What to do?

Answer: If emails are getting lost because mismanagement of the inbox and an inability to find them, then you have a user problem. Having this many items in a folder can cause performance problems, but technically having that number of items sitting in a mailbox is not something bad, as there are no inherent size limits on individual mailboxes except the 64K limit. A good rule is no more than about 2500-5000 messages in any of the critical path folders. If the user needs to find emails, install Lookout for him. This indexes the emails and gets blisteringly fast search results. We use it in Sunbelt all the time. Link at:
http://www.w2knews.com/rd/rd.cfm?id=050328TB-Mailbox_Sizes

Spyware vs. AntiSpyware Battle

Spyware is getting smart. They often install two executables, that monitor each other. If one gets deleted, the other one goes and reinstalls itself again. These are called resuscitators. And they also are polymorphic, meaning they choose random file names automatically.

Sunbelt has developed specialized intelligence and made some major enhancements to the CounterSpy scanning engine that includes new code to handle difficult "self-resuscitating" spyware, as well as a significantly increased speed. This research came out of the development of our Software Development Kit as well as our enterprise version (a good chunk of this new engine is already in our enterprise version).

  NT/2000 RELATED NEWS

WUGNET Debuts New Windows Support Forums

WUGNET (short for Windows Users Group Network) announced they are pleased to now offer the largest and most comprehensive Windows Support Forums on the Internet. With over 600,000 unique posts and replies, you'll find answers to all your questions regarding every aspect of all Windows Operating Systems. Their forums include support for WinXP, 2000, NT, Me, 98, and even 95.

And you'll also find complete support for IE. If you don't find an answer to your question by simply browsing the forums, just join the forums (no cost) and post your own question. You'll begin receiving replies quickly. To visit their forums, check:
http://www.w2knews.com/rd/rd.cfm?id=050328RN-WUGNet

What Is NAP and Will It Be In Longhorn?

Network Access Protection is a policy enforcement platform that lets you as an admin set policies to "quarantine" and restrict clients from accessing a network until the clients can prove policy compliance.

"The idea behind NAP is that we create a framework that allows IT administrators to ensure policy compliance of their systems. In essence, a computer has to prove that it is healthy [compliant with policy] before it is allowed to connect to the network" That's the word from Jawad Khaki, corporate Veep of Redmond's networking and devices technologies division.

He said NAP support will take advantage of the new stack in Longhorn, but he declined to discuss whether it will be integrated into third-party technologies from companies such as Cisco or Check Point. More on NAP's background over at the MS website:
http://www.w2knews.com/rd/rd.cfm?id=050328RN-NAP

High-End Windows Features for iSCSI

This could actually make Windows-based IP storage more attractive for people like us. Redmond is going to release V2.0 of its iSCSI initiator next month. I'm looking forward to getting the download by mid-April.

New features in V2.0 include integration with Microsoft Multipath I/O (MPIO), support for all error recovery levels, and support for Windows Server x64 Editions. It also includes the Microsoft iSCSI Device Specific Module (DSM), with which you can deploy iSCSI multi-pathing solutions.

What this all boils down to is that you can use it to set up failover and load balancing solution using the Windows server platform. Those features will make iSCSI-based storage more attractive. You could see iSCSI as a viable alternative to Fibre Channel SANs.

Some of the companies who have successfully qualified their iSCSI products in a recent plugfest and support the new V2.0 include: Adaptec, ATTO, Broadcom, Crossroads, Cisco, EqualLogic, EMC, Falconstor, HP, Intel, Intransa, Lefthand Networks, Network App, Promise Technology, QLogic, SpectraLogic, SANRAD, Stonefly Networks and String Bean Software. More at the Microsoft site:
http://www.w2knews.com/rd/rd.cfm?id=050328RN-iSCSI

  THIRD PARTY NEWS

CounterSpy Clobbers MS AntiSpyware In Test

I'm starting to like the WindowsSecrets site more and more [grin].

They recently commented: "Sunbelt Software's CounterSpy, an award-winning antispyware application ($20 USD), hasn't yet been put to a fair, head-to-head test against Microsoft AntiSpyware (MSAS) by a major computer magazine, to the best of our knowledge. PC World recently tested several antispyware apps, but used an MSAS signature file of a different date from the other programs, making direct comparisons impossible." They continue with:

"Windows Secrets reader Bob Wilson has been conducting his own tests of the two competing programs. He's achieved some very interesting findings: "I started using CounterSpy several months ago when it was first introduced. I then installed [the free, beta version of] Microsoft AntiSpyware. I thought that, due to the obvious similarities, people were getting $20 worth of free software. In the time I have been running both programs, the free program has only detected one piece of spyware, while CounterSpy has detected maybe a dozen, mostly key loggers. The last few times I found items using CounterSpy, I did not quarantine them. Instead, I ran the Microsoft program, which failed in each case to detect the spyware. Looking deeper, you find that the similarity of the two programs is superficial: The CounterSpy installation is larger: The files examined by CS are about 62,000 compared to 20,000 by MS. The Registry locations examined are about 12,000 for CS and 8,500 for MS. Just thought people should know."

WindowsSecrets are going to publish the results of additional authoritative antispyware tests in their Security Baseline section. You should check this site out and subscribe to their newsletter, it's a good one!
http://www.w2knews.com/rd/rd.cfm?id=050328TP-WindowsSecrets

Here is a graph with the Spyware Detection Rates out of PC World, April 2005. What you see is the result of the CounterSpy consumer version:
http://www.w2knews.com/rd/rd.cfm?id=050328TP-Detect_Rates

54% Of Malware Seeks ID Theft

The most recent Symantec Internet Security Threat Report that covers the last six months of 2004 was released. The report's conclusions highlight the rapidly changing nature of worms, viruses and other malware. More than half of the top 50 threats in the second half last year attempted to steal confidential information from a user's computer, up 50% from a year earlier.

This really shows a trend: Most malware writers are now motivated by financial gain. The greatest increases were seen in attacks on Web apps and phishing scams. This trend is likely to continue because these types of attacks are not easily blocked.

The report documented 7,360 new worms and viruses in the second half of 2004 - about 40 per day. Obviously, even daily updates of virus signatures aren't nearly frequent enough to protect computer users from modern malware. You certainly need to have a very active approach in your layered security posture. Scanning for vulnerabilities and fixing them is just as important as having very regular AV-updates and scanning for existing spyware.

Here are some tools you can use for this approach:

SNSI: a 4-star, high-end vulnerability scanner licensed by admin:
http://www.w2knews.com/rd/rd.cfm?id=050328TP-SNSI

CounterSpy Enterprise: "The best spyware database in the industry":
http://www.w2knews.com/rd/rd.cfm?id=050328TP-CSE

And here is the graph that actually shows that claim!:
http://www.w2knews.com/rd/rd.cfm?id=050328TP-Test_Results

Exchange Fault Tolerance Market Leader

NSI Software last yesterday affirmed its leadership in protecting MS Exchange Server by announcing the deployment of 12,000 licenses of its award winning Double-TakeŽ solution. The release highlights their success deploying Double-Take for Exchange Server protection and includes support from Microsoft and four NSI customers: the Boston Celtics, First American Title, University of Miami Law School and the Shorenstein Company. This is a great milestone for NSI and the Double-Take partner community. Check it out here:
http://www.w2knews.com/rd/rd.cfm?id=050328TP-Double-Take

Three Leaks In Firefox

Reports have come up from Mozilla about the Firefox-browser. There are three leaks that can be solved by upgrading to V1.0.2. These vulnerabilities could be exploited to take over a PC. More details at:
http://www.w2knews.com/rd/rd.cfm?id=050328TP-Firefox1
http://www.w2knews.com/rd/rd.cfm?id=050328TP-Firefox2
http://www.w2knews.com/rd/rd.cfm?id=050328TP-Firefox3

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

iHateSpam For Exchange Prevents BlackBerry Spam

Here is some real feedback from the trenches, "warts and all": "We have been using the IHS SE for the last 2 years and version 1.6 is by far the best one. I have been running it on my work server for about 3 weeks now. With the old engine I was about to give up and get a Barracuda hardware unit. With V1.6 I am no longer considering that option." -- T.H., Network Admin. iHateSpam for Exchange is easily configured for use with the BlackBerry environment. Get it now, and upgrade to the new V2.0 which has AV, content filtering, disclaimers and more!

http://www.w2knews.com/rd/rd.cfm?id=050328PW-IHSE