Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 28, 2005 (Vol. 10, #13 - Issue #518)
Spyware vs. AntiSpyware Battle
This issue of W2Knews contains:
- EDITORS CORNER
- New Federal Rules Dictate Bank ID Theft Notifications
- Run A Mainframe? Got Storage Issues?
- Make Sure To Put W2Knews On Your Whitelist
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Authentication Learning Guide
- Free Microsoft Patch Tool Morphs, Nears Completion
- Step-by-Step Guide: How to set up a VPN
- Recommended Exchange Mailbox Sizes
- Spyware vs. AntiSpyware Battle
- NT/2000 RELATED NEWS
- WUGNET Debuts New Windows Support Forums
- What Is NAP and Will It Be In Longhorn?
- High-End Windows Features for iSCSI
- NT/2000 THIRD PARTY NEWS
- CounterSpy Clobbers MS AntiSpyware In Test
- 54% Of Malware Seeks ID Theft
- Exchange Fault Tolerance Market Leader
- Three Leaks In Firefox
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- iHateSpam For Exchange Prevents BlackBerry Spam
Learn, solve and grow at Tech?Ed 2005 -- June 5-10, Orlando, FL.
Get the most from the applications, languages, and code for the
Microsoft(r) platform you work with every day. Evaluate and
test-drive the latest software. Meet and talk to the architects
and engineers who built it. Network with thousands of your peers.
See the largest collection of Microsoft and Microsoft Partner
Solutions. Register now while space is still left.
Visit Microsoft/Tech.Ed for more information.
New Federal Rules Dictate Bank ID Theft Notifications
The Federal Reserve Board issued new rules this week that require
banks and other financial institutions to notify their consumers
"as soon as possible" in cases where personal data has been
compromised. The Feds together with the FDIC unveiled their
"guidance" on how they expect banks to treat personal data theft
under federal laws enacted in 2003.
It's no coincidence that these rules are released at the moment
when several organizations have come clean that their consumers'
personal data has either been stolen or compromised. A spokesman
for the FDIC in Washington said that they spent the past year
and a half reviewing the Fair and Accurate Credit Transactions
(FACT) Act. A lot of people had input in the review, they came
from the security- and banking industry, government officials
and consumer groups.
Well, you can draw your own conclusions. Rules like these start
with banks, usually filter over into healthcare, and then become
law for public companies after a while. Work on that layered
security model you should already have.
Run A Mainframe? Got Storage Issues?
Here's some questions for you from the Yankee Group. It's no
more than 3 minutes if that. And also instructive. We'll get
you an exec summary in a coming issue:
Make Sure To Put W2Knews On Your Whitelist
Don't miss out! Make sure your copy of W2Knews isn't mistakenly
blocked by antispam software. Add [email protected] to
your list of allowed senders and contacts.
Quotes Of The Week:
""Reality is merely an illusion, albeit a persistent one."
"Outsourcing is akin to making a skyscraper taller by taking
material from its lower floors."
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
Authentication Learning Guide
Overlooking the importance of strong authentication is like giving
hackers and crackers an all-access pass to your Windows systems.
Get help locking down authentication for user logon, remote and
wireless access, and Web servers in this learning guide from
Free Microsoft Patch Tool Morphs, Nears Completion
What was SUS, then WUS will now be known as WSUS. Last week, a
release candidate of Windows Server Update Services was made
available for review. WUS (Windows Update Services) is the
new 2.0 version of the old Software Update Services, which
is a no-cost add-on to manage security updates in domains.
Last couple of years, everyone was snickering about these
names: SUS and WUS. Redmond woke up and made the new name
a bit more "official" sounding. It's now Windows Server Update
Services, and the official short name is Update Services.
Step-by-Step Guide: How to set up a VPN
Solutions for keeping remote users connected to Exchange Server
have traditionally centered around Outlook Web Access. However,
there is no reason why remote users can't connect to Exchange
using a Virtual Private Network (VPN). This guide will walk you
step-by-step through the setup and configuration process.
Recommended Exchange Mailbox Sizes
Question: I have a CEO who has allowed his inbox to increase
to 10,000 items despite feeble attempt by the LAN manager to
get him to stop. There are another 10K items in various folders
and the total mailbox size is about 2GB. Apart from that he
has a PST with another 15K items for another Gig. The PST
sits on the fileserver. The CEO is regularly missing emails
because he travels over 50% of his time, the 10K items in his
inbox gets synced every day, often remotely over modem...
What to do?
Answer: If emails are getting lost because mismanagement of
the inbox and an inability to find them, then you have a user
problem. Having this many items in a folder can cause performance
problems, but technically having that number of items sitting
in a mailbox is not something bad, as there are no inherent
size limits on individual mailboxes except the 64K limit. A
good rule is no more than about 2500-5000 messages in any of
the critical path folders. If the user needs to find emails,
install Lookout for him. This indexes the emails and gets
blisteringly fast search results. We use it in Sunbelt all the
time. Link at:
Spyware vs. AntiSpyware Battle
Spyware is getting smart. They often install two executables,
that monitor each other. If one gets deleted, the other one goes
and reinstalls itself again. These are called resuscitators.
And they also are polymorphic, meaning they choose random
file names automatically.
Sunbelt has developed specialized intelligence and made some
major enhancements to the CounterSpy scanning engine that
includes new code to handle difficult "self-resuscitating"
spyware, as well as a significantly increased speed. This
research came out of the development of our Software Development
Kit as well as our enterprise version (a good chunk of this
new engine is already in our enterprise version).
NT/2000 RELATED NEWS
WUGNET Debuts New Windows Support Forums
WUGNET (short for Windows Users Group Network) announced they
are pleased to now offer the largest and most comprehensive
Windows Support Forums on the Internet. With over 600,000 unique
posts and replies, you'll find answers to all your questions
regarding every aspect of all Windows Operating Systems. Their
forums include support for WinXP, 2000, NT, Me, 98, and even 95.
And you'll also find complete support for IE. If you don't find
an answer to your question by simply browsing the forums, just
join the forums (no cost) and post your own question. You'll
begin receiving replies quickly. To visit their forums, check:
What Is NAP and Will It Be In Longhorn?
Network Access Protection is a policy enforcement platform that
lets you as an admin set policies to "quarantine" and restrict
clients from accessing a network until the clients can prove
"The idea behind NAP is that we create a framework that allows
IT administrators to ensure policy compliance of their systems.
In essence, a computer has to prove that it is healthy [compliant
with policy] before it is allowed to connect to the network"
That's the word from Jawad Khaki, corporate Veep of Redmond's
networking and devices technologies division.
He said NAP support will take advantage of the new stack in
Longhorn, but he declined to discuss whether it will be integrated
into third-party technologies from companies such as Cisco or
Check Point. More on NAP's background over at the MS website:
High-End Windows Features for iSCSI
This could actually make Windows-based IP storage more attractive
for people like us. Redmond is going to release V2.0 of its iSCSI
initiator next month. I'm looking forward to getting the download
New features in V2.0 include integration with Microsoft Multipath
I/O (MPIO), support for all error recovery levels, and support for
Windows Server x64 Editions. It also includes the Microsoft iSCSI
Device Specific Module (DSM), with which you can deploy iSCSI
What this all boils down to is that you can use it to set up
failover and load balancing solution using the Windows server
platform. Those features will make iSCSI-based storage more
attractive. You could see iSCSI as a viable alternative to Fibre
Some of the companies who have successfully qualified their iSCSI
products in a recent plugfest and support the new V2.0 include:
Adaptec, ATTO, Broadcom, Crossroads, Cisco, EqualLogic, EMC,
Falconstor, HP, Intel, Intransa, Lefthand Networks, Network App,
Promise Technology, QLogic, SpectraLogic, SANRAD, Stonefly
Networks and String Bean Software. More at the Microsoft site:
THIRD PARTY NEWS
CounterSpy Clobbers MS AntiSpyware In Test
I'm starting to like the WindowsSecrets site more and more [grin].
They recently commented: "Sunbelt Software's CounterSpy, an award-winning antispyware application ($20 USD), hasn't yet been put
to a fair, head-to-head test against Microsoft AntiSpyware (MSAS)
by a major computer magazine, to the best of our knowledge.
PC World recently tested several antispyware apps, but used an
MSAS signature file of a different date from the other programs,
making direct comparisons impossible." They continue with:
"Windows Secrets reader Bob Wilson has been conducting his own
tests of the two competing programs. He's achieved some very
interesting findings: "I started using CounterSpy several months
ago when it was first introduced. I then installed [the free,
beta version of] Microsoft AntiSpyware. I thought that, due to
the obvious similarities, people were getting $20 worth of free
software. In the time I have been running both programs, the
free program has only detected one piece of spyware, while
CounterSpy has detected maybe a dozen, mostly key loggers.
The last few times I found items using CounterSpy, I did not
quarantine them. Instead, I ran the Microsoft program, which
failed in each case to detect the spyware. Looking deeper, you
find that the similarity of the two programs is superficial:
The CounterSpy installation is larger: The files examined by CS
are about 62,000 compared to 20,000 by MS. The Registry locations
examined are about 12,000 for CS and 8,500 for MS. Just thought
people should know."
WindowsSecrets are going to publish the results of additional
authoritative antispyware tests in their Security Baseline
section. You should check this site out and subscribe to their
newsletter, it's a good one!
Here is a graph with the Spyware Detection Rates out of PC World,
April 2005. What you see is the result of the CounterSpy consumer
54% Of Malware Seeks ID Theft
The most recent Symantec Internet Security Threat Report that
covers the last six months of 2004 was released. The report's
conclusions highlight the rapidly changing nature of worms,
viruses and other malware. More than half of the top 50 threats
in the second half last year attempted to steal confidential
information from a user's computer, up 50% from a year earlier.
This really shows a trend: Most malware writers are now motivated
by financial gain. The greatest increases were seen in attacks
on Web apps and phishing scams. This trend is likely to continue
because these types of attacks are not easily blocked.
The report documented 7,360 new worms and viruses in the second
half of 2004 - about 40 per day. Obviously, even daily updates
of virus signatures aren't nearly frequent enough to protect
computer users from modern malware. You certainly need to have
a very active approach in your layered security posture. Scanning
for vulnerabilities and fixing them is just as important as
having very regular AV-updates and scanning for existing spyware.
Here are some tools you can use for this approach:
SNSI: a 4-star, high-end vulnerability scanner licensed by admin:
CounterSpy Enterprise: "The best spyware database in the industry":
And here is the graph that actually shows that claim!:
Exchange Fault Tolerance Market Leader
NSI Software last yesterday affirmed its leadership in protecting
MS Exchange Server by announcing the deployment of 12,000
licenses of its award winning Double-TakeŽ solution. The
release highlights their success deploying Double-Take
for Exchange Server protection and includes support from
Microsoft and four NSI customers: the Boston Celtics, First
American Title, University of Miami Law School and the
Shorenstein Company. This is a great milestone for NSI and
the Double-Take partner community. Check it out here:
Three Leaks In Firefox
Reports have come up from Mozilla about the Firefox-browser.
There are three leaks that can be solved by upgrading to V1.0.2.
These vulnerabilities could be exploited to take over a PC.
More details at:
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
iHateSpam For Exchange Prevents BlackBerry Spam
Here is some real feedback from the trenches, "warts and all":
"We have been using the IHS SE for the last 2 years and version
1.6 is by far the best one. I have been running it on my work
server for about 3 weeks now. With the old engine I was about to
give up and get a Barracuda hardware unit. With V1.6 I am no
longer considering that option." -- T.H., Network Admin.
iHateSpam for Exchange is easily configured for use with the
BlackBerry environment. Get it now, and upgrade to the new
V2.0 which has AV, content filtering, disclaimers and more!