ServerVision V1.1 Released
V1.1 adds new connectivity options, added external data storage
capabilities, groups and policies. The new connectivity options
allow you to connect to a computer using protocol independent
named pipes or TCP/IP if you know a Windows logon for that
computer. You can also deploy to computers in another domain,
provided that you know an administrative logon for that domain.
The new external data storage lets you store all captured
performance data in an external SQL Server, and can also capture
all OS events from the event logs and store those. This data
can then be queried using whatever third party tool you want.
Groups lets you assign computers to groups, based on:
- Computer name
- The services running
- The operating system and role
- Programs installed
You can also add individual computers to a group, and build a
group up from sub-groups.
Policies are predefined configuration settings that can be applied
to one or more computers. For example, a "SQL Server" policy
might define key services to monitor, and have 10 performance
items that should be monitored, together with suitable thresholds.
Out of the box, several polices will be provided, but you can add
your own as well. Get a 30-day eval here:
SANS Study: Microsoft Not The Only Hacker Target
Internet miscreants turned their focus to AV products and media
players in Q1'05, trying to find new vectors to break into PC's.
Sure, they continued trying to exploit holes in Windows, but
increasingly used flaws in other software developer's products,
SANS found. Examples of new targets are Oracle Corp, Computer
Associates, Apple's iTunes, RealNetworks Inc.'s RealPlayer and
the very popular Winamp. Antivirus tools from Symantec F-Secure,
Trend Micro and McAfee turned out to have holes too.
To some degree this is expected. A lot of Windows users now get
patched automatically, and the target is moving. So other software
is taking more flak. "Operating systems have gotten better at
finding and fixing things and autoupdating, so it's less fertile
territory for the hackers," said SANS CEO Alan Paller.
Most hacking attempts try to create "botnets". These are being
utilized for a variety of fraud like spamming, phishing, sniffing
traffic for passwords, and click fraud that targets online ads.
At least 1 million PC's are compromised and being used in botnets.
About 70% of current spam is being sent by botnets now, trying to
fly under the radar of RBL's. More over, botnets are now running
their own DNS name servers on systems that they have compromised,
making the task of shutting down malicious sites harder. Using
"Black DNS Servers" (BDNSS), fraudsters are able to keep their
phishing sites open longer by distributing their name servers
amongst their thousands of compromised machines in the botnet.
In 2005 so far, more than 600 new Internet-related security holes
have surfaced. About two dozen of these were assigned "dangerous"
as they were not fixed on large amounts of internet users. More
at the SANS website:
The above story illustrates that it is highly recommended to use
a vulnerability scanner that looks for more than just Microsoft
patches that might not be applied. Sunbelt's Network Security
Inspector is a multiplatform product that includes searching for
known holes in many third party vendors' products. Separate updates
were released on 04/29/05 and on 05/02/05. New vulnerability updates
for the release on 04/29/05 include:
14 new Windows checks, 16 new Linux checks, 1 new HP-UX check, 1 new
Mac check, 1 new Cisco check, and 4 new Solaris checks. Just check
this list and you'll see SNSI is incredibly thorough:
W2463 IE DHTML Object Memory Corruption Vulnerability
W2464 IE URL Parsing Memory Corruption Vulnerability
W2465 IE Content Advisor Memory Corruption Vulnerability
W2466 PHP EXIF Vulnerability
W2467 SQL Server Mixed Mode Enabled
W2469 BrightStor ARCserve UniversalAgent Vulnerability
W2471 Opera Validation Vulnerability
W2472 RealPlayer RAM File Vulnerability
W2473 Message Queuing Vulnerability - NT 4.0
W2474 TCP/IP Vulnerabilities - NT 4.0
W2475 Kernel Validation Vulnerabilities - NT 4.0
W2476 Windows Shell Application Vulnerability - NT 4.0
S290 Sun ONE and JES Directory Server Bounds Checking Solaris 8 - 10
S291 GSS-API Library validation Solaris 7 - 9
S293 Potential for theft or spoof of non-privileged services - Solaris 8-9
S294 Xsun, Xprt font alias file handling - Solaris 7-9
N49 Cisco - IOS Crafted ICMP Messages
M39 Kernel vulnerabilities
L800 Dhcp - DNS replies - RHE
L801 Gaim - HTML/IRC/Jabber message parsing - RHE, FC, MDK
L802 Kdegraphics - Kfax, libtiff bugs - RHE
L803 OpenOffice Load Function memory error - FC
L804 Sharutils Local insecure file creation error - FC
L805 Vixie-Cron Missing temp file check error - FC
L806 PHP4 - Multiple vulnerabilities - SuSE
L807 Wget - HTTP redirect statements - SuSE
L808 Midnight Commander - insert_text() function - SuSE
L809 PHP multiple exif and php_handle vulnerabilities - FC
L810 CVS - buffer overflow/memory access - SuSE, FC, MDK
L811 Logwatch - Parsing of /var/log/secure file - RHE
L812 Kernel - Multiple vulnerabilities - RHE
L813 Helixplayer - Malformed RAM files - RHE
L814 Realplayer - Malformed RAM files - RHE
L815 Firefox - Multiple vulnerabilities - RHE
L816 Kernel 2.4 - Multiple vulnerabilities - RHE
L817 Mozilla - Multiple vulnerabilities - RHE
S295 Libtiff image file handling - Solaris 7 - 10
S296 libxview vulnerabilities - Solaris 2.5 - 8
W2477 Office 2003 Smart Tag Issue
W2478 Office XP Debugging Permission Issue
W2479 Office XP SharePoint Vulnerabilities
W2480 Groove Virtual Office Vulnerabilities
Grab an eval of SNSI and try it out:
San Diego Source Technology Column Likes CounterSpy
This is a small quote of their May 2nd High-Tech Commentary:
"There was a glimmer of hope for PC users tired of spyware and
adware that slow down computing and invade privacy. Eliot Spitzer,
attorney general of New York, filed suit against Intermix Media
of Los Angeles for infecting millions of machines and then making
it impossible to remove their software.
"It may be a drop in the bucket, but something needs to be done
to prevent these companies from allowing their greed to harm us
all. This problem is so severe that I found 135 invasions on a
new PC in just three days. And that was on a computer loaded with
protective software. If you wonder about your PC, download a free
trial copy of CounterSpy from www.sunbelt-software.com ($19.95).
It's one of the best new programs that finds and removes adware
and spyware." We agree.
And here is an (abbreviated) story from a new CounterSpy user:
"If I could have a moment of your time, I'd like to tell you a
little story about something that happened to me. I am considered
an "advanced" PC user, and my wife is a network administrator (by
profession). We have a broadband connection with a firewall and
we run Norton System Tools, including NAV on all of our computer.
We felt safe, and man, we were wrong.
"One morning (March 19th) I got up and found that there were 23
iterations of Internet Explorer open on my laptop computer, Norton
said that it had detected the bloodhound virus on my machine and
quarantined it, but I had new and unfamiliar programs running in
my system tray, and my laptop was virtually unusable because of
the hijacker, malware, adware, and numerous other applications
that had somehow found their way onto my computer, seemingly while
I was sleeping.
"About 3 days later, I was at work, and my wife called and asked,
"Um, Have you recently made a $1000 purchase from some company called
Alden Marketing Group?" I immediately went to the bank, and found
that another "company" called DLC Marketing had been approved for
a $900 debit to my account. Thankfully, this transaction was stopped,
and I recovered the $1000 that had been taken. It seems that somehow,
my bank information had been compromised from the attack that I'd
suffered a few nights before.
"I had already scanned the whole system with Norton, and it found
nothing at all (aside for that initial bloodhound virus) I scanned
the system with several antispyware products and some stuff was
removed but an hour later, it seemed to heal itself and came right
back. My wife and I spent 2 days rooting around in the registry,
trying to identify hidden instances of the malicious crap that had
infested my computer. My wife had suggested that I should just
format my hard drive but it's such a hassle to try to back up
everything (and risk that you are also backing up the malware
and hijacker code), so I kept searching for something.
"When I downloaded and installed Counterspy, I wondered what it
would find, but I was still leery about how much good it would do.
When the scan finished, the software had identified 17 different
threats and over 140 infected file and over 200 infected registry
"Since the moment Counterspy corrected and removed the problem
files on my computer, I have not had a moment's trouble with it.
I'd been wishing, also, that I could easily turn off some of the
stuff in my start menu, and found that it has that, too. I just
wanted to tell you that I've come to realize, first hand, that
isn't only inexperienced or complacent Internet users who can
fall prey to the miscreants who get rich duping honest people
out of their money. I want to say that Sunbelt Software has a
wonderful product, an excellent attitude, and is a rare breed
in today's software market. -- Steven W. Sharp, Huntsville,
You can try out the client version of CounterSpy here: