- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jun 20, 2005 (Vol. 10, #25 - Issue #530)
W2Knews: Happy Where You're At?
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • 2005 Target Award Winners
    • And Is there Some Progress With Spam?
    • Happy Where You're At?
    • CounterSpy Enterprise Now With Active Protection
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • News from Microsoft Tech.Ed 2005
    • Cleansing An Infected Mail Server
    • Ask Microsoft: How Can I Automate Disk Defragmenter?
    • So, HOW Many Millions Of Websites Are There?
    • GAO: "U.S. Agencies Unprepared To Fight Cyberthreats"
  4. NT/2000 RELATED NEWS
    • Patch Critical Flaws In IE, Windows ASAP
    • Here It Is: MS unveils WSUS
  5. NT/2000 THIRD PARTY NEWS
    • What To Expect From The New CSE Active Protection
    • The Holes Continue To Be Found
    • Beware: Fake Microsoft Security Advisories
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. PRODUCT OF THE WEEK
    • BOOK: Hacking Exposed Fifth Edition!
  SPONSOR: Active Protection Spyware Monitors
CounterSpy Enterprise Version 1.5 has been released with a major
feature that everyone has been waiting for: Active Protection!
Your user's workstations are now protected all day long with the
new monitors that check for configuration changes as they happen
and are able to block them. A major improvement and an important
feature you can assign via policy to any group of workstations.
Best of all, blocking can be set completely automatic and your
end user will not see a thing. Check out the new V1.5...
Visit Active Protection Spyware Monitors for more information.
  EDITORS CORNER

2005 Target Award Winners

And here are the winners that you chose for each category. These are tools that should definitely be on your shortlist if you are in the market for solutions in the following categories. Thanks everyone for voting. Check out the results. The link below has a permanent record for the year to come. Companies that have won, congratulations and you can proudly display that fact on your website!


Category                Winner	                  Developer
--------                ------                    ---------
Software Deployment     Altiris Client Mgmt Ste   Altiris
Antispam Appliances     Barracuda Spamwall        Barracuda Networks
Firewalls               PIX                       Cisco
AD Security             Ecora Enterprise Manager  Ecora Software
Config. Management      Ecora Enterprise Manager  Ecora Software
Disk Defragmentation    Diskeeper                 Executive Software
ADManagement            Active Roles	          FastLane (Quest)
Vulnerability Scanners  GFI Languard NSS          GFI Software
Helpdesk Software       Trackit!	          Intuit 
Exchange Management     Best Practices Analyzer   Microsoft
Performance Tuning      MOM 2005                  Microsoft
VPN Solutions           WinServer                 Microsoft
Wireless Security       MS Windows Server 2003/XP Microsoft
Intrusion Detection     NetIQ Security Manager    NetIQ
Sys/App. Monitoring     AppManager Suite          NetIQ
HA/Fault-Tolerance      Double-Take               NSI Software
Domain Management       Active Roles Server       Quest Software
ERD Management          ERDisk for Windows        Quest Software
Remote Control          Desktop Authority         ScriptLogic
Scripting / Automation  Desktop Authority         ScriptLogic
Patch Management        HFNetCheck Pro            Shavlik
File Recovery Tools     File Rescue Plus          SoftwareShelf
Print Management        Print Manager Plus        SoftwareShelf
Antispam Enterprise     iHateSpam for Exchange    Sunbelt Software
Antispyware Enterprise  CounterSpy Enterprise     Sunbelt Software
Network Traffic Mon.    LanHound                  Sunbelt Software
Antivirus Enterprise    Norton AV                 Symantec
User Management         Hyena                     SystemTools.com
Backup                  Backup Exec               Veritas
Storage Management      StorageCentral SRM        Veritas
Event Log Management    Servers Alive             WoodStone

Here is the webpage with the Winners and Finalists:
http://www.w2knews.com/rd/rd.cfm?id=050620ED-Target_Awards

And Is there Some Progress With Spam?

The SunPoll results about spam were also revealing. "A year ago, Bill Gates predicted that the spam problem would be under control by 2006. Do you think progress is being made in the fight against spam?" Here are your answers, based on a total of over 1,500 votes:

  • Yes. I see a big difference. 9%
  • Yes, but it's only incremental progress. 23%
  • No. Things are as bad as ever. 50%
  • No, but you get used to dealing with it. 15%

iHateSpam for Exchange is still selling very strong. A lot of people are really happy with the brand new spam detection engine, and we're almost ready with the version where we have a double layer of spam filtering integrated. It's very strong already, but buying now will get you even bigger benefits in the future when the new version comes out. It has very, very strong features. 30-day eval here:
http://www.w2knews.com/rd/rd.cfm?id=050620ED-iHateSpam_SE

Happy Where You're At?

The new SunPoll looks at how happy you are with your current employment and pay. The question is: "Within the year, will you be getting a new job in order to improve your salary picture? Vote here, middle column:
http://www.w2knews.com/rd/rd.cfm?id=050620ED-SunPoll

CounterSpy Enterprise Now With Active Protection

Make sure you read the article about Active Protection in the Third Party News section. We have a white paper available that explains how the new Version 1.5 protects workstations "as-it-happens" when spyware tries to infect a system.

Quote Of The Week:
"Power corrupts. Absolute power is kind of neat." -- John Lehman
"The stupid neither forgive nor forget; the naive forgive and forget; the wise forgive but do not forget." -- Thomas Szasz

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

  TECH BRIEFING

News from Microsoft Tech.Ed 2005

First of all, you might want to know who the lucky winner was of the custom CounterSpy chopper. Here are a bunch of shots and the 2 minute video of the drawing. Tech Republic declared the chopper the "best draw" at Tech.Ed. Congrats to Martin Yee of Wells Fargo!!
http://www.w2knews.com/rd/rd.cfm?id=050620TB-Blog

Instead of giving you a whole newsletter full of Tech.Ed-only news, here is a good summary with a bunch of the highlights. It was sold out this year. Find out what topics were the talk of Tech.Ed from the editors at TechTarget's Windows network of Web sites.
http://www.w2knews.com/rd/rd.cfm?id=050620TB-Tech_Ed_News
http://www.w2knews.com/rd/rd.cfm?id=050620TB-Tech_Ed_Video

Cleansing An Infected Mail Server

If your server is heavily infected, the sheer volume of infected messages can overwhelm the machine, and your antivirus software may not be able to keep pace with the server. If you find yourself in a situation like this, here are the steps you need to take.
http://www.w2knews.com/rd/rd.cfm?id=050620TB-Cleansing

Ask Microsoft: How Can I Automate Disk Defragmenter?

A manager in Microsoft's internal IT organization talks about how to automate Disk Defragmenter using the Task Scheduler tool in Windows XP. This article is at the SearchWinSystems site:
http://www.w2knews.com/rd/rd.cfm?id=050620TB-Defrag

So, HOW Many Millions Of Websites Are There?

The NetCraft site reports that in the June 2005 survey they received responses from 64,808,485 sites, an increase of 1.27 million from last month's survey. In the first six months of the year, the Internet has added 7.83 million sites, a pace which approaches the torrid growth rate of 2000, when the Web added 16.1 million sites. By comparison, the survey added 10.4 million sites in 2003 and 10.9 million in 2004.

The bulk of this year's growth has occurred in the United States, with a gain of 5.14 million hostnames. Other countries with strong growth in the survey thus far in 2005 include Germany (+575K), The United Kingdom (+436K), South Korea (+237.9K) and Sweden (+143K). Here is the steeply uptrending graph:
http://www.w2knews.com/rd/rd.cfm?id=050620TB-Websites

GAO: "U.S. Agencies Unprepared To Fight Cyberthreats"

ComputerWorld just released a story about a new GAO report that shows that a majority of federal agencies aren't prepared for emerging cyberthreats such as phishing, spam and spyware. If you are working in one, or supporting a government agency this article is something you should look at:
http://www.w2knews.com/rd/rd.cfm?id=050620TB-GAO_Report

  NT/2000 RELATED NEWS

Patch Critical Flaws In IE, Windows ASAP

Last week Microsoft urged IT administrators to quickly install this month's 10 security updates, three critical for Internet Explorer and Windows. Learn what damage an attacker could do with these vulnerabilities. Over at SearchWindowsSecurity.com
http://www.w2knews.com/rd/rd.cfm?id=050620RN-IE_Flaws

Here It Is: MS unveils WSUS

Steve Ballmer announced during his Tech.Ed 2005 speech that the new Microsoft Update and Windows Server Update Services (WSUS) were live at June 6, 2005. Gord Mangione demo'd it during his strategic briefing, and it looked very good. Some of the key points about Microsoft Update and WSUS:

  • It provides caching support for ISA Server 2004 - This feature is very is handy if you run remote offices with multiple clients. Once one client pulls the update, the others can get it from the ISA server. Neat.
  • Apart from Service Packs and other updates, it also gets you security patches.
  • You can opt-in to move from Windows Update to Microsoft Update
  • Now you can fire up Microsoft Baseline Security Analyzer (MBSA) from Microsoft Update.
  • Use AD and Group Policy to roll out updates

Note: You still need to reboot after update installation, look for Longhorn to solve that problem. Microsoft has a TechNet article with recent information on Microsoft Update and WSUS.
http://www.w2knews.com/rd/rd.cfm?id=050620RN-WSUS

You can discuss all these things at the NTSYSADMIN list server that Sunbelt hosts:
http://www.w2knews.com/rd/rd.cfm?id=050620RN-NTSysadmin

  THIRD PARTY NEWS

What To Expect From The New CSE Active Protection

CounterSpy Enterprise V1.5 uses a series of Active Protection Monitors to help you combat spyware. These monitors scan the PC for any suspicious activity. They not only help protect corporate privacy and identity, but they also prevent unauthorized programs from taking control of user's workstations.

What you can expect from Active Protection

When software is installed, or when a change is made to your computer, an internet setting, or an application setting, Active Protection quickly reacts to analyze the change. It works much like security checkpoints in your computer. It monitors system changes, application changes, and internet activity, watching for anything that could be potentially hazardous.

When spyware attempts to make changes your system, a monitor alerts the agent to the attempt. The alert provides the agent with the option of allowing or blocking the change. Before allowing or blocking the change, you can select the Remember this action check box. Selecting this check box enables the monitor to allow or block the spyware the next time it encounters it.

Resetting Active protection Monitors

Only the monitors for which you selected the Remember this action check box are listed in the Reset Active Protection Monitors window. When the agent resets the monitor, it no longer remembers to allow or block the spyware. So, next time the monitor encounters spyware attempting to change your settings, it alerts the agent to the attempt, and asks whether you want to allow or block the spyware. Administrators can turn off these end-user prompts using the policy settings.

In the Enterprise version of Counterspy, Active Protection is policy-based and driven from your centralized admin console. System Adminis can use the CounterSpy Enterprise Policies page to set specific actions for each monitor. We have a white paper available that goes into great detail what each monitor does. You can find it here with the title: "CounterSpy Enterprise Active Protection White Paper"
http://www.w2knews.com/rd/rd.cfm?id=050620TP-CSE_Docs

Sunbelt has created a discussion forum for CounterSpy Enterprise Admins where you can discuss usage implementations, questions, and any other topic related to the deployment and running of CounterSpy Enterprise. Subscribe here:
http://www.w2knews.com/rd/rd.cfm?id=050620TP-CSE_Forum

The Holes Continue To Be Found

Just check out the new vulnerability database updates of SNSI. You gotta have something to scan for holes in a multiplatform network. You really do. New vulnerability updates for this release include:


ID       Name
H122 Trusted System Passwd command error handling - HP-UX 11
L843 Linux Kernel multiple vulnerabilities - FC
L844 ImageMagick XWD image file vulnerability - FC, RHE
L845 Cdrdao Show-Data & root.cdrdao file errors - MDK
L846 Firefox - javascript code execution - RHE
L847 Bzip2 race condition & decompressor error - MDK,  RH Progeny, 
L848 Gzip Zgrep, decompression & traversal errors - MDK, RHE
L849 Mozilla - javascript code execution - RHE
L850 GDB BFD Lib overflow & .gdbinit errors - MDK
L851 Lesstif - Xpm image library - RHE
L852 Imagemagick - PNM file parsing - RHE, RH progeny
L853 Kernel - Multiple vulnerabilities - RHE
L854 Tiff, Libtiff - BitsPerSample() function - SuSE
L855 Qpopper - file mis-handling - SuSE
L856 Info2html - Cross-site scripting - SuSE
L857 Perl-Convert-Uulib -Invalid read operation - SuSE
L858 Openssl - cache timing attack - RHE, MDK
L859 Kdbg - .kdbgrc file permissions - RHE
L860 Kernel - Ext2 filesystem/ ELF library - SuSE
L861 A2ps Fixps & Psmandup insecure temp files - MDK
L862 MikMod archive file long name vulnerability - FC, RHE
L863 TcpDump BGP_update_print() infinite loop - FC, RHE
L864 Wget HTTP redirect traversal/overwrite - MDK
L865 Kernel - raw devices/auditing - RHE
L866 Xorg-x11 - libXPM integer overflow - RHE
M48 QuickTime Player Quartz composer object handling - Mac OS X
S304 WU-FTPD wu_fmmatch() CPU consumption - Solaris 9-10
S305 Package / Patch Installation - Solaris 10
S306 Libproject grants excessive privileges - Solaris 10
S307 NFS client not running statd and lockd - Solaris 9
S308 Nfs_share LDAP netgroup list processing - Solaris 8 - 10
S309 DTrace and other stability issues - Solaris 10
S310 HyperThreading separation violations - Solaris 7 - 10 _x86
W2504 Remote Administration Server Detected
W2505 Remote Administrator Client Detected
W2506 RAS Using Unencrypted Password
W2507 MSJVM Detected
W2508 Flash Player Not Updated
W2509 Flash Player Local Shared Object Vulnerability
W2510 Network Connectivity Issue
W2511 Windows Installer Not Updated
W2512 Mytob Worm Detected
W2513 Adobe Reader PNG Vulnerability
W2514 Adobe Reader .EDT Format String Vulnerability
W2515 Macromedia eLicensing Vulnerability
W2516 IE Cumulative Patch Missing (June 2005) - MS05-025
W2517 HTML Help Input Data Vulnerability - MS05-026
W2518 Server Message Block Packet Vulnerability - MS05-027
W2519 Web Client Service Vulnerability - MS05-028
W2520 OWA for Exchange Server 5.5 Cross-Site Scripting - MS05-029
W2521 Cumulative Security Update in OE 5.5 - 2000 - MS05-030
W2522 Windows Training Bookmark Link Validation - MS05-031
W2523 Microsoft Agent Vulnerability - MS05-032
W2524 Telnet Client vulnerability - XP, 2003 - MS05-033
W2525 HTTP Content Header- ISA Server 2000 - MS05-034
W2526 Telnet Client vulnerability - Windows 2000 - MS05-033
W2527 Cumulative Security Update in OE 6 - XP, 2003 - MS05-030
W2528 Cumulative Security Update in OE 6 - 2000 - MS05-030

Updated Checks W1142,W1986,W1999,W2067 - Anti-Virus H30,H114 - Vendor Superseded Patches S281 - Vendor added patches

Additions to existing checks L702 Added RH Progeny to Pine - IMAP client library L723 Added RHE to Evolution - camel-lock-helper overflow L729 Added RHE D-Bus latest security update L739 Added RH progeny to PostgreSQL - LOAD extension lib L770 Added RHE to GFTP - directory traversal overwrite L763 Added RH progeny to Kdenetwork - file descriptor mis-handling L810 Added RH Progeny to CVS - buffer overflow/memory access L832 Added MDV 10.0, 10.1, 10.2 to Nasm - crafted ASM file L836 Added RHE to PostgreSQL conversion function L837 Added RHE to GnuTLS record parsing & key export errors L838 Added SLES, RHE to Ethereal Multiple Vulnerabilities L842 Added RHE, Rsh - RCP directory traversal L858 Added MDV 10.0, 10.1, 10.2 to Openssl - cache timing attack

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories. Get a 30-day eval of SNSI here:
http://www.w2knews.com/rd/rd.cfm?id=050620TP-SNSI

Beware: Fake Microsoft Security Advisories

Imagine someone breaking into your house and rather than stealing your valuables, they lock them in a safe and offers to give you the combination for a fee? The software equivalent of that scam happened recently to some unprepared corporate users who fell victim to a brand new technique for exploiting network holes.

Their files, including documents, photographs and spreadsheets, were encrypted by hackers who refused to unlock them until they were paid a ransom. Although the IT administrator at the company in question managed to unlock the files without paying the criminals, it is proof that creative hackers with malicious intent will find the holes in your network unless you remain vigilant.

And what do you do when the exploitation poses as the solution to the vendor vulnerability? In May of this year, another creative hacker managed to mimic Microsoft's monthly security bulletin announcement and issue a counterfeit version. In this case, the fake email was distributed under the guise of a Microsoft Security Advisory claiming to have an official update to Internet Explorer, Outlook Express and Outlook. But rather than patch vulnerabilities in these programs, the fraudulent update infected unwary users with a virus.

To insure that the updates you are downloading to your networked machines are legitimate, you need to use a patch management solution such as UpdateEXPERT. Not only does it streamline the tedious tasks involved in patching vulnerabilities, their team of engineers tests each patch for interdependencies before it is sent to you for deployment. By giving you complete control to deliver validated patches throughout an organization, UpdateEXPERT helps eliminate the risk of viral infection from counterfeit Microsoft Updates and other threats.

While Microsoft and other vendors strive to make their OS and apps stronger and more hacker-proof, it is clear that the need to address vulnerabilities in these complex programs is not going away. However, with a patch management solution such as Update EXPERT, you can be assured an accurate, reliable and easy-to-use method for safeguarding your networks and machines - one that won't leave you open to even the most creative attacks. For more info and a 30-day eval:
http://www.w2knews.com/rd/rd.cfm?id=050620TP-UpdateExpert

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

BOOK: Hacking Exposed Fifth Edition!

Renowned security experts Stuart McClure, Joel Scambray, and George Kurtz teamed up once again for the new, and fifth, edition of Hacking Exposed: Network Security Secrets & Solutions (McGraw-Hill; $49.99) to provide completely up-to-date coverage of today's most devastating hacks and how to prevent them. The author team explains how hackers exploit network security holes and what IT pros must do on an ongoing basis to recognize and block oncoming attacks.

The book highlights brand-new case studies covering relevant and timely security attacks including Goog1e,wireless, and Mac OSX hacks. It includes a new chapter on hacking code, with contributions by secure code expert Michael Howard, covering how flaws get introduced into software and how best to prevent their ubiquitous spread, as well as a completely revised chapter on hacking Internet users, covering the newest IE exploits, online services security, socio-technical attacks like phishing, and the newest malware techniques.

Among other new items exposed in the fifth edition are:

  • Up-to-date techniques and countermeasures for preventing the exploitation of UNIX systems
  • New Windows hacks including Blaster, Sasser, and Download.ject buffer overflow exploits
  • Updated denial of service chapter with from-the-trenches descriptions of large scale zombie attacks and practical countermeasures
  • Coverage of new web hacking tools and techniques, including HTTP response splitting and automated vulnerability scanners
  • Coverage of new wireless hacks
  • New content on remote connectivity including VoIP hacking
  • New coverage of web and e-mail client hacking, including the latest Internet Explorer exploits, phishing, spyware, rootkits, and bots
  • New hacks and countermeasures using Google as a reconnaissance tool
  • An updated footprinting chapter that deals with all the inevitable changes in finding information from various internet databases, and others.

Here is a link to Amazon where you can look inside the book:

http://www.w2knews.com/rd/rd.cfm?id=050620PW-Hacking_Exposed