- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jun 27, 2005 (Vol. 10, #26 - Issue #531)
Companies Pay A Price For Security Breaches
  This issue of W2Knews™ contains:
    • Companies Pay A Price For Security Breaches
    • Good Technet Webcast: Microsoft Security Response Center
    • Admin Tools We Think You Shouldn't Be Without
    • The Best Place To Stop Spyware?
    • Retrieve Filtered File Lists From A Specified Directory
    • Blocker Planned For W2K3 SP1
    • All Your Credit Cards Are Belong To Us...
    • Longhorn's Lengthy Security Wish List
    • MS Threatens With Sender ID Enforcement
    • MS Antispyware Now Expires In December 2005
    • Want to Beta the new MS AV?
    • Next Month: W2K Moves into Extended Support
    • PCMag Not Happy With Norton Antispyware Edition
    • Survey: IT Security Takes Toll on Employee Productivity
    • Redmond Completes Sybari Acquisition
    • Double-Take Wins 2 Awards In One Week
    • Redefining Disaster
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • PC World: CounterSpy Still Stands Out
  SPONSOR: Hit Spyware Hard. With CounterSpy Enterprise.
Centrally Managed Anti-Spyware Tool NOW with Desktop Protection:
Know you need it, but never had time to download and install?

Now we have a 5-MINUTE DEMO that shows you the highlights of
the CounterSpy Enterprise application! Don't read any further,
click on the link below and learn in 5 minutes how you can protect
your networks with the best spyware database in the industry.
Visit Hit Spyware Hard. With CounterSpy Enterprise. for more information.


Companies Pay A Price For Security Breaches

The Wall Street Journal reported in their June 15th 2005 issue that companies that lose customer data have plenty to worry about, including angry customers and the inevitable headlines. But the real ammo here is that it now shows their stock prices get knocked and have a hard time recovering. Now that is ammo you can use to get budget for security tools! [grin]

Just imagine the many (tens of) millions of dollars of lost value for especially the owners and shareholders. This also holds true for companies that are private. Although their valuation is a bit less visible, when they are being acquired, security breaches play a big role in valuation. In other words, I have not heard a better argument to twist your management's arm for more security budget in years... ;-)

Good Technet Webcast: Microsoft Security Response Center

Steven Bink reported: For those that are interested, Technet is hosting a Webcast about the MSRC. It's bound to be interesting and informative. I have been at seminars where folks have talked about this before and it always gets a few laughs but is mostly very interesting to attend. It's an hour and starts Thursday, June 30, 2005 9:00 AM Pacific Time (US/Canada) (GMT-08:00)

What is the MSRC? Microsoft has a 24/7 team that is dedicated to helping you deal with your security threats. It is a world-class resource for managing and resolving security vulnerabilities and incidents. This webcast covers the Microsoft security response process for releasing security bulletins and handling security incidents, and discuses the role the MSRC plays in that process. There will also be advice, free resources and free tools available for customers to help protect their environments. Presenters:

  • Stephen Toulouse, Security Program Manager, Microsoft Corp.
  • Mike Reavey, Lead Security Program Manager, Microsoft Corp.

To make your reservation, click

Quotes Of The Week:
"Fish and visitors smell in three days." --Benjamin Franklin
"Income tax returns are the most imaginative fiction being written today." -- Herman Wouk

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


The Best Place To Stop Spyware?

NetworkWorld has an interesting discussion going: "Where's the best place to combat spyware?" C. David Moll, CEO of Webroot, says only desktop spyware protection will fully protect today's mobile workforces. Vilis Ositis, CTO of Blue Coat Systems, however, argues that proxy servers may be the only longterm solution to the problem. Interesting discussion. But actually from our viewpoint the real answer is: BOTH! Check the article:

Retrieve Filtered File Lists From A Specified Directory

This SQL code creates a system stored procedure named sp_ListFiles that will retrieve a filtered list of files from a specified directory. Second in a series by DBA Brian Walker, who develops SQL Server utilities in his spare time. (SearchSQLServer.com)

Blocker Planned For W2K3 SP1

Microsoft has created a blocking tool to prevent the automatic download of the recent service pack for its server operating system. Though Microsoft on Tuesday released a "blocker" for IT administrators who want more time before downloading W2K3 SP1, it's not entirely clear how many large enterprises will actually need the tool. The download will be available on July 26 through Automatic Updates. The service pack itself has been available since last March, so the blocking tool will be effective until March 30, 2006, Microsoft said. More at:

All Your Credit Cards Are Belong To Us...

Say spyware criminals who found a weak link in the transaction processing chain: CardSystems Solutions. Mark Hall notices that "Solutions" equals Problems. Arno Wagner suggests a cunning non-technical solution. Sharon Machlis asks if card companies need to convince their customers that they're safe. And the CardSystems company puts a security measure in place after the fact. They installed eEye's SecureIIS a few days after the hack:

Longhorn's Lengthy Security Wish List

A preview of upcoming Longhorn security features with editorial comments from TechEd attendees. A good read, created by Editor Robyn Lorusso at the SearchWindowsSecurity site:


MS Threatens With Sender ID Enforcement

Some admins are questioning the wisdom of this. At the moment, not many companies use Sender ID. It takes a bit of work (but not too much) to subscribe and make the required entries to get compliant. The drawback is that if a company does not take the time to subscribe, their legit email might be quarantined by antispam filters that use Sender ID. That might total up to 10% and means they may need to wade through spam again to find false positives.

Craig Spiezle, who is the director of Redmond's 'technology care and safety team' said this week that MS believed it needed to begin requiring Sender ID to do a better job of cutting down on junk email. The pluspoint is that if Microsoft forces this down everyone's throat, it actually will cut down on the spam. And the standards committee has been sitting on their thumbs for so long that some action is a good idea. Sunbelt is for it! We support anything to cut down on spam. Our next version of iHateSpam for Exchange will support Sender ID as well.

And what is Sender ID again? It seeks to verify that every e-mail message actually comes from the Internet domain from which it claims to have been sent. You do that by checking the address of the server sending the mail against a registered list of servers that the domain owner has authorized to send e-mail.

That verification step is automatically performed by the ISP (or the mail server of the recipient) before the e-mail message is delivered to your end-user. Also, the result of this check can be used as input for spam filters. There are more checks possible though. After the authentication, the mail server can look at past behaviors, traffic patterns, and sender reputation. Ultimately that could mean that emails that do not come from an authorized mail server are rejected, and that is what makes some system admins worried. We believe that it's worth it though. Way to go Redmond, spam sucks!

MS Antispyware Now Expires In December 2005

Microsoft has released a beta refresh of its Microsoft Windows AntiSpyware (MWAS) product. Microsoft has extended the beta-expiration date for the product from July to Dec. 31, 2005. The refresh is not Beta 2 though. That will be released "some time later this year," Microsoft said. Well, that shows they are not even close to done with this puppy. Let alone an enterprise version which I do not see until late 2006 earliest. Here is the beta refresh download:

Want to Beta the new MS AV?

Redmond started inviting testers for their OneCare Live, MS's subscription antivirus and anti-spyware service. On their website they are seeking people to try out the service, and stated they plan to start testing this summer.

"This new service will be entering its beta testing phase in a few weeks," the company said on its OneCare Web site. A MS representative was not immediately able to offer further details on the testing or say when the final service will be ready.

OneCare is a combination of the anti-spyware software that they are already beta testing together with antivirus and firewall software. No pricing has been announced yet for OneCare. Here is the link to their invitation:

Next Month: W2K Moves into Extended Support

Microsoft's five year-old workhorse OS for servers and business desktops will switch into the "extended support" phase of the product lifecycle after June 30. If you are still running W2K, you should read the story at the ENTMag site and find out what the repercussions are:


PCMag Not Happy With Norton Antispyware Edition

Wow, only two stars and a 'fair' rating is all they got. Not pretty. More over, Webroot got pushed aside from their #1 spot by another consumer tool called Spyware Doctor. Here is what PCMag said about Norton:

"Integrating antivirus, antispyware, and firewall smoothly in a single package is a fantastic concept. However, the antispyware module here just doesn't hold up, and the all-inclusive package may not install on an already-infested system. For now we suggest you continue to use a standalone antispyware product."

"PROS: Offers full security suite along with antispyware; firewall and antivirus protect against some spyware exploits.

"CONS: Very slow installation; very slow scanning; program failed to install/run on badly infested system; no hijack protection

Here is a link to the full review. (CounterSpy is not in this review because we were not out of beta with the new Consumer V1.5 yet) Interesting reading for sure.

Survey: IT Security Takes Toll on Employee Productivity

A Recent Maritz Poll(R) reveals the negative impact on Employee Productivity. This poll surveyed IT managers in small and medium businesses, and it reveals the repercussions of computer viruses and other security problems, with their correlation to downtime. Nearly all (92 percent) reported that computer performance levels were affected by up to 50 percent due to security issues. This is good ammo if you need budget for security tools.

Some of the security issues affecting productivity were:

  • 75 percent of small and medium businesses were hit by at least one virus, with some affected over 100 times, in the past year.
  • 40 percent of respondents have been hit by hackers at least once, with some targeted more than 200 times, in the past year.

This is compounded by the common knowledge that virtually every computer with Internet access is assaulted with a barrage of adware, spyware and spam daily. And guess what? Defense are still not in place for significant sections:

  • 29 percent don't use anti-spam software.
  • 34 percent don't use spyware software.
  • 4 percent don't use anti-virus software.
  • 47 percent don't use adware software.
  • 9 percent don't have Internet firewalls.

"I'm amazed that we don't see 100 percent of small and medium businesses taking advantage of the protective technology available," said Paul Cousino, director of Research Services at Maritz' IT Group.

It's worse. Many are not doing what they should to stay protected:

  • Nearly 10 percent do not automatically update their anti-virus software.
  • Only 23 percent of those that are updating it manually are doing so daily.
  • Only 82 percent plan to invest in anti-virus software in 2005.

For more information about this poll, visit:

Redmond Completes Sybari Acquisition

Microsoft completed the acquisition of Sybari Software this week. They revealed the future of the product line. To start with, they killed off new sales of the Linux and Unix platforms. Redmond will continue to support them for a while. No one knows for how long though.

They plan to continue selling the Windows line, like Antigen for Exchange, SharePoint, Instant Messaging, SMTP, Domino and some others. And for the moment, Microsoft will continue with the existing Sybari sales channels and pricing. At some future date the Sybari partner program will merge into the Microsoft Partner Program.

Sybari's Antigen products use scanning engines from multiple anti-virus and anti-spam companies including Sophos, CA and Kaspersky Labs. MS will continue to offer the various engines, in addition to their own GeCad engine.

Well, I can only say that most antigen users are going to look carefully at what Redmond is doing and go into wait-and-see mode. There are other products out there on the horizon that will challenge antigen!

Double-Take Wins 2 Awards In One Week

Double-Take wins the 2005 MSD2D People's Choice Award. The Fourth Annual 2005 MSD2D People's Choice Awards recognizes the best products and companies in our industry and determined by actual users. This makes the People's Choice award a truly coveted trophy. MSD2D announced the awards recently at Microsoft Tech-Ed 2005. Double-Take was selected in the Backup category. For more info, please visit:

Double-Take also wins the Sixth Annual W2KNews Target Award in the High Availability/Fault-Tolerance category. The Target Awards are given to companies with top Windows NT/2000/2003 utilities in 31 different categories through an online reader poll. The winners were announced recently at Microsoft TechEd. Double-Take product specs:

Redefining Disaster

Many CIOs have changed the way they think about disaster recovery. How about you? ComputerWorld has a good story about the change in perspective on DR and what types of incidents are being looked at now as more likely compared to 5 years back. This is a good read that I warmly recommend as a job security backgrounder:


This Week's Links We Like. Tips, Hints And Fun Stuff


PC World: CounterSpy Still Stands Out

Mary Landesman said in the August 2005 PC World Magazine: "We tested new versions of three anti-spyware apps and like them, but an old favorite stands out. Spyware and adware continue to evolve --as does the software expressly designed to thwart these pests. I looked at new installments of three anti-spyware applications: a prerelease version of Sunbelt Software's CounterSpy 1.5, plus shipping versions of Webroot's Spy Sweeper 4 and FBM Software's ZeroSpyware 2005.

"Previous versions of both CounterSpy and Spy Sweeper performed well in our April "Spyware Stoppers" roundup, giving me reason to believe that their latest iterations would do equally well in this round of tests. Both apps contain new capabilities, and of these, CounterSpy's DNR (Do Not Resuscitate) technology sounded particularly interesting. According to Sunbelt, DNR improves the chances of killing off resuscitators--parts of spyware apps that prevent their deletion." Here is the full article:

Try it free and see how much spyware sits on your PC: