- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 11, 2005 (Vol. 10, #28 - Issue #533)
Credit Card Security Standard Goes Into Effect
  This issue of W2Knews™ contains:
    • 7/7/05
    • Microsoft Downgrades Several Adware Products
    • Credit Card Security Standard Goes Into Effect
    • New SunPoll
    • Admin Tools We Think You Shouldn't Be Without
    • Windows Password Management Myths
    • MOM 2005 SP1: August
    • Optimize SQL Server Hardware Performance
    • Answers And Advice From 'The Spam Man'
    • Gates Gives His Views On The Future Of Software
    • Microsoft Shows System Center Roadmap At TechEd Europe
    • New Version Of MBSA V2.0
    • Microsoft Solidifies Software Launch Plans For Nov. 7
    • W2K3 Compute Cluster Edition
    • June Microsoft Patches Address Critical Vulnerabilities
    • Double-Take Partners with Internap Network Services
    • Raxco Software Announces PerfectDisk Live Subscription
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • The Product Of The Week Is A Story...
  SPONSOR: New eBook on the Web's Hidden Dangers
Your Internet access is vital to your organization, but it's
also a gateway for dangerous spyware and malware.
For a
limited time, get a free eBook entitled The Hidden Dangers of
Internet Access and find out how you can recognize these
dangerous intruders and stop them cold. Learn how to protect your
network and employees today. Download your free copy!
Visit New eBook on the Web's Hidden Dangers for more information.


England now has to deal with the aftermath of terrorism and try to get back to a semblance of normal life. The attacks bear the hallmark of Islamic fanatics, designed and coordinated to kill civilians. It is very unfortunate that Islam is mostly at war with itself. The vast majority are peaceful people, but a few of their religious extreme radicals have gone off the deep end.

I can only admire England's pragmatism and determinism to not let this influence their way of life. Remember, the best way to drive these terrorists into apathy is to continue to flourish and prosper and demonstrate to them that in the long run these attacks are completely ineffective and they only hurt themselves.

Microsoft Downgrades Several Adware Products

Well, the plot thickens. While during this week the news has been that Microsoft downgraded the Claria listing, we have reports now that there are a number of other items that have been downgraded to "Ignore" status, including certain WhenU adware programs, WebHancer and Ezula Toptext. So the Claria downgrade is quite likely part of a bigger picture regarding Microsoft's listing criteria for adware.

It's getting interesting. Choosing an anti-spyware solution now includes evaluating the listing criteria of the company you will be doing business with and spot checking their threat database.

Using criteria like this is excellent policy for independent antispyware companies, but if Redmond is actually planning to acquire Claria, it seems to have a huge conflict-of-interest.

Credit Card Security Standard Goes Into Effect

Does your company take credit cards? Who doesn't! The bank that Sunbelt has its merchant account with sent our CFO some new requirements that all companies now need to comply with, or else face the consequences (fines), up to losing your merchant account. That was interesting to hear in the light of all the database record thefts these last few months.

First they sent us to a site called trustkeeper that allows you to fill out a survey which shows if you comply or not, and then they will scan your systems four times from the outside-in to see if you are vulnerable for attacks. Filling out these 75 questions was interesting, and showed that we were doing fairly well but we failed on a few smallish points. We're correcting these.

It was also interesting to see that they now require that you have event logging software that shows all login attempts whether successful or not, that you need to back up, secure and retain your audit logs for up to a year, and that if you don't do vulnerability scans that you fail the test as well? And those are only three questions out of the whole battery.

If you have been looking for good reasons to finally get your security budget approved, I could not get you better ammo than this. There is a product that I strongly recommend if your organization accepts credit cards and now needs to comply: Sunbelt Network Security Inspector. It scans for thousands of (multiplatform!) holes in not just Microsoft applications but also popular third party tools that become more and more the target of hacking attacks. Check it out here:

New SunPoll

"How much of your admin work is done through a smart device like a PDA or a Blackberry?"

  • All of it (alerts, admin, maintenance, etc).
  • About half of it.
  • Some (basic stuff like e-mails and alerts)
  • Very little, but working toward more.
  • No plans to do so.

Vote here, middle column:

Quotes Of The Week:
"I predict future happiness for Americans if they can prevent the government from wasting the labors of the people under the pretense of taking care of them." -- Thomas Jefferson
"Some are destined to succeed, some are determined to succeed." -- H.H. Swami Tejomayananda

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


Windows Password Management Myths

Back in the dark ages of the Internet as we know it -- before we had so many malware threats and Web application vulnerabilities -- strong passwords were the security solution. This was especially true in Windows after it was discovered just how easy it was to capture and crack LANMan passwords in NT. Even today, it seems that practically everyone (both inside and outside IT) has their own opinion on what it takes to create and enforce secure passwords.

The consensus is that if we use uppercase, lowercase, numbers and special characters at least seven to eight characters in length, then our passwords are magically unbreakable. Well, not quite. Here is a good article on this at the SearchWinSecurity Site.

MOM 2005 SP1: August

Microsoft will release MOM 2005 Service Pack 1 in August, it will fix the SQL 2000 SP4 and the Windows Server 2003 SP1 issues and also the mutual authentication restrictions are removed.

Microsoft will also release MOM Sizer 4.0 in August, the sizer is an Excel sheet helping you to calculate and plan the deployment of MOM 2005. The 4.0 sizer now includes reporting. They also announced a new warehouse aggregation solution, it scales down 80% smaller, allowing to keep 5-8 weeks without losing data.

Optimize SQL Server Hardware Performance

If you do not build a solid foundation for SQL Server performance, the application will always be plagued by deficiencies. SearchSQL Server site Contributor Jeremy Kadlec explains how to set up SQL Server hardware properly and how to optimize performance throughout the application's lifecycle. Once you've read his step-by-step advice, check out some of their other SQL Server hardware and performance tuning tips.

Answers And Advice From 'The Spam Man'

Spammer-X, anonymous ex-spammer and author of the book, "Inside the Spam Cartel," recently took the time to answer questions from SearchExchange.com readers. Read what he had to say about tracking down relayers, beating botnets, and choosing the best blacklists.


Gates Gives His Views On The Future Of Software

Microsoft Chairman and Chief Software Architect Bill Gates said that Web services will have a "catalytic effect" on software development and that speech recognition will go mainstream in three to four years. Story at ComputerWorld:

Microsoft Shows System Center Roadmap At TechEd Europe

Microsoft this week at TechEd 2005 Europe confirmed that it is progressing with development of two new management products in the System Center family, Reporting Manager and Capacity Manager, and promised to refresh all the System Center products in the Longhorn timeframe. Read more at the ENTMag site:

New Version Of MBSA V2.0

Microsoft last week released a new version of its free Windows vulnerability detection tool, which may help some of you. MBSA V2.0 is just a basic tool, but it is useful and a whole lot better than nothing. So, what does the new version do? Well, for one, it is easier to identify common security misconfigurations.

Like version one, Microsoft Baseline Security Analyzer 2.0 scans for missing security updates, update rollups and service packs that one normally finds at the Microsoft Update site. The new version has both a graphical and a command line interface that lets you perform local or remote scans. Version 2.0 is more user friendly and has added some new support features.

MBSA runs on W2K3, W2K and WinXP and can scan for problems on W2K XP, W2K3, IIS 5 and 6, SQL 7 and 2000, IE5.01 and up, as well as Office 2000, 2002 and 2003. That's good. But it's only a subset of what most people are actually running. A full 80% of you are running multiplatform sites. I would suggest running it, but do combine it with a higher-end scanner that covers your whole domain like SNSI. Here is the MBSA download:

Here is the SNSI download:

Microsoft Solidifies Software Launch Plans For Nov. 7

Visual Studio 2005, SQL Server 2005 and BizTalk Server 2006 are due this fall. The release is planned to be in San Francisco, followed by more than 90 events in 50 countries during the rest of the month. Microsoft also released new report packs for SQL Server, as well as technology and initiatives aimed at making its products more interoperable with other vendors' software.

More over, they unveiled a program for independent software vendors that enables them to more easily integrate Active Directory with third-party products. It's called the AD Interoperability Program and features the AD Password Change Notification Service; a new third-party-developed OpenLDAP Management Agent for Microsoft Identity Integration Server 2003 (MIIS); and new third-party support for AD Federation Services.

W2K3 Compute Cluster Edition

Steven Bink has dug up some screenshots of Compute Cluster Edition. The beta will start in September, it will be only released for W2K3 64bit edition, which is logical because when it is released nearly all servers you can buy at that time will be 64bit, also this edition is for high performance computing so it is obvious users will use 64bit.

The product will have 2 cd's, the first is a locked down W2K3, the Compute Cluster Edition. Why locked down? Well you don't need some default installed services like file&print. The second CD will have the Compute Cluster Pack, which contains Support for Industry Standards MPI2, RDMA on Ethernet & Infiniband, an Integrated Job Scheduler and Cluster Resource Management Tools. The screenshots are at his site:


June Microsoft Patches Address Critical Vulnerabilities

On Tuesday, June 14th, Microsoft released its monthly batch of security bulletins and of the 10 released, 3 were classified as critical and 4 others were deemed important. Although Microsoft software such as Internet Explorer and other programs have been on the market for years, there seems to be no end in sight for new vulnerabilities to be uncovered.

The critical and important patches stated that "Vulnerabilities in some programs could allow an attacker to take complete control of an affected system." These include the following:

  • Internet Explorer
  • HTML Help
  • Windows
  • Windows Web Client Service
  • Outlook Express

What is significant about these vulnerabilities is that the affected programs are installed on so many machines. Although, not all of the programs listed above were the subject of critical vulnerabilities. The critical patches concerned IE, HTML Help and Server Message Block in the Windows O/S. The patches relating to Web Client Service and Outlook Express were ranked important.

Microsoft classifies patches as critical if they could enable a worm to spread without any action from the PC user. Important flaws are those that could compromise people's data or threaten system resources, while the risk from moderate security holes can be restricted by measures such as configuring the default.

Managing the critical patches that Microsoft and other vendors release monthly, isn't easy without help. How do you know which patches have interdependencies that might cause problems on your network? Can they be deployed on top of one anther? If you are manually patching, the tasks of inventorying, testing, deploying, validating and reporting could take up most of your valuable time.

Third party tools like UpdateEXPERT gives you the security, the flexibility and scalability you need to manage patching across your workstations and servers and keep them at optimum performance now and in the future. With its convenient central management console, you know immediately where all your machines are and their status.

Engineers test every patch for interdependencies before it is released so that you can patch your entire network with confidence. You can define a baseline of required patches for all your systems and report the conformance of managed systems against this baseline. UpdateEXPERT helps you enforce your software security policies and provides a superior way of managing hotfixes, patches and service packs. For more information about UpdateEXPERT, visit:

Double-Take Partners with Internap Network Services

Earlier this quarter, Double-Take developer NSI announced a new partnership with Internap to provide customers with Continuous Data Protection and accelerated network performance over long distances. With network speed being critical to data recovery and application availability, replication over long distances can be augmented through the use of Internap's Flow Control Xcelerator (FCX).

As a result of Transmission Control Protocol (TCP) limitations, conventional network connections over long distances can have dramatically slower performance. Internap's FCX can overcome these TCP limitations and mitigate the impact of network latency. By combining Double-Take with the Internap FCX, you can leverage your entire network capacity, overcome distance based TCP inefficiencies and optimize replication performance over long-haul connections. Check out Double-Take here:

Raxco Software Announces PerfectDisk Live Subscription

Disk Defragmentation Software Is the World's First Defragging Service Available Over the Internet.

Raxco Software, today announced the release of PerfectDisk(r) Live, the latest member of its PerfectDisk family of disk defragmentation utilities. PerfectDisk Live represents a breakthrough in the utility market by providing disk defragmentation as a subscription service available over the Internet. With PerfectDisk Live, users can defrag their disk drives without installing, licensing, or maintaining software on their computer. No other disk defragmentation vendor provides this service as of now. But I guess a lot will follow soon.

PerfectDisk Live is accessed through users' Web browsers, making it a simple tool to navigate and control. "Being able to receive all the benefits of PerfectDisk without having to install any software is a real treat," said Scott Anderson, chief technology officer at CacheTrails LLC. "With PerfectDisk Live, I'm assured that I am always accessing the latest enhancements and fixes. And it's all transparent, with no need to store and locate any media -- a real time saver."

PerfectDisk Live is available immediately. Subscriptions can be purchased at www.raxco.com. Workstation pricing is $19.95 for a 6-month subscription and $29.95 for a 12-month subscription. Server pricing is $99.95 for a 6-month subscription and $159.95 for a 12-month subscription. To evaluate PerfectDisk Live, visit the Raxco Web site at:


This Week's Links We Like. Tips, Hints And Fun Stuff


The Product Of The Week Is A Story...

A cowboy was herding his herd in a remote pasture when suddenly a brand-new BMW advanced out of a dust cloud towards him. The driver, a young man in a Brioni suit, Gucci shoes, Ray Ban sunglasses and YSL tie, leans out the window and asks the cowboy, "If I tell you exactly how many cows and calves you have in your herd, will you give me a calf?"

The cowboy looks at the man, obviously a yuppie, then looks at his peacefully grazing herd and calmly answers, "Sure. Why not?"

The yuppie parks his car, whips out his Dell notebook computer, connects it to his AT&T cell phone and surfs to a NASA page on the Internet, where he calls up a GPS satellite navigation system to get an exact fix on his location which he then feeds to another NASA satellite that scans the area in an ultra-high-resolution photo. The young man then opens the digital photo in Adobe Photoshop and exports it to an image processing facility in Hamburg, Germany.

Within seconds, he receives an email on his Palm Pilot that the image has been processed and the data stored. He then accesses a MS-SQL database through an ODBC connected Excel spreadsheet with hundreds of complex formulas. He uploads all of this data via an email on his Blackberry, and after a few minutes, receives a response.

Finally, he prints out a full-color, 150-page report on his hi-tech, miniaturized HP LaserJet printer and finally turns to the cowboy and says, "You have exactly 1586 cows and calves."

"That's right. Well, I guess you can take one of my calves," says the cowboy. He watches the young man select one of the animals and looks on amused as the young man stuffs it into the trunk of his car.

Then the cowboy says to the young man, "Hey, if I can tell you exactly what your business is, will you give me back my calf?" The young man thinks about it for a second and then says, "Okay, why not?"

"You're a consultant." says the cowboy.

"Wow! That's correct," says the yuppie, "but how did you guess that?"

"No guessing required," answered the cowboy. "You showed up here even though nobody called you; you want to get paid for an answer I already knew; to a question I never asked; and you don't know anything about my business. Now give me back my DOG."