Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 11, 2005 (Vol. 10, #28 - Issue #533)
Credit Card Security Standard Goes Into Effect
This issue of W2Knews contains:
- EDITORS CORNER
- Microsoft Downgrades Several Adware Products
- Credit Card Security Standard Goes Into Effect
- New SunPoll
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Windows Password Management Myths
- MOM 2005 SP1: August
- Optimize SQL Server Hardware Performance
- Answers And Advice From 'The Spam Man'
- NT/2000 RELATED NEWS
- Gates Gives His Views On The Future Of Software
- Microsoft Shows System Center Roadmap At TechEd Europe
- New Version Of MBSA V2.0
- Microsoft Solidifies Software Launch Plans For Nov. 7
- W2K3 Compute Cluster Edition
- NT/2000 THIRD PARTY NEWS
- June Microsoft Patches Address Critical Vulnerabilities
- Double-Take Partners with Internap Network Services
- Raxco Software Announces PerfectDisk Live Subscription
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- The Product Of The Week Is A Story...
SPONSOR: New eBook on the Web's Hidden Dangers
Your Internet access is vital to your organization, but it's
also a gateway for dangerous spyware and malware. For a
limited time, get a free eBook entitled The Hidden Dangers of
Internet Access and find out how you can recognize these
dangerous intruders and stop them cold. Learn how to protect your
network and employees today. Download your free copy!
Visit New eBook on the Web's Hidden Dangers for more information.
England now has to deal with the aftermath of terrorism and try
to get back to a semblance of normal life. The attacks bear the
hallmark of Islamic fanatics, designed and coordinated to kill
civilians. It is very unfortunate that Islam is mostly at war
with itself. The vast majority are peaceful people, but a few
of their religious extreme radicals have gone off the deep end.
I can only admire England's pragmatism and determinism to not
let this influence their way of life. Remember, the best way to
drive these terrorists into apathy is to continue to flourish
and prosper and demonstrate to them that in the long run these
attacks are completely ineffective and they only hurt themselves.
Microsoft Downgrades Several Adware Products
Well, the plot thickens. While during this week the news
has been that Microsoft downgraded the Claria listing, we
have reports now that there are a number of other items that
have been downgraded to "Ignore" status, including certain
WhenU adware programs, WebHancer and Ezula Toptext. So the
Claria downgrade is quite likely part of a bigger picture
regarding Microsoft's listing criteria for adware.
It's getting interesting. Choosing an anti-spyware solution
now includes evaluating the listing criteria of the company
you will be doing business with and spot checking their
Using criteria like this is excellent policy for independent
antispyware companies, but if Redmond is actually planning to
acquire Claria, it seems to have a huge conflict-of-interest.
Credit Card Security Standard Goes Into Effect
Does your company take credit cards? Who doesn't! The bank
that Sunbelt has its merchant account with sent our CFO some new
requirements that all companies now need to comply with, or else
face the consequences (fines), up to losing your merchant account.
That was interesting to hear in the light of all the database
record thefts these last few months.
First they sent us to a site called trustkeeper that allows you
to fill out a survey which shows if you comply or not, and then
they will scan your systems four times from the outside-in to see
if you are vulnerable for attacks. Filling out these 75 questions
was interesting, and showed that we were doing fairly well but we
failed on a few smallish points. We're correcting these.
It was also interesting to see that they now require that you
have event logging software that shows all login attempts whether
successful or not, that you need to back up, secure and retain
your audit logs for up to a year, and that if you don't do
vulnerability scans that you fail the test as well? And those
are only three questions out of the whole battery.
If you have been looking for good reasons to finally get your
security budget approved, I could not get you better ammo than
this. There is a product that I strongly recommend if your
organization accepts credit cards and now needs to comply:
Sunbelt Network Security Inspector. It scans for thousands
of (multiplatform!) holes in not just Microsoft applications
but also popular third party tools that become more and more
the target of hacking attacks. Check it out here:
"How much of your admin work is done through a smart device
like a PDA or a Blackberry?"
- All of it (alerts, admin, maintenance, etc).
- About half of it.
- Some (basic stuff like e-mails and alerts)
- Very little, but working toward more.
- No plans to do so.
Vote here, middle column:
Quotes Of The Week:
"I predict future happiness for Americans if they can prevent the
government from wasting the labors of the people under the pretense
of taking care of them." -- Thomas Jefferson
"Some are destined to succeed, some are determined to succeed."
-- H.H. Swami Tejomayananda
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
Windows Password Management Myths
Back in the dark ages of the Internet as we know it -- before we
had so many malware threats and Web application vulnerabilities --
strong passwords were the security solution. This was especially
true in Windows after it was discovered just how easy it was to
capture and crack LANMan passwords in NT. Even today, it seems
that practically everyone (both inside and outside IT) has their
own opinion on what it takes to create and enforce secure
The consensus is that if we use uppercase, lowercase, numbers and
special characters at least seven to eight characters in length,
then our passwords are magically unbreakable. Well, not quite.
Here is a good article on this at the SearchWinSecurity Site.
MOM 2005 SP1: August
Microsoft will release MOM 2005 Service Pack 1 in August, it will
fix the SQL 2000 SP4 and the Windows Server 2003 SP1 issues and
also the mutual authentication restrictions are removed.
Microsoft will also release MOM Sizer 4.0 in August, the sizer
is an Excel sheet helping you to calculate and plan the deployment
of MOM 2005. The 4.0 sizer now includes reporting. They also
announced a new warehouse aggregation solution, it scales down
80% smaller, allowing to keep 5-8 weeks without losing data.
Optimize SQL Server Hardware Performance
If you do not build a solid foundation for SQL Server performance,
the application will always be plagued by deficiencies. SearchSQL
Server site Contributor Jeremy Kadlec explains how to set up SQL
Server hardware properly and how to optimize performance throughout
the application's lifecycle. Once you've read his step-by-step
advice, check out some of their other SQL Server hardware and
performance tuning tips.
Answers And Advice From 'The Spam Man'
Spammer-X, anonymous ex-spammer and author of the book, "Inside
the Spam Cartel," recently took the time to answer questions
from SearchExchange.com readers. Read what he had to say about
tracking down relayers, beating botnets, and choosing the best
NT/2000 RELATED NEWS
Gates Gives His Views On The Future Of Software
Microsoft Chairman and Chief Software Architect Bill Gates said
that Web services will have a "catalytic effect" on software
development and that speech recognition will go mainstream in
three to four years. Story at ComputerWorld:
Microsoft Shows System Center Roadmap At TechEd Europe
Microsoft this week at TechEd 2005 Europe confirmed that it is
progressing with development of two new management products in
the System Center family, Reporting Manager and Capacity Manager,
and promised to refresh all the System Center products in the
Longhorn timeframe. Read more at the ENTMag site:
New Version Of MBSA V2.0
Microsoft last week released a new version of its free Windows
vulnerability detection tool, which may help some of you. MBSA
V2.0 is just a basic tool, but it is useful and a whole lot
better than nothing. So, what does the new version do? Well, for
one, it is easier to identify common security misconfigurations.
Like version one, Microsoft Baseline Security Analyzer 2.0 scans
for missing security updates, update rollups and service packs
that one normally finds at the Microsoft Update site. The new
version has both a graphical and a command line interface that
lets you perform local or remote scans. Version 2.0 is more user
friendly and has added some new support features.
MBSA runs on W2K3, W2K and WinXP and can scan for problems on W2K
XP, W2K3, IIS 5 and 6, SQL 7 and 2000, IE5.01 and up, as well as
Office 2000, 2002 and 2003. That's good. But it's only a subset
of what most people are actually running. A full 80% of you are
running multiplatform sites. I would suggest running it, but do
combine it with a higher-end scanner that covers your whole domain
like SNSI. Here is the MBSA download:
Here is the SNSI download:
Microsoft Solidifies Software Launch Plans For Nov. 7
Visual Studio 2005, SQL Server 2005 and BizTalk Server 2006 are
due this fall. The release is planned to be in San Francisco,
followed by more than 90 events in 50 countries during the rest
of the month. Microsoft also released new report packs for SQL
Server, as well as technology and initiatives aimed at making
its products more interoperable with other vendors' software.
More over, they unveiled a program for independent software vendors
that enables them to more easily integrate Active Directory with
third-party products. It's called the AD Interoperability Program
and features the AD Password Change Notification Service; a new
third-party-developed OpenLDAP Management Agent for Microsoft
Identity Integration Server 2003 (MIIS); and new third-party
support for AD Federation Services.
W2K3 Compute Cluster Edition
Steven Bink has dug up some screenshots of Compute Cluster Edition.
The beta will start in September, it will be only released for
W2K3 64bit edition, which is logical because when it is released
nearly all servers you can buy at that time will be 64bit, also
this edition is for high performance computing so it is obvious
users will use 64bit.
The product will have 2 cd's, the first is a locked down W2K3,
the Compute Cluster Edition. Why locked down? Well you don't need
some default installed services like file&print. The second CD
will have the Compute Cluster Pack, which contains Support for
Industry Standards MPI2, RDMA on Ethernet & Infiniband, an
Integrated Job Scheduler and Cluster Resource Management Tools.
The screenshots are at his site:
THIRD PARTY NEWS
June Microsoft Patches Address Critical Vulnerabilities
On Tuesday, June 14th, Microsoft released its monthly batch of
security bulletins and of the 10 released, 3 were classified as
critical and 4 others were deemed important. Although Microsoft
software such as Internet Explorer and other programs have been
on the market for years, there seems to be no end in sight for
new vulnerabilities to be uncovered.
The critical and important patches stated that "Vulnerabilities
in some programs could allow an attacker to take complete control
of an affected system." These include the following:
- Internet Explorer
- HTML Help
- Windows Web Client Service
- Outlook Express
What is significant about these vulnerabilities is that the
affected programs are installed on so many machines. Although,
not all of the programs listed above were the subject of critical
vulnerabilities. The critical patches concerned IE, HTML Help and
Server Message Block in the Windows O/S. The patches relating to
Web Client Service and Outlook Express were ranked important.
Microsoft classifies patches as critical if they could enable a
worm to spread without any action from the PC user. Important
flaws are those that could compromise people's data or threaten
system resources, while the risk from moderate security holes can
be restricted by measures such as configuring the default.
Managing the critical patches that Microsoft and other vendors
release monthly, isn't easy without help. How do you know which
patches have interdependencies that might cause problems on your
network? Can they be deployed on top of one anther? If you are
manually patching, the tasks of inventorying, testing, deploying,
validating and reporting could take up most of your valuable time.
Third party tools like UpdateEXPERT gives you the security, the
flexibility and scalability you need to manage patching across your
workstations and servers and keep them at optimum performance now
and in the future. With its convenient central management console,
you know immediately where all your machines are and their status.
Engineers test every patch for interdependencies before it is
released so that you can patch your entire network with confidence.
You can define a baseline of required patches for all your systems
and report the conformance of managed systems against this baseline.
UpdateEXPERT helps you enforce your software security policies and
provides a superior way of managing hotfixes, patches and service
packs. For more information about UpdateEXPERT, visit:
Double-Take Partners with Internap Network Services
Earlier this quarter, Double-Take developer NSI announced a new
partnership with Internap to provide customers with Continuous
Data Protection and accelerated network performance over long
distances. With network speed being critical to data recovery
and application availability, replication over long distances
can be augmented through the use of Internap's Flow Control
As a result of Transmission Control Protocol (TCP) limitations,
conventional network connections over long distances can have
dramatically slower performance. Internap's FCX can overcome these
TCP limitations and mitigate the impact of network latency. By
combining Double-Take with the Internap FCX, you can leverage
your entire network capacity, overcome distance based TCP
inefficiencies and optimize replication performance over long-haul connections. Check out Double-Take here:
Raxco Software Announces PerfectDisk Live Subscription
Disk Defragmentation Software Is the World's First Defragging
Service Available Over the Internet.
Raxco Software, today announced the release of PerfectDisk(r) Live,
the latest member of its PerfectDisk family of disk defragmentation
utilities. PerfectDisk Live represents a breakthrough in the utility
market by providing disk defragmentation as a subscription service
available over the Internet. With PerfectDisk Live, users can defrag
their disk drives without installing, licensing, or maintaining
software on their computer. No other disk defragmentation vendor
provides this service as of now. But I guess a lot will follow soon.
PerfectDisk Live is accessed through users' Web browsers, making it
a simple tool to navigate and control. "Being able to receive all
the benefits of PerfectDisk without having to install any software
is a real treat," said Scott Anderson, chief technology officer at
CacheTrails LLC. "With PerfectDisk Live, I'm assured that I am
always accessing the latest enhancements and fixes. And it's all
transparent, with no need to store and locate any media -- a real
PerfectDisk Live is available immediately. Subscriptions can be
purchased at www.raxco.com. Workstation pricing is $19.95 for a
6-month subscription and $29.95 for a 12-month subscription. Server
pricing is $99.95 for a 6-month subscription and $159.95 for a
12-month subscription. To evaluate PerfectDisk Live, visit the
Raxco Web site at:
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
The Product Of The Week Is A Story...
A cowboy was herding his herd in a remote pasture when suddenly a
brand-new BMW advanced out of a dust cloud towards him. The driver,
a young man in a Brioni suit, Gucci shoes, Ray Ban sunglasses and
YSL tie, leans out the window and asks the cowboy, "If I tell you
exactly how many cows and calves you have in your herd, will you
give me a calf?"
The cowboy looks at the man, obviously a yuppie, then looks at his
peacefully grazing herd and calmly answers, "Sure. Why not?"
The yuppie parks his car, whips out his Dell notebook computer,
connects it to his AT&T cell phone and surfs to a NASA page on the
Internet, where he calls up a GPS satellite navigation system to
get an exact fix on his location which he then feeds to another
NASA satellite that scans the area in an ultra-high-resolution
photo. The young man then opens the digital photo in Adobe Photoshop
and exports it to an image processing facility in Hamburg, Germany.
Within seconds, he receives an email on his Palm Pilot that the
image has been processed and the data stored. He then accesses a
MS-SQL database through an ODBC connected Excel spreadsheet with
hundreds of complex formulas. He uploads all of this data via an
email on his Blackberry, and after a few minutes, receives a response.
Finally, he prints out a full-color, 150-page report on his hi-tech,
miniaturized HP LaserJet printer and finally turns to the cowboy
and says, "You have exactly 1586 cows and calves."
"That's right. Well, I guess you can take one of my calves," says
the cowboy. He watches the young man select one of the animals and
looks on amused as the young man stuffs it into the trunk of his car.
Then the cowboy says to the young man, "Hey, if I can tell you exactly
what your business is, will you give me back my calf?" The young man
thinks about it for a second and then says, "Okay, why not?"
"You're a consultant." says the cowboy.
"Wow! That's correct," says the yuppie, "but how did you guess that?"
"No guessing required," answered the cowboy. "You showed up here
even though nobody called you; you want to get paid for an answer
I already knew; to a question I never asked; and you don't know
anything about my business. Now give me back my DOG."