- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 18, 2005 (Vol. 10, #29 - Issue #534)
Interesting Linux vs. Windows Server Survey!
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Interesting Linux vs. Windows Server Survey!
    • Microsoft: We're Not Soft On Spyware
    • Dual Spam Detection Engines For iHateSpam for Exchange
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • Open Source vs. Windows: Security Debate Rages
    • July 29th: System Admin Appreciation Day!
    • New MS Security Bulletins Are Out
    • Microsoft Certification Is Getting Tougher
    • Learning Guide: SQL Server Security
    • New W2K3 Server Performance Advisor
  4. NT/2000 RELATED NEWS
    • No Budget For Upgrades? Microsoft Can Help
    • Redmond Claims It Will Make Longhorn Targets
    • Microsoft Sets Pricing For Disk-to-Disk Backup
    • OS/2 Finally Put To Rest
  5. NT/2000 THIRD PARTY NEWS
    • Dual Spam Detection Engines For iHateSpam for Exchange
    • SNSI Database Vulnerability Update
    • ITtoolbox Enterprise Spyware Survey
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. PRODUCT OF THE WEEK
    • iHateSpam for Exchange: The Best Made Better.
  SPONSOR: Saw CounterSpy at Tech.Ed? Here is your link!
Welcome to the people that visited the Sunbelt Software Booth at
Tech.Ed 2005 Orlando.
You saw a demo of CounterSpy Enterprise and
we promised you the link to the download. There is also a useful,
new 5-minute demo of how you can eradicate spyware from your whole
network using the centralized admin console. Find out how many
of the machines in your network are infected and with what!
Visit Saw CounterSpy at Tech.Ed? Here is your link! for more information.
  EDITORS CORNER

Interesting Linux vs. Windows Server Survey!

The Yankee Group and Sunbelt software have another interesting survey where the life cycles of Windows and Linux servers are compared, the amount of processors that are used, and other valuable data. We will get the scoop of the Executive Summary in W2Knews if you fill out this (very fast, point-and-shoot) 15-question survey here at:
http://www.w2knews.com/rd/rd.cfm?id=050718ED-Survey

Microsoft: We're Not Soft On Spyware

Well, there goes Microsoft; off the shortlist for antispyware solutions just six months after they announced their new AS tool with a lot of fanfare. They have downgraded a bunch of adware products that now sit in their database with an "ignore" and "low risk". But they claim they are not soft on spyware. Yeah Sure. Here is the link to their pretty lame defense:
http://www.w2knews.com/rd/rd.cfm?id=050718ED-Claria_Letter

Larry Seltzer wrote in eWEEK: "Just when you think Microsoft did something important the right way, it does the worst possible thing. What is going through the company's head?" And then read Brian Livingston's rant on his WindowsSecrets site. Brian is one of the most respected computer journalists in the business. For years, he wrote for InfoWorld, and now runs his own site. Excellent analysis of the situation:
http://www.w2knews.com/rd/rd.cfm?id=050718ED-Seltzer

Oh, and did you know that well over 3,000 sites have rolled out installations of CounterSpy Enterprise? You might ask yourself: "Is Sunbelt also downgrading their threat definitions to "ignore" for Claria and other adware like Microsoft is doing in their Windows Antispyware?". The answer is NO, we ignore Microsoft's threat scoring values. We only use their threat data (the file names, and locations where malware is found, etc.). We have not downgraded our Claria or other adware recommendations and do not plan to, unless they shape up, get straight and behave like decent Internet citizens.

PS, the MS/Claria deal is dead, MS was concerned about the PR fallout that could follow a Claria purchase. Darn right.

Dual Spam Detection Engines For iHateSpam for Exchange

NEW: The V1.7 delivers the only "dual-engine" tool for Exchange environments. The new version 1.7 delivers the industry's only system with dual spam detection engines. It allows you to specify the Sunbelt antispam engine, the Cloudmark antispam engine, or both. The new version is available immediately for the server version of iHateSpam. Read the article in the Third Party Section.

Quotes Of The Week:
"A friend is someone who will help you move. A real friend is someone who will help you move a body." -- Unknown
"Cowards die many times before their actual deaths." -- Julius Caesar

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

  TECH BRIEFING

Open Source vs. Windows: Security Debate Rages

I received the print version of NetworkWorld and saw a very interesting article about an independent organization that compared open source versus Windows security. A research firm called Security Innovation evaluated both and found this quite interesting information comparing a web server running Windows to one on Red Hat with Apache:

WINDOWS
Web server role: Windows 2003, IIS 6.0, SQL Server 2000, and ASP.NET: Vulnerabilities needing patches, 2004: 52 Average "days of risk" before patch: 31.3

OPEN SOURCE
Web server role: Red Hat Linux 3.0, Apache Web server, MySQL and PHP: Vulnerabilities needing patches, 2004: Minimally configured Linux, 132. Default configuration, 174 Average "days of risk" before patch: 69.6. Default configuration, 71.4.

That's twice the average amount of "days of risk". Wow. There's way more detail in the article here:
http://www.w2knews.com/rd/rd.cfm?id=050718TB-Security_Debate

July 29th: System Admin Appreciation Day!

Mark your calendar for System Administrator Appreciation Day. Celebrated annually on last Friday of July. This is an international holiday for System Administrators. Please visit the website for complete information about the holiday. The purpose of this website is to announce the 6th annual celebration of the System Administrator Appreciation Day.
http://www.w2knews.com/rd/rd.cfm?id=050718TB-SysAdminDay

New MS Security Bulletins Are Out

Redmond released three patches for critical security flaws in the IE, Word and a feature of the Windows OS used by a many apps. Here is the link to the MS Technet issue:
http://www.w2knews.com/rd/rd.cfm?id=050718TB-Bulletins

Microsoft Certification Is Getting Tougher

The SearchWin2000 site has a good article about MS introducing sweeping changes to some of its certification programs that will eventually trickle down to the popular IT professional credentials by the time the next versions of the Windows client and server, code-named Longhorn, ship in 2006 and 2007. The Cisco Certified Internet Expert (CCIE) credential places an emphasis on hands-on lab work over book smarts, a quality that Microsoft's MCSE and MCSA currently lack, some say.

Exam content will have a sharper focus and be more challenging, according to Al Valvano, lead product manager of Microsoft Learning. The first credentials to be revamped will be within the technology series of exams aimed at database administrators and developers, in support of the release of SQL Server 2005 and Visual Studio 2005 on Nov. 7.

Microsoft is retooling these certifications to reflect specific duties and more diverse job roles than the earlier certification program was able to capture, Valvano said. The certifications will have more of a natural alignment of credentials to job postings. To achieve certification, paths for each will be shorter and the content of the exams will be more granular. To find out what this means for your own certification, check:
http://www.w2knews.com/rd/rd.cfm?id=050718TB-MS_Cert

Learning Guide: SQL Server Security

SQL Server is a popular target to Internet hackers seeking to exploit operating systems, take control of SQL Server services and gain access to data. Make sure SQL Server is locked down from the get-go and continually hardened to prevent such attacks. This Learning Guide will help show you the way. (SearchSQLServer)
http://www.w2knews.com/rd/rd.cfm?id=050718TB-SQL_Security

New W2K3 Server Performance Advisor

The newest version of Windows Server 2003 Performance Advisor has some useful additions, like analysis templates and trend reporting.
http://www.w2knews.com/rd/rd.cfm?id=050718TB-W2K3_SPA

  NT/2000 RELATED NEWS

No Budget For Upgrades? Microsoft Can Help

At the Worldwide Partner Conference 2005, Microsoft took the wraps off Microsoft Financing, a payment program that customers can use to get the Windows technologies they need to develop their IT infrastructures. Microsoft's financing program gives customers a way to foot the bill for an entire infrastructure upgrade -- hardware, software and consulting services -- that many companies find hard to do at one time. Customers can also choose to finance software only. More at the SearchWin2000 site:
http://www.w2knews.com/rd/rd.cfm?id=050718RN-MS_Financing

Redmond Claims It Will Make Longhorn Targets

Mary Jo Foley reported at the Microsoft Watch site that Beta 1 of Longhorn is still on track for this summer. Microsoft spokesman Sanjay Parthasarathy reiterated that Longhorn Beta 1, which will not include the new user interface bits, is due this summer. Beta 2, which will showcase the new interface, is due out some time in the first part of 2006. The final Longhorn client release is still, as of now, due out in the latter half of 2006.

Microsoft Sets Pricing For Disk-to-Disk Backup

The new DPM software will go RTM in the next 4 weeks, and you can buy it Octoberish. Licensing will look like MS MOM 2005, with a server/agent model. For $950, you can get one DPM server to protect three file servers. Additional agent licenses are volume based. DPM will be proudly sporting the "System Center" label, a new brand that contain all of MS's system management tools like MOM and SMS. Don't expect hot backup for Exchange and SQL, that's going to be a few years down the road. I would take Double-Take for that any day of the week.

OS/2 Finally Put To Rest

OS/2, the Operating System that could have been the new Windows, and the issue that caused the decade-long animosity between Redmond and Armonk is now sleeping with the fishes. OS/2 was mainly used by large financial institutions so it took IBM a long time to put it to bed, support contracts that last forever are common in that market. IBM has quietly but at a steady pace been retiring all their middleware tools that ran on OS/2. More at:
http://www.w2knews.com/rd/rd.cfm?id=050718RN-OS_2

  THIRD PARTY NEWS

Dual Spam Detection Engines For iHateSpam for Exchange

NEW: The V1.7 delivers the only "dual-engine" tool for Exchange environments.

The new version 1.7 delivers the industry's only system with dual spam detection engines. It that allows you to specify the Sunbelt antispam engine, the Cloudmark antispam engine, or both. The new version is available immediately for the server version of iHateSpam.

Version 1.7 utilizes both heuristics and a signature probability scoring method, taking spam detection to the next level. It uses the award-winning iHateSpam for Exchange heuristic engine and the latest Cloudmark signature engine that incorporates hourly updates. With the integration of dual spam detection engines, iHateSpam for Exchange now delivers even greater spam detection with current tests reporting almost 100% spam detection with less then 1% false positives when both engines are used.

"This new version is a breakthrough in providing multiple technology methods to fight spam in a single solution," said Alex Eckelberry, president of Sunbelt Software. "We are excited to offer a dual-engine approach that provides our customers with a choice in how to best protect their users from spam."

Here is an extract from the results one of the beta testers:

"I've been beta testing IHS SE v1.7 for about a month now and have had great success. This version utilizes the "dual engine" model. It uses the old Giant (v1.5 IHS) engine (but with updated definitions) and the latest CloudMark (v1.6 IHS) engine.

"When I initially upgraded my production environment to v1.6, I was getting the well known (5) score something fierce. I ended up downgrading my servers to v1.5 to keep my user community happy. In the meantime, I built a test Exch 2k3 server and soon loaded v1.7 on the box. I took my 5 highest SPAM "receivers" and forward a copy of all their mail to this test server. The results have been unbelievable. It has caught nearly every message and had very few false positives. Here are some "rough" stats:

  • False Positives: slightly over .5% (that is half a percent truly unbelievable)
  • Missed SPAM (made it into the inbox): Really none - I've had maybe 5 over the past 3 weeks
  • SPAM Volume: My test user gets between 1,000 and 1,400 SPAM emails a day with about 100 legit emails

"Overall - the results have been outstanding and I cannot wait to put it into production when it is released to the general public."

Later this year, iHateSpam for Exchange will be upgraded to Sunbelt's new messaging security framework that will provide additional features, including antivirus, attachment filtering and content inspection. Check the FAQ how to run iHateSpam V1.7 with two engines and how the scoring system works.
http://www.w2knews.com/rd/rd.cfm?id=050718TP-iHateSpam_SE

SNSI Database Vulnerability Update

To update from within the SNSI console, select Settings, enter your full registration key and click on Check Now button. New vulnerability updates for this release include:


 ID         Name
L872   Unace - File extraction/Long CLI options - SuSE
L873   Horde - Cross-Site Scripting - SuSE
L874   Java2 - Web Start/Permissions - SuSE
S311   Java Web Start applet privilege management - Solaris
S312   Java JRE applet privilege management - Solaris
S313   DVD/CD access panic - Solaris  10_x86
S314   Lpadmin directory traversal issues - Solaris 7 - 9
S315   Kernel disk driver size constraint  - Solaris 7-10_x86
W2538  IE Cumulative Patch Missing (June 2005) - NT 4.0
W2539  HTML Help Input Data Validation Vulnerability - NT 4.0
W2540  ISS Workgroup Manager Detected
W2541  Server Message Block Packet Vulnerability - NT 4.0
W2542  Interactive Training  Bookmark Link Vulnerability - NT 4.0
W2543  Outlook Express Cumulative Patch (June, 2005) Missing - NT 4.0
W2544  Veritas Backup Exec Remote Agent Vulnerability
W2545  JPEG Processing (GDI+) Vulnerability - .NET Framework 1.1
W2546  Antivirus Gold Detected
W2547  Adobe Reader XML External Entity Vulnerability
W2548  Adobe Acrobat XML External Entity Vulnerability
W2549  WinLogonEXE Browser Hijacker Detected
W2550  RealPlayer Multiple Security Vulnerabilities

Updated Checks
W1142,W1986,W1999,W2067 - Anti-Virus
W1756,W2059,W2060,W2250,W2273,W2428,W2503 - Revised Logic
S297 Revised Logic

Additions
L871 - added tests for Fedora, and Mandriva

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories. Download a 30-day eval at:
http://www.w2knews.com/rd/rd.cfm?id=050718TP-SNSI

ITtoolbox Enterprise Spyware Survey

ITtoolbox has released their enterprise spyware survey. The findings were:

Corporations are still underutilizing available solutions for its detection and removal. 88% had detected spyware on their corporate network but only 52% had purchased and were using an anti-spyware software solution.

  • Increased spam, network congestion, and network crashes were the top three security issues that corporations face as a result of spyware.
  • 63% of respondents stated that their organization had spyware adequately controlled, but would benefit from improvements in spyware detection and removal.
  • Pop-up ads, other Web sites, and drive-by downloads were the top three ways spyware gained access to corporate networks.

Full article here:
http://www.w2knews.com/rd/rd.cfm?id=050718TP-Spyware_Survey

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  PRODUCT OF THE WEEK

iHateSpam for Exchange: The Best Made Better.

iHateSpam for Exchange is still the best selling antispam tool in the USA. It's a multi-year-in-a-row winner of the WindowsIT Pro Reader's Choice. It now comes with TWO antispam engines. One is signature based, the other heuristic: the best of both worlds! Buy iHateSpam for Exchange now, and get grandfathered into its V2.0, which will have plug-in options for anti-virus, filtering for attachments, content, server-based auto-replies and for disclaimers. Well over 5,000 enterprise installations. Your end-users will love it. Get your full-feature 30-day eval here:

http://www.w2knews.com/rd/rd.cfm?id=050718PW-iHateSpam_SE