- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 1, 2005 (Vol. 10, #31 - Issue #536)
Lots Of Interesting Stuff This Week
  This issue of W2Knews™ contains:
    • Hackers Now Aim At Popular Software
    • The New 'Ctrl-Alt-Del' / CounterSpy On VISTA
    • FDIC To Banks: Protect Against Spyware!
    • Admin Tools We Think You Shouldn't Be Without
    • Notorious Spammer Found Dead
    • PC Growth Highest Ever in History
    • Internal Security Attacks On The Rise?
    • ISS Researcher Quits Job To Detail Cisco Flaws
    • PGP Creator Cooks Up Net Phone Protection
    • Why's My Network Not Working...Coronal Mass Ejections?
    • Remotely Manage Exchange
    • Lots Of New Microsoft Docs Available!
    • Microsoft "Genuine Advantage" Cracked In 24 Hours
    • Windows Security Toolbox: Our Experts' Favorite Freeware
    • Microsoft Tackles Two Windows Betas At Once
    • CounterSpy Enterprise vs. Symantec and Trend
    • Sunbelt Refuses To Delist WhenU, Instead Adjusts Some Threat Levels
    • Leading Spyware Researcher Joins Sunbelt Software
    • SANS Top20 Q2 2005 Critical Vulnerability Update
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Got No Time To Compare Products You Need?
  SPONSOR: iHateSpam for Exchange: The Best Made Better
According to IDC, the worldwide volume of spam messages sent
daily jumped from 7 billion in 2002 to 23 billion in 2004.
iHateSpam for Exchange is still the best selling antispam tool
in the US and now comes with TWO antispam engines. One is
signature based, the other heuristic: the best of both worlds!
Version 1.7 delivers greater detection with nearly 100% spam
detection & low false positives using both engines. Get the
30-day Eval.
Visit iHateSpam for Exchange: The Best Made Better for more information.
DANG this week was busy! This issue is Chock-full of all kinds of very interesting stuff. Take some time to read all the news, we have a whole slew of useful downloads, and the fave links are also pretty good. Here goes:

Hackers Now Aim At Popular Software

This was the exact title of an article in the Wall Street Journal this week. That's very good news, management is finally waking up to the fact that patches are not only required for the OS. Of course I have been saying this for the last few years, but it takes a while for upper management at large to wake up to this. Running free MS tools like WSUS for patching is of course a must, but it ain't enough! You cannot lock the door to hackers if you do not know which holes are still open. That is why the Sunbelt Network Security Inspector is so popular; it scans for vulnerabilities in dozens of popular third party applications. and it's licensed by Admin (not by IP) so it is affordable!

The New 'Ctrl-Alt-Del' / CounterSpy On VISTA

With the new name of Windows being Vista, 'ctrl-alt-del' will now be known as : 'hasta la vista' [grin] And since we are a Microsoft Gold Partner, we grabbed a copy of the VISTA beta, and tested the consumer version of CounterSpy. With a small mod in the setup, it ran like a charm. Here are the screens!

FDIC To Banks: Protect Against Spyware!

The FDIC last Friday urged banks to enhance their protections against spyware, to limit the risk that customers' personal data may be stolen. The guidance from the Federal Deposit Insurance Corp. comes amid a growing stream of reported incidents of the theft or exposure of personal customer data. Even if you are not a bank, your organization cannot afford penetration of your databases.

Quotes Of The Week:
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." -- Rich Cook
"The true measure of a man is how he treats someone who can do him absolutely no good." -- Samuel Johnson

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


Notorious Spammer Found Dead

The story was all over the press this week. Vardan Kushnir, a notorious Russian spammer who owned a series of outfits variously called "the English Learning Centers", the "Center for American English", and more scammy sounding names, was found dead in his Moscow apartment on Sunday. He died after suffering repeated blows to the head. OK, I will say what many people are thinking. "One down. Nine Million to go". Spammers are bastages.

PC Growth Highest Ever in History

Worldwide PC shipments totaled 48.9 million units in the second quarter of 2005, a 14.8 percent increase from the same period last year, according to preliminary results by Gartner, Inc. The PC market exceeded Gartner's previous projections by 3 percentage points.

"Demand for mobile form factors accelerated sales during the second quarter," said Charles Smulders, vice president of Gartner's Computing Platforms Worldwide Group. "Aggressive price cutting was also a significant factor in driving demand for desktop PCs."

Dell extended its lead in the worldwide market, accounting for 17.9 percent of global PC shipments. Dell experienced much higher growth rates outside of the United States, but it also grew ahead of the market rate in its domestic market, where the bulk of its shipments are made.

Internal Security Attacks On The Rise?

Deloitte and Touche recently did some interesting research among its large customers. A short summary of the findings:

1- Fewer of the top 100 financial institutions experienced IT security breaches. The number was down to 33 percent this year, compared with 83 percent last year.

2- Internal IT security breaches more than doubled.

As for the drop in security incidents, nothing incredibly significant has changed in the IT security landscape to account for it; it may be due to additional experience in identifying and dealing with such attacks. It's also noteworthy that over the past 12 months there hasn't been a significant world-wide IT security event, which may have accounted for many of the past year's reports of external IT security breaches. With fewer external events to focus security teams on, it's also possible that they had more time to concentrate on discovering internal IT security events.

It's hard to say whether the increase in internal breaches is the result of better investigations, discovering the internal component of what may have previously been believed to be a completely external attack, or that attackers are putting more effort into involving an internal person. The survey:

And here is a link to the Top 10 Ways you can help prevent ID theft:

ISS Researcher Quits Job To Detail Cisco Flaws

It's all over the press. Internet Security Systems Inc. research analyst Michael Lynn quit his job to provide information on a serious Cisco Systems Inc. router vulnerability at this week's Black Hat USA conference, after his company decided not to give a presentation on the flaw.

Lynn felt compelled to quit his job Wednesday morning so that he could give the talk, because the Cisco security issues are of vital importance to the Internet's health. "This is the right thing to do," he said, speaking to Black Hat attendees, who punctuated his talk with applause. "When you attack the router, you gain control of the network."

Lynn described a now-patched flaw in the Internetwork Operating System (IOS) software used to power Cisco's routers, as well as the steps he used to gain control of a router. Although Cisco was informed of the flaw by ISS and patched its firmware in April, users running older versions of the company's software are at risk, he said." Rest of the story at ComputerWorld:

PGP Creator Cooks Up Net Phone Protection

Phil Zimmermann hopes that his secure Net phone-calling efforts will be as successful as his Pretty Good Privacy e-mail encryption program. Zimmermann has developed a prototype of an Internet telephony application that encrypts calls to prevent eavesdropping. He unveiled the prototype on Thursday at the Black Hat Briefings security industry conference in Las Vegas. News.com has the story:

Why's My Network Not Working...Coronal Mass Ejections?

Could be! These things cause massive magnetic disturbances. Read the article at the NASA site, make sure to watch the video at the end of the article!

Remotely Manage Exchange

There are two different methods you can use to remotely manage your Exchange servers -- remote desktop or an HTML-based terminal server session. Learn about both methods and the pros and cons of each. [SearchExchange.com]


Lots Of New Microsoft Docs Available!

Redmond has released a great deal of documentation in the past few months. Here's a list of all the new stuff:

  1. The Administrator Accounts Security Planning Guide
  2. The Secure Access Using Smart Cards Planning Guide
  3. The Security Monitoring and Attack Detection Planning Guide
  4. The Services and Service Accounts Security Planning Guide
  5. Implementing Quarantine Services with VPN Planning Guide
  6. Configuring Exchange SMTP Gateways at Microsoft Note on IT

Microsoft "Genuine Advantage" Cracked In 24 Hours

This week, Redmond has gone live with their anti-piracy code and has made it mandatory for all users wanting to use its popular "Update" sites. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours. Before pressing 'Custom' or 'Express' or download buttons, one can paste a small piece of javascript in your browser's address bar and press enter. It turns off the trigger for the key check! The code is already on the Net, but I expect MS will fix this relatively fast.

Windows Security Toolbox: Our Experts' Favorite Freeware

Who doesn't like freebies? The right price doesn't necessarily guarantee security, but the security experts at SearchWindows Security.com come close with their top five lists of free Windows security tools.

Microsoft Tackles Two Windows Betas At Once

Initial test versions were released last week for both Windows Vista and its operating system cousin, Longhorn Server. At this point, the server and client code are more like twins. Story over at SearchWin2000.com


CounterSpy Enterprise vs. Symantec and Trend

Some people are asking us: "Well I already use Symantec (or Trend) and they now have built-in spyware." How does your product compare? Instead of stating the obvious, (our spyware database is waaaay better because we get the definitions from three sources including Microsoft) let's quote an eWeek article:

"Symantec Client Security 3.0 (www.symantec.com) bundles a full range of client security software, including anti-virus, desktop firewall and anti-spyware capabilities. Management tools are familiar and sound. Unfortunately, deficiencies with the anti-spyware cleaning and blocking routines make it difficult to recommend this solution for companies battling the spyware scourge."

"Trend Micro's OfficeScan 7.0 Client/Server Edition provided uninspiring spyware cleaning and protection during eWEEK Labs' tests. Management tools were adequate, but administrators may find the Web management console confining and unwieldy, particularly in multiserver deployments." Link to the article:

And if you want to be -really- sure you get the maximum amount of spyware detected (PC World's latest test showed CounterSpy getting "Clear Winner" status) grab our 30-day eval and see for yourself what CounterSpy finds that got left behind by the "big AV guys"

Sunbelt Refuses To Delist WhenU, Instead Adjusts Some Threat Levels

WhenU recently came to us, asking to be delisted. After extensive research, we determined that they had, indeed, cleaned up a lot of their practices. However, we will absolutely not be removing them from the database (it is near impossible to get delisted from the CounterSpy database, as a major market of ours is enterprise customers, and they don't look kindly at any types of adware).

We did, however, find that a number of their programs have reasonably acceptable levels of disclosure and are not installed by any nefarious means. For example, their WeatherCast program provides weather alerts, without any advertising popups and has adequate disclosure methods -- and surprisingly, a lot of people seem to actually want these little types of programs. So for those types of applications, we made them a low threat level, with a recommended action of Ignore (Ignore is probably the wrong term - we still detect and present the program to the user, but let the user make the choice to remove the application). This is the same type of rating that we use for programs like WeatherBug.

We are also re-examining the whole "Ignore" choice in the database, and will likely be changing this in the future so as to make it crystal clear to the user that we are not condoning a piece of adware -- rather we are simply giving them a choice in the event that they actually want it on their system.

Note that WhenU Save and SaveNow are both still staying as "Moderate Risk", with a default action of "Quarantine". If you're curious about our findings, you can review our whitepaper on WhenU at:

Leading Spyware Researcher Joins Sunbelt Software

Sunbelt Software is pleased to announce that renowned spyware researcher, Patrick Jordan, has joined Sunbelt Software as a Senior Spyware Research Analyst.

Jordan, also known as "webhelper" to the antispyware community, will provide research expertise to help identify and remove some of the most difficult spyware strains such as VX2/Transponder and CoolWebSearch.

Jordan brings a plethora of technology and research experience to Sunbelt, having managed and participated in many of the security forums dedicated to spyware research, detection and removal, including his own webhelper4u.com site. His experience in revealing the malicious mechanisms that transponder spyware uses to propagate itself has been beneficial to the antispyware community, particularly exposing practices by spyware authors that develop applications such as CoolWebSearch.

His expert research over the last several years on adware and spyware provides a firm foundation for accurate and reliable research testing that ultimately enables Sunbelt to continue to provide one of the best spyware threat databases in the industry.

"Being a part of a rapidly expanding security software developer and practicing spyware research is exciting," Jordan said. "There's definitely a buzz in the industry right now about Sunbelt, and I'm thrilled to be a part of it."

SANS Top20 Q2 2005 Critical Vulnerability Update

The SANS Institute and experts from the US, UK and Canadian governments and four private groups have identified the most critical new Internet security vulnerabilities discovered during the 2nd quarter of 2005. All organizations that rely on the Top20 as a list of "critical vulnerabilities" to be found and eradicated, should immediately verify with their vulnerability scanner vendor that the critical new vulnerabilities discovered in April - June as well as those discovered January through March, are included in their testing procedures and are rated at the highest level of criticality.

"These critical vulnerabilities are widespread and many of them are being exploited, right now, in our homes and in our offices," Alan Paller, SANS' director of research, said in a statement. "We're publishing this list as a red flag for individuals as well as IT departments. Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected."

SANS reports that the 422 new vulnerabilities discovered or reported this quarter represent an increase of 10.8% from the first quarter of 2005 [381] and an increase of nearly 20% from the second quarter of 2004 [352]' A lot of the hackers are going after flawed backup software, since the market is mature, consolidated and well penetrated. Link to SANS:

FYI, The Sunbelt Network Security Inspector (SNSI) is being continually updated with the SANS Top 20 list when it comes out. You can get a 30-day eval of SNSI here:


This Week's Links We Like. Tips, Hints And Fun Stuff


Got No Time To Compare Products You Need?

In that case, you should check out the TiPS-IT Product Comparison Guides. They cost a few hundred bucks, but save tremendous amounts of time as they create a grid of the specs that would otherwise cost hours and hours of testing and digging through the docs.

  • Collaboration Tools
  • Enterprise Antispam
  • Enterprise Antispyware
  • Enterprise Firewalls
  • Enterprise Search
  • Network Intrusion Prevention Systems
  • Patch Management
  • Web Content Management Systems
  • Wireless LANs

You can preview these grids (with usually just product) or purchase the Guides. You should check a few out at: