Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 17, 2005 (Vol. 10, #42 - Issue #547)
Cybersecurity: We Are On Our Own
This issue of W2Knews contains:
- EDITORS CORNER
- Cybersecurity: We Are On Our Own
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- E-mail Archiving: Hot Or Not?
- Fast Guide: Avoiding Data Integrity Gotchas
- The Ins And Outs Of Server 2003's Backup Utility
- Configuring Database Size Limits For Exchange SP2
- Securing Domain Controllers
- NT/2000 RELATED NEWS
- Microsoft Adopts Virtual Licenses
- Exploit Already Available For Windows Vulnerability
- NT/2000 THIRD PARTY NEWS
- NSI Gets Exchange Advanced Solutions Competency
- Survey: Users Unhappy With Vendors' Software Licensing
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Need An Affordable World Class Vulnerability Scanner?
SPONSOR: Is Your Antivirus Effective at Detecting Spyware?
The leading AV companies now claim they catch spyware but in
reality, their results are not even close to stand-alone tools.
You cannot afford to have a false sense of security when your
organization's security and compliance is at stake! Try CounterSpy
Enterprise with the best antispyware database in the industry.
Visit Is Your Antivirus Effective at Detecting Spyware? for more information.
Cybersecurity: We Are On Our Own
Two seemingly disparate events happened this week, but in the
end you may find they have more in common than you'd think. To
start with, this week, CNET asked itself in an article on their
website if the Department of Homeland Security's Cybersecurity
functions are in danger of becoming another FEMA disaster, meaning
reacting sluggishly to a cyber threat.
Well folks, of course! Do we expect this vast bureaucracy run by
a former lawyer to protect us from a national cybersecurity threat?
Hah! We're on our own. We're each going to have to take responsibility
for our own security and in that way help the national cybersecurity.
And this brings me to subject number two: How is Redmond going to
help with this?
Not a lot, actually it looks like they are not helping at all. An
essential part of national security is a healthy ecosystem of security
software developers. Here are two reasons why Microsoft is damaging
this (and to a large part also their own) ecosystem:
- They recently announced their Microsoft Client Protection (MCP)
for enterprises and the OneCare product for consumers. The problem
with that is that Microsoft can't both work with partners and consume
the markets of these partners at the same time. Result: destruction
of the valuable Microsoft Windows ecosystem. It would be much better
that MS enables its partners to do a better job. Steve, leave some
room for third party developers and don't make security a new profit
- Microsoft still approaches security the wrong way: band-aids.
The real problem is with the underlying Windows architecture.
If they would (have) fix(ed) THAT, they wouldn't have to buy
companies like Giant, GeCAD and Sybari. Microsoft, fix the
fundamentals! And charging cash for these add-ons that protect
PCs against flaws in its own OS? Smells like conflict of interest
to me. Ask yourself the question: "Why improve the fundamentals if
you can make money selling 'protection'?
So, how do we keep our networks safe in the long term? By having
an MS-ecosystem that is alive and well. A lot of third party
developers that create great security products for the Windows
platform are crucial for our own- and the national cybersecurity.
And how do you keep your Windows ecosystem healthy? Think strategic,
vote with your wallet and be "eco-friendly" in a new way; support
your third party developers, who will do their best to write
Quotes of the Week:
"Neither fire nor wind, birth nor death can erase our good deeds."
-- Siddhartha Buddha
"Humanity is acquiring all the right technology for all the wrong
reasons." -- Buckminster Fuller
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
E-mail Archiving: Hot Or Not?
Compliance issues have increased the requirements for e-mail
retention. But budgetary constraints and other time-sensitive
projects keep e-mail archiving on the back burner for many
companies. Interesting story at the SearchWin2000 site:
Fast Guide: Avoiding Data Integrity Gotchas
You may perform a number of tasks for data integrity's sake,
assuring that data can only be accessed or modified by those
authorized to do so. Yet improperly performing such tasks can
harm your data. This fast guide offers tips and tricks to
ensure and maintain data integrity, with a particular focus
on avoiding the "gotchas" that can compromise your data.
You can find this at the SearchSQLServer site:
The Ins And Outs Of Server 2003's Backup Utility
Even though they are listed as "advanced" options, the items
on the Advanced Restore Options menu are fundamental to backing
up using the Windows Server backup utility. (SearchWinSystems.com)
Configuring Database Size Limits For Exchange SP2
Exchange SP2 brings the ceiling of an Exchange database up to
75 GB for Standard and 8000 GB for Enterprise. But there are
still configurable size limitations you should be aware of.
Article at SearchExchange.com:
Securing Domain Controllers
Domain controllers are essential to keeping Active Directory
running. Contributor Derek Melber recommends these Group Policy
settings to lock down your DC at SearchWindowsSecurity.com:
NT/2000 RELATED NEWS
Microsoft Adopts Virtual Licenses
Redmond announced this week dramatically less expensive virtual
licensing terms for future Windows Server versions. "Virtualization
is one of the new technologies we've seen customers adopt to enable
their move to more flexible systems," Bob Kelly, the general manager
of infrastructure server marketing for the Windows Server Group at
Microsoft, told Paul Thurrott in a recent briefing. "It really
helps customers drive up their usage of existing servers. Today,
most existing servers see only 15 to 25 percent usage."
The new terms are simple. Windows Server 2003, Enterprise Edition R2
customers will be able to run up to four more copies of that same
OS inside VMs at no additional cost. That saves 16 Grand. And with
Longhorn Server Datacenter Enterprise this will be unlimited. The
deal includes SQL Server, BizTalk Server, and Internet Security &
Acceleration Server. Read Paul Thurrott's full article here:
Exploit Already Available For Windows Vulnerability
Yup, that is fast!! Fixed just this Tuesday and now an exploit has
been found. Security assessment vendor Immunity discovered a way
to exploit this bug, and now a lot of people are concerned that a
new worm attack, very similar to last August's Zotob outbreak,
may be starting any day.
The bug primarily affects users of W2K, the Zotob worm targets
that same platform. This time it's the Microsoft Distributed
Transaction Coordinator (MSDTC), which is used by database
software to help manage transactions.
Microsoft this week rated the vulnerability as critical for W2K
users and said that, if exploited, it could be used to seize control
of an unpatched system. GET THOSE PUPPIES PATCHED.
THIRD PARTY NEWS
NSI Gets Exchange Advanced Solutions Competency
NSI, the developer of Double-Take, announced this week that it has
attained Microsoft Advanced Infrastructure Solutions Competency
status for Exchange, recognizing their expertise and total impact
on this technology segment. Partners with Advanced Infrastructure
Solutions Competency receive a rich set of benefits, including
access, training and support, giving them a competitive advantage
in the marketplace.
As a longstanding Microsoft Gold Partner, they have now demonstrated
in accordance with Microsoft standards our unique expertise in
helping to continuously protect Exchange. This is even more
significant in that they are one of only a few replication vendors
to achieve this prestigious standing.
Survey: Users Unhappy With Vendors' Software Licensing
Linda Leung at NetworkWorld reported that less than one-third of
user organizations polled in a recent licensing survey said that
they are satisfied with their vendor's pricing and licensing
strategy, despite more than two-thirds of independent software
respondents saying that they had changed their pricing and/or
licensing policies in the past two years, with the majority
changing to improve customer relationships.
In August and September, licensing management tools company
Macrovision, the Software & Information Industry Association
and the Centralized Electronic Licensing User Group surveyed
232 senior IT executives from user organizations and 252
The report, which was released Monday at SoftSummit 2005 in
Santa Clara, found that 53% of enterprises strongly favor the
concurrent-user licensing model, in which products are licensed
based on how many users access the software simultaneously, and
that preference has grown 11% over last year.
In terms of pricing, the report notes that vendors are "moving
aggressively towards subscription-based licensing models" in
which users pay for licensing with a recurring fee, as the
number of vendors offering this method increased 7% to 40% over
last year and is expected to increase to 60% in 2007. The report
suggests that while the majority of enterprises prefer to purchase
software through perpetual licensing, they seem to be softening
their resistance to subscription pricing, with 43% now
preferring that method, an increase of 7% over last year.
The full article is at the Network World site:
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
Need An Affordable World Class Vulnerability Scanner?
Looking for a world class vulnerability scanner, licensed by
Admin seat instead of by IP? SNSI is 2005 WinITPro Reader's Choice.
This is a multi-platform, literally military strength scanner with
a truly excellent database that gets updated by a very strong team
of anti-hackers on a very regular basis. You'd be surprised how many
three letter U.S. Government agencies are using this same database
to protect their networks. Try it free for 30 days.