- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 17, 2005 (Vol. 10, #42 - Issue #547)
Cybersecurity: We Are On Our Own
  This issue of W2Knews™ contains:
    • Cybersecurity: We Are On Our Own
    • Admin Tools We Think You Shouldn't Be Without
    • E-mail Archiving: Hot Or Not?
    • Fast Guide: Avoiding Data Integrity Gotchas
    • The Ins And Outs Of Server 2003's Backup Utility
    • Configuring Database Size Limits For Exchange SP2
    • Securing Domain Controllers
    • Microsoft Adopts Virtual Licenses
    • Exploit Already Available For Windows Vulnerability
    • NSI Gets Exchange Advanced Solutions Competency
    • Survey: Users Unhappy With Vendors' Software Licensing
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Need An Affordable World Class Vulnerability Scanner?
  SPONSOR: Is Your Antivirus Effective at Detecting Spyware?
The leading AV companies now claim they catch spyware but in
reality, their results are not even close to stand-alone tools.

You cannot afford to have a false sense of security when your
organization's security and compliance is at stake! Try CounterSpy
Enterprise with the best antispyware database in the industry.
Visit Is Your Antivirus Effective at Detecting Spyware? for more information.

Cybersecurity: We Are On Our Own

Two seemingly disparate events happened this week, but in the end you may find they have more in common than you'd think. To start with, this week, CNET asked itself in an article on their website if the Department of Homeland Security's Cybersecurity functions are in danger of becoming another FEMA disaster, meaning reacting sluggishly to a cyber threat.

Well folks, of course! Do we expect this vast bureaucracy run by a former lawyer to protect us from a national cybersecurity threat? Hah! We're on our own. We're each going to have to take responsibility for our own security and in that way help the national cybersecurity. And this brings me to subject number two: How is Redmond going to help with this?

Not a lot, actually it looks like they are not helping at all. An essential part of national security is a healthy ecosystem of security software developers. Here are two reasons why Microsoft is damaging this (and to a large part also their own) ecosystem:

  1. They recently announced their Microsoft Client Protection (MCP) for enterprises and the OneCare product for consumers. The problem with that is that Microsoft can't both work with partners and consume the markets of these partners at the same time. Result: destruction of the valuable Microsoft Windows ecosystem. It would be much better that MS enables its partners to do a better job. Steve, leave some room for third party developers and don't make security a new profit center.

  2. Microsoft still approaches security the wrong way: band-aids. The real problem is with the underlying Windows architecture. If they would (have) fix(ed) THAT, they wouldn't have to buy companies like Giant, GeCAD and Sybari. Microsoft, fix the fundamentals! And charging cash for these add-ons that protect PCs against flaws in its own OS? Smells like conflict of interest to me. Ask yourself the question: "Why improve the fundamentals if you can make money selling 'protection'?

So, how do we keep our networks safe in the long term? By having an MS-ecosystem that is alive and well. A lot of third party developers that create great security products for the Windows platform are crucial for our own- and the national cybersecurity. And how do you keep your Windows ecosystem healthy? Think strategic, vote with your wallet and be "eco-friendly" in a new way; support your third party developers, who will do their best to write great code!

Quotes of the Week:
"Neither fire nor wind, birth nor death can erase our good deeds." -- Siddhartha Buddha
"Humanity is acquiring all the right technology for all the wrong reasons." -- Buckminster Fuller

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


E-mail Archiving: Hot Or Not?

Compliance issues have increased the requirements for e-mail retention. But budgetary constraints and other time-sensitive projects keep e-mail archiving on the back burner for many companies. Interesting story at the SearchWin2000 site:

Fast Guide: Avoiding Data Integrity Gotchas

You may perform a number of tasks for data integrity's sake, assuring that data can only be accessed or modified by those authorized to do so. Yet improperly performing such tasks can harm your data. This fast guide offers tips and tricks to ensure and maintain data integrity, with a particular focus on avoiding the "gotchas" that can compromise your data. You can find this at the SearchSQLServer site:

The Ins And Outs Of Server 2003's Backup Utility

Even though they are listed as "advanced" options, the items on the Advanced Restore Options menu are fundamental to backing up using the Windows Server backup utility. (SearchWinSystems.com)

Configuring Database Size Limits For Exchange SP2

Exchange SP2 brings the ceiling of an Exchange database up to 75 GB for Standard and 8000 GB for Enterprise. But there are still configurable size limitations you should be aware of. Article at SearchExchange.com:

Securing Domain Controllers

Domain controllers are essential to keeping Active Directory running. Contributor Derek Melber recommends these Group Policy settings to lock down your DC at SearchWindowsSecurity.com:


Microsoft Adopts Virtual Licenses

Redmond announced this week dramatically less expensive virtual licensing terms for future Windows Server versions. "Virtualization is one of the new technologies we've seen customers adopt to enable their move to more flexible systems," Bob Kelly, the general manager of infrastructure server marketing for the Windows Server Group at Microsoft, told Paul Thurrott in a recent briefing. "It really helps customers drive up their usage of existing servers. Today, most existing servers see only 15 to 25 percent usage."

The new terms are simple. Windows Server 2003, Enterprise Edition R2 customers will be able to run up to four more copies of that same OS inside VMs at no additional cost. That saves 16 Grand. And with Longhorn Server Datacenter Enterprise this will be unlimited. The deal includes SQL Server, BizTalk Server, and Internet Security & Acceleration Server. Read Paul Thurrott's full article here:

Exploit Already Available For Windows Vulnerability

Yup, that is fast!! Fixed just this Tuesday and now an exploit has been found. Security assessment vendor Immunity discovered a way to exploit this bug, and now a lot of people are concerned that a new worm attack, very similar to last August's Zotob outbreak, may be starting any day.

The bug primarily affects users of W2K, the Zotob worm targets that same platform. This time it's the Microsoft Distributed Transaction Coordinator (MSDTC), which is used by database software to help manage transactions.

Microsoft this week rated the vulnerability as critical for W2K users and said that, if exploited, it could be used to seize control of an unpatched system. GET THOSE PUPPIES PATCHED.


NSI Gets Exchange Advanced Solutions Competency

NSI, the developer of Double-Take, announced this week that it has attained Microsoft Advanced Infrastructure Solutions Competency status for Exchange, recognizing their expertise and total impact on this technology segment. Partners with Advanced Infrastructure Solutions Competency receive a rich set of benefits, including access, training and support, giving them a competitive advantage in the marketplace.

As a longstanding Microsoft Gold Partner, they have now demonstrated in accordance with Microsoft standards our unique expertise in helping to continuously protect Exchange. This is even more significant in that they are one of only a few replication vendors to achieve this prestigious standing.

Survey: Users Unhappy With Vendors' Software Licensing

Linda Leung at NetworkWorld reported that less than one-third of user organizations polled in a recent licensing survey said that they are satisfied with their vendor's pricing and licensing strategy, despite more than two-thirds of independent software respondents saying that they had changed their pricing and/or licensing policies in the past two years, with the majority changing to improve customer relationships.

In August and September, licensing management tools company Macrovision, the Software & Information Industry Association and the Centralized Electronic Licensing User Group surveyed 232 senior IT executives from user organizations and 252 software vendors.

The report, which was released Monday at SoftSummit 2005 in Santa Clara, found that 53% of enterprises strongly favor the concurrent-user licensing model, in which products are licensed based on how many users access the software simultaneously, and that preference has grown 11% over last year.

In terms of pricing, the report notes that vendors are "moving aggressively towards subscription-based licensing models" in which users pay for licensing with a recurring fee, as the number of vendors offering this method increased 7% to 40% over last year and is expected to increase to 60% in 2007. The report suggests that while the majority of enterprises prefer to purchase software through perpetual licensing, they seem to be softening their resistance to subscription pricing, with 43% now preferring that method, an increase of 7% over last year.

The full article is at the Network World site:


This Week's Links We Like. Tips, Hints And Fun Stuff


Need An Affordable World Class Vulnerability Scanner?

Looking for a world class vulnerability scanner, licensed by Admin seat instead of by IP? SNSI is 2005 WinITPro Reader's Choice. This is a multi-platform, literally military strength scanner with a truly excellent database that gets updated by a very strong team of anti-hackers on a very regular basis. You'd be surprised how many three letter U.S. Government agencies are using this same database to protect their networks. Try it free for 30 days.