Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 7, 2005 (Vol. 10, #45 - Issue #550)
Microsoft Live; What's Up?
This issue of W2Knews contains:
- EDITORS CORNER
- W2Knews Changes Name: WServerNews
- Microsoft Live; What's Up?
- Sunbelt Software Joins The Microsoft SecureIT Alliance
- 2005 Halloween At Sunbelt
- Yankee / Sunbelt 2005 Storage Survey
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Spies In The Server Closet
- Mark Minasi's New Newsletter Is Out
- Robot Wars - How Botnets Work
- SQL Server 2005: To Be Or Not To Be An Early Adopter
- 10 Steps To Justify/Plan Your Upgrade To SQL Server 2005
- Understanding The GPC For Group Policy
- NT/2000 RELATED NEWS
- Patch for Critical Microsoft Flaw Coming Tuesday
- Microsoft Acquires FolderShare
- SQL Server 2005: RTM at Last
- NT/2000 THIRD PARTY NEWS
- Sony, Rootkits and Digital Rights Management Gone Too Far
- Quest Intro's Availability Manager for Exchange 1.0
- Printer Ink: Four Times More Expensive Than Champagne
- NEW SNSI Vulnerability Database Update
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- "What I Want In Enterprise Antispyware"
SPONSOR: Find Out How Much Spyware Your AV Skipped
The leading AV companies now claim they catch spyware but in
reality, their results are not even close to stand-alone tools.
You cannot afford to have a false sense of security when your
organization's security and compliance is at stake! Download
CounterSpy Enterprise and run it on your workstations. Find out
how much spyware your AV application skipped. CounterSpy has
the best antispyware database in the industry!
Visit Find Out How Much Spyware Your AV Skipped for more information.
W2Knews Changes Name: WServerNews
In the coming weeks, 'ye olde' W2Knews will be renamed and get
a new jacket as well. At least, the HTML version that is. The
TXT version will continue to appear as normal, (with a new name)
but you will receive an invitation to update your profile as to
TXT or HTML in the near future. Originally, we wanted to call it
WinServerNews but after checking with MS lawyers they said that
would cause copyright issues, so we decided to go with this
name instead. Also, make sure that this new domain name:
www.WServerNews.com (not live yet) and [email protected] are whitelisted
in your antispam application. Thanks!
Microsoft Live; What's Up?
Microsoft unveiled new Internet initiatives, including a service
called Windows Live that will incorporate email, blogging and
Of course this is an offensive against Google. These new offerings
are an attempt to tie Windows and Office to online advertising.
A good example is Office Live, a bunch of online services aimed
the SMB market with limited IT expertise. It includes Web-based
email and software for collaborating online, and is created to
complement MS-Office. It looks a lot like Google too, with a
lot of white and empty space.
The new code is designed to be used on a personalized home page,
at www.live.com, which is also linked to an online virus-scanning service called Windows Live Safety Center, that I'm
sure will be a subscription service, the holy grail that MS
has been after for years.
Sunbelt Software Joins The Microsoft SecureIT Alliance
As a MS-Gold Certified ISV Partner, Sunbelt announces this week
it has become a member of the SecureIT Alliance. The SecureIT
Alliance is an effort led by Microsoft to bring greater integration
to enterprise security products, and to increase collaboration
between its members.
"Sunbelt Software is an important new member to the SecureIT
Alliance" said Bruce Burns, senior director at Microsoft Corp.
"Through this new industry alliance we will work closely together
to ensure our mutual customers have world class security solutions."
"By joining the SecureIT Alliance, Sunbelt Software strengthens
its partnership with Microsoft and enables us to work together
with leading industry security vendors to effectively secure
the Microsoft platform," said Alex Eckelberry, president of
2005 Halloween At Sunbelt
Want to see the majority of our 120 people in costume, taking a
walk to the local Starbucks? Check out the video with the parade:
Yankee / Sunbelt 2005 Storage Survey
You are invited to take part in this important survey about
trends in storage, what your own solutions are, and your plans
for next year. This will take you a few minutes, but it's
worth it. We will publish the results in a coming issue, and
you will see what your peers are thinking, and plan for all kinds
of storage solutions. Please fill it out!
Quotes of the Week:
"If people let government decide what foods they eat and what
medicines they take, their bodies will soon be in as sorry a
state as are the souls of those who live under tyranny."
-- Thomas Jefferson
"Even if you're on the right track, you'll be run over if you
just sit there." -- Will Rogers
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
Spies In The Server Closet
ComputerWorld had a good story this week. "The Supreme Court might
have stirred up a big problem when it ruled that file-sharing
networks such as Grokster could be sued if their members pirated
copyrighted digital music and video. Now some programmers are
pursuing so-called darknets, private, invitation-only networks
that could create a new channel for corporate espionage." More:
Mark Minasi's New Newsletter Is Out
This month, you'll read about a nice and largely free service to
help attack all of the bad kinds of stuff that makes it into your
e-mail (I'd name them, but then your protection systems would
toss out this mail!) -- a tool called SPF. And it probably won't
cost you anything.
You'll also learn about a problem with group policy management
console under x64, a nifty tool for creating and burning ISOs
on XP, 2003 and Vista, and Mark announces their RSS support.
Robot Wars - How Botnets Work
I found a good article at the WindowSecurity.com site. Read it:
"One of the most common and efficient DDoS attack methods is based
on using hundreds of zombie hosts. Zombies are usually controlled
and managed via IRC networks, using so-called botnets. Let's take
a look at the ways an attacker can use to infect and take control
of a target computer, and let's see how we can apply effective
countermeasures in order to defend our machines against this
What you will learn...
- what are bots, botnets, and how they work,
- what features most popular bots offer,
- how a host is infected and controlled,
- what preventive measures are available and how to respond to
What you should know...
- how malware works (trojans and worms in particular),
- mechanisms used in DDoS attacks,
- basics of TCP/IP, DNS and IRC."
SQL Server 2005: To Be Or Not To Be An Early Adopter
SQL Server 2005 offers many new features, but do they outweigh the
risks of trying out a new release? SQL Server expert Greg Robidoux
offers help evaluating the new capabilities in light of your own
needs. At the SearchWin2000 site:
10 Steps To Justify/Plan Your Upgrade To SQL Server 2005
The decision to upgrade to SQL Server 2005 may come down to upgrade
cost and time versus business improvement and competitive advantage.
Edgewood Solutions' Jeremy Kadlec outlines 10 steps to help you
determine if an immediate upgrade is right or wrong for your outfit:
Understanding The GPC For Group Policy
Group Policy Expert Derek Melber clarifies the responsibilities of
the Group Policy Container (GPC) in this tip about the structure
of object and object properties. Over at SearchWin2000.com
NT/2000 RELATED NEWS
Patch for Critical Microsoft Flaw Coming Tuesday
Redmond is planning to post one patch next week as part of its
monthly Patch Tuesday security bulletin release cycle. The patch
will fix a flaw in Windows with a maximum severity rating of
critical. Read more at ENTMag:
Microsoft Acquires FolderShare
This week, MS bought a cute little product called FolderShare.
With this tool, users can synch data on several computers, and
check files via a browser. FolderShare is based on a website and
a local component, the FolderShare Satellite. PC's that are hooked
up will be automatically synchronized. Redmond will make this tool
part of the new 'Live' offering. What they say on their site:
"Keep important files at your fingertips - anywhere. All file changes
are automatically synchronized between linked computers, so you are
always accessing the latest documents, photos, and files."
Check it out at their website:
SQL Server 2005: RTM at Last
Last Thursday, October 27, Redmond announced the SQL Server 2005
release to manufacturing (RTM). If you have an MSDN Universal
subscription you can download SQL Server 2005 at
THIRD PARTY NEWS
Sony, Rootkits and Digital Rights Management Gone Too Far
Mark's Sysinternals Blog came up with a good one: "Last week when
I was testing the latest version of RootkitRevealer (RKR) I ran a
scan on one of my systems and was shocked to see evidence of a
rootkit. Rootkits are cloaking technologies that hide files,
Registry keys, and other system objects from diagnostic and
security software, and they are usually employed by malware
attempting to keep their implementation hidden (see my "Unearthing
Rootkits" article from the June issue of Windows IT Pro Magazine
for more information on rootkits). The RKR results window reported
a hidden directory, several hidden device drivers, and a hidden
application. More at:
Quest Intro's Availability Manager for Exchange 1.0
This is a new product that ensures the continuous availability of
e-mail send/receive functionality by automatically moving users to
a defined Exchange server, where they will continue to receive
uninterrupted service during the outage. Once service is restored,
they are switched back to their original server with no data loss.
The designated backup server can be any Exchange server in the
enterprise, so no dedicated backup servers are required.
At the same time, the company introduced its new Performance Suite
for Exchange, which includes Availability Manager and Quest Spotlight
on Exchange. Together, these products address the critical need to
avoid e-mail service disruption and maximize performance.
North American pricing for the Performance Suite for Exchange begins
at $10 U.S. per managed mailbox. North American pricing for Availability
Manager for Exchange begins at $8 U.S. per managed mailbox. Download:
Printer Ink: Four Times More Expensive Than Champagne
The NY Times wrote how the prices of printers have dropped up to 30
percent in the last few months due to a savage price war but the catch
is that after you make an initial investment, you are going to pay at
least 28 cents to 50 cents a print for home photos. The Times says "It
does not take an advanced business degree for those consumers to see
how printer manufacturers like Hewlett-Packard and Canon make their
money. They use the "razor blade" business model. It is named from the
marketing innovation of King C. Gillette, who in the early years of
the last century sold razors for a low price but made all his money
on the high-margin disposable razor blades. Printer manufacturers also
use this tied-product strategy." This is no longer entirely true.
Based on private discussions with major printer company executives and
sales persons, the fastest growing demands and requests from their
customers and printer salesmen are for a solution to reduce the cost of
printing, to account for it, to restrict it, that is low cost, easy to use
and effective - they thought these answers just did not exist on the
market. When they find out about Print Manager Plus, their problems are
answered, one for one, we have been told over and over by these people.
The Times says why the cost of printing is a problem: the toner ink cost,
"ounce for ounce, is four times the cost of Krug Clos du Mesnil Champagne,
which sells for around $425 a bottle. Ink is about the same price as Joy
perfume, considered to be one of the more pricey fragrances, at $158 for a
2.5-ounce bottle. After all, when this liquid gold is costing you $65 an
ounce, you'll want to use every last drop."
The solution is to use Print Manager Plus - it is easy to use, pays for
itself in a few weeks in saved toner and paper and is native to Windows.
Your organization should invest in this software which actually will
make you money. Whether you are an academic, government, or large corporate
enterprise Print Manager Plus will work for you.
For Professional Services companies, i.e. Law Firms, Real Estate Firms,
Architectural Firms. Print Manager Plus with Client Billing and
Authentication can track your client printing and allow for recoup of
those expenses. For more info or to download a fully functional eval:
NEW SNSI Vulnerability Database Update
The Sunbelt Network Security Inspector (SNSI) version 22.214.171.124 was
released November 3, 2005. To update from within the SNSI console,
select Settings, enter your full registration key and click on Check
Now button. When you look at these new vulnerabilities, you realize
that you actually need a multiplatform scanner, and that you cannot
really live without one. SNSI is licensed by admin, not IP, so you
will get an affordable, world class scanner. Check these out:
H134 Kernel specific stack size induces crash - HP-UX 11.23 IA64
H135 HP OpenView Operations/VantagePoint JRE vulnerability
L969 Libuser - 4GB garbage writes/ DoS - RHE
L970 Ruby - Unsafe eval statements - RHE
L971 Openssl - Cache timing/MITM attacks - RHE
L972 Openldap/Nss_Ldap- hashed passwords - RHE
L973 Netpbm - Graphics conversion - RHE
L974 Xloadimage - NIFF image titles - RHE
L975 Lynx - NNTP header handling - RHE
M63 Unsupported OS Version - Mac OS X
M64 Mac OS 10.4 not updated.
S348 OpenSSL rollback to weak protocols - Solaris
S349 Kernel file system privilege management panic induction - Solaris 10
S350 Kernel procfs may disclose existence of sensitive files - Solaris 10
S351 IP SCTP socket option processing system panic - Solaris 7 ,10
S352 NSS tools unzip files unsafely - Solaris
S353 Mozilla Multiple Vulnerabilities - Solaris 8 - 10
S354 Kernel memory mismanagement may lose data - Solaris 10_x86
S355 Oracle Enterprise Manager Grid Control Vulnerability
S356 Oracle Application Server Multiple Vulnerabilities
S357 Oracle E-Business and Application Suite Multiple Vulnerabilities
S358 Oracle Database Server Muktiple Vulnerabilities
S359 Oracle Collaboration Suite Multiple Vulnerabilities
W2645 Messenger Service Buffer Overrun - XP
W2646 Client Service for NetWare Vulnerability - NT 4.0
W2647 Plug and Play Validation Vulnerability - NT 4.0
W2648 Windows Shell .lnk Vulnerabilities - NT 4.0
W2649 DirectShow Unchecked Buffer Vulnerability - NT 4.0
W2650 Internet Explorer COM Object Vulnerability - NT 4.0
W2651 Web View Script Injection Vulnerability
W2652 Snort Back Oriface Preprocessor Vulnerability
W2653 Symantec AntiVirus Scan Engine Web Service Vulnerability
W2654 Oracle Enterprise Manager Grid Control Vulnerability - Windows
W2655 Oracle Application Server Vulnerabilities - Windows
W2656 Oracle E-Business and Applications Suite Vulnerabilities - Windows
W2657 Oracle Database Server Vulnerabilities - Windows
W2658 Oracle Collaboration Suite Vulnerabilities - Windows
W2659 VERITAS NetBackup Java Vulnerability
MITRE CVE Revision: The Database was updated to reflect the Mitre
Corp.'s CVE naming changes. Effective on 19 October, all CVE
References will use the CVE- designator. The CAN- designator is
phased out. SNSI uses the latest Mitre Common Vulnerabilities and
Exposures (CVE) list of computer incidents. It also contains the
latest SANS/FBI top 20 vulnerability list. SNSI also uses the
latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland
Security) advisories. To get the latest SNSI version, visit
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
"What I Want In Enterprise Antispyware"
"I have limited staff. I need a way to efficiently remove spyware
infestations from workstations without having to visit each machine
to run scans. I want the software to be centrally controlled. I
want something that won't require the users to be rocket scientists
"I want something that wouldn't slow the machines down worse than
the spyware it was removing. Symantec doesn't appear to have
sufficient spyware/adware tools. NAV and SWS were not able to
isolate and remove the existing infestations. I want something that
wouldn't prevent me from using DameWare and RemoteStart."
G.P. - IT Manager
This is a factual email we received this week. And CounterSpy
Enterprise fits the bill EXACTLY: