- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 7, 2005 (Vol. 10, #45 - Issue #550)
Microsoft Live; What's Up?
  This issue of W2Knews™ contains:
    • W2Knews Changes Name: WServerNews
    • Microsoft Live; What's Up?
    • Sunbelt Software Joins The Microsoft SecureIT Alliance
    • 2005 Halloween At Sunbelt
    • Yankee / Sunbelt 2005 Storage Survey
    • Admin Tools We Think You Shouldn't Be Without
    • Spies In The Server Closet
    • Mark Minasi's New Newsletter Is Out
    • Robot Wars - How Botnets Work
    • SQL Server 2005: To Be Or Not To Be An Early Adopter
    • 10 Steps To Justify/Plan Your Upgrade To SQL Server 2005
    • Understanding The GPC For Group Policy
    • Patch for Critical Microsoft Flaw Coming Tuesday
    • Microsoft Acquires FolderShare
    • SQL Server 2005: RTM at Last
    • Sony, Rootkits and Digital Rights Management Gone Too Far
    • Quest Intro's Availability Manager for Exchange 1.0
    • Printer Ink: Four Times More Expensive Than Champagne
    • NEW SNSI Vulnerability Database Update
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • "What I Want In Enterprise Antispyware"
  SPONSOR: Find Out How Much Spyware Your AV Skipped
The leading AV companies now claim they catch spyware but in
reality, their results are not even close to stand-alone tools.

You cannot afford to have a false sense of security when your
organization's security and compliance is at stake! Download
CounterSpy Enterprise and run it on your workstations. Find out
how much spyware your AV application skipped. CounterSpy has
the best antispyware database in the industry!
Visit Find Out How Much Spyware Your AV Skipped for more information.

W2Knews Changes Name: WServerNews

In the coming weeks, 'ye olde' W2Knews will be renamed and get a new jacket as well. At least, the HTML version that is. The TXT version will continue to appear as normal, (with a new name) but you will receive an invitation to update your profile as to TXT or HTML in the near future. Originally, we wanted to call it WinServerNews but after checking with MS lawyers they said that would cause copyright issues, so we decided to go with this name instead. Also, make sure that this new domain name: www.WServerNews.com (not live yet) and [email protected] are whitelisted in your antispam application. Thanks!

Microsoft Live; What's Up?

Microsoft unveiled new Internet initiatives, including a service called Windows Live that will incorporate email, blogging and instant-messaging tools.

Of course this is an offensive against Google. These new offerings are an attempt to tie Windows and Office to online advertising. A good example is Office Live, a bunch of online services aimed the SMB market with limited IT expertise. It includes Web-based email and software for collaborating online, and is created to complement MS-Office. It looks a lot like Google too, with a lot of white and empty space.

The new code is designed to be used on a personalized home page, at www.live.com, which is also linked to an online virus-scanning service called Windows Live Safety Center, that I'm sure will be a subscription service, the holy grail that MS has been after for years.

Sunbelt Software Joins The Microsoft SecureIT Alliance

As a MS-Gold Certified ISV Partner, Sunbelt announces this week it has become a member of the SecureIT Alliance. The SecureIT Alliance is an effort led by Microsoft to bring greater integration to enterprise security products, and to increase collaboration between its members.

"Sunbelt Software is an important new member to the SecureIT Alliance" said Bruce Burns, senior director at Microsoft Corp. "Through this new industry alliance we will work closely together to ensure our mutual customers have world class security solutions."

"By joining the SecureIT Alliance, Sunbelt Software strengthens its partnership with Microsoft and enables us to work together with leading industry security vendors to effectively secure the Microsoft platform," said Alex Eckelberry, president of Sunbelt Software.

2005 Halloween At Sunbelt

Want to see the majority of our 120 people in costume, taking a walk to the local Starbucks? Check out the video with the parade:

Yankee / Sunbelt 2005 Storage Survey

You are invited to take part in this important survey about trends in storage, what your own solutions are, and your plans for next year. This will take you a few minutes, but it's worth it. We will publish the results in a coming issue, and you will see what your peers are thinking, and plan for all kinds of storage solutions. Please fill it out!

Quotes of the Week:
"If people let government decide what foods they eat and what medicines they take, their bodies will soon be in as sorry a state as are the souls of those who live under tyranny." -- Thomas Jefferson
"Even if you're on the right track, you'll be run over if you just sit there." -- Will Rogers

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])


Admin Tools We Think You Shouldn't Be Without


Spies In The Server Closet

ComputerWorld had a good story this week. "The Supreme Court might have stirred up a big problem when it ruled that file-sharing networks such as Grokster could be sued if their members pirated copyrighted digital music and video. Now some programmers are pursuing so-called darknets, private, invitation-only networks that could create a new channel for corporate espionage." More:

Mark Minasi's New Newsletter Is Out

This month, you'll read about a nice and largely free service to help attack all of the bad kinds of stuff that makes it into your e-mail (I'd name them, but then your protection systems would toss out this mail!) -- a tool called SPF. And it probably won't cost you anything.

You'll also learn about a problem with group policy management console under x64, a nifty tool for creating and burning ISOs on XP, 2003 and Vista, and Mark announces their RSS support.

Robot Wars - How Botnets Work

I found a good article at the WindowSecurity.com site. Read it: "One of the most common and efficient DDoS attack methods is based on using hundreds of zombie hosts. Zombies are usually controlled and managed via IRC networks, using so-called botnets. Let's take a look at the ways an attacker can use to infect and take control of a target computer, and let's see how we can apply effective countermeasures in order to defend our machines against this threat.

What you will learn...

  • what are bots, botnets, and how they work,
  • what features most popular bots offer,
  • how a host is infected and controlled,
  • what preventive measures are available and how to respond to bot infestation.

What you should know...

  • how malware works (trojans and worms in particular),
  • mechanisms used in DDoS attacks,
  • basics of TCP/IP, DNS and IRC."


SQL Server 2005: To Be Or Not To Be An Early Adopter

SQL Server 2005 offers many new features, but do they outweigh the risks of trying out a new release? SQL Server expert Greg Robidoux offers help evaluating the new capabilities in light of your own needs. At the SearchWin2000 site:

10 Steps To Justify/Plan Your Upgrade To SQL Server 2005

The decision to upgrade to SQL Server 2005 may come down to upgrade cost and time versus business improvement and competitive advantage. Edgewood Solutions' Jeremy Kadlec outlines 10 steps to help you determine if an immediate upgrade is right or wrong for your outfit:

Understanding The GPC For Group Policy

Group Policy Expert Derek Melber clarifies the responsibilities of the Group Policy Container (GPC) in this tip about the structure of object and object properties. Over at SearchWin2000.com


Patch for Critical Microsoft Flaw Coming Tuesday

Redmond is planning to post one patch next week as part of its monthly Patch Tuesday security bulletin release cycle. The patch will fix a flaw in Windows with a maximum severity rating of critical. Read more at ENTMag:

Microsoft Acquires FolderShare

This week, MS bought a cute little product called FolderShare. With this tool, users can synch data on several computers, and check files via a browser. FolderShare is based on a website and a local component, the FolderShare Satellite. PC's that are hooked up will be automatically synchronized. Redmond will make this tool part of the new 'Live' offering. What they say on their site:

"Keep important files at your fingertips - anywhere. All file changes are automatically synchronized between linked computers, so you are always accessing the latest documents, photos, and files." Check it out at their website:

SQL Server 2005: RTM at Last

Last Thursday, October 27, Redmond announced the SQL Server 2005 release to manufacturing (RTM). If you have an MSDN Universal subscription you can download SQL Server 2005 at


Sony, Rootkits and Digital Rights Management Gone Too Far

Mark's Sysinternals Blog came up with a good one: "Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my "Unearthing Rootkits" article from the June issue of Windows IT Pro Magazine for more information on rootkits). The RKR results window reported a hidden directory, several hidden device drivers, and a hidden application. More at:

Quest Intro's Availability Manager for Exchange 1.0

This is a new product that ensures the continuous availability of e-mail send/receive functionality by automatically moving users to a defined Exchange server, where they will continue to receive uninterrupted service during the outage. Once service is restored, they are switched back to their original server with no data loss. The designated backup server can be any Exchange server in the enterprise, so no dedicated backup servers are required.

At the same time, the company introduced its new Performance Suite for Exchange, which includes Availability Manager and Quest Spotlight on Exchange. Together, these products address the critical need to avoid e-mail service disruption and maximize performance.

North American pricing for the Performance Suite for Exchange begins at $10 U.S. per managed mailbox. North American pricing for Availability Manager for Exchange begins at $8 U.S. per managed mailbox. Download:

Printer Ink: Four Times More Expensive Than Champagne

The NY Times wrote how the prices of printers have dropped up to 30 percent in the last few months due to a savage price war but the catch is that after you make an initial investment, you are going to pay at least 28 cents to 50 cents a print for home photos. The Times says "It does not take an advanced business degree for those consumers to see how printer manufacturers like Hewlett-Packard and Canon make their money. They use the "razor blade" business model. It is named from the marketing innovation of King C. Gillette, who in the early years of the last century sold razors for a low price but made all his money on the high-margin disposable razor blades. Printer manufacturers also use this tied-product strategy." This is no longer entirely true.

Based on private discussions with major printer company executives and sales persons, the fastest growing demands and requests from their customers and printer salesmen are for a solution to reduce the cost of printing, to account for it, to restrict it, that is low cost, easy to use and effective - they thought these answers just did not exist on the market. When they find out about Print Manager Plus, their problems are answered, one for one, we have been told over and over by these people.

The Times says why the cost of printing is a problem: the toner ink cost, "ounce for ounce, is four times the cost of Krug Clos du Mesnil Champagne, which sells for around $425 a bottle. Ink is about the same price as Joy perfume, considered to be one of the more pricey fragrances, at $158 for a 2.5-ounce bottle. After all, when this liquid gold is costing you $65 an ounce, you'll want to use every last drop."

The solution is to use Print Manager Plus - it is easy to use, pays for itself in a few weeks in saved toner and paper and is native to Windows. Your organization should invest in this software which actually will make you money. Whether you are an academic, government, or large corporate enterprise Print Manager Plus will work for you.

For Professional Services companies, i.e. Law Firms, Real Estate Firms, Architectural Firms. Print Manager Plus with Client Billing and Authentication can track your client printing and allow for recoup of those expenses. For more info or to download a fully functional eval:

NEW SNSI Vulnerability Database Update

The Sunbelt Network Security Inspector (SNSI) version was released November 3, 2005. To update from within the SNSI console, select Settings, enter your full registration key and click on Check Now button. When you look at these new vulnerabilities, you realize that you actually need a multiplatform scanner, and that you cannot really live without one. SNSI is licensed by admin, not IP, so you will get an affordable, world class scanner. Check these out:

ID	Name
H134	Kernel specific stack size induces crash - HP-UX 11.23 IA64
H135	HP OpenView Operations/VantagePoint JRE vulnerability
L969	Libuser - 4GB garbage writes/ DoS - RHE
L970	Ruby - Unsafe eval statements - RHE
L971	Openssl - Cache timing/MITM attacks - RHE
L972	Openldap/Nss_Ldap- hashed passwords -  RHE
L973	Netpbm - Graphics conversion - RHE
L974	Xloadimage - NIFF image titles - RHE
L975	Lynx - NNTP header handling - RHE
M63	Unsupported OS Version - Mac OS X
M64	Mac OS 10.4 not updated.
S348	OpenSSL rollback to weak protocols - Solaris
S349	Kernel file system privilege management panic induction - Solaris 10
S350	Kernel procfs may disclose existence of sensitive files - Solaris 10
S351	IP SCTP socket option processing system panic - Solaris 7 ,10
S352	NSS tools unzip files unsafely - Solaris
S353	Mozilla Multiple Vulnerabilities - Solaris 8 - 10
S354	Kernel memory mismanagement may lose data - Solaris 10_x86
S355	Oracle Enterprise Manager Grid Control Vulnerability
S356	Oracle Application Server Multiple Vulnerabilities
S357	Oracle E-Business and Application Suite Multiple Vulnerabilities
S358	Oracle Database Server Muktiple Vulnerabilities
S359	Oracle Collaboration Suite Multiple Vulnerabilities
W2645	Messenger Service Buffer Overrun - XP
W2646	Client Service for NetWare Vulnerability - NT 4.0
W2647	Plug and Play Validation Vulnerability - NT 4.0
W2648	Windows Shell .lnk Vulnerabilities - NT 4.0
W2649	DirectShow Unchecked Buffer Vulnerability - NT 4.0
W2650	Internet Explorer COM Object Vulnerability - NT 4.0
W2651	Web View Script Injection Vulnerability
W2652	Snort Back Oriface Preprocessor Vulnerability
W2653	Symantec AntiVirus Scan Engine Web Service Vulnerability
W2654	Oracle Enterprise Manager Grid Control Vulnerability - Windows
W2655	Oracle Application Server Vulnerabilities - Windows
W2656	Oracle E-Business and Applications Suite Vulnerabilities - Windows
W2657	Oracle Database Server Vulnerabilities - Windows
W2658	Oracle Collaboration Suite Vulnerabilities - Windows
W2659	VERITAS NetBackup Java Vulnerability

Updated Checks

MITRE CVE Revision: The Database was updated to reflect the Mitre Corp.'s CVE naming changes. Effective on 19 October, all CVE References will use the CVE- designator. The CAN- designator is phased out. SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories. To get the latest SNSI version, visit


This Week's Links We Like. Tips, Hints And Fun Stuff


"What I Want In Enterprise Antispyware"

"I have limited staff. I need a way to efficiently remove spyware infestations from workstations without having to visit each machine to run scans. I want the software to be centrally controlled. I want something that won't require the users to be rocket scientists to run.

"I want something that wouldn't slow the machines down worse than the spyware it was removing. Symantec doesn't appear to have sufficient spyware/adware tools. NAV and SWS were not able to isolate and remove the existing infestations. I want something that wouldn't prevent me from using DameWare and RemoteStart." G.P. - IT Manager

This is a factual email we received this week. And CounterSpy Enterprise fits the bill EXACTLY: