Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 10, #50 - Dec 12, 2005 - Issue #555
Major Jan 5, 2006 Sober Worm Outbreak Expected

  1. EDITORS CORNER
    • Major Jan 5, 2006 Sober Worm Outbreak Expected
    • 79% Said They Have Had Problems With Spyware
    • Quotes of the Week:
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • A False Sense Of Security
    • Microsoft Patch Day: 2 Bulletins on Tap
    • How To Deal With Delegated GPO Permissions?
    • New Enterprise Antispyware Product Comparison Guide
    • How To Maintain An Effective SQL Server DR strategy
    • Step-by-step Guide: Hack To Speed Up Security Scans
  4. WINDOWS SERVER NEWS
    • Windows Server 2003 R2 Goes To Manufacturing
    • FAQ: Exchange Server Backup And Recovery
    • New Certifications Will Become Reality In 2006
  5. WINDOWS SERVER THIRD PARTY NEWS
    • New SNSI Vulnerability Update
    • NeverFail vs. Double-Take Comparison Clarified
  6. WServerNews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - PRODUCT OF THE WEEK
    • The Sunbelt Kerio Personal Firewall
Free Instant Risk Analysis Report

The risks from unprotected Internet access can include more than just HTTP traffic.
You have to worry about IM and P2P applications
and a host of Internet-based threats such as malware, viruses and
worms. Our exclusive Risk Calculator takes your input and generates
a customized Risk Analysis Report immediately. Get your Free
Customized Risk Analysis Report today:
http://www.wservernews.com/051212-StBernard

EDITORS CORNER

Major Jan 5, 2006 Sober Worm Outbreak Expected

According to iDefense, a security consulting firm owned by Verisign, on Jan. 5, 2006, there will be a substantial outbreak of the Sober worm. This will come from already infected personal computers (zombies) and from newly infected computers.

If you don't have a personal firewall, get the free Kerio Firewall now. (Link below) It works full-fledged for 30-days and then reverts to Limited Mode, but still does a lot of essential protection. Sunbelt is in the process of acquiring this code, so you can expect support in the new year.

And of course tell all your users that their AV at the house has to be up-to-date and don't open any attachments, if you don't know what they are. Be especially careful if they come from some one they know! They can download the Kerio firewall as well:
http://www.wservernews.com/051212-Kerio


79% Said They Have Had Problems With Spyware

ComputerWorld just did an interesting survey over 577 IT people with security responsibilities. Some highlights: "Spyware is an insidious problem. Using confusing or illegal methods, spyware embeds itself on desktops and can be directed to steal personal information of users, display pop-up advertisements, monitor Web- browsing activity or redirect browsers to other sites.
  • 79% of the respondents said they have had problems with spyware in the past 12 months.
  • 71% said they see spyware as a threat to their organizations.
  • 99% expressed concern that spyware might be used for identity theft
  • 96% said they were concerned it could be used for industrial espionage.
Here is a link to the Executive Summary. Good ammo if you need the approval for antispyware before the end of the year:
http://www.wservernews.com/051212-ComputerWorldpdf


Quotes of the Week:

"Security is not in having things, it's in handling things."
-- Chinese Cookie Fortune
"It is much easier to suggest solutions when you don't know too much about the problem."
-- Malcolm Forbes (1919-1990)

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]


ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without



TECH BRIEFING

A False Sense Of Security

This quote was too long for the Editor's Corner, but it's quite interesting! "When anyone asks me how I can best describe my experience in nearly 40 years at sea, I merely say, uneventful. Of course there have been winter gales, storms, fog and the like, but in all my experience, I have never been in any accident of any sort worth speaking about. I have seen but one vessel in distress in all my years at sea...I never saw a wreck and have never been wrecked, nor was I ever in any predicament that threatened to end in disaster of any sort."
-- Captain E. J. Smith, RMS Titanic

Microsoft Patch Day: 2 Bulletins on Tap

Redmond plans to ship a pair of Windows security bulletins; experts say it's a safe bet that one will cover critical flaws in the Internet Explorer browser. More at EWEEK:
http://www.wservernews.com/051212-MiscrosoftPatchDay


How To Deal With Delegated GPO Permissions?

Uh oh.. you've granted an OU administrator the ability to create Group Policy Objects; and now they've gone too far. How can you deal with delegated permissions and the perils therein? This monster newsletter by Jeremy Moskowitz and GPanswers.com is not to be missed! Also learn about Jeremy's two and three day Group Policy Workshops and how to get signed copies of his books! More at:
http://www.wservernews.com/051212-GPanswers


New Enterprise Antispyware Product Comparison Guide

The people at Ziff-Davis have a special site called TiPS-IT.com. Their enterprise Anti-spyware product comparison guide has been updated and is now available online at that site. This new guide includes 20 vendors and 30 different products. It saves a lot of time if you have to do a lot of comparison homework, just $299.
http://www.wservernews.com/051212-ComparisonGuide


How To Maintain An Effective SQL Server DR strategy

You may not classify hardware and application failures as disasters, but fail to prepare for such problems and you could have a system meltdown on your hands. This checklist will help you develop the documentation and best practices you must have ready before a SQL Server disaster occurs. Over at SearchSQLServer.com:
http://www.wservernews.com/051212-SQLServer


Step-by-step Guide: Hack To Speed Up Security Scans

Security scans taking a long time? That might be because of a limitation on TCP connections in XP SP2. This hack, described by expert Kevin Beaver, speeds up security scans and saves time for security assessors. Over at SearchWindowsSecurity.com.
http://www.wservernews.com/051212-TCP_Hack

And when you want to test this, try it out with SNSI!
http://www.wservernews.com/051212-SNSI


WINDOWS SERVER NEWS

Windows Server 2003 R2 Goes To Manufacturing

Microsoft RTM-ed a long-awaited interim update to W2K3. You cannot get your hands on it yet, shipping will start in 2 months. And -should- you be anxious to deploy it? R2 in actually is more like an "option pack" for W2K3 SP1. What you do is first upgrade to SP1, and then buy and install the bits of the new R2 that your outfit will benefit from. R2 is not free like an Service Pack is.

Only if you have servers covered by Software Assurance (SA) or Enterprise Agreements you will be eligible to use W2K3 R2 in place of your current license. Once R2 is actually available, existing SA customers will receive it automatically when they order W2K3. If you do not have SA, you need to license the server software to get the R2 functionality.

The update "should be 100 percent compatible with apps running on the current release of W2K3 2003", said Bob Muglia, senior Veep server and tools. A major highlight of R2 is virtualization. R2 was designed to work closely with Virtual Server 2005, MOM and SMS.

Remember that MS recently simplified licensing for running virtual servers. You can run the Windows Server System, (including SMS and MOM) without paying for inactive or stored virtual images. You only get charged for the virtual images that actually run.

The new R2 also includes Active Directory Federation Services. With ADFS you can securely provide distributed identification, authenti- cation and authorization for your users across both organizational and platform boundaries. In addition R2 also includes the Unix subsystem within Windows, (better integration) and a new version of .Net framework.

Redmond is running a special. If you buy the enterprise edition of the update, you get Virtual Server 2005 R2 Enterprise Edition for US$99 until June 30, 2006. Pricing for W2K3 depends on the flavor you want. Prices for R2 will be similar to current prices. They range from $399 for a Web edition, to $3,999 for the enterprise edition. More at the Redmond site, including a video:
http://www.wservernews.com/051212-Windows_Server_System


FAQ: Exchange Server Backup And Recovery

From restoring lost mailboxes and public folders to troubleshooting long backup cycles, learn something new about Exchange backup and recovery in this collection of frequently asked questions. Good article over at the SearchExchange site:
http://www.wservernews.com/051212-SearchExchange


New Certifications Will Become Reality In 2006

Exams, curricula and processes for Microsoft's revamped certs will begin to appear in 2006, and the program will expand as Windows Vista, Exchange 12 and Office 12 are released. More here:
http://www.wservernews.com/051212-SearchWin2000


WINDOWS SERVER THIRD PARTY NEWS

New SNSI Vulnerability Update

The latest update of the Sunbelt Network Security Inspector (SNSI) version 1.6.40.0 released December 8, 2005) is as follows. New vulnerability updates for this release include:

ID Name
H139 IPSec IKE mishandles phase 1 payloads - HP-UX
S362 Libike IKE mishandles phase 1 payloads - Solaris 9 - 10
S363 Sun ONE Admin Interface - Solaris
S364 Libexif JPEG image processing - Solaris 9 - 10
S365 Traceroute argument mishandling - Solaris 10
W2670 Network Connection Manager Buffer Vulnerability - W2K3
W2671 Java Runtime Environment JMX Vulnerability

Vendor Superseded
W1142,W1986,W1999,W2067 - Anti-Virus Signatures

Revised Logic
W2274
W2293
W2637
W2662 QuickTime NULL Pointer Vulnerability
W2666 Flash Player Memory Access Vulnerability

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories. To get the latest SNSI version, visit:
http://www.wservernews.com/051212-SNSI_2


NeverFail vs. Double-Take Comparison Clarified

Last week we published information regarding a comparison of Double-Take and Neverfail. It has come to my attention that the comparison did not have the level of detail required to put it in the proper context. The comparison was between Neverfail Heartbeat v4.3 and Double-Take v4.4.2. I received additional information from both developers, each clarifying some points about the initial comparison. So here is that data merged together and I hope to have all the facts straight now! [grin]

ORIGINAL STATEMENT - "1. Neverfail is NOT Microsoft certified on any Windows Server platform (yet), but Double-Take is certified on EVERY Windows Server platform."

The original comparison was between Neverfail Heartbeat v4.3 and Double- Take v4.4.2. This information is based on the database maintained by Veritest (http://cert.veritest.com/CfWreports/server/) who is the 3rd party responsible for all Windows Logo Certification testing. (Note that Neverfail 'Scope', their diagnostics and monitoring utility, -is- certified on Windows 2003 Server.)

ORIGINAL STATEMENT - "2. Neverfail is NOT real-time replication as I define it. Data changes are queued and sent to the target server when the queue reaches a pre-defined size. This introduces the possibility of data being lost and not protected at any given time. However Double- Take sends data changes as they are made to minimize latency, resulting in near zero data loss in the event of failure."

The statement above related to real-time replication was based on my personal definition of what "real-time" replication is. Neverfail has another definition though, that they sent to me.

ORIGINAL STATEMENT - "3. The Neverfail GUI shows just a single pair with no ability to view the entire environment for overall management. But DT's management console provides a single management interface for all Double- Take servers, providing a Global view of the entire replication environment."
The original statement was intended to compare the manageability of each solution and, therefore, was directed at how easy each is to configure and maintain. Neverfail points out that "...Neverfail's server pair overview screen provides a single view of all Neverfail servers?? However, It should be noted that configuration changes cannot be made and failover cannot be initiated from this summary screen.

ORIGINAL STATEMENT - "4. Neverfail does NOT provide an option to control its usage of network bandwidth. Double-Take allows for bandwidth utilization limits to control the amount of bandwidth used by the replication process."

As has been stated previously, the comparison was intended to point out the differences between Neverfail Heartbeat v4.3 and Double-Take 4.4.2 based on their core functionality. Neverfail points out that "Neverfail provides the ability to throttle network bandwidth usage." However, with Neverfail, one must purchase the additionally licensed "Low Bandwidth Module" to achieve this. Double-Take includes this feature in their core product at no additional cost.

ORIGINAL STATEMENT - "5. Neverfail is a 1 to 1 solution only and you must provide matching hardware, OS, etc, on the target server. The target server is NOT available for anything including acting as a target for other servers, to back up to tape, etc. But Double-Take can be 1 to 1, 1 to many, many to 1, few to many, etc, and the target server can failover for multiple sources, is available to be backed up at any time, etc."

The initial comparison focused on Neverfail Heartbeat v.4.3 and it appears that Neverfail has addressed some of these issues in a later version of their software. For instance, Neverfail does not require matching hardware and allows for 1 to 1, many to 1, and 1 to many.

ORIGINAL STATEMENT - "6. Neverfail is known for their focus in "local high availability" and not really created for replication and failover over the WAN." Neverfail told us that ?Approximately 50% of Neverfail customers run Neverfail in WAN (DR) configurations."

So, that's it for the clarifications up to now! It is interesting to see how these two developers position their products. Double-Take is the existing 10-year champ that defends their territory, and Sunbelt has been selling it for NSI for almost as long. NeverFail is the new kid on the block that tries to get market share. May the best product win!


WServerNews 'FAVE' LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff.


WServerNews - PRODUCT OF THE WEEK

The Sunbelt Kerio Personal Firewall

You read in the Editors Corner that Sunbelt is in the process of taking over the Kerio Personal Firewall. It's a really good one, and was given Excellent reviews at both PC Mag and PC World. If you want to take a look at it, here is the existing site where you can get a 30-day eval and try it on an XP box. It's got some very neat technology! Check it out all its features at:
http://www.wservernews.com/051212-Sunbelt_Kerio