Vol. 10, #50 - Dec 12, 2005 - Issue #555
Major Jan 5, 2006 Sober Worm Outbreak Expected
- EDITORS CORNER
- Major Jan 5, 2006 Sober Worm Outbreak Expected
- 79% Said They Have Had Problems With Spyware
- Quotes of the Week:
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- A False Sense Of Security
- Microsoft Patch Day: 2 Bulletins on Tap
- How To Deal With Delegated GPO Permissions?
- New Enterprise Antispyware Product Comparison Guide
- How To Maintain An Effective SQL Server DR strategy
- Step-by-step Guide: Hack To Speed Up Security Scans
- WINDOWS SERVER NEWS
- Windows Server 2003 R2 Goes To Manufacturing
- FAQ: Exchange Server Backup And Recovery
- New Certifications Will Become Reality In 2006
- WINDOWS SERVER THIRD PARTY NEWS
- New SNSI Vulnerability Update
- NeverFail vs. Double-Take Comparison Clarified
- WServerNews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - PRODUCT OF THE WEEK
- The Sunbelt Kerio Personal Firewall
Free Instant Risk Analysis Report
The risks from unprotected Internet access can include more than
just HTTP traffic.
You have to worry about IM and P2P applications
and a host of Internet-based threats such as malware, viruses and
worms. Our exclusive Risk Calculator takes your input and generates
a customized Risk Analysis Report immediately. Get your Free
Customized Risk Analysis Report today:
Major Jan 5, 2006 Sober Worm Outbreak Expected
According to iDefense, a security consulting firm owned by Verisign,
on Jan. 5, 2006, there will be a substantial outbreak of the Sober
worm. This will come from already infected personal computers (zombies)
and from newly infected computers.
If you don't have a personal firewall, get the free Kerio Firewall
now. (Link below) It works full-fledged for 30-days and then reverts
to Limited Mode, but still does a lot of essential protection. Sunbelt
is in the process of acquiring this code, so you can expect support
in the new year.
And of course tell all your users that their AV at the house has to
be up-to-date and don't open any attachments, if you don't know what
they are. Be especially careful if they come from some one they know!
They can download the Kerio firewall as well:
79% Said They Have Had Problems With Spyware
ComputerWorld just did an interesting survey over 577 IT people
with security responsibilities. Some highlights: "Spyware is an
insidious problem. Using confusing or illegal methods, spyware
embeds itself on desktops and can be directed to steal personal
information of users, display pop-up advertisements, monitor Web-
browsing activity or redirect browsers to other sites.
Here is a link to the Executive Summary. Good ammo if you need
the approval for antispyware before the end of the year:
- 79% of the respondents said they have had problems with spyware in the past 12 months.
- 71% said they see spyware as a threat to their organizations.
- 99% expressed concern that spyware might be used for identity theft
- 96% said they were concerned it could be used for industrial
Quotes of the Week:
"Security is not in having things, it's in handling things."
-- Chinese Cookie Fortune
"It is much easier to suggest solutions when you don't know too
much about the problem."
-- Malcolm Forbes (1919-1990)
A False Sense Of Security
This quote was too long for the Editor's Corner, but it's quite
interesting! "When anyone asks me how I can best describe my
experience in nearly 40 years at sea, I merely say, uneventful.
Of course there have been winter gales, storms, fog and the like,
but in all my experience, I have never been in any accident of
any sort worth speaking about. I have seen but one vessel in
distress in all my years at sea...I never saw a wreck and have
never been wrecked, nor was I ever in any predicament that
threatened to end in disaster of any sort."
-- Captain E. J. Smith, RMS Titanic
Microsoft Patch Day: 2 Bulletins on Tap
Redmond plans to ship a pair of Windows security bulletins;
experts say it's a safe bet that one will cover critical
flaws in the Internet Explorer browser. More at EWEEK:
How To Deal With Delegated GPO Permissions?
Uh oh.. you've granted an OU administrator the ability to create
Group Policy Objects; and now they've gone too far. How can you
deal with delegated permissions and the perils therein? This
monster newsletter by Jeremy Moskowitz and GPanswers.com is not
to be missed! Also learn about Jeremy's two and three day Group
Policy Workshops and how to get signed copies of his books! More at:
New Enterprise Antispyware Product Comparison Guide
The people at Ziff-Davis have a special site called TiPS-IT.com.
Their enterprise Anti-spyware product comparison guide has been
updated and is now available online at that site. This new guide
includes 20 vendors and 30 different products. It saves a lot of time
if you have to do a lot of comparison homework, just $299.
How To Maintain An Effective SQL Server DR strategy
You may not classify hardware and application failures as disasters,
but fail to prepare for such problems and you could have a system
meltdown on your hands. This checklist will help you develop the
documentation and best practices you must have ready before a SQL
Server disaster occurs. Over at SearchSQLServer.com:
Step-by-step Guide: Hack To Speed Up Security Scans
Security scans taking a long time? That might be because of a
limitation on TCP connections in XP SP2. This hack, described
by expert Kevin Beaver, speeds up security scans and saves time
for security assessors. Over at SearchWindowsSecurity.com.
And when you want to test this, try it out with SNSI!
||WINDOWS SERVER NEWS
Windows Server 2003 R2 Goes To Manufacturing
Microsoft RTM-ed a long-awaited interim update to W2K3. You cannot
get your hands on it yet, shipping will start in 2 months. And
-should- you be anxious to deploy it? R2 in actually is more like
an "option pack" for W2K3 SP1. What you do is first upgrade to SP1,
and then buy and install the bits of the new R2 that your outfit
will benefit from. R2 is not free like an Service Pack is.
Only if you have servers covered by Software Assurance (SA) or
Enterprise Agreements you will be eligible to use W2K3 R2 in place
of your current license. Once R2 is actually available, existing
SA customers will receive it automatically when they order W2K3.
If you do not have SA, you need to license the server software to
get the R2 functionality.
The update "should be 100 percent compatible with apps running on
the current release of W2K3 2003", said Bob Muglia, senior Veep
server and tools. A major highlight of R2 is virtualization. R2
was designed to work closely with Virtual Server 2005, MOM and SMS.
Remember that MS recently simplified licensing for running virtual
servers. You can run the Windows Server System, (including SMS and
MOM) without paying for inactive or stored virtual images. You only
get charged for the virtual images that actually run.
The new R2 also includes Active Directory Federation Services. With
ADFS you can securely provide distributed identification, authenti-
cation and authorization for your users across both organizational
and platform boundaries. In addition R2 also includes the Unix
subsystem within Windows, (better integration) and a new version
of .Net framework.
Redmond is running a special. If you buy the enterprise edition of
the update, you get Virtual Server 2005 R2 Enterprise Edition for
US$99 until June 30, 2006. Pricing for W2K3 depends on the flavor
you want. Prices for R2 will be similar to current prices. They range
from $399 for a Web edition, to $3,999 for the enterprise edition.
More at the Redmond site, including a video:
FAQ: Exchange Server Backup And Recovery
From restoring lost mailboxes and public folders to troubleshooting
long backup cycles, learn something new about Exchange backup and
recovery in this collection of frequently asked questions. Good
article over at the SearchExchange site:
New Certifications Will Become Reality In 2006
Exams, curricula and processes for Microsoft's revamped certs will
begin to appear in 2006, and the program will expand as Windows
Vista, Exchange 12 and Office 12 are released. More here:
||WINDOWS SERVER THIRD PARTY NEWS
New SNSI Vulnerability Update
The latest update of the Sunbelt Network Security Inspector (SNSI)
version 220.127.116.11 released December 8, 2005) is as follows. New
vulnerability updates for this release include:
H139 IPSec IKE mishandles phase 1 payloads - HP-UX
S362 Libike IKE mishandles phase 1 payloads - Solaris 9 - 10
S363 Sun ONE Admin Interface - Solaris
S364 Libexif JPEG image processing - Solaris 9 - 10
S365 Traceroute argument mishandling - Solaris 10
W2670 Network Connection Manager Buffer Vulnerability - W2K3
W2671 Java Runtime Environment JMX Vulnerability
W1142,W1986,W1999,W2067 - Anti-Virus Signatures
W2662 QuickTime NULL Pointer Vulnerability
W2666 Flash Player Memory Access Vulnerability
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE)
list of computer incidents. It also contains the latest SANS/FBI
top 20 vulnerability list. SNSI also uses the latest CERT, CIAC
Microsoft and FedCIRC (Department of Homeland Security) advisories.
To get the latest SNSI version, visit:
NeverFail vs. Double-Take Comparison Clarified
Last week we published information regarding a comparison of Double-Take
and Neverfail. It has come to my attention that the comparison did not
have the level of detail required to put it in the proper context. The
comparison was between Neverfail Heartbeat v4.3 and Double-Take v4.4.2.
I received additional information from both developers, each clarifying
some points about the initial comparison. So here is that data merged
together and I hope to have all the facts straight now! [grin]
ORIGINAL STATEMENT - "1. Neverfail is NOT Microsoft certified on any
Windows Server platform (yet), but Double-Take is certified on EVERY
Windows Server platform."
The original comparison was between Neverfail Heartbeat v4.3 and Double-
Take v4.4.2. This information is based on the database maintained by
Veritest (http://cert.veritest.com/CfWreports/server/) who is the 3rd
party responsible for all Windows Logo Certification testing. (Note
that Neverfail 'Scope', their diagnostics and monitoring utility, -is-
certified on Windows 2003 Server.)
ORIGINAL STATEMENT - "2. Neverfail is NOT real-time replication as I
define it. Data changes are queued and sent to the target server when
the queue reaches a pre-defined size. This introduces the possibility
of data being lost and not protected at any given time. However Double-
Take sends data changes as they are made to minimize latency, resulting
in near zero data loss in the event of failure."
The statement above related to real-time replication was based on my
personal definition of what "real-time" replication is. Neverfail has
another definition though, that they sent to me.
ORIGINAL STATEMENT - "3. The Neverfail GUI shows just a single pair with
no ability to view the entire environment for overall management. But DT's
management console provides a single management interface for all Double-
Take servers, providing a Global view of the entire replication environment."
The original statement was intended to compare the manageability of each
solution and, therefore, was directed at how easy each is to configure
and maintain. Neverfail points out that "...Neverfail's server pair
overview screen provides a single view of all Neverfail servers??
However, It should be noted that configuration changes cannot be made
and failover cannot be initiated from this summary screen.
ORIGINAL STATEMENT - "4. Neverfail does NOT provide an option to control
its usage of network bandwidth. Double-Take allows for bandwidth utilization
limits to control the amount of bandwidth used by the replication process."
As has been stated previously, the comparison was intended to point out
the differences between Neverfail Heartbeat v4.3 and Double-Take 4.4.2
based on their core functionality. Neverfail points out that "Neverfail
provides the ability to throttle network bandwidth usage." However, with
Neverfail, one must purchase the additionally licensed "Low Bandwidth
Module" to achieve this. Double-Take includes this feature in their
core product at no additional cost.
ORIGINAL STATEMENT - "5. Neverfail is a 1 to 1 solution only and you must
provide matching hardware, OS, etc, on the target server. The target server
is NOT available for anything including acting as a target for other
servers, to back up to tape, etc. But Double-Take can be 1 to 1, 1 to
many, many to 1, few to many, etc, and the target server can failover
for multiple sources, is available to be backed up at any time, etc."
The initial comparison focused on Neverfail Heartbeat v.4.3 and it
appears that Neverfail has addressed some of these issues in a later
version of their software. For instance, Neverfail does not require
matching hardware and allows for 1 to 1, many to 1, and 1 to many.
ORIGINAL STATEMENT - "6. Neverfail is known for their focus in "local high
availability" and not really created for replication and failover over the
WAN." Neverfail told us that ?Approximately 50% of Neverfail customers
run Neverfail in WAN (DR) configurations."
So, that's it for the clarifications up to now! It is interesting to see
how these two developers position their products. Double-Take is the
existing 10-year champ that defends their territory, and Sunbelt
has been selling it for NSI for almost as long. NeverFail is the
new kid on the block that tries to get market share. May the best
||WServerNews - PRODUCT OF THE WEEK
The Sunbelt Kerio Personal Firewall
You read in the Editors Corner that Sunbelt is in the process of
taking over the Kerio Personal Firewall. It's a really good one,
and was given Excellent reviews at both PC Mag and PC World. If
you want to take a look at it, here is the existing site where
you can get a 30-day eval and try it on an XP box. It's got some
very neat technology! Check it out all its features at: