Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 11, #15 - Apr 7, 2006 - Issue #571
Anti-Malware Test Fatally Flawed

  1. EDITORS CORNER
    • Windows IT Pro Readers' Choice 2006
    • Quotes of the Week
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • VM Market On Fire With Software Giveaways
    • Finding Extra Security In W2K3's R2
    • Microsoft Repackages E-mail Hosting Service
    • Tipsters Hall of Fame
    • SQL Server?s Business Intelligence Makeover
  4. WINDOWS SERVER NEWS
    • Windows Security: Thinking Beyond the Day-to-Day Hype
    • Did You Know Redmond Has An Open Source Lab?
  5. WINDOWS SERVER THIRD PARTY NEWS
    • Webroot Goes 0 For 100 In Major Anti-Malware Test
    • Direct Revenue Uses A PI To Hunt Down Antispyware Researcher
    • You Need To Scan For MultiPlatform Vulnerabilities
  6. WServerNews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. WServerNews - PRODUCT OF THE WEEK
    • How To Get Free AV on Exchange: Participate In Ninja RC1
How Much of Your Network Traffic Is Caused By Spyware?

A customer told us: "Thank you very much. After the first 60 PCs
were seen in CSE I initiated a deep scan. Within 3 minutes of the
scan starting, outbound Internet traffic dropped by 2/3! After 68
agents were deployed and the default noon quick scan ran, traffic
dropped by 75%. SWEET." Try out for yourself how much illegal
network traffic you can kill with CounterSpy Enterprise:
http://www.wservernews.com/060410-CSE

EDITORS CORNER

Windows IT Pro Readers' Choice 2006

I have a personal request for you. If you like receiving your weekly WServerNews, and like Sunbelt's products, I'd be very grateful if you would vote for us!

Windows IT Pro Magazine started their 2006 Readers' Choice awards voting and it continues through May 1st, 2006. To vote, the only requirement is a Windows IT Pro registered user or subscriber account. These accounts are free and require only a valid e-mail address. If you are not registered, you should. This is a GREAT Site that I think is in the Top 3 for system admins. Vote here:
http://www.wservernews.com/060410-Windows_IT_Pro

Once you have logged in, here are the categories and products to vote for:
  • Security: Spyware Blocker - CounterSpy Enterprise
  • Messaging: Antispam Mail/Server - iHateSpam for Exchange
  • Messaging: Antispam Client - iHateSpam
  • Network Management: Network Analyzer - LanHound
  • Security: Vulnerability Assessment Scanner - Sunbelt Network Security Inspector
So, if you have been reading W2Knews for a while and would like to thank me for your weekly windows news roundup, I would highly appreciate your vote. Go here:
http://www.wservernews.com/060410-Readerschoice


Quotes of the Week

"Education is valuable. Common sense Priceless." -- Pat FitzGerald

"There are three things extremely hard: steel, a diamond, and to know one's self." -- Benjamin Franklin.

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]


ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

Must Have Freeware. AD Web Search App + GAL Self Service. Free download at the NameScape Site:
http://www.wservernews.com/060410-Freeware

Reduce the size of your PST files with PSTcompress. Download a free trial now!
http://www.wservernews.com/060410-Groupware

A new open source program called Bacula allows you to manage backup and recovery, and verify computer data across a network of computers:
http://www.wservernews.com/060410-Bacula

Sunbelt Remote Admin is a superfast, super value, award winning remote control program. Everything you need and nothing you don't.
http://www.wservernews.com/060410-Radmin


TECH BRIEFING

VM Market On Fire With Software Giveaways

Microsoft drops its fee for Virtual Server for both 32- and x64 versions; VMware opens its disk format. The server virtualization market is rapidly commoditizing as Microsoft, VMware and open source startups jockey for position and a price war has opened up, where the parties it seems have gone to Def Con 1. The article is at:
http://www.wservernews.com/060410-SearchWinIT

The Microsoft free download of Virtual Server 2005 R2 is here:
http://www.wservernews.com/060410-VirtualServer

VMware has the free download of their new VMware Server Beta here:
http://www.wservernews.com/060410-VMware


Finding Extra Security In W2K3's R2

There are a number of security enhancements in Windows Server 2003 R2, but according to contributor Brien Posey, an admin feature also serves as a security benefit. In this article, Posey explains and previews R2's file screening feature and how it can be used to better secure your Windows servers. At SearchWindowsSecurity:
http://www.wservernews.com/060410-W2k3


Microsoft Repackages E-mail Hosting Service

Microsoft renamed FrontBridge Technologies' hosted e-mail technology as Exchange Hosted Services. It includes services for antispam, archiving, encryption and disaster recovery. At the end of the article are the prices for this kind of service. At the rock bottom minimum it's 21 bucks per user per year, but it can easily go up to $280 per user per year if you add everything up. OUCH!
http://www.wservernews.com/060410-Hosting


Tipsters Hall of Fame

And the winner of SearchWinSystem monthly tip contest is:... "Create icon to browse Active Directory in XP", a tip for making the act of browsing Active Directory in Windows XP as easy as it is in Windows 2000. Check out this winning tip and others in the SearchWinSystems.com Hall of Fame. Then enter your own to win a portable DVD player at the SearchWinSystems site:
http://www.wservernews.com/060410-Tipsters


SQL Server?s Business Intelligence Makeover

SQL Server 2005 is the first release of Microsoft's flagship database that may be considered "enterprise class" due largely in part to its business intelligence enhancements. Find out what's changed from SQL Server 2000 to 2005 in this BI overview by expert Eric Brown, who focuses on Analysis Services components and new key concepts.
http://www.wservernews.com/060410-SQL


WINDOWS SERVER NEWS

Windows Security: Thinking Beyond the Day-to-Day Hype

Microsoft plans to release at least five security bulletins next Tuesday in its monthly patching cycle. One of the bulletins will address a high-profile Internet Explorer vulnerability. So, should we worry about that? No.

Russ Cooper is a senior information security analyst with Cybertrust, and founder and editor of NTBugtraq, a famous mailing lists dedicated to Microsoft security. He wrote an article at the MCP magazine site that I so wholeheartedly agree with that I'm just asking you to read this thing. It's giving a sane viewpoint about the whole thing, and he explains "why you shouldn't be worrying about many of the recently reported MS- vulnerabilities. Really." So please read this article!
http://www.wservernews.com/060410-MCPmag


Did You Know Redmond Has An Open Source Lab?

They do all kinds of tests and competitive analyses there. If you run a mixed environment, this lab is worth checking out. Looks like they have a 300 servers there, which collectively run more than 15 versions of UNIX and 50 Linux distributions:
http://www.wservernews.com/060410-port25


WINDOWS SERVER THIRD PARTY NEWS

Webroot Goes 0 For 100 In Major Anti-Malware Test

You may have been exposed to Webroot's recent PR-hype. They hired Veritest, compared leading antispyware products, and claimed it was objective. We looked at how they did it, had a good chuckle, and wrote a blog entry that clearly shows their test is fatally flawed. Interested in a good laugh? Check out how Sunbelt's Director of Malware Research Eric Howes puts WebRoot in the Naughty Corner!
http://www.wservernews.com/060410-Webroot


Direct Revenue Uses A PI To Hunt Down Antispyware Researcher

Alex posted this blog entry today, so tip 'o the hat to him:

"Ben Edelman has been posting new documents from the New York Attny General?s lawsuit as fast as he can. There?s much more that?s been posted, including a couple of emails from one of the VC firms that invested in them.

There?s also a number of references to ?WebHelper?, who is actually now our spyware researcher Patrick Jordan (he joined us in July of last year but had been doing consulting work for us several months prior to his coming on board), and we now find he was being researched by a private investigator, as this email from Gary Kibel at Direct Revenue?s law firm shows. But there?s so much more.

Sit back this weekend, grab a big cup of coffee and read these documents. They are just unbelievable. And to those adware ?apologists? who read my blog and occasionally post, these exhibits are your homework. You?ll understand why we?re all such "zealots". " For all the hyperlinks in this article, check out the blog:
http://www.wservernews.com/060410-SunbeltBlog


You Need To Scan For MultiPlatform Vulnerabilities

Sunbelt Network Security Inspector (SNSI) version 1.6.54.0 was released April 7, 2006. To get the latest SNSI version, visit
http://www.wservernews.com/060410-Network_Inspector

To update from within the SNSI console, select Settings, enter your full registration key and click on Check Now button. To Purchase NOW, visit
http://www.wservernews.com/060410-Shop

New vulnerability updates for this release include:

OS_type/ID Name

W1780 Opera Web Browser Outdated
L1085 Perl - Multiple format string vulnerabilities - FC
L1086 Mozilla and Firefox multiple vulnerabilities - FC, RHE
L1087 Gd - Memory allocation - RHE
L1088 Unzip filename user bounds error - FC
L1089 Kernel multiple vulnerabilities - FC, RHE
L1090 Xpdf, Poppler, KdeGraphics splash.cc error - FC, RHE
L1091 GNU TLS DER decoder error - FC, RHE
L1092 GNU Privacy Guard signature file bypass - FC, SuSE
L1093 Metamail - Mail message processing - RHE
L1094 Tar - directory traversal - RHE, SuSE
L1095 Imagemagick - Format string/"display" command - RHE, MDV
L1096 Libpng - png_do_strip_filler function - RHE
L1097 Xpdf - splash.cc error - RHE
L1098 Tar - Malformed archive extraction - RHE
L1099 Kernel Fedora multiple vulnerabilities - FC
L1100 SquirrelMail multiple vulnerabilities - FC
L1101 Openssh - SCP local copying - RHE, SuSE
L1102 Initscripts - Environment variable handling - RHE
L1105 Kernel 2.4 - Multiple vulnerabilities - RHE
L1106 Binutils - Empty runpath components - SuSE
L1107 Liby2Util - YaST signature-bypass - SuSE
L1108 Kdelibs3 - Empty runpath components - SuSE
L1109 Kdegraphics3 - Empty runpath components - SuSE
M0071 Kernel mishandles system call exceptions - Mac OS X
M0072 Safari automatic execution of shell/arbitrary code - Mac OS X
M0073 Safari, CoreTypes do not validate objects correctly - Mac OS X
N0058 Cisco - AAA authorization by-pass
S0374 StorEdge RPC request handling - Solaris 7-10
S0375 Java System Access Manager access control flaw - Solaris 8-10
S0376 Java JRE permits access to private Java packages - Solaris
W0103 ICMP Exploit Potential
W0321 IE 3.x-4.x Vulnerability
W0513 Cross-Frame Variant Vulnerability
W0514 IE Untrusted Scripted Paste Vulnerability - IE 5.0
W0521 ColdFusion Sample Code Detected
W0588 Jet Not Upgraded
W0626 Scriptlet.typlib Vulnerability
W0627 Eyedog ActiveX Vulnerability
W0641 Source Routing Vulnerability - NT 4.0
W0658 IE IFRAME ExecCommand Vulnerability - IE 5
W0731 Index Server Webhit Vulnerability
W0732 IDQ Directory Traversal Vulnerability
W0808 IE 5.0 Installed On Windows 2000
W0913 IE Frame Domain Verification Vulnerability
W1038 NetBT Open IP Port Vulnerability - NT 4.0
W1099 IE URL Spoofing Vulnerability - IE 5.5
W1204 IE http Request Encoding Vulnerability - IE 6.0
W1344 IE Active Setup Download Vulnerability - IE 5.5
W1407 IE Cookies Reading Cookies Vulnerability - IE 6.0
W1849 IE Plugin Rendering Vulnerability
W1873 SNMP Agent Memory Leak - NT 4.0
W1974 IE Object Tag Remote Location Parameter Check Vulnerability
W2046 IE ExecCommand Cross Domain Vulnerability
W2218 IE Navigation Method Vulnerability
W2741 PowerPoint 2002 Routing Slip Vulnerability - Office XP
W2742 Outlook 2000 Routing Slip Vulnerability - Office 2000
W2743 Outlook 2002 Routing Slip Vulnerability - Office XP
W2744 Excel 2003 Viewer Routing Slip Vulnerability
W2727 Blackberry Vulnerabilities
W2728 WebLogic Vulnerabilities
W2729 QoolAid Adware Detected
W2730 SQL Server 2000 Heap Based Buffer Overflow Vulnerability
W2731 Mozilla SeaMonkey Vulnerabilities
W2732 Permissive Windows Services DACLS Vulnerability - XP
W2733 Permissive Windows Services DACLS Vulnerability - W2K3
W2734 Excel Remote Execution Vulnerabilities - Office 2000
W2735 Excel Remote Execution Vulnerabilities - Office XP
W2736 Excel Remote Execution Vulnerabilities - Office 2003
W2737 Flash Player Plug-in Vulnerabilities
W2738 Word 2000 Routing Slip Vulnerability - Office 2000
W2739 Word 2002 Routing Slip Vulnerability - Office XP
W2740 PowerPoint 2000 Routing Slip Vulnerability - Office 2000

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

WServerNews 'FAVE' LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff



WServerNews - PRODUCT OF THE WEEK

How To Get Free AV on Exchange: Participate In Ninja RC1

Did you know that Sunbelt Messaging Ninja will come out with RC1 this week? If you are interested in testing Ninja on one of your production servers, there are some very attractive awards available. With Ninja you can scan and eliminate threats at the server level, filter attachments in a truly smart way, scan spam and viruses through multiple engines and much more. Check out the specs, the brand new FAQ, and click on "download" to get on the list and we'll get you instructions how to get the RC1 when it arrives:
http://www.wservernews.com/060410-Ninja