Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 11, #33 - Aug 14, 2006 - Issue #589
Homeland Security: Fix Your Windows

    • Homeland Security: Fix Your Windows
    • New CounterSpy Enterprise V1.8 - Reviewed By Colleague
    • Quotes Of The Week
    • Admin Tools We Think You Shouldn't Be Without
    • IT Pro: My Nine Biggest Professional Blunders
    • Mark Russinovich Teaches Very Last Public Windows Course
    • Aberdeen Messaging Security Survey Invite
    • Windows Vista Upgrade Paths
    • Step-by-Step Guide: Blocking Peer-to-Peer Applications
    • In-depth Guide: Server Consolidation Via Virtualization
    • Windows Update Bug Brings Computers To Crawl With Scan
    • Redmond Comes Out With VoIP Hub
    • Standardizing Management Modeling Language
    • Linux Cannibalizing Unix
    • Microsoft Readies VM Manager Beta
    • My 30 Day Evaluation Of Counterspy Ended In...
  6. WServerNews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. WServerNews - PRODUCT OF THE WEEK
    • BOOK: Electronic Evidence Management
Add McAfee to Kerio WinRoute Firewall for a virus-free network

Isn't it better to block viruses and worms BEFORE they enter
your network? Instead of buying the latest trendy appliance,
check out Kerio WinRoute Firewall. ICSA Labs-certified on
Windows XP, Kerio WinRoute Firewall gives network admins
the ability to scan all email AND web traffic to ensure that
viruses are not embedded in web pages or email. Starting at
just $499 for the 10-user base license. Continues...


Homeland Security: Fix Your Windows

In a rare alert, the U.S. Department of Homeland Security has urged Windows users to plug a potential worm hole in the Microsoft operating system. The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft's MS06-040 patch as quickly as possible. The software maker released the "critical" fix Tuesday as part of its monthly patch cycle. The flaw addressed in MS06-040 is the only one among the updates that could let an anonymous attacker remotely commandeer a Windows PC without any user interaction. There will soon be worms that'll exploit this MS06-040 vulnerability, so be quick to fix! It's all over the press, but ZDNet has a good write up at:

Our friends at eEye created a free scanner that you can run on your network and quickly check which machines are vulnerable: It's called the Retina MS06-040 NetApi32 Scanner and is here:

New CounterSpy Enterprise V1.8 - Reviewed By Colleague

We received this unsolicited feedback last week and I wanted to share it with you in its entirety. It's a system admin's review, without any edits from our side:

"Hello All, I wanted to toss my 2 cents out about the 1.8 beta program. I have been using the various 1.8 betas since they started being offered and am very pleased with the product. The upgrade process is very simple - just run the installable - and both the console and agents work stellar and more efficiently. I would definitely never go back to 1.5 after the pleasure of working with 1.8.

"I took the plunge a few versions back and am running 1.8 in my production environment. A quick post to the beta forums got any minor issues I ran into resolved promptly. None of the issues I have heard about effected the end-user only the console and even the console issues were fairly minor. I have participated in numerous Beta programs over the years and Sunbelt definitely offers one of the more interactive and professional beta programs around. For that matter, I have worked with many production applications offering less support than this beta program has.

"Another plus with 1.8 is easier custom reporting. Not only can you change and add the Crystal Reports appearing in the Admin Console, you can also use MS Access to run queries/reports directly against the CSE data. If you are excited about using Access, I heartily recommend you do this through linked tables and not directly in the CounterSpy MDB though. Until you get comfortable, it may be sensible to build your queries against a copy of the CSE MDB as well just to be safe. I have whipped together several queries to report by policy, machine, IP range and more. Having the flexibility to quickly throw together a query during a suspected outbreak or determine the number of critical exploits a particular machine has been hit with over time is something I have wanted and really appreciate it being made available.

"While 1.8 is a release candidate and not the final release it runs exceptionally well and I have no concern using it in my production environment. The more of us that use the new version and work out any remaining nuisances or issues, the more we get to enjoy working with the final product. Overall, it is a great chance to voice your desires about 1.8 while using an enhanced version of an already great product."

-- Christopher A. Leonti
Information Technology Support Specialist
Montana State University-Bozeman

If you want to test the Release Candidate, read the instructions at the end of the item: "My 30 Day Evaluation Of Counterspy Ended In..." further down.

Quotes Of The Week

"All that is necessary for the forces of evil to win in the world is for enough good men to do nothing" -- Edmund Burke
"There are seldom technological solutions for behavioral problems" -- Ed Crowley.
"Never trust a computer you can't throw out a window." -- Steve Wozniak

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]


Admin Tools We Think You Shouldn't Be Without

FREE Web Employee Directory + Secure Self Service - rDirectory for Active Directory.

Shave 30% (or more) off your Exchange AV budget with Ninja and get advanced policy-based attachment filtering and antispam:

TechMentor Conference, October 9-13, Las Vegas. Real-world training - by experts - on managing, securing and troubleshooting Windows:


IT Pro: My Nine Biggest Professional Blunders

We've all had at least one or two embarrassing moments on the job, whether they involved inadvertently wreaking havoc on a system, making a social gaffe, or mishandling a project. IT pro Becky Roberts decided to come clean and share her worst career moments --along with the lessons she took away from each experience.

Mark Russinovich Teaches Very Last Public Windows Course

By now, many of you have heard about Microsoft's acquisition of Sysinternals and Winternals and that Mark Russinovich has joined Microsoft as in the Platforms and Services Divison. Mark will be teaching his last public Windows OS internals and advanced troubleshooting class with David Solomon on September 18-22 in San Francisco. (David will continue to offer the class through his company, see For details or to register, visit

Aberdeen Messaging Security Survey Invite

If you are into messaging security and want some free, fresh research, spend 10 minutes and fill out this survey. All responses are kept anonymous and the report strictly contains averages and statistics based on the results. To show their appreciation to anyone taking the time to fill out the survey, AberdeenGroup will send all survey participants a final copy of the report which they normally sell for $399. Here is the description of the survey:

AberdeenGroup is conducting a study to explore the successful methods used by best-in-class organizations to secure email, instant messenger, and web based communication while revealing the impact messaging security has on productivity and operational costs. Specific technologies will include inbound and outbound message and content inspection and control, anti-spam and phishing detection and protection, encryption, and messaging compliance monitoring and enforcement solutions. The solutions that will be examined will include appliances, software (server and desktop), messaging server, custom developed and ASP offerings based on both commercial and open source technologies. Take the survey here:

Windows Vista Upgrade Paths

WinITPro creates a nifty little table that clarifies what Microsoft released about the available upgrade paths to the various versions of Vista. Any other versions of current OSs, including Windows 2000 and 64-bit versions of Windows XP, can't be upgraded and will require a clean installation.

Step-by-Step Guide: Blocking Peer-to-Peer Applications

Although millions of people use peer-to-peer applications, don't for a moment think these apps are above suspicion. They pose some very serious threats to your organization's security. Learn more about these threats and ways to block peer-to-peer applications in this guide.

In-depth Guide: Server Consolidation Via Virtualization

In this special report, industry experts offer advice on why, when and how to use virtualization technologies to consolidate server workloads. At the new SearchServerVirtualization site:

Windows Update Bug Brings Computers To Crawl With Scan

Windows experts said a bug in Microsoft Update causes computers to slow down considerably when scanning the system. Microsoft is looking into the problem. Find out more in this article at SearchWinIT:


Redmond Comes Out With VoIP Hub

Did you know that MS is working on a single real-time communications and collaboration platform that includes a software-based voice infrastructure aimed at replacing IP-based voice hardware? Yup! They are going after those IP phones on your desk.

This Tuesday, Microsoft added yet another piece to the IP-based backend it is creating when it announced that its voice recognition technology would be folded into its forthcoming VoIP hub. The whole story is at Network World, and worth checking out:

Standardizing Management Modeling Language

Network World also came out this week with a an interesting piece of news about Microsoft taking a first step toward standardizing a management modeling language. This week Microsoft said it was working with a bunch of partners to create a standard modeling language designed to help corporations better manage their infrastructure.

Redmond and partners released the draft spec of the Service Modeling Language (SML) which is supported by system management heavies like HP, IBM, BEA, BMC, Cicso, Dell, EMS, Intel, Sun and is based on Redmond's System Definition Model. If you run a large environment, this is worth reading:

Linux Cannibalizing Unix

According to IDC, in the US government enterprise server market, Unix is losing share to Linux. Unix used to be really strong in that segment, but it's losing steam, being eaten alive by Linux which will rise from 11.6% in 2004 to 15.2% by 2009. Poor old Unix will drop from 34.8% to 30.1%.

Microsoft Readies VM Manager Beta

Microsoft's foray into virtual machine management came closer to reality with the release of the first beta for its Virtual Machine Manager.


My 30 Day Evaluation Of Counterspy Ended In...

Here's a post from the Official Blog of the SBS MVP "Diva"

"Counterspy allows folks to do a 30 day evaluation of their antispyware product.... so my 30 day eval period completed .... in like... uh.. two days.
  • It didn't take me 30 days to decide that I wanted to have a spyware console and not have to sneakernet around to each workstation (well RDP to each, but you get the idea).
  • It didn't take me 30 days to know how strong Counterspy's community is.
  • It didn't take me 30 days to see how it was configurable (I don't consider cookies to be spyware and didn't want cookies to be flagged so I adjusted that setting).
  • It didn't take me 30 days to see that I can set it up for 'real time' scanning if I want, or just a light scan at lunch and deep scan in the evening (another reason to ensure that folks know to leave on their computers in a managed network)
  • It didn't take me 30 days to realize that the power of the reports and centralized reporting whereas before with the Microsoft Antispyware I had nothing other than "my computer acts weird".
  • It didn't take me 30 days to see that while it found all my password crackers, my remote control software, all my security crud that is borderline "bad things" in someone else's hands on my box, it didn't flag them as "bad" just that they might need to be looked at. It knew what they were, but didn't do a 'false positive'.
  • It didn't take me 30 days to know that I'm beta-d out at this point and I want a released product with full support.
My 30 day eval period ended... in about two days. I'm now a Counterspy Enteprise customer."
And here's the link to that posting:

How to get the Release Candidate Bits:
  1. Log in with your Username and Password at If you do not have an account, you may create one at by clicking on the Register button.
  2. Click on "Usergroups"
  3. Select CounterSpy Enterprise Closed Beta and click on View Information.
  4. Click on "Join Group" to request permission to join the CounterSpy Enterprise beta.
  5. Please allow up to 24 hours for the beta forum's moderator to review your account and assign you permissions to view that beta's forums.
  6. Once you are given permission to that beta's forums you'll be able to view the forum and download the bits.

WServerNews 'FAVE' LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff


BOOK: Electronic Evidence Management

Electronic discovery is one of the most overused and misunderstood functions requested of today's IT departments. There are three basic criteria that really matter:
  • Do you know where the data resides?
  • Do you know how to preserve and collect that data in a legally defensible manner?
  • Do you need an outside vendor to help assess and ensure a smooth process?
To ensure your team understands how to manage legal evidence for litigation or regulatory compliance, get the paperback "Electronic Evidence Management: From Creation Through Litigation" at Amazon:

Or download a FREE PDF copy at FIOS. Registration required: