Vol. 11, #40 - Oct 2, 2006 - Issue #596
Malware Is Getting Very Serious
- EDITORS CORNER
- So, How Does Ninja Compare To ForeFront Antigen?
- Even More Sony Battery Woes
- Malware Is Getting Very Serious
- Quotes Of The Week
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Microsoft Releases Out-of-cycle Patch For VML Flaw
- The Hacker Handbook: 11 tips In 11 Minutes
- Tip: Restoring A Database From Another SQL Server
- Run 32-bit Applications On x64 Windows Servers
- Checklist: Developing A Windows Patch Methodology
- The Hidden Costs Of Virtualization
- Fending Off An Active Directory Attack
- WINDOWS SERVER NEWS
- I Need A Script To Pull Uptime
- Credit Firms Push to Thwart Fraud
- WINDOWS SERVER THIRD PARTY NEWS
- "A Quick Update On My First Ninja Experience"
- Protect SQL Server with Double Take Software
- How Much is Out-of-Control Printing Costing Your School?
- WServerNews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - PRODUCT OF THE WEEK
- Looking For An Instant View Of Your Active Directory Objects?
Ninja: Integrated Antispam, Antivirus, RBL & Attachment Filtering!
Switch Now and benefit from a 50% Competitive Upgrade Discount:
- Multiple industrial-strength AV engines for your Exchange server
- Multiple highly effective antispam engines
- Powerful, third-generation, all-in-one messaging security with an
easy to use MMC management console and optimized performance
- A state-of-the-art, policy-based Attachment Filter
- Save 30% or more over your current Exchange AV product
- Highly Responsive 24/7 US-based Technical Support
So, How Does Ninja Compare To ForeFront Antigen?
Your Chief Information Security Officer (CISO) might ask you about
Microsoft ForeFront Antigen (Exchange Antivirus) and if your outfit
should run it. A recent survey by Merrill Lynch among CISO's showed
that they might be interested if its features and functions were
superior or if the pricing was attractive. Well, we decided to do
a little comparison. You can show this simple little chart to your
CISO, and then while you are at it, ask him to sign off the purchase
requisition... for Ninja! [grin] (PDF)
Even More Sony Battery Woes
Now Lenovo and IBM are recalling batteries after a ThinkPad T43 caught
fire in an airport a week or so ago. Sony finally is going to do a global
recall, which I think should also include its own laptops! IBM and Lenovo
are asking ThinkPad notebook customers to return 526,000 lithium-ion
batteries, about 5-10% of their laptops. This is after Dell, Apple and
Toshiba did their recalls. Can you imagine, this is already more than 7
Sony has entered discussions with the U.S. Consumer Product Safety Commission
to establish the scope of the recall. Sony said, "In the overall interest of
our customer's satisfaction, we wanted to go out there and be proactive."
Well... HAH! After months of silence they finally come clean, and then
claim they are "proactive"? My foot.
Malware Is Getting Very Serious
And it's not us saying that. I'm quoting a bit from Columnist Michael
Osterman who wrote in his recent Network World on Messaging issue:
"IronPort recently published a report showing that Trojan horses
and system monitors - two of the most serious types of malware -
infect one out of every 14 corporate PCs. That means that in an
organization of 1,000 desktop PCs, there is an average of 70
computers that represent a major security risk.
"The report also showed that PCs in North American organizations
have the highest infection rate of this most serious class of
malware - almost 10% - and that French desktops have the lowest
infection rate. Dwarfing Trojans and system monitors are less
serious types of malware, such as adware and tracking cookies,
which infect 48% and 77% of PCs, respectively. Here again, PCs
in North America have the highest infection rate.
"As evidence of just how serious these threats can be, in mid-September
Sunbelt Software discovered a serious vulnerability in Internet
Explorer that lets criminals install a variety of malware on a PC,
including the BigBlue keystroke logger, various types of adware,
the Spybot worm and the VXGame Trojan."
In short, you really need industry-strength, leading edge, high-
quality enterprise antispyware. You cannot rely on your AV solution.
Download WinITPro Readers Choice 2006 CounterSpy Enterprise and find
out how many machines in your network are infected!
Quotes Of The Week
"Be brief, for no discourse can please when too long." - Miguel
de Cervantes, born in the year 1547.
"Knowing others is intelligence; knowing yourself is true wisdom.
Mastering others is strength; mastering yourself is true power."
-- Tao Te Ching
Microsoft Releases Out-of-cycle Patch For VML Flaw
Microsoft on Tuesday released an out-of-cycle patch for the Vector
Markup Language flaw in Internet Explorer that was discovered by
Sunbelt Software researchers. On the date of the article, Sept
16, 2006, more than 3,000 Web sites were already infecting users
with malware that exploited the VML bug, according to Dunham. One
week into the WMF outbreak last January, iDefense saw about 600
sites exploiting the problem. ComputerWorld has a good summary:
The Hacker Handbook: 11 tips In 11 Minutes
No matter how much preparation you take or how much software you buy or
download, you will never be able to create a hacker-invincible network.
There will always be a new vulnerability or a new hacker tool for which
you won't have time to prepare. Well, if you can't beat 'em...join 'em.
Read this handbook to learn exactly what hackers already know that is
allowing them to infiltrate your network and what you can do to prevent
(and recover from) these attacks. At SearchWindowsSecurity:
Tip: Restoring A Database From Another SQL Server
Restoring a database from another SQL Server is simple -- matching up the
logins and users again is not. Get the steps you need to restore one
database from another in this tip. SearchSQLServer (free registration):
Run 32-bit Applications On x64 Windows Servers
Because most applications are 32-bit, the x64 version of Windows makes
use of an emulator known as WOW64 to allow 32-bit applications to run.
Find out more in this tip! SearchWinComputing:
Checklist: Developing A Windows Patch Methodology
Patch Tuesday doesn't always make the patch process carefree. Expert
Jonathan Has sell recommends developing a good patch policy to ease the
pain of frequent patching. Read his list of the essential components of
a good policy at SearchWindowsSecurity:
The Hidden Costs Of Virtualization
To virtualize or not to virtualize? Before deciding, take a close look at
this technology's hidden costs. The first of a three-part series, this
column discusses virtualization's impact on power and cooling bills, as
well as unforeseen management costs. At SearchServerVirtualization:
Fending Off An Active Directory Attack
Whether you view the security of Active Directory as a matter of defense
or of improving its configuration management, it's a system that must
be protected. Article at:
||WINDOWS SERVER NEWS
I Need A Script To Pull Uptime
This was a useful answer from the NTSYSADMIN list. Question: "Does
anyone have a script that will pull the uptime information for a
list of windows servers and save that information in a text file or
CSV file format? I'm not a 'scripter' and we've been tasked to get
the uptime for 600 Windows servers compiled into a report. Thanks
in advance." Answer: "This has vbs and simple cmd shell examples:"
You might also check out the Script Repository and add-on packs...
Credit Firms Push to Thwart Fraud
If you are taking credit cards, your organization will get penalized
if you are not taking steps to curb identity theft. Both MasterCard
and Visa are putting the squeeze on merchants that disregard the
recent rules made to protect card transactions from fraud.
Mastercard recently fined merchants that haven't met the reqs to secure
transactions. And soon Visa will target the larger merchants with fines
that start at $10,000 a month and can rise to $100,000 a month. It's
their latest attempt to reduce financial exposure and bad PR. The recent
spate of high-profile security breaches prompted these measures.
If you do not protect your network sufficiently, you can find yourself
on the hook for the losses. Both card companies do not fine you directly.
However, they charge the processing companies that fulfill the transactions
for the merchants. Then those companies pass on the fines to you. More over,
you will get fined if you have a security breach. You GOTTA scan your
networks for vulnerabilities with a GOOD scanner. This is a MUST-HAVE
for any size network. And you might as well use a really good one!
Sunbelt Network Security Inspector was WinITPro Readers Choice 2006!
||WINDOWS SERVER THIRD PARTY NEWS
"A Quick Update On My First Ninja Experience"
Carl Webster sent us this: " Ninja has been running for 10 days for
a 14 person shop. Ninja is blocking 89% of incoming e-mail. Ninja is
now set to handle all AV duties. Of the 2728 quarantined e-mails only
ONE was legit. There has not been a single spam e-mail get to anyone's
Inbox. You are correct, it was VERY easy to show people how to drag
e-mails to the Allowed/Blocked folders. I had Ninja do a full manual
scan of Exchange and it found over 300 copies of NetSky.p that
GroupShield(sDown) had let through.
"Every employee kept saying how they hated to come to work on Mondays
because that meant dealing with all the spam in their Inbox from the
weekend. After Ninja was installed they kept sending test e-mails to
each other to make sure Exchange was working!!! Since 90% of their
e-mails were spam when Ninja started throwing Death Stars at the
incoming Spam, everyone thought the e-mail system wasn't working.
They were very impressed when they finally opened up their quarantine
folders and saw where all the spam went. The main comment I heard
yesterday was "Hey, I can actually use Outlook for business now".
Carl Webster MCSE, MCTS, CCEA, CCDA
Director, Infrastructure Consulting
Protect SQL Server with Double Take Software
Other than email, just about every critical application in your company
probably relies on a relational database. So ask yourself: Can you backup
your SQL Server 24/7 without impacting production? How long would it take
your DBA to get SQL up and running if the whole server crashed?
Most Microsoft SQL protection strategies involve a nightly full backup of
the data, typically to tape. However, this method only protects yesterday's
work. Any data that has been entered into the database since the nightly
backup is not protected and would have to be manually recreated if the
production system failed. Since critical data is created and manipulated
every second of every work day, you have to ask yourself: Can you afford
to lose up to an entire day's worth of data?
A SQL Server protection strategy supported by Double-Take Software provides
up to the minute data replication capabilities for all SQL data. Double-Take
Software provides organizations with a solution for SQL protection that
provides distinct advantages over manual Microsoft SQL built-in replication
capabilities: Double-Take Software saves more data real-time and restores
that data much faster.
With features from Double Take Software such as built-in bandwidth control,
data can be replicated and restored over long distances without service
degradation, putting the recovery and restore responsibilities for remote
locations in the hands of the experts back at the datacenter. If you want
to learn more about Protecting SQL Server using data replication solutions
from Double-Take Software, get your 30-day eval here:
How Much is Out-of-Control Printing Costing Your School?
Probably double what it should in extra paper, toner, ink, and printer
maintenance costs. School administrators are saving thousands annually,
freeing up staff, and earning ROI in just months with next generation,
printer control software. Click Here to download the document (PDF).
And here is a link if you want to get more data or the 30-day eval:
||WServerNews - PRODUCT OF THE WEEK
Looking For An Instant View Of Your Active Directory Objects?
This is the best product we have found for Active Directory. You can
download it for FREE from the Namescape.com website. rDirectory Community
Edition is the perfect addition to every Microsoft Active Directory and ADAM.
rDirectory Community Edition allows you to deploy a professional employee
directory website and search engine in minutes. An Excellent GALMOD
replacement. Your end-users will love this. Upgrade later to the
Enterprise Edition, it is a fully customizable version of rDirectory,
for those of us dealing with Schema Extensions and Exchange attributes.
Plus, Namescape offers monthly discounts and excellent support. Download
rDirectory Community Edition today and you'll wish you had done this sooner: