Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 11, #40 - Oct 2, 2006 - Issue #596
Malware Is Getting Very Serious

    • So, How Does Ninja Compare To ForeFront Antigen?
    • Even More Sony Battery Woes
    • Malware Is Getting Very Serious
    • Quotes Of The Week
    • Admin Tools We Think You Shouldn't Be Without
    • Microsoft Releases Out-of-cycle Patch For VML Flaw
    • The Hacker Handbook: 11 tips In 11 Minutes
    • Tip: Restoring A Database From Another SQL Server
    • Run 32-bit Applications On x64 Windows Servers
    • Checklist: Developing A Windows Patch Methodology
    • The Hidden Costs Of Virtualization
    • Fending Off An Active Directory Attack
    • I Need A Script To Pull Uptime
    • Credit Firms Push to Thwart Fraud
    • "A Quick Update On My First Ninja Experience"
    • Protect SQL Server with Double Take Software
    • How Much is Out-of-Control Printing Costing Your School?
  6. WServerNews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - PRODUCT OF THE WEEK
    • Looking For An Instant View Of Your Active Directory Objects?
Ninja: Integrated Antispam, Antivirus, RBL & Attachment Filtering!

  • Multiple industrial-strength AV engines for your Exchange server
  • Multiple highly effective antispam engines
  • Powerful, third-generation, all-in-one messaging security with an
    easy to use MMC management console and optimized performance
  • A state-of-the-art, policy-based Attachment Filter
  • Save 30% or more over your current Exchange AV product
  • Highly Responsive 24/7 US-based Technical Support
Switch Now and benefit from a 50% Competitive Upgrade Discount:


So, How Does Ninja Compare To ForeFront Antigen?

Your Chief Information Security Officer (CISO) might ask you about Microsoft ForeFront Antigen (Exchange Antivirus) and if your outfit should run it. A recent survey by Merrill Lynch among CISO's showed that they might be interested if its features and functions were superior or if the pricing was attractive. Well, we decided to do a little comparison. You can show this simple little chart to your CISO, and then while you are at it, ask him to sign off the purchase requisition... for Ninja! [grin] (PDF)

Even More Sony Battery Woes

Now Lenovo and IBM are recalling batteries after a ThinkPad T43 caught fire in an airport a week or so ago. Sony finally is going to do a global recall, which I think should also include its own laptops! IBM and Lenovo are asking ThinkPad notebook customers to return 526,000 lithium-ion batteries, about 5-10% of their laptops. This is after Dell, Apple and Toshiba did their recalls. Can you imagine, this is already more than 7 million batteries!

Sony has entered discussions with the U.S. Consumer Product Safety Commission to establish the scope of the recall. Sony said, "In the overall interest of our customer's satisfaction, we wanted to go out there and be proactive." Well... HAH! After months of silence they finally come clean, and then claim they are "proactive"? My foot.

Malware Is Getting Very Serious

And it's not us saying that. I'm quoting a bit from Columnist Michael Osterman who wrote in his recent Network World on Messaging issue: "IronPort recently published a report showing that Trojan horses and system monitors - two of the most serious types of malware - infect one out of every 14 corporate PCs. That means that in an organization of 1,000 desktop PCs, there is an average of 70 computers that represent a major security risk.

"The report also showed that PCs in North American organizations have the highest infection rate of this most serious class of malware - almost 10% - and that French desktops have the lowest infection rate. Dwarfing Trojans and system monitors are less serious types of malware, such as adware and tracking cookies, which infect 48% and 77% of PCs, respectively. Here again, PCs in North America have the highest infection rate.

"As evidence of just how serious these threats can be, in mid-September Sunbelt Software discovered a serious vulnerability in Internet Explorer that lets criminals install a variety of malware on a PC, including the BigBlue keystroke logger, various types of adware, the Spybot worm and the VXGame Trojan."

In short, you really need industry-strength, leading edge, high- quality enterprise antispyware. You cannot rely on your AV solution. Download WinITPro Readers Choice 2006 CounterSpy Enterprise and find out how many machines in your network are infected!

Quotes Of The Week

"Be brief, for no discourse can please when too long." - Miguel de Cervantes, born in the year 1547.
"Knowing others is intelligence; knowing yourself is true wisdom. Mastering others is strength; mastering yourself is true power." -- Tao Te Ching

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]


Admin Tools We Think You Shouldn't Be Without

John the Ripper is a fast password cracker, for 11 Unix flavors, Windows, DOS, BeOS, and OpenVMS.

And FoundStone created FSCrack as a front end to this Ripper tool. They have other cool and no-cost tools as well over here:

If anyone's interested in Powershell, RC2 is now available. This is a new, highly useful command-line shell and scripting language.

Sunbelt's Network Security inspector is a MilSpec vulnerability scanner licensed by admin, not IP. This is truly a killer deal:


Microsoft Releases Out-of-cycle Patch For VML Flaw

Microsoft on Tuesday released an out-of-cycle patch for the Vector Markup Language flaw in Internet Explorer that was discovered by Sunbelt Software researchers. On the date of the article, Sept 16, 2006, more than 3,000 Web sites were already infecting users with malware that exploited the VML bug, according to Dunham. One week into the WMF outbreak last January, iDefense saw about 600 sites exploiting the problem. ComputerWorld has a good summary:

The Hacker Handbook: 11 tips In 11 Minutes

No matter how much preparation you take or how much software you buy or download, you will never be able to create a hacker-invincible network. There will always be a new vulnerability or a new hacker tool for which you won't have time to prepare. Well, if you can't beat 'em...join 'em. Read this handbook to learn exactly what hackers already know that is allowing them to infiltrate your network and what you can do to prevent (and recover from) these attacks. At SearchWindowsSecurity:

Tip: Restoring A Database From Another SQL Server

Restoring a database from another SQL Server is simple -- matching up the logins and users again is not. Get the steps you need to restore one database from another in this tip. SearchSQLServer (free registration):

Run 32-bit Applications On x64 Windows Servers

Because most applications are 32-bit, the x64 version of Windows makes use of an emulator known as WOW64 to allow 32-bit applications to run. Find out more in this tip! SearchWinComputing:

Checklist: Developing A Windows Patch Methodology

Patch Tuesday doesn't always make the patch process carefree. Expert Jonathan Has sell recommends developing a good patch policy to ease the pain of frequent patching. Read his list of the essential components of a good policy at SearchWindowsSecurity:

The Hidden Costs Of Virtualization

To virtualize or not to virtualize? Before deciding, take a close look at this technology's hidden costs. The first of a three-part series, this column discusses virtualization's impact on power and cooling bills, as well as unforeseen management costs. At SearchServerVirtualization:

Fending Off An Active Directory Attack

Whether you view the security of Active Directory as a matter of defense or of improving its configuration management, it's a system that must be protected. Article at:


I Need A Script To Pull Uptime

This was a useful answer from the NTSYSADMIN list. Question: "Does anyone have a script that will pull the uptime information for a list of windows servers and save that information in a text file or CSV file format? I'm not a 'scripter' and we've been tasked to get the uptime for 600 Windows servers compiled into a report. Thanks in advance." Answer: "This has vbs and simple cmd shell examples:"

You might also check out the Script Repository and add-on packs...

Credit Firms Push to Thwart Fraud

If you are taking credit cards, your organization will get penalized if you are not taking steps to curb identity theft. Both MasterCard and Visa are putting the squeeze on merchants that disregard the recent rules made to protect card transactions from fraud.

Mastercard recently fined merchants that haven't met the reqs to secure transactions. And soon Visa will target the larger merchants with fines that start at $10,000 a month and can rise to $100,000 a month. It's their latest attempt to reduce financial exposure and bad PR. The recent spate of high-profile security breaches prompted these measures.

If you do not protect your network sufficiently, you can find yourself on the hook for the losses. Both card companies do not fine you directly. However, they charge the processing companies that fulfill the transactions for the merchants. Then those companies pass on the fines to you. More over, you will get fined if you have a security breach. You GOTTA scan your networks for vulnerabilities with a GOOD scanner. This is a MUST-HAVE for any size network. And you might as well use a really good one! Sunbelt Network Security Inspector was WinITPro Readers Choice 2006!


"A Quick Update On My First Ninja Experience"

Carl Webster sent us this: " Ninja has been running for 10 days for a 14 person shop. Ninja is blocking 89% of incoming e-mail. Ninja is now set to handle all AV duties. Of the 2728 quarantined e-mails only ONE was legit. There has not been a single spam e-mail get to anyone's Inbox. You are correct, it was VERY easy to show people how to drag e-mails to the Allowed/Blocked folders. I had Ninja do a full manual scan of Exchange and it found over 300 copies of NetSky.p that GroupShield(sDown) had let through.

"Every employee kept saying how they hated to come to work on Mondays because that meant dealing with all the spam in their Inbox from the weekend. After Ninja was installed they kept sending test e-mails to each other to make sure Exchange was working!!! Since 90% of their e-mails were spam when Ninja started throwing Death Stars at the incoming Spam, everyone thought the e-mail system wasn't working. They were very impressed when they finally opened up their quarantine folders and saw where all the spam went. The main comment I heard yesterday was "Hey, I can actually use Outlook for business now". Thanks! --
Director, Infrastructure Consulting

Protect SQL Server with Double Take Software

Other than email, just about every critical application in your company probably relies on a relational database. So ask yourself: Can you backup your SQL Server 24/7 without impacting production? How long would it take your DBA to get SQL up and running if the whole server crashed?

Most Microsoft SQL protection strategies involve a nightly full backup of the data, typically to tape. However, this method only protects yesterday's work. Any data that has been entered into the database since the nightly backup is not protected and would have to be manually recreated if the production system failed. Since critical data is created and manipulated every second of every work day, you have to ask yourself: Can you afford to lose up to an entire day's worth of data?

A SQL Server protection strategy supported by Double-Take Software provides up to the minute data replication capabilities for all SQL data. Double-Take Software provides organizations with a solution for SQL protection that provides distinct advantages over manual Microsoft SQL built-in replication capabilities: Double-Take Software saves more data real-time and restores that data much faster.

With features from Double Take Software such as built-in bandwidth control, data can be replicated and restored over long distances without service degradation, putting the recovery and restore responsibilities for remote locations in the hands of the experts back at the datacenter. If you want to learn more about Protecting SQL Server using data replication solutions from Double-Take Software, get your 30-day eval here:

How Much is Out-of-Control Printing Costing Your School?

Probably double what it should in extra paper, toner, ink, and printer maintenance costs. School administrators are saving thousands annually, freeing up staff, and earning ROI in just months with next generation, printer control software. Click Here to download the document (PDF).

And here is a link if you want to get more data or the 30-day eval:

WServerNews 'FAVE' LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff.


Looking For An Instant View Of Your Active Directory Objects?

This is the best product we have found for Active Directory. You can download it for FREE from the website. rDirectory Community Edition is the perfect addition to every Microsoft Active Directory and ADAM. rDirectory Community Edition allows you to deploy a professional employee directory website and search engine in minutes. An Excellent GALMOD replacement. Your end-users will love this. Upgrade later to the Enterprise Edition, it is a fully customizable version of rDirectory, for those of us dealing with Schema Extensions and Exchange attributes. Plus, Namescape offers monthly discounts and excellent support. Download rDirectory Community Edition today and you'll wish you had done this sooner: