Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 12, #6 - Feb 12, 2007 - Issue #612
Ninja Kills Barracuda

  1. Editors Corner
    • Ninja Kills Barracuda
    • Initial Vista Consumer Sales Positive
    • Expect 12 Patches Next Week
    • Quote Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Tech Briefing
    • Hackers Slow Internet Root Servers With Attack
    • Free Server Virtualization Seminar
    • Xen All-In-One Guide
    • Fast Guide: VPN Quick Tips
    • Tip: Exchange And IE 7 Compatibility Problems
    • Run Vista For Four Months Without Needing Activation
    • IT Managers Still Reacting To Security Threats
  4. Windows Server News
    • MAJOR HEADACHE: Exchange and Daylight Saving Time
    • Exchange and Daylight Saving Time, Part 1
  5. WServer Third Party News
    • CounterSpy Enterprise V2.0 Loaded With New Features!
    • New Ninja 2.1 Features
    • Wireless Hacking Tool Makes Splash at RSA
  6. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - Product of the Week
    • Get CounterSpy Enterprise Before Price Hike
Sunbelt Messaging Ninja

Comparing Email Management Systems that Protect Against Spam,
Viruses, Malware & Phishing Attacks.
To understand organizations'
perceptions about various email management systems, Sunbelt Software
engaged Osterman Research to survey organizations that are using five
different email management systems: Barracuda Spam Firewall, GFI Mail
Essentials, McAfee GroupShield for Exchange, Symantec Brightmail, and
Sunbelt Messaging Ninja. This white paper presents the results of those
findings, comparing Sunbelt Software's Messaging Ninja with the other
four systems. A must-read for any IT strategist or e-mail administrator
who's actively researching SMB security messaging management tools.

Editors Corner

Ninja Kills Barracuda

OK, that was definitely tongue-in-cheek, but something big happened: Ninja won the 2007 SC Magazine Readers Trust Award for Best Email Security Solution, beating out all email security competitors. Here is the official announcement:

"Sunbelt Software has won a 2007 Reader Trust Award in the 10th annual SC Magazine Award program for outstanding achievement in information- technology (IT) security. Sunbelt Messaging Ninja was named the Best Email Security Solution at a gala ceremony held in San Francisco, Tuesday, February 6, 2007 in conjunction with the recent RSA Conference, the world's leading information-security event." Here is the PDF that lists the products that Ninja "defeated", and their Ninja write-up!

Initial Vista Consumer Sales Positive

The first week Vista was released, the retail PCsales in the U.S. jumped 67% compared to last year, according to Current Analysis. And compared to the week before, they were up 173%. It's not surprising to see that seventy percent of consumers opted for the higher-priced Vista Premium Edition.

Expect 12 Patches Next Week

Redmond plans to release a dozen security updates next week to patch critical holes in Windows, Office, Visual Studio and in its antivirus software. Also, they already released a patch supposed to improve performance of IE7's phishing filter ahead of the regular schedule, as per Redmond's IEBlog. Here is the advance patch notification at the MS website:

Quote Of The Week

"I have only one superstition. I touch all the bases when I hit a home run." -- Babe Ruth

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Download FREE Active Directory Web Search App + GAL Editing Solution!

Extend Active Directory services to UNIX/Linux/Mac to enable single sign-on, set global password policies. Free white paper.

SC Magazine gave Ninja "Best Email Security Solution 2007". Ninja only takes HALF THE ADMIN TIME. You also get a 50% competitive upgrade discount:

Tech Briefing

Hackers Slow Internet Root Servers With Attack

I have to say this news got my attention, and a bit of concern. Online attackers have briefly disrupted service on at least two of the 13 "root" servers. FYI, root servers manage the Internet's Domain Name System (DNS), used to translate Web addresses such as into the numerical Internet Protocol addresses used by machines. The attack, which began Tuesday at about 5:30 a.m. Eastern time, was the most significant attack against the root servers since an October 2002 distributed denial-of-service (DDoS) attack. It was all over the news, but ComputerWorld has a good summary:

Free Server Virtualization Seminar

Attend's upcoming seminar "Server Virtualization: When, Why and How to Virtualize," where independent experts Chris Wolf and Erick Halter will show you how to reclaim real estate in your server room, reduce your power costs, increase hardware utilization rates and better leverage IT resources through virtualization. This free one-day seminar is coming to nine cities beginning in March. Register today!

Xen All-In-One Guide

In this guide, learn what the difference is between Xen and other virtualization products, see Xen in action and follow Xen's trail in the news while learning if it's the right virtualization solution for your company. (free registration)

Fast Guide: VPN Quick Tips

With distributed work forces the norm rather than the exception these days, virtual private networks (VPNs) are more of a necessity than a luxury for administrators. This quick guide will provide practical tips, expert advice and more for administrators at different levels of the VPN lifecycle. (free registration)

Tip: Exchange And IE 7 Compatibility Problems

In this tip, expert Serdar Yegulalp explains three ways that computers running Exchange Server 2003 Service Pack 2 may experience problems if they're upgraded to Internet Explorer 7 (IE7) and how to solve these issues. (free registration)

Run Vista For Four Months Without Needing Activation

Through a command run in an administrative prompt, you can extend the grace period for running Windows Vista without needing activation to four months.

IT Managers Still Reacting To Security Threats

As Bill Gates touts policy-based security as a potential cure-all at RSA this week, IT managers may not have the resources or infrastructure to make it happen.

Windows Server News

MAJOR HEADACHE: Exchange and Daylight Saving Time

It's been discussed all over the forums, the press and the water coolers. Especially shops running Exchange and Blackberries can be overwhomped. Just look at a letter from a system admin I got this week (edited for brevity)

"I have 12 k mailboxes and 1500 Blackberries that will need to be patched. All of this needs to be done in a certain order for it to be successful. Currently, MS is coming out with an Exchange tool to run on all mailboxes to fix the DST times on the calendars and resources - conference rooms. We have 366 conference rooms in the company. As of yesterday MS states they will not release the tool for "weeks." Research in Motion (RIM) is not releasing their patch for the Blackberries until mid February. MS has released the patches for the OS on pc's and servers. These patches cannot be applied until MS releases the Exchange tool. All these patches and the Exchange tool need to be done by March 7th. I was advised by MS that I will have to remove all the meetings during the DST time frame, run the Exchange tool on all 12 k mailboxes and that tool "should" repopulate the conference rooms with the meetings. Somehow I don't feel real cozy with this. It was not tested it that way....More importantly, how can anyone log into 366 mailboxes, manually remove the meetings in the March and November time frame, manually run the tool on 12K mailboxes (we have to pick and choose which mailbox to run the tool on due to having pc's in Mexico on Central time zone instead of Mexico time zone. If we run the tool on Mexico mailboxes it will change all their meeting times to an incorrect time) and then look at all 366 mailboxes to confirm the meetings are now showing the correct time. Whew, sounds impossible to me.... And then there is the -method- of AutoAccept. I had nothing but trouble with this version, the mailboxes would stop accepting or declining the meetings. I am currently setting up our Blackberry Enterprise Server to wirelessly send out the patch to 1500 BB's. One issue, that only works if the BB is on at least version 4. We have about 200 BB's that are below that version. So we are setting up a dedicated pc to updates the BB version via the application loader. You cannot just use RIM's 4.0 version. You have to find out the make and model of these BB's and download their version of 4.0 or higher. The end user WILL have to attach their BB to the pc. This part cannot be done wirelessly. Once that is done they will now be candidates for the wireless patch, once RIM released it. To say the least I am OVERWHELMED...."

So I was happy to see that Paul Robichaux of WindowsITPro mag came to the rescue, and I'm copying the first bit and the link to the full article below!

Exchange and Daylight Saving Time, Part 1

Since the Germans first started doing it in 1916, much of the industrialized world has adopted a system of shifting time by an hour twice per year. In Europe, this is generally known as "summer time," but in the United States and Canada it's known as daylight saving time (DST). Never shy about screwing with a perfectly workable system, the US Congress passed a law in 2005, which goes into effect this year, that changes the dates when we switch to and away from DST.

This change has many implications that the original authors of the law probably didn't think of. It's easy enough to change ordinary clocks, but many other devices keep time and will need to be either adjusted or patched by the manufacturers. For example, in my home there are two TIVOs, a dozen or so computers, several wireless access points and routers, a VCR, and a PBX. All of these devices automatically adjust their clocks for DST now, but they'll need to be updated because this year DST begins earlier (March 11 instead of April 1) and ends later (November 4 versus October 28) than it has before.
The 2007 DST change poses an especially interesting circumstance for Exchange administrators. There are actually four sets of changes required:
  • patches for Windows, including Windows Server 2003, Windows 2000 Server, Windows XP, and Windows Mobile
  • patches for Exchange, which are required for OWA and other programs that use the Collaboration Data Objects (CDO) libraries
  • patches for Outlook, Microsoft Entourage, and other clients that create and process calendar data
  • updates to existing appointments that fall during the new extended DST period (March 11-April 1 and October 28-November 4)
By Paul Robichaux, Exchange Editor, [email protected]
To read the rest of this article and find out what you need to do to be ready for the DST switch, click here:

WServer Third Party News

CounterSpy Enterprise V2.0 Loaded With New Features!

This is a pretty impressive list of all the new stuff you will get in V2.0 that we expect late March, as Development has just sent V2.0 to Quality Assurance early. Just -look- at this list... impressive:

*Automated Deployment Service - It is now possible to have CSE automatically deploy agents to the network. At a policy level this feature can be enabled and the admin can specify any combination of machine lists, IP addresses, IP ranges, IP subnets, and AD queries to be resolved and deployed to without admin interaction. The traditional methods of deployment such as console push and MSI packages are still included.

*New User Features - The new agent now has many more options that can be exposed to the user at the discretion of the admin. The features include the ability to pause a scan that is in progress or disable active protection. As well, the end user can now be allowed to view the scan results and manage his own quarantine using a new end-user UI. Agents can still be run in a completely silent mode with no end-user interaction.

*New Engine - The agents are now using a new scanning and removal engine which now includes Sunbelt's new VIPRE technology. The new engine is faster and requires less system resources while at the same time has improved detection for more sophisticated threats such as rootkits. FirstScan is CounterSpy's new scan and remove on-boot technology designed specifically to detect and remove the most deeply embedded malware before it can run or install. Triggered through a CounterSpy system scan, FirstScan will run at the system's boot time, bypassing the Windows operating system, to directly scan certain locations of the hard drive for malware, removing infections where found.

*Incremental updates - This new engine fully support incremental updates so definitions can be released more often with less bandwidth impact and shorter download times for end-users that use CounterSpy at their home office.

*New Active Protection - The active protection system had been completely replaced with a new kernel-level component which is also based off of the VIPRE technology. The new system offers real-time blocking of threats from being executed while also being able to prompt the user to take action if suspicious behavior is detected. Additionally the administrator can create their own custom defined list of allowed and denied applications.

*New Agent Features - The new agent includes all of the above features as well as several other technologies. The agents can now go over the Internet to obtain definition updates if their CSE server is unreachable. They can also be set to throttle the rate that they download definition files and updates from CSE server so as to not saturate slower network connections. Advanced scheduling options now allow the agent to start scans at randomized times and make up for missed scheduled scans.

*New Console Features - The administrative console for CSE has been redesigned to include more information. The admin can now tell at a glance when an agent last scanned and print from any of the customizable agent grids. The console to server communication has been reworked and optimized to respond quickly even under heavy usage. Advanced features, such as the Agent Recovery Mode which allows agents removed from the CSE server to automatically attach back to the server, are exposed to the admin.

*New Server Features - The services for CSE have all been consolidated into a single process which increase the performance while at the same time decreasing the memory and CPU requirements. Additionally the new service has been ported over to .NET 2.0 which also increases the efficiency. The new CSE server component is not only compatible with the new agents but backwards compatible with the older 1.5 and 1.8 agents so upgrading can be done in stages.

This really is MAJOR improvement. We're stoked about this new version!

New Ninja 2.1 Features

And there's more! Ninja V2.1 is also coming out very soon. Here's what's new in the next Ninja version:

Global Disclaimer - The 2.1 release of Ninja now includes the ability to add a disclaimer to all email sent. This new feature has the ability to block duplicate disclaimers and the ability for the admin to allow the users to bypass this global disclaimer on a per email basis emails. Alternatively the global disclaimer could also be setup to only disclaim messages that the users specify.

Policy Based Disclaimers - In addition to the global disclaimer there are now policy based disclaimers which allow the admin to have a different disclaimers for groups of users. The same ability to remove duplicate disclaimers and allow users to include or exclude the disclaimer exist at the policy level. As well the policy level disclaimers can be set to either leave a set global disclaimer in place or replace the global disclaimer.

Disclaimer Templates - The new disclaimer functionality utilizes templates that allow the admin to easily setup disclaimers using HTML or plain text. These templates can be setup to include user data from Active Directory so that each disclaimer is customized for the user sending the email. Included are template samples such as legal disclaimers, virus warning disclaimers, and copyright disclaimers.

Updated Antispam Engine - This release includes Cloudmark's latest engine release which has additional enhancements to improve the detection of the latest spam variants such as image spam. Another new feature includes the ability to adjust the efficacy of the detection while tuning the amount of resources available to the engine.

Console Enhancements - Several enhancements have been added to the console. Database management has been added through tools to allow the purging of old records from an existing database and the compacting of Access databases to reduce their size. Enhanced proxy support has been added for systems that utilize NTLM authentication. New reports have been added to give information on the use of disclaimers.

Wireless Hacking Tool Makes Splash at RSA

eWEEK just reported that among the most intriguing technologies being shown off at RSA is a mobile penetration testing application made by Immunity that allows people to scan networks for vulnerabilities on the go. Dubbed Silica, the sleek handheld, based on a Nokia tablet device, claims the ability to test wireless network security using Wi-Fi technology. Will criminal hackers use this for the wrong reasons?

WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.

WServerNews - Product of the Week

Get CounterSpy Enterprise Before Price Hike

When CSE V2.0 gets released with the dramatically expanded feature set, the prices will go up. If you do not have an enterprise quality antispyware product deployed yet, and have been looking at the different contenders in this category, it would be a really good idea to buy CSE before the price hike, and lock in lower cost! When V2.0 comes out, you will get that version without having to pay for all the extras. Check it out now, you will not regret it.