Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 12, #19 - May 14, 2007 - Issue #625
Trojans Hijack Windows Patching Code & Bypass Firewalls

  1. Editor's Corner
    • Trojans Hijack Windows Patching Code & Bypass Firewalls
    • CounterSpy Enterprise Virus Question
    • Vista Betas, RCs Don't Get Patches
    • Redmond's Own Products Not Vista-Ready?
    • Quotes Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Tech Briefing
    • New Jeremy Moskowitz's GPanswers Newsletter
    • Virtualization And Network Infrastructure Challenges
    • NAP Is Almost Here: It Managers Get Ready
    • An Email Archiving Project Roadmap
    • Protecting Your Database: Who's Looking At Your Sensitive Data?
    • Microsoft Releases Beta For Network Monitor
  4. Windows Server News
    • Microsoft Website Calls Longhorn 'Windows Server 2008'
    • Next Version Of SQL Server Slated For 2008
  5. WServer Third Party News
    • Counterspy Gateway SDK Now Provides IDS/IPS Functionality
    • Ninja Email Security GETS Image Spam - Webcast
  6. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - Product of the Week
    • BOOK: Exchange Server 2007 Unleashed
NEW: Sunbelt Firewall Small Office Edition

Small offices often rely on the Windows XP firewall for desktops.
But many people do not know that it only monitors incoming traffic!
Small businesses that store customer and/or patient information need
much better protection than that. The Sunbelt Firewall is Two-Way
and also includes both Network- and Host-based Intrusion Prevention.
It has identity-theft protection, and blocks ads and popups. We have
a special new 10-pack for only $149.95, including one year of upgrades
and U.S. based tech support. An excellent deal. Tell your friends!

Editor's Corner

Trojans Hijack Windows Patching Code & Bypass Firewalls

This week, researchers at Symantec reported that late last year they first noticed Russian hackers talk about the Background Intelligent Transfer Service (BITS) in Windows. BITS is a pretty cool piece of code. It allows patches to be downloaded in asynch mode, and it also throttles itself to not impact performance. But now trojans are using it to download malware! The "benefit" here is that BITS is trusted so the trojans now bypass firewalls effortlessly.

The idea itself is not really new, but now bad guys are leveraging a component of the OS to update their own malware content. BITS debuted in WinXP, is part of W2K3 and is also in Vista. Like I said before, malware is getting more and more sophisticated. You need advanced antimalware code to protect your networks.

CounterSpy Enterprise Virus Question

We received this email a few days ago. I will answer the question at the end. You will be interested to hear this news, if you have missed the recent Tuesday afternoon webcasts about CSE.

"Just wanted to drop you a note to tell you guys how impressed we are by CounterSpy Enterprise 2.0. Given my past experience with versions 1.5 and 1.8, version 2.0 is a far superior product overall. The upgrade was seamless, the new configuration options are very welcome, and the speed and detection capability of the new VIPRE engine on the client-side is unbelievable. I can now do Quick Scans in seconds compared to minutes beforehand. In fact, I was able to remove two rootkits using CounterSpy 2.0 this past weekend with no ill side-effects. Job well done!

"So, it brings me to ask: When is Sunbelt Software going to incorporate full anti-virus detection and removal capabilities in the CounterSpy product line? If you guys ever do this, we may consider dropping our current AV vendor, since it'd be nice to have a single product perform full client-side protection against all viral, worm, trojan, and other malware threats. Please tell me this isn't just a pipe-dream of mine. FYI, I do realize there is some minimal AV/worm detection in CounterSpy already. Thanks, -Jim. "

Editor's Answer: We are working day and night to finish the VIPRE technology, which we expect the second half of this year. By that time we'll have a new, "hybrid" technology that will do just that!

Vista Betas, RCs Don't Get Patches

Redmond really wants you to pay for Vista. They confirmed this week that if you are still running prerelease copies (betas or release candidates of Vista), you will not receive security updates via Windows Update. And that includes the critical patches for (IE7), that were released on Patch Tuesday.

They said this had been made clear last year during signup, and in the Vista security team's blog. The official line: "Microsoft no longer provides service or support for the prerelease versions". But what that means in reality is that they have disabled all possibility to update, so even if you try to install manually downloaded Vista patches, that won't fly. Open that wallet brother!

Redmond's Own Products Not Vista-Ready?

Vista was late, that was no surprise. But because of that, many third party developers are even later with their Vista compatible code. And now it looks that even some Redmond code has not made it yet. A reader sent me news that he has a client that last fall decided to purchase the Microsoft Dynamics SL 6.7. Accounting product. They are now deploying.

One of the reason for the decision to purchase Microsoft Dynamics was the advertising about "how well" it would always work with other MS products. Well, guess what. It looks like the currently shipping version of Dynamics SL - version 6.7 is not compatible with Vista. Moreover, they only plan to make it compatible with the release of Microsoft Dynamics SL version 7, the release date of which has not been announced yet.

It is ironic that any company should be held back deploying Windows Vista because their current version of Microsoft software does not support it.

Quotes Of The Week

"If you can't convince them, confuse them." -- Harry S. Truman
"A loving heart is the truest wisdom." -- Charles Dickens

UNDO DEPT: The Fave Link last week about low-energy CFL lamps was incorrect. There -is- mercury in those lamps but when one breaks there are easy instructions for clean-up.

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Must Have FREEWARE. Web Active Directory & Self Service Password. Download now!

Reclaim up to 80% of your Exchange Store with ExchangeCompress. Download FREE trial copy today.

New Radmin V3 is a complete, secure and lightning fast Remote Control tool designed by and for system admins. Supports Vista - Try it out!

Protect your mission critical Virtual Servers with real-time data replication and Disaster Recovery in-one: Double-Take!

Tech Briefing

New Jeremy Moskowitz's GPanswers Newsletter

In Jeremy Moskowitz's newsletter #22 learn some tips and tricks for managing Office 2007. And learn about Jeremy's updated standard "Bible" for Group Policy; his updated book on Group Policy management. Finally, learn where Jeremy's upcoming Group Policy classes are going to be for the next several months. Don't miss it:

Virtualization And Network Infrastructure Challenges

What challenges does virtualization present to the network infrastructure? In this featured expert response, find out what Anil Desai (MCSE, MCSD, MCDBA and a Microsoft MVP) had to say is the major issue to consider. (registration required)

NAP Is Almost Here: It Managers Get Ready

In the upcoming release of Windows Longhorn, Microsoft will deliver a much improved offering to replace Network Access Quarantine Control (NAQC), in the form of Network Access Protection (NAP). NAP will be an integral offering in Windows Longhorn and is already available for testing in the various beta releases of Longhorn Server. Find out how it works and how to prepare for it in this exclusive article. (registration required)

An Email Archiving Project Roadmap

Like any other IT initiative, an email archiving project requires a fully developed plan. In chapter one of this new e-book, Email archiving: Planning, policies and product selection, archiving expert Kathryn Hilton outlines a four-phased approach that will help you plan and deploy a successful email archiving project.

Protecting Your Database: Who's Looking At Your Sensitive Data?

Methods to protect your SQL Server database include database authentication and logging to track who has touched your data. But how do you know if someone has simply looked at your data? IT security specialist Kevin Beaver explains how to secure your database one step further.

Microsoft Releases Beta For Network Monitor

A beta of Microsoft's latest network traffic monitor is available for download. Windows Vista support and improved wireless tracking are among the new features.

Windows Server News

Microsoft Website Calls Longhorn 'Windows Server 2008'

Microsoft may have slipped up Thursday afternoon and inadvertently posted the official name of its next server operating system, currently codenamed 'Longhorn.' Keith Ward wrote the story for MCPMag. It's here:

Next Version Of SQL Server Slated For 2008

Microsoft kicked off its very first Business Intelligence (BI) Conference in Seattle with a keynote speech by Business Division President Jeff Raikes. He basically said that they would move into that market at a low price point. He also said that the next version of SQL Server would be the main component of that move, and that the next version code-named Katmai will be available in 2008. Katmai will have a tighter integration with other MS products, like Office, SharePoint Server and Excel. Good news for developers too, Katmai will come with an integrated development environment consisting of Visual Studio and the .NET Framework.

WServer Third Party News

Counterspy Gateway SDK Now Provides IDS/IPS Functionality

In addition to powerful threat detection, the CounterSpy Gateway SDK delivers for OEMs built-in IDS/IPS functionality through a Snort(r) -compatible engine.

Many of the world's leading security appliance vendors and managed service providers rely on our CounterSpy Gateway SDK as a core component of their threat defense strategy. Nothing works better for stopping spyware and other malware in its tracks. Now that same engine has been enhanced with a significant new feature option - an intrusion detection and prevention engine that is compatible with Snort and BleedingEdge Threat signatures ("Bleeding Snort"). What is Snort and why?

Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.

Why use the CounterSpy Gateway engine for Intrusion Detection and Prevention? By using a single, tightly integrated engine at the gateway, OEMs can maximize resources and performance while adding to and enhancing the features they can offer to their customers. The CounterSpy Gateway SDK saves you the time and risk of wiring in multiple engines from multiple vendors, or relying on the unpredictable nature of open source.

We provide the best of all worlds: tightly integrated, multi-function threat defense and intrusion detection at the gateway. It is fully supported by Sunbelt Software yet compatible with, and able to run, standard Snort and BleedingEdge rules. We also provide out-of-the-box a standard library of rules ready to run for testing and filtering packets at the gateway.

Contact us to find out how our engine can enhance your security solution and competitive position in the market.

Ninja Email Security GETS Image Spam - Webcast

Join us for a Live Web Demonstration of Sunbelt Ninja Email Security for Microsoft Exchange with Alex Eckelberry, President and Greg Kras, VP of Product Management for Sunbelt Software on Tuesday, May 15th at 2:00pm EDT. Learn about the features of this robust email security product including:
  • Policy-based plug-in management for antispam, AV, and attachment filtering
  • New policy-based and global disclaimers
  • Fast deployment in Exchange environments
  • Superior spam detection using two antispam engines
  • Aggressive virus detection and elimination using two AV engines
  • Custom rules for content inspection and attachment filtering
  • Powerful reporting options for all plug-ins
  • And more...
When: Tuesday, May 15, 2007 2:00 PM (EDT) To join the day of the event please visit:

Meeting ID: 92SSQC
Attendee Meeting Key: XR*mw9Z
Audio: Toll free: 866-863-8879
Toll: 319-279-1000
Participant code: 104764

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff.

WServerNews - Product of the Week

BOOK: Exchange Server 2007 Unleashed

I was browsing through Barnes & Noble last weekend and saw that this book had been released. You can knock some one out with it, over 1,200 pages! I glanced at the table of content and it sits here on my desk lurking at me. I have not had the confront yet to start reading. But the back cover shows I gotta! ;-D

"This is the ultimate guide to the design, migration, implementation, administration, management, and support of an Exchange Server 2007 environment. The recommendations, tips, and tricks covered are based on more than two years of early adopter implementations of Exchange 2007. The authors highlight the features and functions that organizations both large and small have found to be the important components in Exchange 2007, including the new Outlook Web Access mail, functions that better support mobile devices, server-to-server mailbox replication for better data recovery, and integrated voicemail unified messaging. Link to Amazon here: