Vol. 12, #19 - May 14, 2007 - Issue #625
Trojans Hijack Windows Patching Code & Bypass Firewalls
- Editor's Corner
- Trojans Hijack Windows Patching Code & Bypass Firewalls
- CounterSpy Enterprise Virus Question
- Vista Betas, RCs Don't Get Patches
- Redmond's Own Products Not Vista-Ready?
- Quotes Of The Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- New Jeremy Moskowitz's GPanswers Newsletter
- Virtualization And Network Infrastructure Challenges
- NAP Is Almost Here: It Managers Get Ready
- An Email Archiving Project Roadmap
- Protecting Your Database: Who's Looking At Your Sensitive Data?
- Microsoft Releases Beta For Network Monitor
- Windows Server News
- Microsoft Website Calls Longhorn 'Windows Server 2008'
- Next Version Of SQL Server Slated For 2008
- WServer Third Party News
- Counterspy Gateway SDK Now Provides IDS/IPS Functionality
- Ninja Email Security GETS Image Spam - Webcast
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- BOOK: Exchange Server 2007 Unleashed
NEW: Sunbelt Firewall Small Office Edition
Small offices often rely on the Windows XP firewall for desktops.
But many people do not know that it only monitors incoming traffic!
Small businesses that store customer and/or patient information need
much better protection than that. The Sunbelt Firewall is Two-Way
and also includes both Network- and Host-based Intrusion Prevention.
It has identity-theft protection, and blocks ads and popups. We have
a special new 10-pack for only $149.95, including one year of upgrades
and U.S. based tech support. An excellent deal. Tell your friends!
Trojans Hijack Windows Patching Code & Bypass Firewalls
This week, researchers at Symantec reported that late last year they
first noticed Russian hackers talk about the Background Intelligent
Transfer Service (BITS) in Windows. BITS is a pretty cool piece of
code. It allows patches to be downloaded in asynch mode, and it also
throttles itself to not impact performance. But now trojans are using
it to download malware! The "benefit" here is that BITS is trusted so
the trojans now bypass firewalls effortlessly.
The idea itself is not really new, but now bad guys are leveraging a
component of the OS to update their own malware content. BITS debuted
in WinXP, is part of W2K3 and is also in Vista. Like I said before,
malware is getting more and more sophisticated. You need advanced
antimalware code to protect your networks.
CounterSpy Enterprise Virus Question
We received this email a few days ago. I will answer the question at
the end. You will be interested to hear this news, if you have missed
the recent Tuesday afternoon webcasts about CSE.
"Just wanted to drop you a note to tell you guys how impressed we are by
CounterSpy Enterprise 2.0. Given my past experience with versions 1.5
and 1.8, version 2.0 is a far superior product overall. The upgrade was
seamless, the new configuration options are very welcome, and the speed
and detection capability of the new VIPRE engine on the client-side is
unbelievable. I can now do Quick Scans in seconds compared to minutes
beforehand. In fact, I was able to remove two rootkits using CounterSpy
2.0 this past weekend with no ill side-effects. Job well done!
"So, it brings me to ask: When is Sunbelt Software going to incorporate
full anti-virus detection and removal capabilities in the CounterSpy
product line? If you guys ever do this, we may consider dropping our
current AV vendor, since it'd be nice to have a single product perform
full client-side protection against all viral, worm, trojan, and other
malware threats. Please tell me this isn't just a pipe-dream of mine.
FYI, I do realize there is some minimal AV/worm detection in CounterSpy
already. Thanks, -Jim. "
Editor's Answer: We are working day and night to finish the VIPRE
technology, which we expect the second half of this year. By that
time we'll have a new, "hybrid" technology that will do just that!
Vista Betas, RCs Don't Get Patches
Redmond really wants you to pay for Vista. They confirmed this week
that if you are still running prerelease copies (betas or release
candidates of Vista), you will not receive security updates via Windows
Update. And that includes the critical patches for (IE7), that were
released on Patch Tuesday.
They said this had been made clear last year during signup, and in
the Vista security team's blog. The official line: "Microsoft no longer
provides service or support for the prerelease versions". But what that
means in reality is that they have disabled all possibility to update,
so even if you try to install manually downloaded Vista patches, that
won't fly. Open that wallet brother!
Redmond's Own Products Not Vista-Ready?
Vista was late, that was no surprise. But because of that, many third
party developers are even later with their Vista compatible code. And
now it looks that even some Redmond code has not made it yet. A reader
sent me news that he has a client that last fall decided to purchase
the Microsoft Dynamics SL 6.7. Accounting product. They are now deploying.
One of the reason for the decision to purchase Microsoft Dynamics was
the advertising about "how well" it would always work with other MS
products. Well, guess what. It looks like the currently shipping version
of Dynamics SL - version 6.7 is not compatible with Vista. Moreover, they
only plan to make it compatible with the release of Microsoft Dynamics
SL version 7, the release date of which has not been announced yet.
It is ironic that any company should be held back deploying Windows Vista
because their current version of Microsoft software does not support it.
Quotes Of The Week
"If you can't convince them, confuse them." -- Harry S. Truman
"A loving heart is the truest wisdom." -- Charles Dickens
UNDO DEPT: The Fave Link last week about low-energy CFL lamps was
incorrect. There -is- mercury in those lamps but when one breaks
there are easy instructions for clean-up.
New Jeremy Moskowitz's GPanswers Newsletter
In Jeremy Moskowitz's GPanswers.com newsletter #22 learn some tips
and tricks for managing Office 2007. And learn about Jeremy's updated
standard "Bible" for Group Policy; his updated book on Group Policy
management. Finally, learn where Jeremy's upcoming Group Policy classes
are going to be for the next several months. Don't miss it:
Virtualization And Network Infrastructure Challenges
What challenges does virtualization present to the network infrastructure?
In this featured expert response, find out what Anil Desai (MCSE, MCSD,
MCDBA and a Microsoft MVP) had to say is the major issue to consider.
NAP Is Almost Here: It Managers Get Ready
In the upcoming release of Windows Longhorn, Microsoft will deliver a
much improved offering to replace Network Access Quarantine Control (NAQC),
in the form of Network Access Protection (NAP). NAP will be an integral
offering in Windows Longhorn and is already available for testing in
the various beta releases of Longhorn Server. Find out how it works and
how to prepare for it in this exclusive article. (registration required)
An Email Archiving Project Roadmap
Like any other IT initiative, an email archiving project requires a fully
developed plan. In chapter one of this new SearchExchange.com e-book,
Email archiving: Planning, policies and product selection, archiving
expert Kathryn Hilton outlines a four-phased approach that will help you
plan and deploy a successful email archiving project.
Protecting Your Database: Who's Looking At Your Sensitive Data?
Methods to protect your SQL Server database include database authentication
and logging to track who has touched your data. But how do you know if
someone has simply looked at your data? IT security specialist Kevin
Beaver explains how to secure your database one step further.
Microsoft Releases Beta For Network Monitor
A beta of Microsoft's latest network traffic monitor is available for
download. Windows Vista support and improved wireless tracking are among
the new features.
||Windows Server News
Microsoft Website Calls Longhorn 'Windows Server 2008'
Microsoft may have slipped up Thursday afternoon and inadvertently posted
the official name of its next server operating system, currently codenamed
'Longhorn.' Keith Ward wrote the story for MCPMag. It's here:
Next Version Of SQL Server Slated For 2008
Microsoft kicked off its very first Business Intelligence (BI) Conference
in Seattle with a keynote speech by Business Division President Jeff Raikes.
He basically said that they would move into that market at a low price
point. He also said that the next version of SQL Server would be the main
component of that move, and that the next version code-named Katmai will
be available in 2008. Katmai will have a tighter integration with other
MS products, like Office, SharePoint Server and Excel. Good news for
developers too, Katmai will come with an integrated development environment
consisting of Visual Studio and the .NET Framework.
||WServer Third Party News
Counterspy Gateway SDK Now Provides IDS/IPS Functionality
In addition to powerful threat detection, the CounterSpy Gateway SDK delivers
for OEMs built-in IDS/IPS functionality through a Snort(r) -compatible engine.
Many of the world's leading security appliance vendors and managed service
providers rely on our CounterSpy Gateway SDK as a core component of their
threat defense strategy. Nothing works better for stopping spyware and other
malware in its tracks. Now that same engine has been enhanced with a
significant new feature option - an intrusion detection and prevention engine
that is compatible with Snort and BleedingEdge Threat signatures ("Bleeding
Snort"). What is Snort and why?
Snort is an open source network intrusion prevention and detection system
utilizing a rule-driven language, which combines the benefits of signature,
protocol and anomaly based inspection methods. Snort is the most widely
deployed intrusion detection and prevention technology worldwide and has
become the de facto standard for the industry.
Why use the CounterSpy Gateway engine for Intrusion Detection and Prevention?
By using a single, tightly integrated engine at the gateway, OEMs can maximize
resources and performance while adding to and enhancing the features they
can offer to their customers. The CounterSpy Gateway SDK saves you the time
and risk of wiring in multiple engines from multiple vendors, or relying on
the unpredictable nature of open source.
We provide the best of all worlds: tightly integrated, multi-function threat
defense and intrusion detection at the gateway. It is fully supported by
Sunbelt Software yet compatible with, and able to run, standard Snort and
BleedingEdge rules. We also provide out-of-the-box a standard library of
rules ready to run for testing and filtering packets at the gateway.
Contact us to find out how our engine can enhance your security solution
and competitive position in the market.
Ninja Email Security GETS Image Spam - Webcast
Join us for a Live Web Demonstration of Sunbelt Ninja Email Security for
Microsoft Exchange with Alex Eckelberry, President and Greg Kras, VP of
Product Management for Sunbelt Software on Tuesday, May 15th at 2:00pm EDT.
Learn about the features of this robust email security product including:
When: Tuesday, May 15, 2007 2:00 PM (EDT) To join the day of the event please visit:
- Policy-based plug-in management for antispam, AV, and attachment filtering
- New policy-based and global disclaimers
- Fast deployment in Exchange environments
- Superior spam detection using two antispam engines
- Aggressive virus detection and elimination using two AV engines
- Custom rules for content inspection and attachment filtering
- Powerful reporting options for all plug-ins
- And more...
Meeting ID: 92SSQC
Attendee Meeting Key: XR*mw9Z
Audio: Toll free: 866-863-8879
Participant code: 104764
||WServerNews - Product of the Week
BOOK: Exchange Server 2007 Unleashed
I was browsing through Barnes & Noble last weekend and saw that this
book had been released. You can knock some one out with it, over
1,200 pages! I glanced at the table of content and it sits here on
my desk lurking at me. I have not had the confront yet to start
reading. But the back cover shows I gotta! ;-D
"This is the ultimate guide to the design, migration, implementation,
administration, management, and support of an Exchange Server 2007
environment. The recommendations, tips, and tricks covered are based
on more than two years of early adopter implementations of Exchange
2007. The authors highlight the features and functions that
organizations both large and small have found to be the important
components in Exchange 2007, including the new Outlook Web Access
mail, functions that better support mobile devices, server-to-server
mailbox replication for better data recovery, and integrated voicemail
unified messaging. Link to Amazon here: