WServerNews (formerly W2Knews)

Vol. 12, #40 - Oct 15, 2007 - Issue #646

Sell To Public Companies? You Should Be Archiving Too

Editor's Corner
- Webinar: Powerful Email Archiving for Exchange Made Easy
- And Another Site Replaced GFI with Ninja...
- New SunPoll
- Quotes of the Week
Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
Tech Briefing
- Info Security Spending On The Rise, CompTIA Survey Reveals
- XP SP3 Beta Goes to Testers
- Presidential Candidates Face Phishing Threat In '08
- October Patches Fix Four Threats
- Tip: How To Design Monitoring Controls To Manage Mistakes
- How To Use Powershell To Build A Disk Cleanup Utility
Windows Server News
- Sell To Public Companies? You Should Be Archiving Too
WServer Third Party News
- New Sunbelt Network Security Inspector Update
WServerNews Fave Link
- This Week's Links We Like. Tips, Hints And Fun Stuff.
WServerNews - Product of the Week
- Instantly Reduce Every Message In The Exchange Store to 2-5!

Instantly Reduce Every Message In The Exchange Store to 2-5K!

Sunbelt Exchange Archiver improves performance, productivity and allows you
to comply with legal and regulatory retention requirement, within budget!
Also, note that the following 'Archiving Myths' are BUSTED:

"Our 'archive' is really our backups."
"We purge email frequently in order to have no 'smoking guns.'"
"The courts will let us off the hook if we can't produce data because
of our 90-day deletion policy"
"We don't need to archive because we're not in a regulated industry"

http://www.wservernews.com/071015-Sunbelt-Exchange-Archiver

	Editor's Corner

Webinar: Powerful Email Archiving for Exchange Made Easy Join us for a sneak preview of Sunbelt Software's new Exchange email archiving and compliance solution, Sunbelt Exchange Archiver(tm), scheduled for release the first week in November. If you need a powerful, easy to use, enterprise-class email archiving tool that automatically enables you to comply with all requirements, and allows you or your end-users to transparently retrieve any archived email, then don't miss this webinar! The webinar will be hosted by Alex Eckelberry, CEO and Greg Kras, VP of Product Management for Sunbelt Software on Tuesday, October 16th at 2:00pm EDT and will explain the features and benefits of implementing a powerful email archiving solution on your Exchange Server at an affordable price. Learn how Sunbelt Exchange Archiver can help you: Improve Exchange performance Eliminate PST headaches Dramatically reduce backup times Use up to 80% smaller message store Meet compliance requirements And more When: Tuesday, October 16, 2007 2:00 PM EDT To register for this event please visit: http://www.wservernews.com/071015-SEA-Webinar Hurry, space is limited! And Another Site Replaced GFI with Ninja... Galen Counselman from the Covenant Hospice sent us this: "Ninja is working fantastically! We are very happy with our purchase and it is proving to be much more effective than GFI ever was. We just finished our Exchange 2007 migration over the weekend and are now working on post-migration tasks." http://www.wservernews.com/071015-Ninja-Email-Security New SunPoll Which of these 'Magic Five' do you think is the -most- important reason to archive Exchange email? Storage / Performance Compliance Migration Disaster Recovery Backup Vote here: http://www.sunbelt-software.com/ Quotes of the Week "Your children need your presence more than your presents." -- Jesse Jackson "We must BE the change we wish to see in the world" -- Gandhi Thank you for being a WServerNews subscriber.

Hope you enjoy this issue of WServerNews! Warm regards, Stu |

Email me: feedback@wservernews.com

Double-Take Software - Recovery Made Easy

Double-Take(r) provides a unique solution protecting data, systems and
applications, for physical and virtual server environments, integrating
seamlessly into your IT system with no additional resources required.

Guarantee the High Availability of all your Windows servers
Replicates on any site, irrespective of the distance
Protect your data, without exceeding your IT budgets
Evolve to virtual server environments in complete security

http://www.wservernews.com/071015-Double-Take

	Admin Toolbox

Admin Tools We Think You Shouldn't Be Without Get a Quote to see how cheap the new Sunbelt Exchange Archiver (SEA) would be for your environment. SEA is equivalent to Symantec Enterprise Vault: http://www.wservernews.com/071015-SEA-Quote This is a "Gotta Have" - a free web-based employee directory that you can have operational in 35.9 seconds. No kidding. Download it today. http://www.wservernews.com/071015-rDirectory For loads of laughs visit John Cleese's Friendly Advice Machine: http://www.wservernews.com/071015-Friendly-Advice-Machine Reclaim up to 95% of your .pst files with PSTCompress 3. Download your trial copy today! http://www.wservernews.com/071015-PSTCompress-3

	Tech Briefing

Info Security Spending On The Rise, CompTIA Survey Reveals One-fifth of tech budgets now allocated for security. Oakbrook Terrace, Ill., October 9, 2007-Spending on security technology, training, assessments, and certification now accounts for one-fifth of total technology budgets, according to research from the Computing Technology Industry Association (CompTIA). A survey of 1,070 organizations found that on average, they spent 20 percent of their total technology budget in 2006 on security-related expenses. That's up from 15 percent in 2005, and 12 percent in 2004. Organizations also expect to increase spending across all areas related to security in the next 12 months. Nearly one-half of respondents to the CompTIA survey said they intend to increase spending on security-related technologies; and one-third of respondents expect to increase spending on security training. Among those expecting to increase spending, the average increase is in the range of 19-23 percent, regardless of area. The survey also showed that for each dollar spent on security, about 42 cents is allocated for technology product purchases; 17 cents for security-related processes; 15 cents for training; 12 cents for assessments; 9 cents for certification; and the balance on other items. For more information on the study please visit: http://www.wservernews.com/071015-Security-Budgets XP SP3 Beta Goes to Testers According to the NeoSmart website, Windows XP SP3 build 3205, which was released to beta testers on Sunday, includes four new features among the 1,000-plus individual hot fixes and patches. Features backported from Vista, they claim, include Network Access Protection, (only security policy-abiding devices can connect to a network) a kernel module containing several encryption algorithms that can be accessed by third-party developers, a new Windows activation model that doesn't require product keys, and "Black Hole Router" protection against rogue routers that discard data. Expect XP SP3 early 2008. It looks like this extends the lifespan of XP, and note that Redmond intro'd a new "get-legal" program that lets you purchase large amounts of WinXP Pro through your usual reseller. More specifics at NeoSmart: http://www.wservernews.com/071015-XP-SP3 Presidential Candidates Face Phishing Threat In '08 Presidential candidates seeking contributions online could face a rather specific threat from phishers: Attacks that harvest donors' credit card numbers or divert contributions to an opponent's campaign. More at: http://www.wservernews.com/071015-Phishing-Threat October Patches Fix Four Threats Of the nasties unveiled in Microsoft's October Windows patch security summary, four of them stand out in particular since they pose the broadest range of threats. A memory corruption problem that allows arbitrary code to run is one of the big issues addressed in this monthly patch parade. http://www.wservernews.com/071015-Windows-Patches Tip: How To Design Monitoring Controls To Manage Mistakes Plagued by calls from angry users? Using workarounds regularly to do your job? Then it's time to design and implement controls that will address potential failures. Find out how in this tip! http://www.wservernews.com/071015-Controls How To Use Powershell To Build A Disk Cleanup Utility In this Scripting School on SearchWinComputing.com, expert Christa Anderson explains how to use Windows PowerShell cmdlets to build a useful but potentially destructive utility for disk cleanup, and how to reduce the risk of using it. http://www.wservernews.com/071015-Powershell

	Windows Server News

Sell To Public Companies? You Should Be Archiving Too Something you perhaps did not know. I for sure didn't until I started reading up on the legal retention requirements! There are an increasing number of government compliance mandates, take Sarbanes/Oxley (SOX) for instance. But their repercussions are not always visible for everyone. A lot of these regulations require archiving as an important part of compliance. Osterman Research names just a few highlights: Financial: SEC 17a; NASD 3010; HIPAA; SOX; GLBA; SB1386 Healthcare: HIPAA; SOX; SB1386 Government: HIPAA Life Sciences: HIPAA; 21 CFR11; SOX; SB1386 Other industries: HIPAA; SOX; SB1386 Two well-known compliance regulations are the most far-reaching: the Health Insurance Portability and Accountability Act (HIPAA) and SOX. As an illustration of how far these can reach, HIPAA not only applies to healthcare organizations, but also to health insurance providers and their claims processing services, and furthermore to (and did you know this) employers that are self-insured or that provide health services to employees. And then the infamous SOX has an effect on all organizations that publicly report financial results, or that issue U.S.-traded securities. More over, if you are a private company that does business with a publicly traded company, you must also follow SOX guidelines. Why? So your business partner can get requested information from you, in the event of an audit. If your CEO is planning to go public at one point in the future, you'd -better- start to follow SOX IT guidelines as early as possible. Here are some official legal words: "To comply with SOX, public companies should apply these internal controls to their information management practices-which may include, among other things, a thorough and ongoing evaluation of the organization's information management programs, policies and procedures to ensure that company records are retained in an accurate and trustworthy manner. In addition, company records need to be readily accessible to ensure timely cooperation should the organization find itself under investigation. Additionally, it has become essential that organizations not only have record keeping policies and practices in place but that they also have a Legal Hold or Records Hold mechanism that supersedes the organization's regular record keeping rules, and ensures that company records and information are preserved for SEC investigations or other formal proceedings." And do not forget two other interesting laws that might apply at the worst possible moment: The Patriot Act and Freedom of Information (FOI) Act. Both of these require organizations to retain and maintain records so that they can be produced when regulators send requests for them. 'Firing-Offense': Omitted Software So much for laws and recent regulation. The second important reason driving the need for any organization to have policy, procedure and software in place for e-mail retention and management is litigation and its inevitable ugly result called e-discovery. The Direct Archiving feature in SEA is compliant because as it comes into the Exchange Store its immediately archived. Even if the user has deleted email, it is already stored in archive and can be easily restored into an audit or legal mailbox. Not only must you retain critical data, but you have to be able to query data for the purpose of legal discovery and do it pronto. Not having this in place is truly an incredible headache. I've been there, and done that a long time ago. I took the IT team -weeks- of almost full-time work. It is not hard to see that you are opening yourself up to critical risk if you are not able to meet regulatory mandates or e-discovery subpoenas, even as a third party in a lawsuit. Ever did the math how much it costs to process and restore a single backup tape? You'd be surprised. Better To Act Right Now It's one of these things you cannot afford not to address, and the Sunbelt surveys showed that 40% of you are going to deploy archiving in the next 12 months. That is a sea change in the market. But let me help you a bit with some ammo to get budget pushed through right away. There are a LOT of benefits that make it a no-brainer to implement ASAP, from small to large: Avoid compliance-related fines Significant savings on both IT time and attorney staff time Very fast ROI, usually 3 to 6 months Immediate, 100% ROI if you get hit with an e-discovery Significant savings every 2 years on additional Exchange servers and storage 60-80% faster backups Email has become mission critical and archiving needs to be a front burner issue, for all the above reasons. Now, HOW to archive is crucial. Getting a journaling-based system lacks a wealth of features you really need, and does not give you the performance and space benefits. So if you are running one of these, we provide a 50% Competitive Upgrade Discount until the end of the year. That becomes an instant complete no-brainer. Check out SEA: http://www.wservernews.com/071015-SEA

WServer Third Party News

New Sunbelt Network Security Inspector Update

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

New vulnerability updates for this release include:

W3204 Kodak Image Viewer Could Allow Remote Code Execution
W3210 MS Word 2000 Could Allow Remote Code Execution
W3211 Microsoft Word 2002 Could Allow Remote Code Execution
N0069 Cisco 127/8 IP addressing error
L0117 Elinks POST request https URL error - FC
L0127 T1lib GetCompletePath vulnerability - MDV
L0128 Libsndfile FLAC crafted PCM error - MDV
L0129 OpenSSL BN_from_montgomery error - MDV
L0130 Pidgin libpurple mSN nudge error - FC
L0131 Ruby connect method commonName error - FC
L0132 Nfs-utils RPC library and nfsidmap errors - RHE
L0133 Xen warn.php URL bypass flaw - RHE
L0134 Elinks POST request https URL error - RHE
L0135 KDElibs multiple vulnerabilities - RHE
L0136 KDEBase URL spoofing errors - RHE
S0515 System panic upon SAN Fiber Channel disruptions - Solaris 10
S0513 Svc.startd libc patch induces hang - Solaris 10
S0512 Named pipes leak information - Solaris 8-10

Sunbelt Network Security Inspector version 1.6.79.0 was released October 10, 2007). Sunbelt Software recommends you download the new SNSI version 1.6.79.0, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/071015-SNSI

	WServerNews Fave Link

This Week's Links We Like. Tips, Hints And Fun Stuff. These guys built a huge stack of wood and then wheel in a large jet engine to start the fire. Looks as if gas or another form of flammable liquid is used turning the jet engine into the worlds largest flame thrower: http://www.wservernews.com/071015-Jet-Fire-Engine David Pogue reviews the XO-1, a $100 laptop intended to be distributed to children in developing countries around the world. Based on Linux, it uses flash memory instead of a hard drive and is extremely rugged: http://www.wservernews.com/071015-XO-1-Laptop Fly a lot? Need to be kept up-to-speed on flight-delays? The Wall Street Journal tested out all these sites. FlightStats was the best one: http://www.wservernews.com/071015-FlightStats These pictures of miniature objects are really amazing: http://www.wservernews.com/071015-Miniature-Objects Got questions or need to do research about Compliance? The IT Compliance Institute has hundreds of articles and other resources: http://www.wservernews.com/071015-IT-Compliance-Institute Here is Online TV from all around the world. More than 1,000 free channels After a week of zapping, I'm still not finished with a quick tour. http://www.wservernews.com/071015-TVWeb360 Art in China. An installation of a pack of 99 life-sized wolves barreling in a continuous stream towards-and into-a constructed glass wall. Huh? http://www.wservernews.com/071015-99-Wolves SPACE: The Apollo Lunar Surface Journal, and the new SETI Paul Allen Telescope has come on-line: http://www.wservernews.com/071015-Apollo-Lunar-Surface-Journal http://www.wservernews.com/071015-Paul-Allen-Telescope Greg Kras, Sunbelt Software VP Product Management wants us to acquire this, he offered to personally stop funding his 401k in order to contribute: http://www.wservernews.com/071015-Titan-Missile-Base A parody of a Bob Dylan song done entirely in palindromes (phrases that read the same backwards or forwards): http://www.wservernews.com/071015-Palindromes Google announced today the integration of YouTube videos into Google Earth: http://www.wservernews.com/071015-Google-Earth-YouTube A funny 'office' prank: http://www.wservernews.com/071015-Office-Prank Seen the DRAM Antitrust settlement? Apparently there are some sort of refunds for people that purchased DRAM between 4/1/99 - 6/30/02. There is an online claim form at http://www.wservernews.com/071015-DRAM-settlement

	WServerNews - Product of the Week

Instantly Reduce Every Message In The Exchange Store to 2-5! Sunbelt Exchange Archiver improves performance, productivity and allows you to comply with legal and regulatory retention requirement, within budget! Also, note that the following 'Archiving Myths' are BUSTED: "Our 'archive' is really our backups." "We purge email frequently in order to have no 'smoking guns.'" "The courts will let us off the hook if we can't produce data because of our 90-day deletion policy" "We don't need to archive because we're not in a regulated industry" http://www.wservernews.com/071015-Sunbelt-Exchange-Archiver