Vol. 12, #43 - Nov 5, 2007 - Issue #649
What Is Application Virtualization?
|This issue of WServerNews is sponsored by|
- Editor's Corner
- Virtual Apps
- Happy Anniversary, ARPANET
- Sunbelt Exchange Archiver: Instant Blockbuster Hit
- A CounterSpy Enterprise User Talks
- Two (Very Long) Quotes of the Week!
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- Trojan Targets Mac Users
- SLAs And Service-Level Management: What's It Mean For Windows Admins?
- Microsoft: Viridian Beta May Arrive Just Before New Server Software
- Application Virtualization: The Terminal Services Killer?
- Tip: Managing Microsoft Outlook Search Folder Functionality
- System Recovery Options For Vista
- Tip: Testing Exchange Server 2007 On A Virtual Machine
- Windows Server News
- What Is Application Virtualization?
- WServer Third Party News
- How Many Machines On Your Network Are Infected With Malware?
- PDF SPAM Resurrected
- Do You Need To Be PCI Compliant?
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- The most versatile Active Directory tool available with Presence(r).
rDirectory - All you need to webify your Active Directory
A self-edit-able directory, a template driven account creation tool,
a way for users to create and self-subscribe to email lists and groups,
a self-service password reset utility, a valuable tool for any help desk
and more. rDirectory v2 combines an easy to use designer with templates
and preconfigured applications for secure solutions that leverage your
existing AD. It's the perfect system. Discover the flexibility of rDirectory
and new ideas on how to leverage AD will start popping up. See why customers
call rDirectory "the most versatile Active Directory tool Available."
You should check out the main article in the Windows Server Section this issue,
written by a WServerNews subscriber like you. Application virtualization is a
very interesting technology that to date has focused mostly on the desktop,
but also can help you reduce the number of servers in your organization. There
is also an article about it in the Tech Briefing section.
Happy Anniversary, ARPANET
Last Monday was the 38th anniversary of the very first host-to-host ARPANET
message that was sent from UCLA to the Stanford Research Institute.
Sunbelt Exchange Archiver: Instant Blockbuster Hit
To keep you in the loop, some exciting things have happened here at Sunbelt
in the last few weeks. Our new archiver has taken off like a rocket ship.
We have had a tre-MEN-dous amount of interest in it. The feature set and
the price make this an extremely attractive alternative looking at Symantec
Enterprise Vault, Zantaz and the other enterprise-level products. (And it's
a whole league up over GFI's tool) If you are running any of these, you
will be very interested in the competitive upgrade discounts available.
SEA supports a host of very cool features:
So attend the next Webinar: Introducing Sunbelt Exchange Archiver:
Enterprise-Class Email Archiving for Exchange, Tuesday, November 6th, 2007
- Integrated HSM at no extra cost
- Direct Archiving (no journaling needed!)
- Seamless integration with Outlook
- Blackberry support
- Outlook/Entourage Mac support
- eDiscovery web interface
- PST File Gatherer / Importer
- Disaster Recovery options
- Third party integration
- And many, many, many more.
If you need a powerful, easy to use, enterprise-class email archiving tool
that automatically enables you to comply with all requirements, and allows
you or your end-users to transparently retrieve any archived email, then
don't miss this webinar! It will be hosted by Alex Eckelberry, CEO and
Greg Kras, VP of Product Management for Sunbelt Software on Tuesday, November
6th at 2:00pm EST and will explain the features and benefits of implementing
a powerful email archiving solution for your Exchange Server at a great price.
Learn how Sunbelt Exchange Archiver can help you:
When: Tuesday, November 6th, 2007 2:00 PM EST
- Improve Exchange performance
- Eliminate PST headaches
- Dramatically reduce backup times
- Use up to 80% smaller message store
- Meet compliance requirements
- And more
To register for this event please visit:
A CounterSpy Enterprise User Talks
"Just wanted you to know that we are still using CounterSpy as an integral
part of our network and desktop security enforcement. At first the scans
produced a large number of trojans and other potentially and known dangerous
threats on the systems. Setting the Agent responses to the different levels
was very easy. Also having the option to allow specific applications is a
great feature, which is also very straightforward. The automatic daily scans
find the occasional intruder and faithfully delete or quarantine, send out
notification just as the script is written. It's great to have a product
on the network which is doing the job that it is marketed to do. Kudos to
you and your application team for a great product. -- Daniel Bruen
Two (Very Long) Quotes of the Week!
"The displacement of the idea that facts and evidence matter by the idea that
everything boils down to subjective interests and perspectives is -- second
only to American political campaigns -- the most prominent and pernicious
manifestation of anti-intellectualism in our time." -- Larry Laudan.
"A human being should be able to change a diaper, plan an invasion, butcher
a hog, conn a ship, design a building, write a sonnet, balance accounts,
build a wall, set a bone, comfort the dying, take orders, give orders,
cooperate, act alone, solve equations, analyze a new problem, pitch manure,
program a computer, cook a tasty meal, fight efficiently, die gallantly.
Specialization is for insects." -- Robert A. Heinlein
And thank you for being a WServerNews subscriber.
Past, Present, and Future of Virtualization
USA: November 14, 11am - 12am EST
Europe: November 14 5pm - 6pm CET
Join Double-Take Software along with guest speaker IDC Analyst John Humphreys,
for an informative webinar covering the current state of the virtualization
market -- including how to leverage virtualization as part of your disaster
recovery strategy. A combination of perspectives on this webinar (including
an industry analyst) will offer interesting and valuable insights on virtual
server technologies and disaster recovery. In addition to answering common
questions about disaster recovery and virtualization, you will learn
specifically about other organizations that have successfully leveraged
virtualized systems to reach the highest level of recoverability for critical
- What virtualization solutions are available today?
- Which technologies make sense for an organization's business continuity goals?
- Are there solutions designed to leverage the capabilities of virtualized
servers to make implementing disaster recovery easier and more cost-effective?
- What kinds of use cases are most beneficial to investigate?
Register today to learn more.
Admin Tools We Think You Shouldn't Be Without
Act now, the Community Edition is only free for a little while longer.
Go download Namescape's rDirectory and webify your Active Directory free.
Extend Active Directory to your UNIX, Linux, Mac, web and database platforms.
View the webinar.
This long list has a whole bunch of favorite "Web 2.0" tools, from blogging,
RSS, Ping, podcast, videocast, Wiki, Social/networking, to Web2 Suites:
Need to get PCI compliant? Running a powerful, priced-per-admin, multi-
platform vulnerability scanner helps a lot. Get SNSI before the price goes up:
Trojan Targets Mac Users
Dan Kaplan from SC Magazine reported: "Apple users, your days of worry-free
clicking could be numbered. A Macintosh Internet security and privacy software
maker has discovered what is believed to be the first professionally-crafted
in-the-wild malware targeting the Mac operating system. The trojan, a DNS
changer that can be used to hijack search results and divert traffic to the
hacker's website of choosing, has been spotted on numerous pornography sites,
according to Intego. Attackers attempt to navigate users to the malicious
sites through comment spam posted to Mac forums. The trojan masks itself as
a QuickTime plug-in.
Security experts said the discovery is proof that cybercriminals are beginning
to consider the Mac a financially viable vector for attack. Alex Eckelberry,
president of Sunbelt Software, said hackers likely were spurred on by the
release of the iPhone and iPod Touch, which generated millions of new Mac
OS X users.
"The economic motivation for the Mac has reached the tipping point," he told
SCMagazineUS.com today. "The Mac is emerging as a more widespread platform
in general. I think Mac users need to get off their complacency about Macs
being safe." Talk of malware for Macs has been a quiet subject since early
last year, when a proof-of-concept virus appeared that spreads via the iChat
instant messaging system. An Apple spokeswoman did not immediately return
a call for comment. More at:
SLAs And Service-Level Management: What's It Mean For Windows Admins?
As an IT manager in a Windows environment, you know that transitioning to
Windows Vista will be a huge and critical undertaking. To prepare, consider
these two things right away: service-level management issues and implementing
service-level agreements (SLAs). Find out more in this tip! (registration req'd)
Microsoft: Viridian Beta May Arrive Just Before New Server Software
Both Microsoft and Citrix Systems Inc. are working closely to build a
comprehensive virtualization strategy for users that centers around the
Windows operating system. Mike Neil, general manager for Microsoft's
virtualization strategy talked to SearchWinIT.com about the development
of Microsoft's Windows Server 2008 virtualization technology, due out
in mid-2008. Read this exclusive article to learn more.
Application Virtualization: The Terminal Services Killer?
There are many reasons to deploy Terminal Services. But new virtualization
technologies that simplify application management and lower server costs could
change all that.
Tip: Managing Microsoft Outlook Search Folder Functionality
Microsoft Outlook search folders simplify email management, because they let
users sort messages with customized mailbox search queries. But, if used
excessively, Outlook search folders can place a heavy performance burden
on Microsoft Outlook and Exchange Server resources. This tip outlines the
pros and cons of using Microsoft Outlook search folders and explains how to
configure group policies that control search folder usage.
System Recovery Options For Vista
In this chapter download from "Tricks of the Microsoft Windows Vista Masters,"
author J. Peter Bruzzese provides administrators with tools and tactics they
can use if their Windows Vista system will not boot. (registration req'd)
Tip: Testing Exchange Server 2007 On A Virtual Machine
Testing trial version software typically requires a separate, dedicated
computer. If your supply of extra machines is tight though, this can be a
real issue. In this tip, get expert advice on one possible solution to
this problem: virtual computing. (registration required)
||Windows Server News
What Is Application Virtualization?
WServerNews subscriber Bill Prehl and I discussed this virtualizing apps
and I asked him to write an article, explaining this very interesting
technology. Here it is:
"Application virtualization is a concept of creating a "bubble" inside
the operating system just for the application. In addition, products
like SoftGrid originally developed by Softricity but now owned by MS
add other related elements of behavior such as thin-client "push"
First of all, virtualizing an application can mean several things. Most
importantly it means the removal of DLL-hell. So many IT administrators
are still very frustrated with the DLL requirements for applications to
operate properly. This is predominantly a Microsoft Windows issue. But,
not to make Microsoft the entire bad guy Sun Microsystems also has an
issue with the Java Runtime Environment (JRE) when running old and new
versions on the same machine. Having two JRE's running on the same system
at the same time is very difficult, if at all possible.
A developer, in particular, would like to run their app in the older
JRE's but usually has to have more than one workstation running to perform
this test. With Application virtualization we can run both JRE's at the
same time on the same machine. In fact, the same application can, itself,
run in both JRE's at the same time. The unique features of App Virtualization
is shared information (e.g., registry keys, property files, etc.) which
are also virtualized so there is no file dead-lock issue or settings
competition or confusion. Plus, both can make changes to the files or
registry keys and there are no conflicts. Lastly, the changes are virtual
- meaning they do not permanently stick to the machine's hard drive so
upon reboot we find them still lingering.
Secondly, App Virtualization using SoftGrid can provide a mechanism to
push applications to users that need the app. The administrator can
provision that certain applications be available to certain users and/or
workstations. In addition, the technology will push only the required
information (reg keys, application execution and settings files, etc)
just to get the application started. Even if the application requires
more files once up and running, App virtualization can provide the
additional files on the fly. This provides an excellent opportunity
for remote users on low-bandwidth (or encrypted VPN sessions) to use
the latest version of the app without having to download and install.
On top of this, the user could have their own "local" version of the
application but also use the virtualized version if needed, at the same
time if necessary. This concept provides fundamental licensing control
and up-to-date applications without having to keep a nightmare of software
inventory agents running to constantly update a database of software and
Another plus is that the user can gain access to their applications while
out of the corporate environment. Taking this a step further would be
allowing to run apps over the web via a web browser. This then allows the
concept of using a public machine for private corporate information and
applications. And again, when the machine is rebooted all evidence of
the application is gone. How does that sound for a web browser that
inadvertently downloaded a few spyware applications?
So, summing this up, Application Virtualization is a strong solution
to pushing applications to users on high and low-bandwidth connections,
using effective software licensing and software updating, and removing
software version conflicts. I believe this is a sleeping giant of a
solution for a lot of network and system administrators but since
Microsoft has purchased Softricity who created SoftGrid there has been
little marketing about this technology. Parts of SoftGrid are going to
be included in Windows Server 2008 and the associated server management
tools so I strongly urge people to check out this technology. It just
might be your diamond in the rough. -- Bill Prehl
Bill is Director of IT for K12 Systems, Inc. and an IT enthusiast ever
since soldering his first Zenith Heathkit PC together in 1986 which
booted with Microsoft DOS 2.0 and came with Microsoft Word 1.0 for DOS.
||WServer Third Party News
How Many Machines On Your Network Are Infected With Malware?
Imagine a new hybrid technology that merges the 'system cleaning' properties
of traditional antispyware products with the efficiency of powerful antivirus
based technology. It's available with Sunbelt Counterspy Enterprise. Find out
how many machines on your network are infected now! Download the free trial now:
PDF SPAM Resurrected
You still need an engine that checks for and kills PDF spam, as the bad
guys now and then go for broke and spam everyone and their brother with
a new exploit. This week, a malicious PDF file (report.pdf or debt.2007.pdf
or overdraft.pdf) has been massively spammed. The PDF is spiked with
CVE-2007-5020 exploit that downloads an ms32 executable which downloads
more components. Both of the engines in Ninja get these critters!
Do You Need To Be PCI Compliant?
Then running a vulnerability scanner is a really good idea. SNSI will soon
go up in price when V2.0 comes out, but you can get grandfathered in for
the old price and save hundreds of dollars. SNSI uses the latest Mitre
Common Vulnerabilities and Exposures (CVE) list of computer incidents.
It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also
uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland
Security) advisories. New vulnerability updates for this release include:
L0176 LibPNG10 chunk handling errors - FC
L0177 Elinks POST request https URL error - SciLinux
L0181 KDEBase URL spoofing errors - SciLinux
L0182 KDElibs multiple vulnerabilities - SciLinux
L0186 Nfs-utils RPC library and nfsidmap errors - SciLinux
L0191 HPLip hpssd user input error - SciLinux
L0193 OPAL SIP packet handling error - SciLinux
L0196 Seamonkey multiple vulnerabilities - SciLinux
L0198 Thunderbird multiple vulnerabilities - SciLinux
L0201 PHP multiple vulnerabilities - SciLinux
L0202 OpenOffice TIFF tag processing error - SciLinux
L0205 Libvorbis header size and stream errors - SciLinux
N0072 EAP Response Identity packet processing - IOS, CatOS
S0527 Kernel IP protocol vulnerability - Solaris 10
S0526 Socket SCTP INIT vulnerability - Solaris 10
S0525 SSL get_shared_ciphers off-by-one Vulnerability
W3220 Symantec Mail Security for Exchange file parsing vulnerabilities - W2K, W2K3
Sunbelt Network Security Inspector version 184.108.40.206 was released Nov 1, 2007).
Sunbelt Software recommends you download the new SNSI version 220.127.116.11, scan,
and patch your machines today. To get the latest SNSI version, visit:
||WServerNews FAVE Links
This Week's Links We Like. Tips, Hints And Fun Stuff.
- Physicists in Austria created a "floating water bridge" by exposing beakers of
deionized water to high voltages:
- Richard Hammond of Top Gear races a Bugatti Veyron against the Eurofighter Jet:
- The Japanese culture is still really different from the Western world:
- Ever want to bash your computer? Now you can! Click the mouse to destroy:
- This site shows you a wealth of information about world clocks, dates,
times, converters, weather anywhere on the planet, and much much more:
- Clip from sitcom 'The IT Crowd' - "how to break the Internet with Google":
- Congrats on the new VistaNews.com newsletter. Here is a little humor for
it, a Vista marketing parody:
- A video with useful tips on how to use Google's "hidden" features. Most of
them I already knew, but I learned a few new ones as well:
- We had a marvelous response to our search for Britain's most surprising,
enigmatic or bizarre epitaphs. Here is the winner, and four runners-up (PDF):
- "The Day The Routers Died". (performed at the RIPE 55 conference in Amsterdam)
- Make your own laser light show from a cheap laser pointer, a speaker and a
- Top Gear's Jeremy Clarkson reviews the tiniest car ever manufactured and
shows you the possibilities when getting around the office. RIOT:
||WServerNews - Product of the Week
The most versatile Active Directory tool available with Presence(r).
Tap into Active Directory's potential and save time and money. Easy to use
with compose-able web applications you can deploy in minutes. New & expanded
rDirectory v2 combines an easy to use designer with templates and preconfigured
applications for secure solutions that leverage the existing AD information.
It's the perfect system: a self-editable directory, a template driven account
creation tool, a way for users to create and self-subscribe to email lists
and groups, a self- service password reset utility, a valuable tool for any
help desk and more. This is one powerful product. Discover the flexibility
of rDirectory and new ideas will start popping up. See why customers call
rDirectory the "the most versatile Active directory tool available."