Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 13, #6 - Feb 11, 2008 - Issue #660
Microsoft Replaces Vista Kernel In SP1

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • Microsoft Replaces Vista Kernel In SP1
    • Tell Me Which VIPRE Logo You Like Best?
    • Google Bypasses System Admins With 'Team Edition'
    • Upcoming Sunbelt/Double-Take Seminars
    • Quote Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Tech Briefing
    • Free Vista Adoption Seminar With Mark Minasi
    • Former NSA Code-breaker Reviews Jihadists Encryption Tool
    • Microsoft Slates 12 Patches For Next Week
    • iSCSI SAN storage for Microsoft Exchange -- 5 tips in 5 minutes
    • Tipcast: How To Fix Corrupt Microsoft Outlook Calendar Entries
    • 2008 CPU Forecast: Quad-cores For Everyone!
  4. Windows Server News
    • W2K8 Goes RTM
  5. WServer Third Party News
    • New PerfectDisk 2008 for VMware
    • Transform Your Desktop Infrastructure With Virtualization
    • Check Out The Next Batch Of Multi Platform Holes
  6. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - Product of the Week
    • What Makes myPassword(r) Different?
rDirectory - The Most Sophisticated Web Directory on the Market

rDirectory is a secure directory-powered, web-based solution that you can
trust and your users will love.
  • Leverage and showcase your Active Directory investment
  • Increase the value, accuracy and consistency of directory data
  • No programming or long development cycles
  • Increase employee productivity and communication

Editor's Corner

Microsoft Replaces Vista Kernel In SP1

The APCMag site came out with a very interesting item this week. "One of the "big" features discussed in early speculation of Windows Vista SP1 was the kernel upgrade, which was supposed to bring the operating system into line with the Longhorn kernel used in Windows Server 2008. And yet with Vista SP1 going RTM, there hasn't been so much as a peep from Microsoft about the kernel update. Has it happened?

Well the answer is yes it has, and presumably the main reason for Microsoft's silence on the subject is that as they're keen to promote the improvements and enhancements to Vista, rather than placing emphasis on a kernel upgrade, which some people might see as a risk of newly-introduced instability. The details are here:

Tell Me Which VIPRE Logo You Like Best?

Sunbelt will soon release our new anti-malware product. It is a next generation security tool (which includes CounterSpy technology) that integrates anti-virus, anti-spyware and other anti-malware technology (like protection against rootkits) in one single, effective, low memory footprint agent.

We decided to introduce this product into the antivirus 'category' as many AV products now include all the above technologies, and this would communicate the security benefits most effectively to customers.

Please let us know which of these below you think best represents the above description?

PS: In an earlier survey people asked us where we got the VIPRE name to begin with. It's an acronym: Virus Intrusion Protection Remediation Engine.

Google Bypasses System Admins With 'Team Edition'

You may be aware of Google Apps Premier Edition that tries to be a competitor for Office. Google also came up with a way to bypass any admin trying to block the Google apps. The 'Team Edition' allows employees' rogue deployments by letting people in the same domain use the Google Docs, Calendar, Talk and Start Page code. From a security perspective this is not something I recommend.

In the near future, Google will releasing SharePoint-style functionality. What they are trying to do is sneak the 'Team Edition' (whose team you wonder?) into organizations as a trojan, and then get it upgraded to the Google Apps Standard or paid $50-a-user Premier versions. Oh, and accidentally, those latter versions do permit admin control. And this is the company that has 'Do No Harm' as its motto?

Upcoming Sunbelt/Double-Take Seminars

We'd like to invite you to attend the following seminars: "Recovery Made Easy for Exchange, SQL, and other Critical Applications" - Join Sunbelt and Double-Take Software as we discuss strategies for implementing high availability, remote availability and offsite disaster recovery solutions for SQL, Exchange and other mission critical applications using Double-Take. Learn about Double-Take v5.0 and Double-Take's NEW solutions that power your keys to recoverability.

Hosted at Microsoft in St. Louis, MO on Thursday, February 21st. Register here:

Hosted at the Courtyard Sheraton Vancouver Wall Centre Hotel in Vancouver, BC on Tuesday, February 26th. Register here:

Hosted at The Westin Columbus in Columbus, OH on Thursday, February 28th. (Special presentation by Riverbed Technology on optimizing the transfer of data over the WAN for comprehensive data protection) Register here:

Quote Of The Week

"Nobody made a greater mistake than he who did nothing because he could only do a little." -- Edmund Burke

Thank you for being a WServerNews subscriber. Please tell your friends about us. They can subscribe here:

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

A Happy Ninja User

"Ninja seems to be working great. The distribution of spam messages has passed the 50-50 mark. We do actually get like 60% SPAM and 40% mail on average. My users are commenting that they are seeing a noticeable reduction of unwanted e-mails daily. And that is with NO special configuration on the NINJA program! The reports make the owners happy that their money was well spent! Feel free to use that quote in your marketing..grin. Thanks, -- Dave King, MCSE, MCITP, CEH, CUSA.

Try Ninja out for 30 days on your Exchange Server:

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

rDirectory is a Web solution for Active Directory; get the Community Edition at NO COST! Deploy a professional employee directory website and search engine in minutes.

Event Log and System Health Monitoring. Feature Rich, Affordable, Award Winning. Download your FREE Full Featured Trial Version or FREE Light Version Today.

10 great free downloads for your network. They're useful, easy to learn ... and you certainly can't beat free. Good article at ComputerWorld with links:

AMD has finally released their overclock utility that allows you to adjust your Phenom CPU, memory and graphics settings to push the performance envelope:

GoToMyPC Pro. It's for B2B. Free trial here:

Here's what's new at ThinkGeek. Fun stuff!!

Tech Briefing

Free Vista Adoption Seminar With Mark Minasi

Attend this 1-day event, where independent expert and best-selling author Mark Minasi will tell you all you need to know about Vista Service Pack 1 and the most (and least) important Vista innovations for improving desktop security. This seminar is coming to Chicago, Denver, Raleigh, Washington DC, and Minneapolis starting in March. Seating is limited, register today!

Former NSA Code-breaker Reviews Jihadists Encryption Tool

CSO blogger extraordinaire Jeff Bardin, who used to be a code-breaker and Arabic translator for the USAF/NSA, has reviewed the new encryption tools available from an Islamic network used by Al Qaeda jihadists. He detects a software development lifecycle with an increasing level of sophistication. Go to his blog for details:

Microsoft Slates 12 Patches For Next Week

Redmond announced they will release a dozen security updates next week, matching the patch record set a year ago. Seven of the 12 will be tagged with the highest threat ranking. "There's not a Windows shop anywhere in the world that won't need to deploy at least one of these patches," said Andrew Storms, director of security operations at nCircle Network Security Inc. And most everyone will be taking all 12."

iSCSI SAN storage for Microsoft Exchange -- 5 tips in 5 minutes

In this excerpt from "The Shortcut Guide to Exchange Server 2007 Storage Systems," author Jim McBee leads you through the process of implementing an iSCSI SAN storage system for Microsoft Exchange 2003 or Exchange 2007 using Windows Server 2003 and the Microsoft iSCSI Initiator software. (subscription required)

Tipcast: How To Fix Corrupt Microsoft Outlook Calendar Entries

If Microsoft Outlook calendar entry reminders continuously pop up when you open Outlook, you may be experiencing problems with corrupt calendar entries. Learn how to fix corrupt Microsoft Outlook calendar entries, in the six-minute audio version of's top performing tips of 2007.

2008 CPU Forecast: Quad-cores For Everyone!

ComputerWorld has a good story here: "Penryn. Nehalem. Phenom. Fusion. Inside these four cryptic code names lies the future of computer desktop processing for 2008. Ultimately, however, it's all about the epic, age-old battle between chip giant Intel Corp. and underdog Advanced Micro Devices Inc. for desktop dominance. The harsh reality for AMD is that over the last two years, Intel has absolutely dominated in terms of performance. But performance is only half of the price-performance ratio, and AMD's willingness to slash prices and aggressively pursue the low- and midrange tiers of the desktop computing market cannot be overrated, despite the company's technological lag. Read on for in-depth details about both Intel's and AMD's desktop processor plans for 2008, along with a quick glance at both companies' mobile CPU strategies. Along the way, you'll find the information you need to make the best purchasing decisions for your company or home.

Windows Server News

W2K8 Goes RTM

Beta Testers were sent the following useful information: "We are pleased to announce that Windows Server 2008 has been Released to Manufacturing (RTM). Thanks to you, our dedicated beta participants, this is the most tested version of Windows Server ever released!

Windows Server 2008 has an array of new features and technologies that are too numerous to list completely, but some of the highlights are:
  • Internet Information Services (IIS) 7.0 - next gen web and app platform
  • Server Core - key roles, low footprint, no GUI
  • Terminal Services Gateway - access your apps without a RAS client
  • Network Access Protection - keep your network safe from un-healthy clients
  • PowerShell - powerful scripting tools for admins
  • Failover Clustering - improved cluster management, security, and stability
  • Next Generation Net Stack - fast and reliable
  • Server Manager - setup & manage server roles and features in one place
  • Read-Only Domain Controller - safe branch office DCs
  • Hyper-V Beta - server virtualization. Hyper-V RTM in 180 days

WServer Third Party News

New PerfectDisk 2008 for VMware

Brand new to the family is PerfectDisk 2008 for VMware. With this industry first, VMware users can now defrag their virtual machines without installing a defragmenter inside each machine and without the need to have them running. Another unique feature is its ability to defrag internal disk structures and reclaim free space on the host computer by shrinking the virtual drives. As a VMware Select Technology Alliance Partner (TAP), PerfectDisk for VMware strictly adheres to VMware's recommendations for performance optimization. The best part is the cost. Now you only need purchase one license for each host (physical) machine - that's it. For only $99.99, each PerfectDisk for VMware Workstation or Server host license allows you to defragment an unlimited amount of workstation or server virtual machines running on that host at no additional cost. 1 host - 1 license - 1 cost - That's it!

Transform Your Desktop Infrastructure With Virtualization

For a limited time, VMware is providing customers with a free VMware Virtual Desktop Infrastructure (VDI) Starter Kit (an $1815 value) with a qualifying VI3 purchase. The VMware VDI Starter Kit contains everything you need for a serverbased virtual desktop computing solution for ten virtual desktops, including VMware ESX Server, VirtualCenter and the new Virtual Desktop Manager 2 for desktop connection brokering.

This is a promotion for VMware customers to receive the opportunity to try a small deployment of Virtual Desktop Infrastructure (VDI), in the format of a VDI Starter Kit, free of charge, (subject to the terms and conditions). A year of VMware Gold Support and Subscription will also be included with the free VDI Starter Kit. The total commercial list price value of the VDI Starter Kit is $1500, plus $315 for VMware Gold Support and Subscription for one year. Ask your VMware Reseller for more.

Check Out The Next Batch Of Multi Platform Holes

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.
New Vulnerabilities
W1978 BitTorrent and uTorrent client string handling vulnerability
W2568 Cisco WCS Tomcat Vulnerability
W3259 Adobe Connect Enterprise non secure SWF content generation vulnerability
W3260 Adobe Dreamweaver / Contribute non secure SWF content generation
W3261 Citrix IMA service vulnerability
W3262 Lotus Samename Client Vulnerability
W3263 Aurigma/FaceBook/MySpace image load ActiveX Vulnerabilities
W3264 Yahoo! Music Engine / Jukebox parameter handing vulnerabilities
S0544 ImageMagick file metacharacter handling Vulnerabilities - Solaris 9-10
S0545 Java JRE 1.6.0 (6.0) XML parsing vulnerability - Solaris
N0076 CUCM Certificate Trust List flaw - ICS MCS
L0403 Exiv2 exif.cpp EXIF crafting error - SuSE
L0404 Tetex dvips and dviljk errors - SuSE
L0405 Libsndfile FLAC crafted PCM error - SuSE
L0407 ClamAV multiple code errors - SuSE
L0409 Tog-pegasus CIM server PAM authentication errror - SuSE
L0410 Xine-lib rmff_dump_cont SDP error - SuSE
L0411 Libxml2 invalid UTF-8 xml CurrentChar error - SuSE
L0412 QT4 SSL verification flaw - SuSE
L0413 KRB5 multiple access vulnerabilities - SuSE
L0414 OpenAFS callback race condition error - SuSE
L0415 Apache Derby DropSchemaNode flaw - SuSE
L0416 Thunderbird crafted HTML memory corruption - SuSE
L0417 ISC BIND inet_network off-by-one error - FC
L0418 Pulseaudio pa_drop_root return value flaw - FC
L0419 ICU Group zero backreference and doInterval errors - FC
L0425 ICU Group zero backreference and doInterval errors - RHE

Updated Checks L0234 CUPS SNMP backend string function flaw - SuSE L0270 Wireshark multiiple vulnerabilities - RHE L0396 Xine-lib rmff_dump_cont SDP error - FC L1638 Xorg-X11 X-Font server and composite vulnerabilities - SuSE L1639 PHP4 PHP5 Multiple Vulnerabilities - SuSE L1667 Libexif EXIF image recursion & EXIF tag errors - SuSE W1982 P2P Software Detected - files W2618 VideoLAN VLC player multiple vulnerabilities W1142, W1986, W1999, W2067 Anti-Virus Signatures
Revised Checks W3152 Firefox jar URI, cross-site request forgery vulnerabilities W3256 Oracle E-Business Suite Vulnerabilities (Jan. 2008) W2280 Excel 2000 Parameter Vulnerability W2281 Excel 2002 Parameter Vulnerability W2203 Outlook Express E-mail Header Vulnerability H0065 X Font Server Vulnerability - HP-UX 10,11
Sunbelt Network Security Inspector version was released Feb 7, 2008). Sunbelt Software recommends you download the new SNSI version, scan, and patch your machines today. To get the latest SNSI version, visit:

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff.

WServerNews - Product of the Week

What Makes myPassword(r) Different?

The most powerful password management solution combining myPassword(r) and rDirectory. It solves two of the most common problems in self-service password management: Getting users to fill out their Password Reset Profile; Securing the issuance of new passwords by end users or the help desk.

And, the benefits to you are:
  • Reduces helpdesk calls and enhance end-user productivity
  • Lose the redundancy and duplication of effort; immediate ROI
  • Reduce costs by eliminating the leading source of all help desk calls
  • Reduce burnout from highly repetitive, tedious support calls related to password reset and user authentication.
  • Reallocate IT resources to provide better service to users who have complex, non-routine problems