Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 13, #7 - Feb 18, 2008 - Issue #661
Best-of-Breed or Best-of-Suite?

  1. Editor's Corner
    • Best-of-Breed or Best-of-Suite?
    • We Need To Virtualize
    • Quote Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Tech Briefing
    • Free Email and File Archiving Seminar
    • How VMware Works - The Windows Series
    • Have You Experienced A Windows Security Breach?
    • Virtual Desktops Promise Much, But Just How Do You Get There?
    • Fix Exchange Server 2007 Setup Failures Using The Registry
  4. Windows Server News
    • How Hyper-V burned Robert McLaws's datacenter
    • Get Your SQL Server Security Goals In Order
    • Microsoft Service Desk Delayed Until 2010
    • Hands-on Vista SP1: Better But Slower?
    • Microsoft Ships New XP SP3 Code To Testers
  5. WServer Third Party News
    • Double-Take And VMWare: The Ultimate Recovery Platform
    • Sunbelt Exchange Archiver Prerequisite Guide
    • Check Out The Holes In Microsoft Office
  6. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - Product of the Week
    • BOOK: Hacking Exposed Web 2.0
A New Ninja Blade User Talks

"I just want to say thanks to you personally Alex along with all your support staff for the wonderful job they do. The company we are consulting has always resisted change and continued to deal with the same products and brands. Ninja Blade is finally going to get them to see that change is not a bad thing. We were evaluating the Symantec Gateway filter as well as a few other devices just the day Sunbelt announced that Ninja Blade was available. Now, after running Blade in this environment for less than 24 hours, even with the few minor problems we had, the performance we are getting from the Ninja Blade is similar to the Symantec device at just a fraction of the cost." -- Mike
Get your own Ninja Blade Evaluation Unit now at:
http://www.wservernews.com/080218-NinjaBlade

Editor's Corner

Best-of-Breed or Best-of-Suite?

I'd like your feedback on something. I recently did a survey over 300,000 readers of CounterSpyNews, and what they thought about the antivirus product on their PC. The vast majority were talking about their home PC setup, many of them having multiple PC's. Significant numbers were complaining about their antivirus slowing down their PC, being a resource hog and having slow scan times. But many of them were running full security suites, and it is known that those can easily take 70-100MB average RAM consumption.

The question I have, is at this point in time, looking at performance, for the protection of home PCs, are you leaning toward 'best-of-breed' point solutions, or do you prefer 'best-of-suites' with the all-in-one approach? You can vote in the SunPoll below, but I'd appreciate your opinion at [email protected] after you vote in this new SunPoll:
http://www.wservernews.com/080218-SunPoll


We Need To Virtualize

This is the shortest item in a long time. Here is the Dilbert Strip that 'sez it all':
http://www.wservernews.com/080218-Need-to-Virtualize


Quote Of The Week

"It's not the size of the dog in the fight, it's the size of the fight in the dog." -- Mark Twain

Thank you for being a WServerNews subscriber. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/080218-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

A Happy Ninja User

"Ninja seems to be working great. The distribution of spam messages has passed the 50-50 mark. We do actually get like 60% SPAM and 40% mail on average. My users are commenting that they are seeing a noticeable reduction of unwanted e-mails daily. And that is with NO special configuration on the NINJA program! The reports make the owners happy that their money was well spent! Feel free to use that quote in your marketing..grin. Thanks, -- Dave King, MCSE, MCITP, CEH, CUSA. Test drive Ninja for 30 days on your Exchange Server:
http://www.wservernews.com/080218-Ninja-Email-Security

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Five Top Benefits of Using Windows Group Policy to Secure and Manage UNIX, Linux and Mac Systems. Free webinar, 2/21, 11:00 am Pacific.
http://www.wservernews.com/080218-Centrify

Event Log and System Health Monitoring. Feature Rich, Affordable, Award Winning. Download your FREE Full Featured Trial Version or FREE Light Version Today.
http://www.wservernews.com/080218-EventSentry

Must Have FREEWARE! Web Active Directory & Self-Service Password. Download Now! Let users self-manage, but stay in control using native & delegated roles.
http://www.wservernews.com/080218-Namescape

Super Geeky T-shirts. Even a Wi-Fi detector shirt. Why not, it's considered Business Casual for Admins:
http://www.wservernews.com/080218-Geeky-Tshirts


Tech Briefing

Free Email and File Archiving Seminar

Attend this one-day seminar and learn how an email and file archiving strategy can help you deal with the issues resulting from the explosive data growth and new discovery and data management requirements. Independent experts Mark Diamond and Greg Forest of Contoural will share advice gained from extensive experience helping Fortune 500 companies integrate and manage successful records retention systems including email and file archiving. This event is coming to Boston, MA and Toronto, ON in 2 weeks and Portland, OR in March, and 6 other cities throughout 2008. Register today!
http://www.wservernews.com/080218-Seminar


How VMware Works - The Windows Series

VMware Server provides a free and relatively easy entry into server virtualization, but some aspects of deploying it - particularly configuration - can be tricky. Even though the product is free, mistakes in the installation and security process can be costly. This guide provides instructions for installing, configuring (with a focus on high security), and maintaining a successful production instance of VMware Server on Microsoft Windows 2003 Server. This is part one of the VMware Server on Windows Series - read it today! (registration required)
http://www.wservernews.com/080218-VMware-Server


Have You Experienced A Windows Security Breach?

This SearchWindowsSecurity.com reader noticed strange IP addresses in the route print table and wondered if this indicated a Windows security breach. Find out what expert Kevin Beaver had to say in response. (registration required)
http://www.wservernews.com/080218-Windows-Security-Breach


Virtual Desktops Promise Much, But Just How Do You Get There?

IT managers have desktop virtualization goals in mind, but they are unclear on the impact of this technology. Find out more in this exclusive article.
http://www.wservernews.com/080218-Virtual-Desktops


Fix Exchange Server 2007 Setup Failures Using The Registry

Exchange Server 2007 is known to experience installation failures. In response, Microsoft designed Exchange 2007 Setup to detect a failure, note the problem within the registry using a watermark, and begin the installation from that point the next time it opens. Unfortunately, these notations can also cause Setup to freeze. In this tip, read how to edit the registry to fix this problem.
http://www.wservernews.com/080218-Exchange-2007-Failures


Windows Server News

How Hyper-V burned Robert McLaws's datacenter

Yowser! NetworkWorld last week reported this major flap: "Windows-Now blogger Robert McLaws details a horror story that no network professional ever wants to endure. He was using beta Hyper-V software in the wild when two hard drives in his data center failed, costing him thousands of dollars in lost revenue. Microsoft Subnet asks: should software vendors shoulder some responsibility for the behavior of beta software in the wild? Plus, McLaw's experience is revealing about Hyper-V itself. Will it be ready for enterprise use when Microsoft releases it?
http://www.wservernews.com/080218-Hyper-V


Get Your SQL Server Security Goals In Order

For a more secure SQL Server database, create goals that limit security weaknesses. Find out how to accomplish this from expert Kevin Beaver.
http://www.wservernews.com/080218-SQL-Server-Security-Goals


Microsoft Service Desk Delayed Until 2010

Microsoft will re-engineer System Center Service Manager after receiving complaints about its performance from participants in the initial beta trial.
http://www.wservernews.com/080218-Microsoft-Service-Desk


Hands-on Vista SP1: Better But Slower?

The final version of Vista SP1 kills the Kill Switch and adds many under-the-hood improvements -- but on at least one system, file copying is actually slower. This article in ComputerWorld is worth it.
http://www.wservernews.com/080218-Vista-SP1


Microsoft Ships New XP SP3 Code To Testers

Although it's not saying yet when the public will get Service Pack 3 for Windows XP, another seed of the update to the aging operating system has been given to a closed set of testers.
http://www.wservernews.com/080218-XP-SP3


WServer Third Party News

Double-Take And VMWare: The Ultimate Recovery Platform

Double-Take Software has designed recovery tools to run on the VMware platform, so that you can leverage the feature-rich VMware virtual machine platform with Double-Take, ensuring cost-effective and seamless disaster recovery. Leverage virtualization as part of your disaster recovery strategy with Double-Take:
http://www.wservernews.com/080218-Double-Take


Sunbelt Exchange Archiver Prerequisite Guide

SEA is an awesome solution to solve a whole host of problems. This is a enterprise solution with a bit more moving parts than your run-of-the- mill admin tool though. Please read this PDF document before you install Sunbelt Exchange Archiver as it contains valuable information needed before an install can proceed.
http://www.wservernews.com/080218-SEA-Prerequisite-Guide


Check Out The Holes In Microsoft Office

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.
New Vulnerabilities:
W3288 Microsoft Office Could Allow Remote Code Execution - Office 2003 W3287 Microsoft Office Could Allow Remote Code Execution - Office 2002/XP W3286 Microsoft Office Could Allow Remote Code Execution - Office 2000 W3285 MS-Office Publisher 2003 Could Allow Remote Code Execution W3284 MS-Office Publisher XP/2002 Could Allow Remote Code Execution W3283 MS-Office Publisher 2000 Could Allow Remote Code Execution W3282 Microsoft Works File Converter Could Allow Remote Code Execution W3280 Cumulative Security Update for Internet Explorer - W2K, XP, W2K3 W3279 Microsoft Word Viewer Could Allow Remote Code Execution - W2K, XP, W2K3 W3278 Microsoft Word 2003 Could Allow Remote Code Execution - W2K, XP, W2K3 W3277 Microsoft Word XP Could Allow Remote Code Execution W3276 Microsoft Word 2000 Could Allow Remote Code Execution W3275 OLE Automation Could Allow Remote Code Execution - VB 6 W3048 SeaMonkey Multiple Vulnerabilities W2992 Java Runtime Environment 1.5 latest not installed W2559 Firefox multiple vulnerabilities S0453 Mozilla 1.7 browser, mail client JavaScript - Solaris 8 - 10 S0546 USB Mouse STREAMS driver may induce panic - Solaris 9-10 M0054 Firefox multiple vulnerabilities - Mac OS X L0444 LibTorrent bdecode_recursive stack exhaustion flaw - FC L0445 SDL_image LWZReadByte error - FC L0446 KDEbase password bypass & local DoS errors - FC L0449 Deluge bdecode_recursive stack exhaustion flaw - FC L0450 OpenLDAP BDB slapd NOOP modify error - FC L0451 Gnumeric XLS HLINK stack corruption error - FC L0452 TCL/TK animated GIF image error - FC L0453 Perl-Tk ReadImage GIF vulnerability - FC
Updated Checks
L1525 Mozilla Firefox multiple vulnerabilities - RHE L1529 Seamonkey multiple vulnerabilities - RHE H0181 OpenView Operations Java GUI vulnerabilities - HP-UX 11 H0135 OpenView Operations/VantagePoint JRE vulnerability M0048 QuickTime Player RTSP response message-reason phase - Mac OS X S0441 Java 1.5 applet handling - Solaris S0539 PostgreSQL 8.1/8.2 multiple vulnerabilities - Solaris 10 W1142, W1986, W1999, W2067 Anti-Virus Signatures W2493 Microsoft Malware Removal Tool W2692 QuickTime RTSP response message-reason phase Vulnerability
Sunbelt Network Security Inspector version 1.6.91.0 was released Feb 13, 2008). Sunbelt Software recommends you download the new SNSI version 1.6.91.0, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/080218-Sunbelt-Network-Security-Inspector


WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

BOOK: Hacking Exposed Web 2.0

"This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites, and the authors give solid, practical advice on how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP, CFCE, Senior Director of Security, Facebook.

Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings.
http://www.wservernews.com/080218-Hacking-Exposed-Web-2