WServerNews (formerly W2Knews)

Vol. 13, #15 - Apr 14, 2008 - Issue #669

Is Windows Collapsing?

This issue of WServerNews is sponsored by

Editor's Corner
- Is Windows Collapsing?
- It's The Week Of The RSA Show
- Number Of Viruses To Top 1 Million By 2009
- Not Preserving Data Properly Can Cost You
- Seminar: High-Availability For SharePoint
- 'He Never Said It' Quote Of The Week
Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
Tech Briefing
- What Is 'Stirling' All About?
- RSA: Researcher: Web Page Can Take Over Your Router
- Top Botnets Control 1M Hijacked Computers
- Regulations Not Making Data Safer, Says RSA Chief
- Domain Name System (DNS) And Active Directory Guide
- Desktop Virtualization: What Windows Managers Should Know
- Windows Integrity Control (WIC) In Vista
Windows Server News
- How To License W2K3 In A Virtual Environment
- Podcast: W2K8's Impact On An Exchange 2007 Migration
WServer Third Party News
- And Here's This Week's Vulnerability Line-up
WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
WServerNews - Product of the Week
- What Makes myPassword The Best?

Customers call rDirectory "The most versatile Active Directory product available!"

Create custom Identity Applications; lower IT costs; increase security & productivity, collaboration & community in your enterprise. NEW: rDirectory v2.2 includes:

OCS/LCS provisioning, presence integration, peer-peer collaboration
Data Integrity enforcement as users logon to Windows
Improved Create Templates to standardize acct. creation & integrate with HR processes
Provisioning of Home Folder & Exchange 2003/2007
Improved Integration with Portals like SharePoint
Flexible Group Delegation & Self-Subscription.

The perfect system to create custom Help Desk and Identity Management solutions, relational Identity Information Applications.
http://www.wservernews.com/080414-rDirectory

	Editor's Corner

Is Windows Collapsing? A pair of Gartner analysts this week called the situation "untenable" and described Windows as 'collapsing'. They said Redmond must make radical changes to its OS or risk becoming a has-been. They basically accuse Microsoft not having responded to the market, is overburdened by too much legacy code and faces serious competition of a whole host of fronts. Many of you responded to my question if Bill Gates' departure might be the cause of Microsoft's sharp brand decline. And what you told me was very similar to the above observations. Microsoft has stopped listening to you, is more interested in what is good for itself than what is good for its customers, and that the current Windows Vista backlash is a good example of the problems. They are riding (temporarily) on just the inertia of their defacto monopoly. I'm not a Microsoft basher and I make my living in their ecosystem, but I'm wondering what the majority of you thinks about this, so please vote in the current SunPoll! http://www.wservernews.com/080414-SunPoll It's The Week Of The RSA Show That means we have a lot of interesting security related items this newsletter. Sunbelt also has a booth at the show, and we provided a lot of demos to attendees. We hope to see you at Tech.Ed in Orlando a few months from now. Here goes! Number Of Viruses To Top 1 Million By 2009 Jari Heinonen, Asia-Pacific vice president at our colleagues at F-Secure Corp., said his company logs about 25,000 malware samples each day, the highest on record. "The total number of viruses and Trojan [horses] will pass the 1 million mark by the end of 2008 if this trend continues," Heinonen said. "While there are more viruses than ever before, people report seeing less of them [because] malware authors are changing their tactics. Drive-by downloads are the preferred way of spreading malware [because] they happen automatically by visiting a Web site, unless users have a fully patched operating system, browser and plug-ins," He also stated that said malware will increasingly target the kernel sector through rootkits such as Mebroot, which attacks the bootstrap sector. A resurgent Mebroot was detected last month, some 15 years after the DOS-based malware was created. More about this at ComputerWorld: http://www.wservernews.com/080414-1-Million-Viruses The new VIPRE Antivirus + Antispyware will protect you against all of these critters. Check out Beta 4 at: http://www.wservernews.com/080414-VIPRE-Antivirus Not Preserving Data Properly Can Cost You Michael Osterman recently wrote a very useful article that you can use as ammo to get budget approval for Exchange Archiving. He starts out with: "While some decision makers continue to believe that destroying all older e-mail or electronic documents is the wisest course of action, it's important to understand that such a position is not borne out by the facts". Read the full story here, he has some very clear cases where companies got large fines for not having the email they should have: http://www.wservernews.com/080414-Archiving Seminar: High-Availability For SharePoint Microsoft SharePoint is quickly becoming the preferred platform for online collaboration and for hosting critical project-team information. Protecting SharePoint against data loss and downtime is essential to the productivity and profitability of your organization. Join Double-Take Software along with a SharePoint Technical Evangelist from Microsoft for an educational webinar that will provide: A technical architecture overview of the technology. What SharePoint can be used for and why? Why it is critical for your organization to protect, back-up, and recover your Microsoft SharePoint solution. Join us today! http://www.wservernews.com/080414-Sharepoint-Seminar 'He Never Said It' Quote Of The Week "The national budget must be balanced. The public debt must be reduced; the arrogance of the authorities must be moderated and controlled." -- Cicero (106 BC - 43 BC) Thank you for being a WServerNews subscriber. Please tell your friends about us. They can subscribe here: http://www.wservernews.com/080414-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu |

Email me: feedback@wservernews.com

Instantly Reduce Your Exchange Message Store 80%

Sunbelt Exchange Archiver (SEA) improves performance, productivity and allows you to comply with legal and regulatory retention requirements, within budget!
SEA allows you to handle many email problems in one fell swoop. You are ready for lawsuits, get an 80% smaller message store, faster backups, end-user self-service for lost email, built-in HSM, quicker disaster recovery and much more. Get a quote and then get budget, your organization needs to have this:
http://www.wservernews.com/080414-Sunbelt-Exchange-Archiver

	Admin Toolbox

Admin Tools We Think You Shouldn't Be Without Cut Down On Yearly AV Costs. Deploy CSE now and upgrade to VIPRE Enterprise for a nominal fee when it comes out. A creative way to recession-proof your budget: http://www.wservernews.com/080414-CounterSpy-Enterprise FREE eBook with evaluation: Admin's Shortcut Guide to AD Security: http://www.wservernews.com/080414-eBook Free Web-based Online Directory, Self Service Editing, LCS/OCS Presence! Want more? Check out the other editions with Enforced Data Integrity + Provisioning: http://www.wservernews.com/080414-rDirectory-Editions An open source project that replaces WinZip everywhere. 7-Zip is twice as efficient, its native format (.7z) creates archives 50%-75% the size of .zip: http://www.wservernews.com/080414-7-Zip Check out Beta 4 of the new VIPRE Antivirus + Antispyware and read the first available CNET review of the VIPRE beta on this new vipreantivirus website: http://www.wservernews.com/080414-VIPRE-AV

	Tech Briefing

What Is 'Stirling' All About? Well, if you listen to the Microsoft PR machine it goes like this: "Forefront Stirling is an integrated security system that is designed to deliver comprehensive, coordinated protection, making it easy to control, access and manage security capabilities across an organization's IT infrastructure" But it's really public beta code they are talking about. They present it as "next-generation" of Forefront and they have added a central management console that controls both clients, servers and the so called 'edge', which is the the next ISA Server. That one has been repositioned as Forefront Threat Management Gateway. The code also includes modules for for Exchange and SharePoint. Redmond claims that all this is supposed to work with third-party security tools and should come out next year. It's for VERY large environments, and it's based on warmed-over code from the old Sybari Antigen so I really wonder what makes this 'next-generation.' You can see it in action here, they made the old warhorse sure look pretty: http://www.wservernews.com/080414-Stirling RSA: Researcher: Web Page Can Take Over Your Router At the RSA Conference in San Francisco, Dan Kaminsky demonstrated how a Web-based attack would work on widely used routers, including those made by Cisco's Linksys division and D-Link. http://www.wservernews.com/080414-Router-Attack Top Botnets Control 1M Hijacked Computers A botnet researcher this week released a census of bots at the RSA Conference showing how the top 11 malware networks can spew up to 100 billion spam messages a day. Wow. http://www.wservernews.com/080414-Hijacked-Computers Regulations Not Making Data Safer, Says RSA Chief Regulations on information security need to be much more intelligently focused than they are, said RSA head Art Coviello at the Tuesday inaugural keynote for the RSA security conference in San Francisco. Even development's got to get wiser. The result? Eventually, the end of security as an independent industry. http://www.wservernews.com/080414-Information-Security Domain Name System (DNS) And Active Directory Guide This guide breaks down the basics of DNS, and provides some helpful tips on how to assess, manage and protect your environment: (registration required) http://www.wservernews.com/080414-DNS-Guide Desktop Virtualization: What Windows Managers Should Know Desktop virtualization allows the IT staff to lock down the desktop, but it still lets users have the freedom to do their jobs. Learn how in this tip: http://www.wservernews.com/080414-Desktop-Virtualization Windows Integrity Control (WIC) In Vista BitLocker and User Account Control, security features new to Windows in Vista, have received lots of hype. But what about Windows Integrity Control (WIC)? Learn about WIC in this excerpt from Hacking Windows Exposed: Microsoft Windows Security Secrets and Solutions: http://www.wservernews.com/080414-Vista-WIC

	Windows Server News

How To License W2K3 In A Virtual Environment A bit boring but worth a read if you can spare 10 minutes to skim through. This document covers how to license Windows Server 2003 in a virtual environment. It all seems quite good until you realize that V-motion is not supported under Microsoft licensing as you apply licenses to a physical server, not a virtual one, bit of a blow that. Wonder if that will change when MS finally comes up with it's own version. Redmond describes it as follows: "In this document, we discuss how the Microsoft(r) Windows Server(r) 2003 R2 operating system and other Microsoft server products are licensed when used with virtualization technologies VMware ESX Server, VMware VMotion, SWsoft Virtuozzo, and Microsoft System Center Virtual Machine Manager. In addition, we also compare costs, both between different Windows Server editions and between the different virtualization technologies." http://www.wservernews.com/080414-Virtual-W2K3-Licensing Podcast: W2K8's Impact On An Exchange 2007 Migration With the recent release of Windows Server 2008 and Exchange 2007 SP1, organizations are reevaluating their Exchange 2007 migration plans. Before installing Exchange 2007 SP1 on Windows 2008, listen to this podcast to learn more about new Windows 2008 features and deployment concerns that will impact an Exchange migration. http://www.wservernews.com/080414-W2K8-and-Exchange-2007-Migration

WServer Third Party News

And Here's This Week's Vulnerability Line-up

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.


New Checks


W3333 Cumulative Security Update for Internet Explorer, W2K, XP, W2K3
W3324 MS Visio 2003 Could Allow Remote Code Execution, W2K, XP, W2K3
W3323 MS Visio 2002 Could Allow Remote Code Execution, XP
W3322 MS Project 2003 SP2 Could Allow Remote Code Execution, W2K, XP, W2K3
W3321 MS Project 2002 SP1 Could Allow Remote Code Execution, W2K, XP, W2K3
W3320 MS Project 2000 SR1 Could Allow Remote Code Execution, W2K, XP, W2K3
W2666 CA ARCServe Backup rxrpc.dll vulnerabilities
W2493 Microsoft Windows Malicious Software Tool Not Updated Warning
W2070 Anti-virus Signature Outdated - CA eTrust
W2067 Anti-virus Signature Outdated - F-Secure
W1999 Anti-virus Signature Outdated - Trend Micro
W1986 Anti-virus Signature Outdated - Symantec
W1142 Anti-virus Signature Outdated - McAfee
S393  Self encapsulated IP packet handling vulnerability - Solaris 8 - 10
S378  Floating point context vulnerabilities - Solaris 9 - 10
S354  Libproc may induce hang under certain patch combinations - Solaris 10_x86
L1681 Liferea LD_LBRARY_PATH and Mozilla flaws - FC
L1613 Mozilla Galeon package vulnerabilities - FC
L1529 Seamonkey multiple vulnerabilities - RHE
L1528 Thunderbird multiple vulnerabilities - RHE
L1525 Mozilla Firefox vulnerabilities - RHE
L1516 Mozilla Devhelp package vulnerabilities - FC
L1515 Mozilla Yelp package vulnerabilities - FC
L1514 Epiphany Mozilla based package vulnerabilities - FC
L1513 Mozilla SeaMonkey multiple vulnerabilities - FC
L1512 Mozilla Firefox multiple vulnerabilities - FC
L605  PhpMyAdmin password disclosure - FC
L604  Gnome-screensaver clipboard notify error - FC
L603  Mod_suphp symlink race conditions - FC
L602  Perlbal zero-byte chunked upload flaw - FC
L601  Namazu HTML UTF-7 set charset flaw - FC
L600  PHP-pear-PhpDocumentor arbitrary PHP function calls - FC
L310  Miro Mozilla based vulnerabilities - FC
L309  Gnome-web-photo Mozilla based vulnerabilities - FC
L307  Kazehakase Mozilla based vulnerabilities - FC
L306  Ruby-Gnome2 Mozilla based vulnerabilities - FC
L211  OpenVRML mozilla related vulnerabilities - FC
H116  OpenView Event Correlation Service - HP-UX 11


Updated Checks


W1142, W1986, W1999, W2067, W2070 Anti-Virus Signatures
H0056 Calloc Memory Size Miscalculations - HP-UX 11


Revised Checks


W3259 Adobe Connect Enterprise non secure SWF vulnerability
W3260 Adobe Dreamweaver / Contribute non secure SWF content gen
W3265 Adobe Reader / Acrobat 8.1.2 Update available
W3266 Active Directory Allows Denial of Service - W2K, XP, W2K3
W3267 Active Directory Allows Denial of Service - W2K, XP, W2K3 ADAM
S0462 Java System Directory Server - Solaris 9 - 10
L0509 Tcltk GIF and regex handling errors - RHE

Sunbelt Network Security Inspector version 1.6.97.0 was released April 10, 2008. Sunbelt Software recommends you download the new SNSI version 1.6.97.0, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/080414-Sunbelt-Network-Security-Inspector

	WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff. WOW! Skydivers from 31 countries set a world record of 400 people holding hands in a mid-air free-fall formation. This is a 'Gotta See': http://www.wservernews.com/080414-Skydiving-Record A political satire by John Clarke and Bryan Dawe, based on what an Australian Senator accountable for the event said at the time: http://www.wservernews.com/080414-Political-Satire A Google Maps mashup called the Map Channels Hotels Directory shows you all hotels with availability listed in order of price. Just punch in the city, the check-in date and the number of nights you'll be staying, and it will lay out all your options: http://www.wservernews.com/080414-Map-Channels-Hotels-Directory What do Thomas Edison, The Beatles, Michael Jordan, Ulysses Grant, Lucille Ball, Walt Disney and Abraham Lincoln have in common? Inspiring video about persevering, no matter how many times you have failed in life: http://www.wservernews.com/080414-Famous-Failures You can't always save your job, but you can reduce the time you're out of work if you see it coming. 10 Signs Your Company Wants You Gone: http://www.wservernews.com/080414-Company-wants-you-Gone An extraordinary amazingly huge tornado in Manitoba captured by storm chasers Reed Timmer and Dave Holder: http://www.wservernews.com/080414-Extreme-Tornado Made famous by Microsoft: - Why are manhole covers round? http://www.wservernews.com/080414-Manhole-Covers Hewlett-Packard unveiled its Compaq 2133 ultraportable laptop this week - competitively priced from $499 to $899: http://www.wservernews.com/080414-Compaq-Ultralaptop This hilarious video serves as an answer to the age-old question: "Do bears dance in the woods?": http://www.wservernews.com/080414-Bear-Rub Google Streets View Project Manager Speaks About Privacy Concerns: http://www.wservernews.com/080414-Google-Streets Building Your Own Star Destroyer. Too much time on his hands? Cool though: http://www.wservernews.com/080414-Star-Destroyer

	WServerNews - Product of the Week

What Makes myPassword The Best? Most powerful password management solution on the planet! Combining myPassword and rDirectory, it solves two of the most common problems in self-service password management: Getting users to fill out their Password Reset Profile, Securing the issuance of new passwords by end users or the Help Desk. The benefits: Reduces helpdesk calls & enhances end-user productivity. Lose the redundancy and duplication of effort; immediate ROI Reduce costs by eliminating the leading source of all Help Desk calls Reduce burnout from highly repetitive, tedious support calls related to password reset and user authentication Reallocate IT resources to provide better service to users who have complex, non-routine problems. http://www.wservernews.com/080414-myPassword