Vol. 13, #15 - Apr 14, 2008 - Issue #669
Is Windows Collapsing?
|This issue of WServerNews is sponsored by|
- Editor's Corner
- Is Windows Collapsing?
- It's The Week Of The RSA Show
- Number Of Viruses To Top 1 Million By 2009
- Not Preserving Data Properly Can Cost You
- Seminar: High-Availability For SharePoint
- 'He Never Said It' Quote Of The Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- What Is 'Stirling' All About?
- RSA: Researcher: Web Page Can Take Over Your Router
- Top Botnets Control 1M Hijacked Computers
- Regulations Not Making Data Safer, Says RSA Chief
- Domain Name System (DNS) And Active Directory Guide
- Desktop Virtualization: What Windows Managers Should Know
- Windows Integrity Control (WIC) In Vista
- Windows Server News
- How To License W2K3 In A Virtual Environment
- Podcast: W2K8's Impact On An Exchange 2007 Migration
- WServer Third Party News
- And Here's This Week's Vulnerability Line-up
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- What Makes myPassword The Best?
Customers call rDirectory "The most versatile Active Directory product available!"
Create custom Identity Applications; lower IT costs; increase
security & productivity, collaboration & community in your enterprise.
NEW: rDirectory v2.2 includes:
The perfect system to create custom Help Desk and Identity Management
solutions, relational Identity Information Applications.
- OCS/LCS provisioning, presence integration, peer-peer collaboration
- Data Integrity enforcement as users logon to Windows
- Improved Create Templates to standardize acct. creation & integrate
with HR processes
- Provisioning of Home Folder & Exchange 2003/2007
- Improved Integration with Portals like SharePoint
- Flexible Group Delegation & Self-Subscription.
Is Windows Collapsing?
A pair of Gartner analysts this week called the situation "untenable" and
described Windows as 'collapsing'. They said Redmond must make radical changes
to its OS or risk becoming a has-been. They basically accuse Microsoft not
having responded to the market, is overburdened by too much legacy code and
faces serious competition of a whole host of fronts.
Many of you responded to my question if Bill Gates' departure might be the
cause of Microsoft's sharp brand decline. And what you told me was very
similar to the above observations. Microsoft has stopped listening to you,
is more interested in what is good for itself than what is good for its
customers, and that the current Windows Vista backlash is a good example
of the problems. They are riding (temporarily) on just the inertia of their
defacto monopoly. I'm not a Microsoft basher and I make my living in their
ecosystem, but I'm wondering what the majority of you thinks about this,
so please vote in the current SunPoll!
It's The Week Of The RSA Show
That means we have a lot of interesting security related items this
newsletter. Sunbelt also has a booth at the show, and we provided a lot
of demos to attendees. We hope to see you at Tech.Ed in Orlando a few
months from now. Here goes!
Number Of Viruses To Top 1 Million By 2009
Jari Heinonen, Asia-Pacific vice president at our colleagues at F-Secure
Corp., said his company logs about 25,000 malware samples each day, the
highest on record. "The total number of viruses and Trojan [horses] will
pass the 1 million mark by the end of 2008 if this trend continues,"
Heinonen said. "While there are more viruses than ever before, people
report seeing less of them [because] malware authors are changing their
tactics. Drive-by downloads are the preferred way of spreading malware
[because] they happen automatically by visiting a Web site, unless users
have a fully patched operating system, browser and plug-ins," He also
stated that said malware will increasingly target the kernel sector
through rootkits such as Mebroot, which attacks the bootstrap sector.
A resurgent Mebroot was detected last month, some 15 years after the
DOS-based malware was created. More about this at ComputerWorld:
The new VIPRE Antivirus + Antispyware will protect you against all
of these critters. Check out Beta 4 at:
Not Preserving Data Properly Can Cost You
Michael Osterman recently wrote a very useful article that you can use
as ammo to get budget approval for Exchange Archiving. He starts out
with: "While some decision makers continue to believe that destroying
all older e-mail or electronic documents is the wisest course of action,
it's important to understand that such a position is not borne out by
the facts". Read the full story here, he has some very clear cases where
companies got large fines for not having the email they should have:
Seminar: High-Availability For SharePoint
Microsoft SharePoint is quickly becoming the preferred platform for online
collaboration and for hosting critical project-team information. Protecting
SharePoint against data loss and downtime is essential to the productivity
and profitability of your organization. Join Double-Take Software along with
a SharePoint Technical Evangelist from Microsoft for an educational webinar
that will provide:
- A technical architecture overview of the technology.
- What SharePoint can be used for and why?
- Why it is critical for your organization to protect, back-up, and recover
your Microsoft SharePoint solution. Join us today!
'He Never Said It' Quote Of The Week
"The national budget must be balanced. The public debt must be reduced; the
arrogance of the authorities must be moderated and controlled."
-- Cicero (106 BC - 43 BC)
Thank you for being a WServerNews subscriber. Please
tell your friends about us. They can subscribe here:
Instantly Reduce Your Exchange Message Store 80%
Sunbelt Exchange Archiver (SEA) improves performance, productivity and allows
you to comply with legal and regulatory retention requirements, within budget!
SEA allows you to handle many email problems in one fell swoop. You are ready
for lawsuits, get an 80% smaller message store, faster backups, end-user
self-service for lost email, built-in HSM, quicker disaster recovery and much
more. Get a quote and then get budget, your organization needs to have this:
What Is 'Stirling' All About?
Well, if you listen to the Microsoft PR machine it goes like this: "Forefront
Stirling is an integrated security system that is designed to deliver
comprehensive, coordinated protection, making it easy to control, access and
manage security capabilities across an organization's IT infrastructure"
But it's really public beta code they are talking about. They present it as
"next-generation" of Forefront and they have added a central management
console that controls both clients, servers and the so called 'edge', which
is the the next ISA Server. That one has been repositioned as Forefront
Threat Management Gateway. The code also includes modules for for Exchange
and SharePoint. Redmond claims that all this is supposed to work with
third-party security tools and should come out next year.
It's for VERY large environments, and it's based on warmed-over code from
the old Sybari Antigen so I really wonder what makes this 'next-generation.'
You can see it in action here, they made the old warhorse sure look pretty:
RSA: Researcher: Web Page Can Take Over Your Router
At the RSA Conference in San Francisco, Dan Kaminsky demonstrated how a
Web-based attack would work on widely used routers, including those made by
Cisco's Linksys division and D-Link.
Top Botnets Control 1M Hijacked Computers
A botnet researcher this week released a census of bots at the RSA Conference
showing how the top 11 malware networks can spew up to 100 billion spam
messages a day. Wow.
Regulations Not Making Data Safer, Says RSA Chief
Regulations on information security need to be much more intelligently focused
than they are, said RSA head Art Coviello at the Tuesday inaugural keynote
for the RSA security conference in San Francisco. Even development's got to
get wiser. The result? Eventually, the end of security as an independent
Domain Name System (DNS) And Active Directory Guide
This guide breaks down the basics of DNS, and provides some helpful tips
on how to assess, manage and protect your environment: (registration required)
Desktop Virtualization: What Windows Managers Should Know
Desktop virtualization allows the IT staff to lock down the desktop, but it
still lets users have the freedom to do their jobs. Learn how in this tip:
Windows Integrity Control (WIC) In Vista
BitLocker and User Account Control, security features new to Windows in
Vista, have received lots of hype. But what about Windows Integrity Control
(WIC)? Learn about WIC in this excerpt from Hacking Windows Exposed:
Microsoft Windows Security Secrets and Solutions:
||Windows Server News
How To License W2K3 In A Virtual Environment
A bit boring but worth a read if you can spare 10 minutes to skim through.
This document covers how to license Windows Server 2003 in a virtual
environment. It all seems quite good until you realize that V-motion is
not supported under Microsoft licensing as you apply licenses to a physical
server, not a virtual one, bit of a blow that. Wonder if that will change
when MS finally comes up with it's own version. Redmond describes it
"In this document, we discuss how the Microsoft(r) Windows Server(r) 2003 R2
operating system and other Microsoft server products are licensed when
used with virtualization technologies VMware ESX Server, VMware VMotion,
SWsoft Virtuozzo, and Microsoft System Center Virtual Machine Manager.
In addition, we also compare costs, both between different Windows Server
editions and between the different virtualization technologies."
Podcast: W2K8's Impact On An Exchange 2007 Migration
With the recent release of Windows Server 2008 and Exchange 2007 SP1,
organizations are reevaluating their Exchange 2007 migration plans. Before
installing Exchange 2007 SP1 on Windows 2008, listen to this podcast to
learn more about new Windows 2008 features and deployment concerns that
will impact an Exchange migration.
||WServer Third Party News
And Here's This Week's Vulnerability Line-up
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list
of computer incidents. It also contains the latest SANS/FBI top 20
vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and
FedCIRC (Department of Homeland Security) advisories.
Sunbelt Network Security Inspector version 220.127.116.11 was released
April 10, 2008. Sunbelt Software recommends you download the new SNSI
version 18.104.22.168, scan, and patch your machines today. To get the latest
SNSI version, visit:
W3333 Cumulative Security Update for Internet Explorer, W2K, XP, W2K3
W3324 MS Visio 2003 Could Allow Remote Code Execution, W2K, XP, W2K3
W3323 MS Visio 2002 Could Allow Remote Code Execution, XP
W3322 MS Project 2003 SP2 Could Allow Remote Code Execution, W2K, XP, W2K3
W3321 MS Project 2002 SP1 Could Allow Remote Code Execution, W2K, XP, W2K3
W3320 MS Project 2000 SR1 Could Allow Remote Code Execution, W2K, XP, W2K3
W2666 CA ARCServe Backup rxrpc.dll vulnerabilities
W2493 Microsoft Windows Malicious Software Tool Not Updated Warning
W2070 Anti-virus Signature Outdated - CA eTrust
W2067 Anti-virus Signature Outdated - F-Secure
W1999 Anti-virus Signature Outdated - Trend Micro
W1986 Anti-virus Signature Outdated - Symantec
W1142 Anti-virus Signature Outdated - McAfee
S393 Self encapsulated IP packet handling vulnerability - Solaris 8 - 10
S378 Floating point context vulnerabilities - Solaris 9 - 10
S354 Libproc may induce hang under certain patch combinations - Solaris 10_x86
L1681 Liferea LD_LBRARY_PATH and Mozilla flaws - FC
L1613 Mozilla Galeon package vulnerabilities - FC
L1529 Seamonkey multiple vulnerabilities - RHE
L1528 Thunderbird multiple vulnerabilities - RHE
L1525 Mozilla Firefox vulnerabilities - RHE
L1516 Mozilla Devhelp package vulnerabilities - FC
L1515 Mozilla Yelp package vulnerabilities - FC
L1514 Epiphany Mozilla based package vulnerabilities - FC
L1513 Mozilla SeaMonkey multiple vulnerabilities - FC
L1512 Mozilla Firefox multiple vulnerabilities - FC
L605 PhpMyAdmin password disclosure - FC
L604 Gnome-screensaver clipboard notify error - FC
L603 Mod_suphp symlink race conditions - FC
L602 Perlbal zero-byte chunked upload flaw - FC
L601 Namazu HTML UTF-7 set charset flaw - FC
L600 PHP-pear-PhpDocumentor arbitrary PHP function calls - FC
L310 Miro Mozilla based vulnerabilities - FC
L309 Gnome-web-photo Mozilla based vulnerabilities - FC
L307 Kazehakase Mozilla based vulnerabilities - FC
L306 Ruby-Gnome2 Mozilla based vulnerabilities - FC
L211 OpenVRML mozilla related vulnerabilities - FC
H116 OpenView Event Correlation Service - HP-UX 11
W1142, W1986, W1999, W2067, W2070 Anti-Virus Signatures
H0056 Calloc Memory Size Miscalculations - HP-UX 11
W3259 Adobe Connect Enterprise non secure SWF vulnerability
W3260 Adobe Dreamweaver / Contribute non secure SWF content gen
W3265 Adobe Reader / Acrobat 8.1.2 Update available
W3266 Active Directory Allows Denial of Service - W2K, XP, W2K3
W3267 Active Directory Allows Denial of Service - W2K, XP, W2K3 ADAM
S0462 Java System Directory Server - Solaris 9 - 10
L0509 Tcltk GIF and regex handling errors - RHE
||WServerNews FAVE Links
This Week's Links We Like. Tips, Hints And Fun Stuff.
- WOW! Skydivers from 31 countries set a world record of 400 people holding
hands in a mid-air free-fall formation. This is a 'Gotta See':
- A political satire by John Clarke and Bryan Dawe, based on what an Australian
Senator accountable for the event said at the time:
- A Google Maps mashup called the Map Channels Hotels Directory shows you all
hotels with availability listed in order of price. Just punch in the city, the
check-in date and the number of nights you'll be staying, and it will lay out
all your options:
- What do Thomas Edison, The Beatles, Michael Jordan, Ulysses Grant, Lucille
Ball, Walt Disney and Abraham Lincoln have in common? Inspiring video about
persevering, no matter how many times you have failed in life:
- You can't always save your job, but you can reduce the time you're out of
work if you see it coming. 10 Signs Your Company Wants You Gone:
- An extraordinary amazingly huge tornado in Manitoba captured by storm chasers
Reed Timmer and Dave Holder:
- Made famous by Microsoft: - Why are manhole covers round?
- Hewlett-Packard unveiled its Compaq 2133 ultraportable laptop this week -
competitively priced from $499 to $899:
- This hilarious video serves as an answer to the age-old question:
"Do bears dance in the woods?":
- Google Streets View Project Manager Speaks About Privacy Concerns:
- Building Your Own Star Destroyer. Too much time on his hands? Cool though:
||WServerNews - Product of the Week
What Makes myPassword The Best?
Most powerful password management solution on the planet! Combining myPassword
and rDirectory, it solves two of the most common problems in self-service
password management: Getting users to fill out their Password Reset Profile,
Securing the issuance of new passwords by end users or the Help Desk.
- Reduces helpdesk calls & enhances end-user productivity.
- Lose the redundancy and duplication of effort; immediate ROI
- Reduce costs by eliminating the leading source of all Help Desk calls
- Reduce burnout from highly repetitive, tedious support calls related to
password reset and user authentication
- Reallocate IT resources to provide better service to users who have
complex, non-routine problems.