Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 13, #40 - Sep 29, 2008 - Issue #694
'Whitelisting' - Will It Work?

This issue of WServerNews is sponsored by
  1. Editors Corner
    • 'Whitelisting' - Will It Work?
    • Redmond: Developers Will Get Windows 7 Alpha Next Month
    • Quotes of the Week
  2. Webinars and Seminars
    • Protecting Against the New Wave of Malware: A New Approach to Endpoint Security
    • Free One-day Seminar: Vista and Virtualization
  3. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  4. Tech Briefing
    • 2008: IT Salaries On The Rise
    • How Sarah Palin Was Hacked
    • How To Meet Data Retention Compliance In A Windows Environment
    • Tip: Troubleshooting Active Directory Database Errors
    • Is Virtualizing Microsoft Exchange Server A Good Idea?
  5. Windows Server News
    • BOOK: SQL Server 2008 - A Beginners Guide
    • BOOK: The Complete Reference Windows Server 2008
    • BOOK: Exchange Server 2007 - with SP1
  6. WServer Third Party News
    • Hackers Resurrect Notorious Attack Tool Kit
    • Demand Better Endpoint Protection
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Robust Identity Management for Microsoft-centered Enterprises Arrives
Robust Identity Management for Microsoft-centered Enterprises Arrives

FREE 30-day VHD trial of the new EmpowerID 4.0 - explore the first enterprise Identity Management platform specifically designed for Microsoft-centered enterprises, with support for Users, Groups, Active Directory, AD/AM, Exchange, SharePoint, SQL, LDAP and more. EmpowerID securely automates all of your identity functions - with more functionality and at less cost than competing Java-based platforms. Built with .NET 3.5 and Windows Workflow Foundation, it includes complete solutions for user and mailbox provisioning, password management, whitepages, delegated user and group management, and support for custom applications.
http://www.wservernews.com/080929-Explore-EmpowerID


Editors Corner

'Whitelisting' - Will It Work?

You may have read about the pros and cons of whitelisting. It's essentially having a list of files that are allowed to run, instead of a blacklist of files that are not allowed on a system. There are some difficulties with each one of these approaches, especially on the Vista platform, due to Vista's UAC. At the end I'm providing a link to a recent article from Larry Seltzer, commenting on Mark Russinovich and his views on whitelisting.

Larry states: "Your expectations of whitelists need to be reasonable, you should know that there are limitations to them: vulnerabilities in software that lead to arbitrary code execution, such as the typical buffer overflow, would lead to malicious code running despite a whitelist. The way overflows work, the system thinks that it's the vulnerable program running the code, not some outside program, even though the code came in on an HTTP request or inside a word processing document or some other uninvited channel.

As you can see, this is an issue that is not easy to overcome. More about whitelisting in this article at eWEEK:
http://www.wservernews.com/080929-Future-of-Security


Redmond: Developers Will Get Windows 7 Alpha Next Month

They confirmed this week that they will give preview copies of Win7 to attendees at next month's Professional Developers Conference. They posted on the PDC Web site that devs would get a "pre-beta" release Oct 28th. "Keynote attendees will be among the first to receive the pre-beta build of Windows 7," they said. Steven Sinofsky, Senior VP of the Windows Engineering group will deliver the keynote on Oct. 28. Here is the link to the PDC website:
http://www.wservernews.com/080929-Unveiling-Windows-7


Quotes of the Week

"Just because you do not take an interest in politics doesn't mean politics won't take an interest in you." -- Pericles

"Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/080929-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Cymphonix

"We just don't have a spyware problem anymore," said New York Eye and Ear Infirmary Network Engineer, Gene Harrison. "Obviously the threat of spyware has grown but since the integration of the Cymphonix Network Composer we are protected from spyware threats and in compliance with HIPAA." To see how Cymphonix can automate your Internet security, request a Free 30-day Trial device at:
http://www.wservernews.com/080929-Cymphonix

Webinars and Seminars
We'd like to invite you to attend the following seminars:


Protecting Against the New Wave of Malware: A New Approach to Endpoint Security

Join Sunbelt and Mike Osterman, president and founder of Osterman Research, Inc., for an informative seminar that will examine why older, traditional antivirus approaches don't work and why a new approach to endpoint security is required to better protect your users, your data and your long-term viability as a company from malicious threats.

Hosted at Microsoft in Waltham, MA on Thursday, October 2nd.Register here:
http://www.wservernews.com/080929-New-Malware


Free One-day Seminar: Vista and Virtualization

If you're curious about desktop virtualization or unsure if Windows Vista is the next right move for your organization, independent experts Mark Minasi and Barb Goldworm are here to help. The best selling authors give "just the facts" presentations on Vista and virtualization in this event coming to Atlanta on October 28 and Minneapolis and Washington DC in November. Register today!
http://www.wservernews.com/080929-Desktop-Infrastructure


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without:

Learn more about the first Microsoft-based enterprise platform capable of solving your most complex Identity Management challenges!
http://www.wservernews.com/080929-Explore-EmpowerID

ScriptLogic Cartoon Caption Contest. We provide the cartoon, you submit your caption and be entered to win $198.42:
http://www.wservernews.com/080929-Scriptlogic-Contest

Time To Kill Those PST Files! They cause -all- kinds of storage problems, like bloated and slow backups and backup windows expanding. The rescue:
http://www.wservernews.com/080929-Sunbelt-Exchange-Archiver


Tech Briefing

2008: IT Salaries On The Rise

Good news. The joint MCPmag.com and Redmond Magazine Salary Survey shows IT job and salary strength. All the numbers are at their site, so no need to repeat them here:
http://www.wservernews.com/080929-IT-Salaries


How Sarah Palin Was Hacked

The ease in which Republican vice presidential candidate Sarah Palin's e-mail was hacked is striking and underscores the importance of improving privacy questions for password recovery.
http://www.wservernews.com/080929-Password-Recovery-Backfire


How To Meet Data Retention Compliance In A Windows Environment

To achieve data retention compliance, Windows managers must take an active role in learning data retention policies and creating procedures to support them. This tip from SearchWinIT.com gives a roadmap to help you maintain business-critical data in a logical, easily retrievable manner. (Registration Required)
http://www.wservernews.com/080929-Retention-Compliance


Tip: Troubleshooting Active Directory Database Errors

While database errors in Active Directory can crop up occasionally, they are usually simple to fix. Read these troubleshooting tips when you think your AD database might be corrupted. (Requires Registration)
http://www.wservernews.com/080929-Troubleshooting-Active-Directory


Is Virtualizing Microsoft Exchange Server A Good Idea?

With the arrival of Hyper-V and Microsoft's new licensing and technical support policies, many companies may be considering running Exchange Server in a virtualized environment. From a server consolidation and storage standpoint, it makes sense, but what about cost and high availability concerns? In this webcast, Exchange MVP Richard Luckett examines the questions surrounding Exchange Server virtualization. He also compares third-party virtualization platforms and shares best practices for virtualizing both Exchange Server 2003 and Exchange 2007.
http://www.wservernews.com/080929-Webcast


Windows Server News

BOOK: SQL Server 2008 - A Beginners Guide

I have finally had time to review some books that were sent to me. Here they are. The first one is from McGraw-Hill and written by Dusan Petkovic who is a computer science professor at the Polytechnic in Rosenheim, Germany.

This book will get you started on SQL Server 2008 in no time.

Learn to use all of the powerful features available in SQL Server 2008 quickly and easily. Microsoft SQL Server 2008: A Beginner's Guide explains the fundamentals of each topic alongside examples and tutorials that walk you through real-world database tasks. Install SQL Server 2008, construct high-performance databases, use powerful Transact-SQL statements, create stored procedures and triggers, and execute simple and complex database queries. Performance tuning, Database Engine security, Business Intelligence, and XML are also covered.
  • Set up, configure, and maintain SQL Server 2008
  • Build and manage database objects using Transact-SQL statements
  • Create stored procedures and user-defined functions
  • Optimize database performance, availability, and reliability
  • Implement solid security using authentication, encryption, and authorization
  • Automate tasks using SQL Server Agent
  • Create reliable data backups and perform flawless system restores
  • Use all-new SQL Server 2008 Business Intelligence, development, and administration tools
  • Learn in detail the SQL Server XML technology (SQLXML)
Get it at Amazon or your fave bookseller:
http://www.wservernews.com/080929-SQL-Server-2008


BOOK: The Complete Reference Windows Server 2008

This one was written by Danielle Ruest, who is a senior enterprise workflow architect and consultant with more than 20 years of experience in systematic project implementations. She is the coauthor of Windows Server 2003 Pocket Administration. Danielle is a Microsoft Most Valuable Professional for the Virtual Machine product line.

Plan, set up, and administer a powerful, scalable Microsoft W2K8 environment. Featuring detailed explanations, best practices, pragmatic checklists, and real-world implementation examples, this comprehensive resource shows you how to deploy, manage, and secure WS08 on enterprise networks of all sizes.

The book explains how to develop migration plans and transition to W2K8, configure AD and Internet services, handle print and Web servers, and work with resource pools and network delegation rights. You'll get full coverage of the latest virtualization techniques, OU strategies, remote admin features, and storage maintenance utilities. Find out how to tune performance, deploy bulletproof security, create reliable system backups, and design failsafe disaster recovery plans. You'll also learn to rely on resource pools and virtual service offerings to create the very best Windows infrastructure implementation. Get it at Amazon or your fave bookseller:
http://www.wservernews.com/080929-Server-2008


BOOK: Exchange Server 2007 - with SP1

Written by Exchange experts and Microsoft MVPs Richard Luckett, William Lefkovics (who is a contributor on Sunbelt's Exchange Forum), and Bharat Suneja have packed this book with practical guidance, useful information, and years of knowledge and experience. If you're responsible for one or more aspects of an Exchange 2007-based messaging system, keep this book close, as you'll be referring to it often!"
Microsoft Exchange Server 2007: The Complete Reference shows you how to configure a robust messaging environment, manage recipients and servers, set up mailboxes and public folders, and seamlessly integrate with Outlook 2007 and Outlook Web Access 2007. You'll learn to provide a multi-layered defense against spam, create reliable system backups, work with PKI and data encryption, use replication and clustering services, and maintain high availability and optimal efficiency. Get it at Amazon or your fave bookseller:
http://www.wservernews.com/080929-Exchange-Server-2007


WServer Third Party News

Hackers Resurrect Notorious Attack Tool Kit

Neosploit, the notorious hacker exploit kit that some thought had been retired months ago, has returned and is believed to be responsible for a dramatic increase in attacks, a security researcher said. ComputerWorld has the story:
http://www.wservernews.com/080929-Tool-Kit


Demand Better Endpoint Protection

Sixty-hour work weeks with no overtime or comp time, a BlackBerry hitched to your belt 24/7, mandates from managers who have no clue what you actually do - all for a job that could be outsourced tomorrow. It's time for admins to demand endpoint protection that's not a time sink and a performance drain. Try out VIPRE Enterprise and see for yourself why your colleagues are switching to VIPRE:
http://www.wservernews.com/080929-VIPRE-Enterprise


WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

Robust Identity Management for Microsoft-centered Enterprises Arrives

FREE 30-day VHD trial of the new EmpowerID 4.0 - explore the first enterprise Identity Management platform specifically designed for Microsoft-centered enterprises, with support for Users, Groups, Active Directory, AD/AM, Exchange, SharePoint, SQL, LDAP and more. EmpowerID securely automates all of your identity functions - with more functionality and at less cost than competing Java-based platforms. Built with .NET 3.5 and Windows Workflow Foundation, it includes complete solutions for user and mailbox provisioning, password management, whitepages, delegated user and group management, and support for custom applications.
http://www.wservernews.com/080929-Explore-EmpowerID