Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 13, #44 - Oct 27, 2008 - Issue #698
Top Five Free Windows Server Management Tools

This issue of WServerNews is sponsored by
  1. Editors Corner
    • Vista SP2 Beta Being Prepped
    • Redmond Rushes Out Emergency Windows Patch
    • Microsoft: "It's Not That Gloomy"
    • Quotes of the Week
  2. Webinars and Seminars
    • Upcoming Sunbelt Seminars
    • Protecting Against the New Wave of Malware: A New Approach to Endpoint Security
    • "No Server Left Behind"
    • Virtual Event: Microsoft New Server Product Launch
  3. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  4. Tech Briefing
    • Top Five Free Windows Server Management Tools
    • Researchers Log Keystrokes From Afar
    • Five Reasons Why Skipping Windows Vista Could Backfire
    • Learning Guide: Microsoft Group Policy
    • Stored Procedures Tutorial: Write Them, Tune Them And Get Examples
    • Creating A Sharepoint Governance Document
  5. Windows Server News
    • Microsoft's VMM Goes RTM
  6. WServer Third Party News
    • VIPRE Enterprise Q&A with Sunbelt CTO Eric Sites
    • SNSI Update
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Patch Desktops Remotely without Interrupting the User
Patch Desktops Remotely without Interrupting the User

Desktop Authority provides secure web-based access to client machines, real-time diagnostics and troubleshooting and interactive remote monitoring and control of desktop. Remotely manage the file system, user, registry, virtual memory and reboot without client interaction. Manage, inventory, secure and support desktops from a centralized console. Desktop Authority encompasses remote control as a part of remote management. Try it free for 30 days!
http://www.wservernews.com/081027-Desktop-Authority


Editors Corner

Vista SP2 Beta Being Prepped

Wow, SP1 in February this year feels only a little while ago. Now SP2 is going into Beta. Private Beta testers will get it within 4-6 weeks. A birdie told me that SP2 will have a new Windows Search, support for Bluetooth 2.1, and support for Via's 64-bit CPU (found in some ultra light notebooks like HP's Mini-Note), along with a slew of normal bugfixes and updates. Redmond blogger Mary-Jo Foley said that a few testers had already received Vista SP2 betas, and that Microsoft wanted to issue the service pack before it released Windows 7, Vista's successor.

Redmond Rushes Out Emergency Windows Patch

This (out of band) emergency patch is rated critical for W2K, WXP, and W2K3. "Critical" means it is a hole big enough to allow the machine to be taken over from the outside. It's a really nasty one as this is a vulnerability that could be exploited to make the next "Killer Worm" so it's important to patch ASAP. Attackers have already begun limited, targeted attacks, we have samples in-house of the trojans in-the-wild that are being used in targeted attacks, taking advantage of this exploit.

Here's how they described it.

"The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests." An advisory stated the flaw is a less serious risk for Vista and W2K8:
http://www.wservernews.com/081027-Security-Bulletin
More detail at the MS security blog:
http://www.wservernews.com/081027-MS08-067


Microsoft: "It's Not That Gloomy"

They said things were only slightly weaker, but did not cave to the feeling of doom and gloom in the markets. They trimmed their full-year guidance, but not a lot. They revised their yearly figures from 66.5 billion to "just" $64.9 billion. Their numbers are better than analysts feared.

To illustrate the point, they mentioned that both enterprise server software consumer and Xbox sales were good. CFO Chris Liddell added, "We feel extremely good about our relative competitive position and our ability to continue outgrowing IT spend. We believe our exceptionally strong cash flow, product pipeline and financial strength will allow us to weather economic conditions well." Redmond is counting on an annual 8%-12% growth in PCs. And VMware reported third quarter results this week and showed $472 million, up 32%, a number a little better than their earlier expectations.

Quotes of the Week

By Richard Feynman, Physicist, Nobel winner (1918-1988)

"There are 10^11 stars in the galaxy. That used to be a huge number. But it's only a hundred billion. It's less than the national deficit! We used to call them astronomical numbers. Now we should call them economical numbers."

"For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled."

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/081027-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Finally, Powerful Endpoint Security That Isn't A Resource Hog

And you don't need a 2-day SEP V11 Migration Class either. Sunbelt built VIPRE Enterprise; a completely new technology combining corporate antivirus plus an enterprise antispyware solution for total endpoint security designed by admins for admins. And that means EASY DEPLOYMENT. Save your IT budget and don't renew products from Symantec, McAfee and Trend Micro, Learn how VIPRE Enterprise takes much less resources than the competition! It's clearly time to ditch expensive, bloated, old-style AV products. Get your 30-day eval here:
http://www.wservernews.com/081027-VIPRE-Enterprise
<

Webinars and Seminars

Upcoming Sunbelt Seminars

We'd like to invite you to attend the following seminars


Protecting Against the New Wave of Malware: A New Approach to Endpoint Security

Join Sunbelt and Mike Osterman, president and founder of Osterman Research, Inc., for an informative seminar that will examine why older, traditional antivirus approaches don't work and why a new approach to endpoint security is required to better protect your users, your data and your long-term viability as a company from malicious threats.

Hosted at Microsoft in San Francisco, CA on Thursday, November 13th. Register here:
http://www.wservernews.com/081027-New-Wave-of-Malware


"No Server Left Behind"

Protect and Recover ALL of Your Applications. Disaster recovery is crucial to your business. A combination of Double-Take for Windows and our newest product, Livewire, make it easier than ever to protect and recover your organizations entire infrastructure. These products provide a complete recovery solution for both primary and secondary workloads in a cost effective and simple way without the pain and hassle of dealing with other methods like tape.

Date: October 30, 2008
Time: 11am - 12pm EST
4pm - 5pm London
5pm - 6pm Paris
Register here:
http://www.wservernews.com/081027-No-Server-Left-Behind


Virtual Event: Microsoft New Server Product Launch

On November 12, Microsoft CEO Steve Ballmer along with fellow Microsoft colleagues and partners, will officially launch their new product line designed specifically for the mid-market which will dramatically simplify the deployment, ongoing management, and use of server technology. In addition, independent expert and best-selling author Mark Minasi will deliver "7 Tips that IT can use During the Economic Downturn." These practical tips are designed to save money and deliver new capabilities to keep SMBs competitive. Register today!
http://www.wservernews.com/081027-Server-Solutions


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Make it easy to track user access to your Windows file servers! ScriptLogic's File System Auditor: Free Trial!
http://www.wservernews.com/081027-File-System-Auditor

NetPro Users can now receive 50% off The Dot Net Factory's best-in-breed identity management solutions -- EmpowerID and AD Self-Service Suite!
http://www.wservernews.com/081027-EmpowerID

Finally, Powerful Endpoint Security That Isn't A Resource Hog. Ask for a quote for the extremely attractive VIPRE Competitive Upgrade Program:
http://www.wservernews.com/081027-VIPREEnterprise


Tech Briefing

Top Five Free Windows Server Management Tools

Ask just about any Windows administrator about a favorite tool and many of them drop a list of free ones they can't do without. Some of these free tools and updates come from the Microsoft Download Center, such as the server management ones featured in this exclusive article from SearchWinIT.com:
http://www.wservernews.com/081027-Management-Tools


Researchers Log Keystrokes From Afar

Computer keystrokes can be snooped from afar by detecting the slight electromagnetic radiation emitted when a key is pressed, according to new research previewed on Monday:
http://www.wservernews.com/081027-Logging-Keystrokes


Five Reasons Why Skipping Windows Vista Could Backfire

Is Windows Vista really skippable? As organizations weigh what to do with Windows XP OS upgrades, the thought of leapfrogging the much-maligned Vista often comes to mind. But be warned, says a recent report from research firm Gartner : bypassing Vista and migrating directly from XP to the next release, Windows 7, could be a dicey proposition. More of this article at:
http://www.wservernews.com/081027-Vista-Backfire


Learning Guide: Microsoft Group Policy

Active Directory and Group Policy are an important part of any Windows environment and one of the leading areas of software investment for companies in 2008. This learning guide from SearchWindowsServer.com offers links to resources on Microsoft Group Policy, with articles, book excerpts and expert advice covering best practices and pitfalls to avoid, as well as troubleshooting help and more: (Registration Required)
http://www.wservernews.com/081027-Learning-Guide


Stored Procedures Tutorial: Write Them, Tune Them And Get Examples

This SQL Server stored procedures tutorial covers three areas for simplifying database development. If you use certain queries over and over again, make life easier by putting the SQL statements into stored procedures - then you'll only need to write them once:
http://www.wservernews.com/081027-Tutorial


Creating A Sharepoint Governance Document

A SharePoint governance document outlines policies and procedures regarding the way SharePoint is to be used and maintained within an organization. This tip describes which issues to include in your SharePoint governance document to avoid problems down the road:
http://www.wservernews.com/081027-SharePoint


Windows Server News

Microsoft's VMM Goes RTM

Redmond's fresh Virtual Machine Manager (VMM) has been RTM'd and that means you should be able to get it the first of November. Pricing starts at $1,304 which is less than half of VMware's VirtualCenter. VMM manages both Hyper-V and VMware environments and physical as well as virtual machines.

WServer Third Party News

VIPRE Enterprise Q&A with Sunbelt CTO Eric Sites

Blended malware threats are at an all time high. Sunbelt Software Chief Technology Officer (CTO) Eric Sites recently sat down with ITIC, principal analyst Laura DiDio to discuss the threats posed by bloatware and malware, the differentiators between VIPRE Enterprise and traditional antivirus / antispyware packages and to offer some practical, tactical advice to achieve optimal system performance while still keeping the corporate network secure.

Laura DiDio: What are the main pain points corporations experience with respect to bloatware as a result of traditional AV products that have a very large footprint? And how does VIPRE Enterprise address those issues?
Eric Sites: The most obvious pain points associated with AV performance are that the AV product slows down the system, launch applications and you get numerous pop ups. The AV product itself can become a bottleneck. VIPRE consists of a single engine that is optimized to fight blended malware threats; but at the same time it consumes very limited systems resources.

I worked with one customer that got infected with a virus and the situation was so bad that they couldn't even make their payroll. They had a competing AV product that was up to date and they still got hit with a variant of Sality which is very prevalent. Sality has spamming capabilities and screws up the machines so you can't boot in safe mode, messes up the Registry. It entered the network either through an Email or a USB drive and will automatically infect a machine. Items on the user machines were disabled and applications started to fail. Exes come in all shapes and sizes and the file infector may not be able to infect an Exe properly - so the Exe and the applications became disabled and unable to function. This is a common scenario for worms and file infectors - it's just a badly written virus. We installed VIPRE and the network was up within hours.

The biggest advantages of VIPRE Enterprise are that it's optimized to fight all of the latest threats; it's easy to install and our technical support people are excellent and extremely responsive. When you dial our tech support line, you're connected to a live person right away. We've converted a lot of CounterSpy Enterprise customers over to VIPRE Enterprise. We will continue to have both products. VIPRE is a superset of CounterSpy.

LD: How quickly and severely can a virus or malware impact system performance?
ES: Very quickly. In a 100 person network, a virus or malware can infect the entire corporate network within an hour. Depending on the type of malware, (i.e. HTML files) it can spread outside the corporate extranet to customers, business partners and suppliers within the next hour.

LD: What features/functions distinguish VIPRE Enterprise from competitors?
ES: The quality of the definitions is very good. The detection rate is very high compared to the competition - and we're on top of the latest infections. We automatically process 40,000 to 50,000 pieces of malware every 24 hours. We also have a product called the Sunbelt CWSandbox and we install malware and monitor the impact on the system. And we can auto-classify the bad stuff and deal with it extremely quickly.

LD: How does VIPRE compare pricewise to its competitors?
ES: We're 50% cheaper on average, also because of the competitive upgrade offer we have.

LD: How does VIPRE address the challenges/issues customers have with traditional AV products?
ES: The biggest thing is system performance and getting the AV off the machine. We make it very light on the systems and it's easy to install - you can quickly set up every machine in the entire organization.

LD: From a best practices standpoint, what proactive and preventive advice can you give customers to both detect and avoid viruses and malware?
ES: There are several straightforward actions organizations can take. First, administrative access and privileges should only be granted on an absolute need to have basis. Microsoft Vista Access Control is a wonderful tool. Corporations should implement User Access Control; the best thing is to have two accounts: one for installation and config and the other just for working daily life - at least for remote or telecommuting workers. Giving someone administrative access is very dangerous - they could install a rootkit that steals all of your corporate information and spirit it right out of the company and send it to a location where they could retrieve it later.

Other proactive security measures IT administrators can take are to: restrict the communications and access capabilities of individual desktops. So for example, if you have a salesman who has no back end applications installed, the IT manager should remove any unnecessary communications paths between that desktop and other systems and servers. This will serve to limit the scope of any potential malware infection.

We also advise companies to turn off autorun on USB Keys and companies with over 100 employees should segment their networks and run some type of Universal Threat Management devices at both the edge of the network and internally.

LD: Besides the obvious slow system performance, what other telltale signs indicate that the PCs, servers or other network devices have possibly had their security compromised? And is it possible for malware to infect systems without any noticeable adverse effects?
ES: Yes, there are some covert forms of malware that can stealthily infect systems. And there are some that are relatively benign in that they don't infect files or impact performance. However these "benign" malware infections may not damage the system but they could be stealing data unbeknownst to the IT administrator. Basically all malware is deadly in one form or another with the exception of a joke programs or Adware which are more annoying than anything else.

LD: What should a customer do if they have the latest AV/AS products, their virus definitions are up to date and they still get infected?
ES: You contact the vendor and complain. The vendor should immediately respond and provide assistance with a new automatic update or fix. For a normal Trojan, a fix should be available within hours; for a very complex highly polymorphic file infector, the vendor should release a fix within a half a day to a couple of days.

LD: What products provide immediate alerts once a system has been infected?
ES: Most products do, although the quality varies widely. VIPRE has a Virus Suspicious Flag and it will notify the user. The trick is to limit the amount of times you ask the user to run something.

LD: How often do you recommend that customers do complete system scans and update their AV/antispyware/malware products?
ES: I suggest that enterprises do a quick scan once a day and a full scan once a week. A quick scan will catch a lot of things and takes only 30 to 40 seconds and a full scan can take 15 to 30 minutes depending on what's loaded onto the system.

Try the Vipre Enterprise 30-day trial here:
http://www.wservernews.com/081027-Try-VIPRE-Enterprise


SNSI Update

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.
New Checks
M13 Mac OS Version Outdated  
N107 Authentication IPv6 Crypto Vulnerabilities - PIX/ASA  
W1018 RealVNC Viewer CMsgReader Vulnerability  
W2618 VideoLAN VLC player TTA processing vulnerabilities 

Updated Checks H39 Software Distributor - HP-UX 11 H142 Software Distributor permits local privilege elevation HP-UX 11 W1142 Anti-virus Signature Outdated - McAfee W1986 Anti-virus Signature Outdated - Symantec W1999 Anti-virus Signature Outdated - Trend Micro W2067 Anti-virus Signature Outdated - F-Secure W2070 Anti-virus Signature Outdated - CA eTrust W2737 Adobe Flash Player Plug-in Vulnerabilities W2779 Adobe Flash Player Animation File Vulnerability - Windows XP W2835 Adobe Flash Player SWF handling Vulnerabilities
Sunbelt Network Security Inspector version 1.6.120.0 was released October 24, 2008. Sunbelt Software recommends you download the new SNSI version 1.6.120.0, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/081027-SNSI


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.




WServerNews - Product of the Week

Patch Desktops Remotely without Interrupting the User

Desktop Authority provides secure web-based access to client machines, real-time diagnostics and troubleshooting and interactive remote monitoring and control of desktop. Remotely manage the file system, user, registry, virtual memory and reboot without client interaction. Manage, inventory, secure and support desktops from a centralized console. Desktop Authority encompasses remote control as a part of remote management. Try it free for 30 days!
http://www.wservernews.com/081027-Desktop-Authority-POTW