Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 14, #9 - Feb 23, 2009 - Issue #714
IT People Still Expect Pay Hike

This issue of WServerNews is sponsored by
  1. Editors Corner
    • IT People Still Expect Pay Hike
    • Microsoft Offers Recession Break On Support Pricing
    • Consultant? Reseller? VAR? Read This:
    • Quotes Of The Week:
  2. Webinars and Seminars
    • Ninja Email Security Product Demonstration
    • VIPRE Enterprise Product Demonstration
    • Kiss Your AntiVirus Bloatware Goodbye: A Look at VIPRE Enterprise
    • Affordable, Enterprise Email Archiving
    • Free One-day Advanced Virtualization Seminar
  3. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  4. Tech Briefing
    • Perilous Migrations: XP to Windows 7?
    • 9 Dirty Tricks: Social Engineers' Favorite Pick-Up Lines
    • Microsoft Advances Virtual Desktop Beta
    • Expert Video Series: Mark Minasi On Vista Deployment
    • Tip: Scripting Domain Controller Installation
  5. Windows Server News
    • All-in-One Guide: Windows Server Backup And Recovery
  6. WServer Third Party News
    • Just LOOK At This Latest List Of Vulnerabilities...
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Justify Your Raise With Next Month'S Energy Bill!
Justify your raise with next month's energy bill!

Save energy costs by centrally establishing power schemes and shutting down inactive machines. Take 2 minutes to download ScriptLogic's Desktop Authority and save budget on company energy bills. Managing your desktops with Desktop Authority will also help justify your next salary increase by reducing help desk and administrative costs while increasing user productivity. Try Desktop Authority free for 30 days and receive the new eBrief entitled "Windows Desktop Administration". Download Desktop Authority Today:
http://www.wservernews.com/090223-Desktop-Authority


Editors Corner

IT People Still Expect Pay Hike

The economy may be doing a swan-dive, but IT people are able to use new certifications to drive up their pay. Not everyone in IT may get a raise in 2009, and not all certs are worth your timele, but those of you with critical skills probably will see a pay raise. The premium paid for IT certifications has been declining steadily over the last several years, but some specialties still command good money. Foote Partners' IT Skills and Certifications Pay Index shows that recent big winners have centered around security and architecture. Here's a list of the hottest certifications at the BaselineMag site. And while you are there, also make sure to check out the '10 Certifications Not Worth the Trouble' - You may be surprised:
http://www.wservernews.com/090223-IT-Certifications


Microsoft Offers Recession Break On Support Pricing

Microsoft says it will keep its legacy support pricing at 2008 levels in 2009 to help customers control costs during the recession. Microsoft typically raises its support pricing each year, with the pricing established three years in advance. Microsoft announced Feb. 17 that it will keep its legacy support pricing at 2008 levels this year to help customers control costs during the recession. More at eWEEK:
http://www.wservernews.com/090223-Microsoft-Recession-Break


Consultant? Reseller? VAR? Read This:

"Of all our vendors your sales & support staff are the most responsive. Thank you." -- TKW Consulting Engineers Inc.

"I greatly appreciate the prompt response time of your US-based tech support! And the ease of use in your partner program for both licensing and ordering. I switched from being a ZoneAlarm and F-Secure partner and now will choose Sunbelt every time for my clients. Keep up the great work!" -- Craig Swinteck (Ninja and VIPRE Enterprise reseller)

Quotes Of The Week:

"If you had to identify, in one word, the reason why the human race has not achieved, and never will achieve, its full potential, that word would be 'meetings.'" -- Dave Barry.

"Never let a computer know you're in a hurry." -- Anonymous

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/090223-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Kiss Your AntiVirus Bloatware Goodbye

VIPRE Enterprise is now available with a special $10 per seat Competitive Upgrade Offer. Test Drive VIPRE Enterprise free for 30 days and see for yourself how easy it is to deploy and manage. Your users will stop calling to complain their workstation is slow. When you compare VIPRE to Symantec, McAfee, or Trend Micro, you WILL want to switch! Get Your Download Here:
http://www.wservernews.com/090223-VIPRE-Enterprise

Webinars and Seminars

Ninja Email Security Product Demonstration

Tuesday, March 3, 2009, 2:00pm - 2:30pm EST. Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, and other malware. Ninja Email Security is an 'all-in-one' integrated and policy-based email security solution that helps you to fight spam, viruses, trojans, phishing and other email security threats with a series of 'best-of-breed' plug-ins. Register here:
http://www.wservernews.com/090223-Ninja-Demo


VIPRE Enterprise Product Demonstration

Tuesday, March 10, 2009, 2:00pm - 2:30pm EST. VIPRE Enterprise is designed to optimize overall performance by melding antivirus and antispyware together into one, single, powerful engine. This combination of technologies gives you high-performance software that doesn't slow down users' PCs, is low on system resources, and makes it easy for you to protect your network.
http://www.wservernews.com/090223-VIPRE-Enterprise-Demo


Kiss Your AntiVirus Bloatware Goodbye: A Look at VIPRE Enterprise

Tuesday, March 17, 2009, 2:00pm - 3:00pm EST. VIPRE Enterprise is designed to optimize overall performance by melding antivirus and antispyware together into one, single, powerful engine. This combination of technologies gives you high-performance software that doesn't slow down users' PCs, is low on system resources, and makes it easy for you to protect your network.
http://www.wservernews.com/090223-End-of-Antivirus


Affordable, Enterprise Email Archiving

Tuesday, March 24, 2009, 2:00pm - 3:00pm EST. Join us for a look at Sunbelt Software's Exchange email archiving and compliance solution, Sunbelt Exchange Archiver. If you need a powerful, easy to use, enterprise-class email archiving tool that automatically enables you to comply with all requirements, and allows you or your end-users to transparently retrieve any archived email, then don't miss this webinar!
http://www.wservernews.com/090223-Email-Archiving


Free One-day Advanced Virtualization Seminar

Join your virtualization peers and our independent experts at this free one-day event, kicking off in Indianapolis in March and traveling to five other cities this year. Learn how to fully utilize your virtual hardware, tackle advanced management and compliance obstacles, and achieve maximum cost, time and energy savings. In today's economic climate, you can't afford to miss these proven tips, best practices and strategies. Again, admission is free, but seating is limited - get your application in today!
http://www.wservernews.com/090223-Data-Center-Seminar


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without:

Free Asus Mini Laptop! Download any ScriptLogic product for a chance to win.
http://www.wservernews.com/090223-Active-Directory-Toolbox

Have you lost your SURF CONTROL? Catch the next wave in Web Filtering with iPrism, the #1 Web filtering appliance. Sign up for a Web Demo today and get a free WIPEOUT T-shirt:
http://www.wservernews.com/090223-iPrism

SolarWinds offers a free Cisco IP Service Level Agreement monitoring tool, handy to analyze performance between sites. Did I mention it was free?
http://www.wservernews.com/090223-SLA-Monitor


Tech Briefing

Perilous Migrations: XP to Windows 7?

Redmond is warning WinXP business customers: Better Vista than Windows 7. Huh? Well, Gavriella Schuster (a member of the Windows Product Management team and at Microsoft for 13 years) posted as much on the new "Windows for Your Business" blog. She wrote: "We know some of our customers are considering waiting for Windows 7 instead of deploying Windows Vista today. We want these customers to understand the following considerations, so they are not surprised later on:
  • You may find your company in situations where applications are no longer supported on Windows XP and not yet supported on Windows 7.
  • You will want to take time to evaluate Windows 7 just as you evaluate any new operating system for your environment prior to deployment (see deployment realities above). As Windows 7 is planned to be released in about 3 years after Windows Vista, the total period that many customers will likely be waiting prior to deploying Windows 7 in their environment will likely be in the range of 5 years after Windows Vista release."
I'm not sure if this is FUD. There is something off with this, and some one's logic is faulty, as a lot of people refused to go to Vista because of WinXP incompatibilities, and Win7 is the next iteration of Vista... Tell me what you think? Here is the full blog post with a lot more data:
http://www.wservernews.com/090223-Windows-Deployments


9 Dirty Tricks: Social Engineers' Favorite Pick-Up Lines

What the average guy might call a con is known in the security world as social engineering. Social engineering is the criminal art of scamming a person into doing something or divulging sensitive information. These days, there are thousands of ways for con artists to pull off their tricks. Here we look at some of the most common lines these people are using to fool their victims. Read full story here:
http://www.wservernews.com/090223-Pick-Up-Lines


Microsoft Advances Virtual Desktop Beta

Microsoft released the initial beta of desktop virtualization software last March. Microsoft Enterprise Desktop Virtualization (MED-V) in subsequent releases will let Windows administrators create portable and independent desktops that do not affect the host environment. In this article, learn more about what you can expect from Microsoft for desktop virtualization in the coming months: (Registration Required)
http://www.wservernews.com/090223-Virtual-Desktop-Beta


Expert Video Series: Mark Minasi On Vista Deployment

In this video series, Windows guru and best selling author, Mark Minasi discusses everything you need to know about Windows Vista migration, deployment and management. Learn what tools you need to migrate to Vista correctly, plus get proven best practices for managing and working in a Vista environment. These videos are a great guide for anyone who is planning their Vista migration or that has already deployed Vista in their organization - check it out now!
http://www.wservernews.com/090223-Vista-Deployment


Tip: Scripting Domain Controller Installation

Scripts for the automated installation of Microsoft Active Directory have been around since Windows 2000, but not many administrators have ever come across the need to script the installation of a domain controller (DC) - until now. Server Core in Windows Server 2008 arrives without a graphical user interface (GUI), and the only way to turn a Server Core member server into a Server Core DC is through the command line. This tutorial discusses best practices for scripting your DC installations: (Registration Required)
http://www.wservernews.com/090223-Scripting-DC-Installations


Windows Server News

All-in-One Guide: Windows Server Backup And Recovery

This All-in-One Guide is a collection of resources to help you protect data in Windows servers, desktops and mission-critical applications. The guide is organized into four chapters on Windows operating systems, Active Directory, Exchange Server and SQL Server. Each chapter includes segments with strategies, tools, best practices and troubleshooting advice. Access this valuable resource now.
http://www.wservernews.com/090223-Backup-Recovery-Guide


WServer Third Party News

Just LOOK At This Latest List Of Vulnerabilities...

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.
New Checks
L1891 Xterm DECRQSS escape handling flaw - FC
L1892 Thunderbird multiple security vulnerabilities - FC
L1893 ProFTPd CSRF via long ftp:// URL vulnerability - FC
L1894 Samba trans request cut and paste errors - FC
L1895 Zoneminder apache 600 config overwrite vulnerability - FC
L1897 Am-utils expn PID temp file vulnerability - FC
L1898 P7Zip archiver flaws reported by Oulu - FC
L1901 Xine-lib heap and integer flaws - FC
L1902 Amarok Audible:Tag::readTag function flaws - FC
L1903 Moodle spell-check-logic.cgi vulnerability - FC
L1906 Tor remote heap-corruption bug - FC
L1907 Nessus-libraries OpenSSL DSA_do_verify flaw - FC
L1908 Nessus-core OpenSSL DSA_do_verify flaw - FC
L1909 Nessus-core OpenSSL DSA_do_verify flaw - FC
L1910 Dia Python search path vulnerability- FC
L1911 VNC CMsgReader crafted RFB weakness - FC
N109 HTTP Server Vulnerabilities - IOS
S14 UFS logging issues - Solaris 9 - 10
S189 Pseudo-terminal pty driver system panic Vulnerability - Solaris 8-10
L1860 BIND OpenSSL DSA_verify certificate bypass flaw - SuSE
L1861 SquirrelMail insufficient HTML sanitization - SuSE
L1862 Gnutls certificate chains verification flaw - SuSE
L1863 Rubygem-activerecord limit and offset weaknesses - SuSE
L1864 RubyGem Actionpack CRLF injection response splitting flaw - SuSE
L1865 Samba trans request cut and paste errors - SuSE
L1866 Dbus-1 corrupt signature validation error - SuSE
L1867 PDNS Nameserver distributor-threads=1 error - SuSE
L1868 Php_IMAP rfc822.c legacy error - SuSE
L1869 Pam_krb5 existing_ticket configuration flaw - SuSE
L1870 ClamAV stack consumption in libclamav flaw - SuSE
L1871 Java-1.5.0-sun multiple system flaws - SuSE
L1872 FreeRadius dialup admin temp file overwrite flaw - SuSE
L1873 Wireshark multiple security vulnerabilities - SuSE
L1874 MySQL CREATE TABLE privilege bypass - SuSE
L1875 UW IMAP smtp.c QUITclose & off-by-one errors - SuSE
L1876 Rsyslog AledSender bypass & bogus imudp message flaws - SuSE
L1877 Courier-Authlib non-Latin apostrophe query flaw - SuSE
L1878 Nfs-utils hosts_ctl incorrect argument order flaw - SuSE
L1879 Libxml2 parser malformed content weaknesses - SuSE
L1880 Python imageop & expandtabs overfs - SuSE
L1881 Jhead DoCommand long -cmd argument error - SuSE
L1882 Git web interface shell git_snapshot and git_object flaws - SuSE
L1883 Samba trans request cut and paste errors - SuSE
L1884 Vinagre format string flaw in utils_show_error - SuSE
L1885 Opera multiple security vulnerabilities - SuSE
L1886 ImLib2 XPM load function pointer error - SuSE
L1887 Valgrind search path vulnerability - SuSE
L1888 KVM multiple security vulnerabilities- SuSE
L1889 CUPS re-issue update for HPGL & ImageReadPNG flaws - SuSE
L1890 Xterm DECRQSS escape handling flaw - SuSE
L1899 OpenSSL certificate return value check flaw - FC
L1900 BIND OpenSSL DSA_verify certificate bypass flaw - FC
L1904 UW IMAP smtp.c QUITclose & off-by-one errors - FC
L1905 NTP return value bypass error - FC
S90 IPv6 packet handling may induce panic - Solaris 10
S222 Libike in.iked packet handling Vulnerability - Solaris 9 - 10
S235 BIND/Named EVP_VerifyFinal() DNSSEC Signature Vul- Solaris 9 - 10
S236 Java System App Server Information Publicly Available - Solaris
S308 Autofs kernel module Vulnerability - Solaris 8 - 10
W2092 CA Anti-Virus Engine archive scanning bypass
W2106 WFTPD command handling vulnerability
W2163 IBM DB2 Data Stream Processing Vulnerabilities
W2287 Cisco Security Manager Vulnerability

Updated Checks W1142 Anti-virus Signature Outdated - McAfee W1986 Anti-virus Signature Outdated - Symantec W1999 Anti-virus Signature Outdated - Trend Micro W2067 Anti-virus Signature Outdated - F-Secure W2070 Anti-virus Signature Outdated - CA eTrust W2460 MSN Messenger GIF Vulnerability W3520 Office Excel 2007 Format Parsing vulnerabilities - W2K/W2K3/XP/Vista M76 ClamXav / Clamav signatures not the latest - Mac OS X M80 Virex signature file out of date - Mac OS X S33 ClamAV signatures not updated - Solaris S435 UFS filesystem ACL vulnerability - Solaris W3385 Microsoft SQL Server Could Al Elevation of Privilege W3386 Microsoft SQL Server Could Al Elevation of Privilege
Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 161 was released January 30, 2009. Sunbelt Software recommends you download the new SNSI version 2.0.2670.0 Definition Set 161, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/090223-SNSI


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

Justify Your Raise With Next Month'S Energy Bill!

Save energy costs by centrally establishing power schemes and shutting down inactive machines. Take 2 minutes to download ScriptLogic's Desktop Authority and save budget on company energy bills. Managing your desktops with Desktop Authority will also help justify your next salary increase by reducing help desk and administrative costs while increasing user productivity. Try Desktop Authority free for 30 days and receive the new eBrief entitled "Windows Desktop Administration". Download Desktop Authority Today:
http://www.wservernews.com/090223-POTW