Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 14, #11 - Mar 2, 2009 - Issue #716
Redmond and Citrix Cozy Up; Citrix Bombs VMware

This issue of WServerNews is sponsored by
  1. Editors Corner
    • Redmond and Citrix Cozy Up; Citrix Bombs VMware
    • Download Latest Virtualization Report Free
    • Vista SP2 Expected In April - What's New?
    • Quotes Of The Week
  2. Webinars and Seminars
    • VIPRE Enterprise Product Demonstration
    • Affordable, Enterprise Email Archiving
  3. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  4. Tech Briefing
    • Office 14 Won't Be Coming Out This Year
    • Matching Virtual Desktop Technologies To Your Users' Needs
    • Tutorial: Planning Global Sharepoint Deployments
    • The Efficacy Of Backup-as-a-Service Solutions
    • Tip: Disaster Recovery Strategies For Hyper-V
  5. Windows Server News
    • Microsoft Readying Low-cost Windows Server OS
    • Pitching Server Virtualization To Customers
    • VMware Adds vShield Security Appliance
  6. WServer Third Party News
    • New Batch Of Holes
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Triple Support Without Increasing Staff
Tripple Support Without Increasing Staff

Experts say that more than 40% of help desk calls pertain to password issues, costing the company $30 - $60 per call. Factor in security requirements, new employees and password management can overwhelm your help desk team. You can automatically reduce help desk workload with myPassword and drive productivity through the roof without increasing costly overhead. myPassword enables end users to reset their password in a secure environment with email notification. Instant 40% ROI.
http://www.wservernews.com/090302-myPassword


Editors Corner

Redmond and Citrix Cozy Up; Citrix Bombs VMware

There is a VMworld Europe going in in the south of France. While eating Camembert and drinking Merlot, Citrix and Redmond announced something interesting for virtual machine admins, and who isn't one these days. The new initiative is called "Project Encore".

It boils down to this. Redmond is behind in terms of enterprise management features of Hyper-V, and knows it. So they partnered with Citrix which will provide advanced server virtualization management through Citrix Essentials (CE). CE builds adds management capabilities to Hyper-V for storage management, physical/virtual server provisioning, and lab management automation. Both Redmond and Citrix will offer CE through their channels. That closes the functionality gap with VMware, and allows Microsoft to take the time to write all that stuff in-house and replace CE later, as they usually do. This move puts pressure on VMware which is still by far the market leader.

In the mean time, orchestrated to coincide with that same VMworld show, Citrix made a strategic strike on VMware. They announced they are to stop selling XenServer 5 and give it away for free! Remember, this is the open source virtual infrastructure code that Citrix added a bunch of features to.

Citrix claims VMware charges $50K for a 10-server environment for equivalent code. Obviously Citrix is attacking VMware's revenue stream. XenServer is pretty complete, as it has a 64-bit hypervisor, all-you-can-eat virtual machines, unlimited memory, support for eight virtual CPUs, multi-server management, Active Directory integration, resource pools, live migration, advanced storage management, native Windows and Linux support and a centralized management console. Wow.

Download Latest Virtualization Report Free

This one is actually worth it, so heads-up! Download the latest research on Virtualization from independent analyst firm, Directions on Microsoft, for FREE. Directions on Microsoft, the world's only analyst firm that focuses exclusively on Microsoft technology and strategy, is giving WServerNews Subscribers a chance to review its research report entitled: The Windows Server Virtualization Platform.

This report outlines the hardware virtualization software that Microsoft offers, looks at the tools Microsoft provides for managing virtualized servers, and examines the licensing and support implications of deploying hardware virtualization. For Microsoft, hardware virtualization offers an opportunity to move customers to the new Windows Server 2008, and Microsoft partners can assist customers in planning and migration of existing computing workloads and applications to a virtualized environment and with ongoing management of the VMs. This is an exclusive WServerNews offer.

Download your copy today, but hurry as this opportunity won't last long.
http://www.wservernews.com/090302-Virtualization-Report


Vista SP2 Expected In April - What's New?

They shipped the Release Candidate this week and this is a normal service pack, unlike Vista SP1. The new Vista SP2 grabs all the hotfixes and other updates since SP1, which means you need to deploy SP1 before SP2. It's also a shared release between Vista and W2K8 Server. Do not get confused though, the actual Service Pack code is the same, however for Vista it's SP2 but for W2K8 it's SP1 as Redmond has at last been able to align the client and server OSen. Vista SP2 does have a few functional updates and here are a few of the highlights, starting with one I like a lot: compcln

Compcln is a service pack clean-up tool that kills older versions of the Service Packs and RTM that SP2 replaces. I'm sure that this tool can save you a lot of disk space, but think about using it to reduce the size of future install images. Other highlights:
  • Power management improvements (10% more efficient than before)
  • Windows Search 4.0 with enhanced Group Policy support and more
  • Wi-Fi is simplified, as SP2 now has the new Windows Connect Now code
  • Native Blu-ray data disc writing
  • Extended FAT overcomes 4GB file size and folder content limits
Some of the SP2 changes are only for W2K8, as Hyper-V 1.0 is included with one free guest OS installation in its pocket for the Standard Edition and more OS guests included with the more expensive flavors. You get all-you-can-eat with the Datacenter version. Oh, and Win7 might even ship coming September!

Quotes Of The Week

"The difference between school and life? In school, you're taught a lesson and then given a test. In life, you're given a test that teaches you a lesson." -- Tom Bodett, American Author.

"We make money the old fashioned way. We print it." -- Art Rolnick, former Chief Economist, Minneapolis Federal Reserve Bank

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/090302-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]


Kiss Your AntiVirus Bloatware Goodbye

VIPRE Enterprise is now available with a special $10 per seat Competitive Upgrade Offer. Test Drive VIPRE Enterprise free for 30 days and see for yourself how easy it is to deploy and manage. Your users will stop calling to complain their workstation is slow. When you compare VIPRE to Symantec, McAfee, or Trend Micro, you WILL want to switch! Get Your Download Here:
http://www.wservernews.com/090302-VIPRE-Enterprise

Webinars and Seminars

VIPRE Enterprise Product Demonstration

Tuesday, March 10, 2009, 2:00pm - 2:30pm EST. VIPRE Enterprise is designed to optimize overall performance by melding antivirus and antispyware together into one, single, powerful engine. This combination of technologies gives you high-performance software that doesn't slow down users' PCs, is low on system resources, and makes it easy for you to protect your network:
http://www.wservernews.com/090302-VIPRE-Demo

and

Kiss Your AntiVirus Bloatware Goodbye: A Look at VIPRE Enterprise Tuesday, March 17, 2009, 2:00pm - 3:00pm EST.
http://www.wservernews.com/090302-Goodbye-Bloatware


Affordable, Enterprise Email Archiving

Tuesday, March 24, 2009, 2:00pm - 3:00pm EST. Join us for a look at Sunbelt Software's Exchange email archiving and compliance solution, Sunbelt Exchange Archiver. If you need a powerful, easy to use, enterprise-class email archiving tool that automatically enables you to comply with all requirements, and allows you or your end-users to transparently retrieve any archived email, then don't miss this webinar:
http://www.wservernews.com/090302-Email-Archiving


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without:

Simplify your life with mPowerTools - 100+ Reports - Tackle AD chores in bulk - A Search & Replace Tool - you'll never script again & no 3rd party databases!
http://www.wservernews.com/090302-mPowerTools

Download any ScriptLogic Exchange Product for a Chance to Win a Free ASUS Mini Laptop, Limited Time Only:
http://www.wservernews.com/090302-Active-Directory-Management

Switch Your Web Filter. Save on renewals and experience iPrism, the #1 Web filtering appliance. The iPrism Switch Kit makes it easy and seamless to ditch your current web filter:
http://www.wservernews.com/090302-iPrism


Tech Briefing

Office 14 Won't Be Coming Out This Year

Steve Ballmer let the cat out of the bag last week: the next version of Microsoft Office won't be released until 2010, which pretty much means it won't launch in conjunction with Windows 7, since that OS is expected out sometime in 2009. PC World asks "does anybody care?" and although I am vaguely eager to see what new features turn up in the next Office, I'm certainly not longing for its release as I am with Win7. Read more here:
http://www.wservernews.com/090302-Office14


Matching Virtual Desktop Technologies To Your Users' Needs

With so many up-and-coming virtual desktop technologies available, now is the time to try them as you consider re-centralizing the bulk of your desktops during a desktop refresh cycle. In this tip, learn how you can provide the best possible work environment for your users, while also meeting corporate and regulatory requirements such as securing physical and intellectual assets, lowering the cost of purchasing and deploying, and updating desktop and mobile devices. (registration required)
http://www.wservernews.com/090302-Virtual-Desktop


Tutorial: Planning Global Sharepoint Deployments

The more centralized your SharePoint deployment is, the better it works - but your remote users might not be very happy. This tip discusses the challenges of a global SharePoint deployment and the pros and cons of three main distribution options for deployment: centralized, regional and distributed:
http://www.wservernews.com/090302-SharePoint


The Efficacy Of Backup-as-a-Service Solutions

Years ago, IT professionals began offloading end-point protection to antivirus-as-a-service vendors, and recently there's been more offloading to email-as-a-service purveyors. However, now there's yet another solution that eliminates the headache of monitoring daily backups: "backup as a service" (BaaS). But is BaaS right for your organization? Find out in this tip:
http://www.wservernews.com/090302-Backup-as-a-Service


Tip: Disaster Recovery Strategies For Hyper-V

Despite the Hyper-V's infancy, there are several disaster recovery options for this new hypervisor. This tip explains why Hyper-V is an excellent platform for business continuity, which components native to Hyper-V help implement a disaster recovery strategy and which additional tools you'll need to make a Hyper-V DR strategy run efficiently. But personally the very first thing I would look at is Double-Take. (To get access to this article you must register)
http://www.wservernews.com/090302-Hyper-V


Windows Server News

Microsoft Readying Low-cost Windows Server OS

PCWorld reported that Microsoft is readying a new low-cost version of Windows Server to give customers a server OS similar to client OSes that run on low-cost PCs. Microsoft plans to release "something akin to" a Netbook version of Windows, but for servers, not PCs, over the next month or two, Microsoft CEO Steve Ballmer said on a call with members of the financial community on Tuesday.

"We don't exactly have a Netbook phenomenon, but if somebody can buy a [US]$500 server, they're a little loathe to spend $500 for the server operating system that goes with it," Ballmer said. He described the software as a "low-cost, low-price, low-functionality Windows Server SKU" called "Foundation Edition," but did not offer more details. More:
http://www.wservernews.com/090302-Low-Cost-Win-Server


Pitching Server Virtualization To Customers

Server virtualization is one of the hottest tools on the market, but solutions providers need to sell solutions to customers' problems, not tools. In this tip, learn how to successfully pitch server virtualization projects to customers by focusing on the business value, rather than the underlying technology:
http://www.wservernews.com/090302-Server-Virtualization


VMware Adds vShield Security Appliance

Also at VMworld Europe this week, VMware announced vShield Zones, a brand spanking new security virtual appliance for their Virtual Datacenter Operating System (VDC-OS), both products are expected later in 2009. The device is claimed to enable strict compliance with security policies and industry regulations for user data as customers adopt cloud computing.

With vShield Zones, you can create logical zones in a virtual datacenter that span all the shared physical resources, with each zone representing a distinct level of trust and confidentiality. That allows you to comply with corporate security policies and regulations on data privacy while running applications on shared computing resource pools.

WServer Third Party News

New Batch Of Holes

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.
New Checks
L2032 Asterisk manager interface user login response flaw - FC
L2033 Moodle XSS and other sensitive data disclosure errors - FC
L2034 DNS Masq ISC BIND insufficient randomness flaw - FC
L2035 Fail2ban weak RegEx forced authentication failure - FC
L2036 Net-SNMP fmtaddr function TCP wrapper host.allow bypass - FC
L2037 perl-Crypt-OpenSSL-DSA return value verify failure - FC
L2038 Libresample manager interface user login response flaw - FC
L2039 DAHDI manager interface user login response flaw - FC 
L2040 Python-fedora verify_password return True for all inputs flaw - FC
L2041 SquidGuard trailing dot filter bypass weakness - FC
L2043 Lighttpd http_request URL pattern & mod_user flaws - FC
L2067 Libpng3 png_read png_check_keyword & zTXt chunk errors - MDV
L2068 Php-Smarty expand_quoted_text error - MDV
L2069 CUPS re-fix for integer overflow - RHE 
L2070 Imap long folder extension overflow vulnerability - RHE
L2071 CUPS re-fix for integer overflow - SciLinux
L2072 Imap long folder extension overflow vulnerability - SciLinux
L2073 CUPS re-fix for integer overflow - Oracle Linux
L2074 Imap long folder extension overflow vulnerability - Oracle Linux
L2075 Adobe Flash-plugin SWF display flaws - RHE
L2076 Adobe Flash-plugin SWF display flaws - RHE
L2031 Xine-lib untrusted matroska_id and _TAG flaws - FC
L2042 Squid HTTP special request weakness - FC
L2044 Gnumeric Gobject search path Python file weakness- MDV
L2045 Mozilla Firefox multiple security vulnerabilities - MDV
L2046 Mozilla related security vulnerabilities - MDV
L2047 Epiphany Mozilla related security vulnerabilities - MDV
L2048 Galeon Mozilla related security vulnerabilities - MDV
L2049 Gecko-sharp2 Mozilla related security vulnerabilities - MDV 
L2050 Gnome-Python Mozilla related security vulnerabilities - MDV
L2051 Mailcap Mozilla related security vulnerabilities - MDV
L2052 Mono-tools Mozilla related security vulnerabilities - MDV
L2053 BlogRovR Mozilla related security vulnerabilities - MDV
L2054 Foxmarks Mozilla related security vulnerabilities - MDV
L2055 ScribeFire Blog Editor Mozilla related vulnerabilities - MDV
L2056 Ruby Mozilla related security vulnerabilities - MDV
L2057 Totem Mozilla related security vulnerabilities - MDV
L2058 Mozilla related security vulnerabilities - MDV
L2059 Mozilla related security vulnerabilities - MDV 
L2060 Beagle Search Mozilla related security vulnerabilities - MDV
L2061 Mozilla thunderbird-beagle related security vulnerabilities - MDV
L2062 PHP html_dec_flush() error & ZipArchive flaws - MDV
L2063 Python sys.path handling flaw - MDV
L2064 Epiphany search path vulnerability - MDV
L2065 Pycrypto ARC2 Key length weakness - MDV
L2066 Pycrypto ARC2 Key length weakness - MDV 
M40 Adobe Reader PDF JavaScript Zero-Day Vulnerability
M92 Adobe Flash Player SWF DNS Domain Policy & other vuln. - Mac OS X
S187 Adobe Reader PDF JavaScript stream Zero-Day Vulnerability - Solaris
S233 Nscd cache failures for Cluster 3.2 - Solaris 10
W51 Autorun Implementation
W2332 Cumulative ActiveX Killbits - February 2009
W2547 Adobe Acrobat / Reader Zero-Day PDF file handling Vulnerability
W2835 Adobe Flash Player 9 Multiple Vulnerabilities
W3151 Adobe Flash Player Multiple vulnerabilities
W3154 Java 6.0 latest update not installed
W3555 Excel Zero Day Remote Code Execution Vulnerability  

Updated Checks H23 Csh/ksh/sh-posix - here document Unsafe Temporary Files - HP-UX 1011 H135 OpenView Operations/VantagePoint JRE vulnerability W1142 Anti-virus Signature Outdated - McAfee W1986 Anti-virus Signature Outdated - Symantec W1999 Anti-virus Signature Outdated - Trend Micro W2067 Anti-virus Signature Outdated - F-Secure W2070 Anti-virus Signature Outdated - CA eTrust W2737 Adobe Flash Player Plug-in Vulnerabilities W2779 Adobe Flash Player Animation File Vulnerability - Windows XP H173 DCE Vulnerability and World Time Zones update - HP-UX 11 M76 ClamXav / Clamav signatures not the latest - Mac OS X M80 Virex signature file out of date - Mac OS X S33 ClamAV signatures not updated - Solaris S101 SSH CBC-mode Vulnerability - Solaris 9-10 W3376 Adobe Flash Player Clickjacking Vulnerability
Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 165 was released February 27, 2009. Sunbelt Software recommends you download the new SNSI Vulnerability Update Definitions 165, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/090302-SNSI


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.




WServerNews - Product of the Week

Triple Support Without Increasing Staff

Experts say that more than 40% of help desk calls pertain to password issues, costing the company $30 - $60 per call. Factor in security requirements, new employees and password management can overwhelm your help desk team. You can automatically reduce help desk workload with myPassword and drive productivity through the roof without increasing costly overhead. myPassword enables end users to reset their password in a secure environment with email notification. Instant 40% ROI.
http://www.wservernews.com/090302-myPassword-POTW