|
Vol. 14, #21 - May 11, 2009 - Issue #726
|
|
Surprise! Win7 Runs On What? (And What Not...)
|
- Editors Corner
- Surprise! Win7 Runs On What? (And What Not...)
- SMBs Often Hit Hardest By Botnets
- VIPRE Enterprise Finalist In Best Of TechEd Security Category
- Quotes Of The Week
- Webinars and Seminars
- Sunbelt at TechEd Booth 111
- Webinar: VIPRE Enterprise Product Demonstration
- Free Virtual Seminar: Desktop and App Virtualization - June 4
- BriForum 2009 - coming to Chicago, July 21 - 23
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- VMware Hole: A Windows VM Can Control The Host
- True Believers: The Biggest Cults In Tech
- Cloud Computing And Desktop Virtualization: Q&A With Mark Minasi
- Coming Soon: SearchCloudComputing.com!
- Microsoft To Patch PowerPoint Zero-Day Bug On Tuesday
- Windows Server News
- Microsoft Enhances IT Process Automation In Service Manager Beta
- Planning For Scalability In Sharepoint Server Governance
- Top 10 Sharepoint Implementation And Deployment Resources
- WServer Third Party News
- Check Out The Latest Slate Of Vulnerabilities
- Double-Take Announces New Pricing and Licensing Model for Virtual Systems
- WServerNews Fave Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- Image Spam Returns With A Vengeance
|
|
Image Spam Returns With A Vengeance
Spammers have turned back the clock and are recycling a years-old tactic by
planting their messages in images. It accounted for about 25% of all the spam
by the end of last month. Ninja Email Security has a dedicated image-spam
engine as one of the security layers. Ninja protects your users from viruses,
malware, phishing and spam in an incredibly user-friendly way for both the
admin and the end-user. If you buy VIPRE Enterprise you can get Ninja with a
great discount. Ninja runs on thousands of production sites. Check it out here:
http://www.wservernews.com/090511-Ninja-Email-Security
|
|
 |
Editors Corner |
|
Surprise! Win7 Runs On What? (And What Not...)
For Starters Preston Gralla reports that if you want both Win7 and Mac OS X,
that's possible. You can get the best of both worlds by running Win7 RC1 on
a Mac and it even runs fine on a Macbook Air if you use Sun's VirtualBox to
run the various versions of Windows. We tried Bootcamp here and that works
too.
Randall Kennedy in his blog is griping after a week of poking, prodding and
tweaking Win7 and he's convinced that XP mode isn't so much a gift from
Microsoft as it is potential curse to IT shops everywhere. As he noted in his
formal review of the beta XP mode release, a primary concern will be the need
to maintain two separate OS images: one for the local host system (Win7) and
another for the virtualized XP mode image (WinXP). However, there are numerous
minor - and some major - usability gotchas that will likely frustrate both
end-users and support professionals.
But... run a netbook? Fuhgeddaboutit. Redmond claims that Win7 is nimble
enough to run on underpowered netbooks. But it also admits that its enticing
new XP Mode may not work on netbooks or many other modern PCs.
XP Mode has several strict requirements: 2GB of RAM; Win7 Pro, Enterprise, or
Ultimate flavors. But most limiting, it wants CPU hardware virtualization
support. Most netbooks run Intel's Atom N270 processor, which lacks Intel's
VT hardware virtualization. Ouch. Same is true for the N280, which is pretty
new. Worse yet, there is also no support for hardware virtualization support
for Atom CPUs for so-called net-top mini-desktop PCs, the 230 and the
dual-core 330.
To pile up some more bad news (sorry) Win7 may not be much faster than Vista.
Many early reviewers have said that the new OS seems peppier than Vista. But
tests of the Win7 RC1 in the PC World Test Center found that while Win7 was
slightly faster on the WorldBench 6 suite, the differences may be barely
noticeable to users. Each PC was slightly faster when running Win7, but in
no case was the overall improvement greater than 5 percent, the threshold
for when a performance change is noticeable to the average user. Here is
the full article:
http://www.wservernews.com/090511-Windows7
SMBs Often Hit Hardest By Botnets
The Darkreading security site came out with a very interesting article this
week. They focused on the fact that bot infections and spam can be 'silent
killers' for Small and Midsize Business (SMB) due to the drain on email
servers and network resources.
And of course this is true. A small or midsize business is ultimately a more
attractive target for spammers, botnet operators, and other attackers than a
home user, mainly because they have a treasure trove of valuable data, and more
powerful servers, but often without the sufficient IT and security resources
to protect it.
While everyone gets hit, it's the SMBs that are getting hurt the worst. Home
machines are obviously the easiest targets, but SMBs are softer targets than
Fortune 500 companies that have the resources to build layered security.
Our friend Randy Abrams, director of technical education for Eset said:
"It makes a targeted attack a profitable investment."
Spammers use their botnets not only for sending unwanted email to SMBs, but
also for gathering new email addresses and bot recruits. "They are after
sensitive data, as well," says David Setzer, CEO of Mailprotector, an email
security service provider. They want to recruit a new spam relay/bot, but
they also throw in a keylogger to sniff for usernames and passwords, and
try to grab as much lucrative sensitive data as possible, he says.
This article is worth checking out and is great ammo to send up the flagpole
if your budgets are under pressure:
http://www.wservernews.com/090511-Botnets-Hit-SMB
VIPRE Enterprise Finalist In Best Of TechEd Security Category
The Best of TechEd 2009 Awards Finalists were announced, a week before the
show. We are thrilled to report that VIPRE Enterprise is one of the three
products in the Security Category. Here is the full list of finalists in 11
categories, great for shortlists if you need new tools:
http://www.wservernews.com/090511-Best-of-TechEd
Quotes Of The Week
"The great thing about being a pessimist is that you are constantly either
being proven right or pleasantly surprised." -- George Will, News commentator
"Energy and persistence conquer all things." -- Benjamin Franklin
Warm regards, and thank you for being a WServerNews subscriber. No trees
were killed in the sending of this message, but a large number of electrons
were terribly inconvenienced. Please tell your friends about us.
They can subscribe here:
http://www.wservernews.com/090511-Subscribe
PS: Did you know this newsletter has a sister publication for XP users
called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/090511-WXPNews
PPS: And of course we also have our weekly VistaNews. You can subscribe
here, and tell your friends too:
http://www.wservernews.com/090511-VistaNews
|
|
Automated Uninstall of Symantec AV
No more 2-day SEP V11 Migration Classes! Sunbelt built VIPRE Enterprise; a
completely new technology combining corporate antivirus plus an enterprise
antispyware solution for total endpoint security designed by admins for admins.
And that means EASY DEPLOYMENT. Save your IT budget and don't renew products
from Symantec, McAfee and Trend Micro, Learn how VIPRE Enterprise takes much
less resources than the competition! It's clearly time to ditch expensive,
bloated, old-style AV products. Get your 30-day eval here:
http://www.wservernews.com/090511-VIPRE-Enterprise
|
|
<
|
Webinars and Seminars |
|
Sunbelt at TechEd Booth 111
Microsoft TechEd is the premier technical education and networking event for
any technology professional (IT Professional or Developer) interested in
learning, connecting and exploring a broad set of current and soon-to-be
released Microsoft(r) technologies, tools, platforms and services. The five-day
event focuses on technical education, product evaluation, and community. The
event includes: Pre-Conference Seminars, Keynote, Breakout Sessions,
Interactive Theater Sessions, Hands-On Labs, Instructor-Led Labs, Community
Programs, Partner Expo, Technical Learning Center, and many social gatherings
and opportunities for networking everywhere you look. Sunbelt Software is a
Bronze Sponsor. VIPRE Enterprise is a finalist in the Best Of TechEd Security
Category. Visit us at booth #111. Date: Mon, May 11, 2009 - Fri, May 15, 2009
Location: Los Angeles, California
Webinar: VIPRE Enterprise Product Demonstration
Tuesday, May 19, 2009, 2:00pm - 2:30pm EDT. VIPRE Enterprise is designed to
optimize overall performance by melding antivirus and antispyware together
into one, single, powerful engine. This combination of technologies gives
you high-performance software that doesn't slow down users' workstations,
is low on system resources, and makes it easy for you to protect your network.
Register at:
http://www.wservernews.com/090511-VIPRE-Demo
Free Virtual Seminar: Desktop and App Virtualization - June 4
Get independent expert advice and best practices for planning, implementing,
and managing your desktop virtualization project at this free one-day online
seminar. You'll hear from top experts including industry analyst and blogger,
Brian Madden along with Senior Solutions Architect at Appliance Technologies,
Michael Keen. In addition to webcast and video presentations, you'll also
have the opportunity to get your questions answered by our experts during
the live Q&A opportunities throughout the day, plus chat with your peers from
across the globe. Learn more about this event and register today:
http://www.wservernews.com/090511-Desktop-Virtualization
BriForum 2009 - coming to Chicago, July 21 - 23
BriForum is the only independent conference 100% dedicated to end-user
virtualization. Join desktop virtualization industry expert and blogger,
Brian Madden and your IT peers from across the globe at the Hilton Chicago
from July 21 - 23. Top-notch industry experts deliver advanced technical
information, tips and strategies on VDI, Terminal Services (including Citrix
XenApp), and application streaming. Plus you'll get hands-on experience with
the newest technologies in our Demo Lab. Don't miss out - this event is only
happening once this year - register today!
http://www.wservernews.com/090511-BriForum
|
|
Tech Briefing |
|
VMware Hole: A Windows VM Can Control The Host
A few weeks ago, VMware announced a patch for a critical vulnerability in
the virtual machine display function. The hole could allow a guest operating
system to run code on the host. The bug affects just about all of VMware
products, including Fusion and ESX. If this bug were exploited, it would
allow an attacker to jump out of say a Windows XP VM instance down to your
host system, say Mac OSX or Windows XP. A security researcher, and guest
blogger for Microsoft Subnet, says that virtualization users should take
note: this type of attack is the Holy Grail for any VM hacker and the
worst-case scenario for the host VM owner. NetworkWorld has the story:
http://www.wservernews.com/090511-VMware-Bug
True Believers: The Biggest Cults In Tech
This one is mostly fun. You may be a member of one of these IT cults or
simply know someone who is. Here's what makes each cult tick.
Spend enough time around technology and it starts to get under your skin.
It could be a gizmo that changed your life, an ancient computer you loved,
or a programming language that took months to master before it finally
clicked. And then, nothing was ever the same again. It became a part of
you. You began to identify with it, even develop a belief system around
it. You may have attended regular meetings of others similarly afflicted,
and openly despised members of other groups. Before you were even aware
of it, you'd joined a cult. More:
http://www.wservernews.com/090511-Cults-in-Tech
Cloud Computing And Desktop Virtualization: Q&A With Mark Minasi
In this expert podcast, Mark Minasi, popular technology author, speaker
and Windows expert explains his views on cloud computing and desktop
virtualization and their impact on desktop management. Minasi tackles
some myths about each, looks at the costs and mulls the cultural impact
of these game changing technologies. Learn more when you listen to this
expert podcast today:
http://www.wservernews.com/090511-Cloud-Computing
Coming Soon: SearchCloudComputing.com!
SearchCloudComputing.com, set to launch this month, will be your
comprehensive resource for the latest cloud computing news, analysis and
case studies. The site will provide IT professionals with real-world
examples of how cloud computing is being used today. You'll learn who
the key players are and how they rate against each other, how the
technology works, and how you consume and pay for it. Plus, you will
be able to access case studies of successful deployments in the cloud
with explanations of new business opportunities and how to tap into
them. Check out the future home of SearchCloudComputing.com to learn
more today!
http://www.wservernews.com/090511-SearchCloudComputing
Microsoft To Patch PowerPoint Zero-Day Bug On Tuesday
Microsoft today said it will deliver just one security update next
Tuesday, a fix for PowerPoint that's probably the patch for a month-old
bug that developers admitted they missed during stress testing.
http://www.wservernews.com/090511-PowerPoint-Patch
|
|
Windows Server News |
|
Microsoft Enhances IT Process Automation In Service Manager Beta
Microsoft's reinvented and long-delayed IT process automation software,
System Center Service Manager, is one step closer to reality. The
company said System Center Service Manager beta 2, due this fall,
will offer a self-service portal along with incident, problem and
change management capabilities. Learn more about the anticipated
release and features of System Center Service Manager beta 2 in this
article:
http://www.wservernews.com/090511-Process-Automation
Planning For Scalability In Sharepoint Server Governance
Performance and scalability are two critical, but often overlooked,
considerations in a SharePoint governance plan. Traditional file servers
typically don't get bogged down as the volume of data stored on the
server increases, but the same cannot always be said for SharePoint.
That's why it is so important to plan for scalability from the very
beginning. Check out this tip for expert advice and insight into planning
for performance and scalability in Microsoft SharePoint governance:
http://www.wservernews.com/090511-Scalability
Top 10 Sharepoint Implementation And Deployment Resources
When developing a plan for implementing and deploying SharePoint,
solutions providers need to know about the common issues that arise.
This cheat sheet offers our top 10 resource picks, including tutorials,
study guides, tips and articles on how to become an expert advisor
to your clients. Learn about licensing, third-party tools, system
assessments, governance documents and more: (Registration Required)
http://www.wservernews.com/090511-SharePoint-Resources
|
|
WServer Third Party News |
|
Check Out The Latest Slate Of Vulnerabilities
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list
of computer incidents. It also contains the latest SANS/FBI top 20
vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and
FedCIRC (Department of Homeland Security) advisories.New Checks
H127 Useradd grants unauthorized file access - HP-UX 11
L1217 Glib2 Base64 encoding and decoding errors - FC
L1279 ClamAV malware detection bypass via RAR archive - SuSE
L1298 CUPS multiple security vulnerabilities Apr 16 2009 - SuSE
L1301 XPDF JBIG2 decoder multiple flaws - FC
L1302 Moin .py various macro XSS vulnerabilities - FC
L1303 Mozilla Firefox multiple security vulnerabilities - FC
L1304 Epiphany multiple security vulnerabilities - FC
L1305 Xulrunner multiple security vulnerabilities - FC
L1306 Epiphany-extensions multiple security vulnerabilities - FC
L1307 Devhelp multiple security vulnerabilities - FC
L1308 BLAM multiple security vulnerabilities - FC
L1309 Gnome-python2-extras multiple security vulnerabilities - FC
L1310 Galeon multiple security vulnerabilities - FC
L1311 Google-gadgets multiple security vulnerabilities - FC
L1312 Miro multiple security vulnerabilities - FC
L1313 Mozvoikko multiple security vulnerabilities - FC
L1314 Gnome-web-photo multiple security vulnerabilities - FC
L1315 Totem multiple security vulnerabilities - FC
L1316 Yelp multiple security vulnerabilities - FC
L1317 multiple security vulnerabilities - FC
L1318 Mugshot multiple security vulnerabilities - FC
L1319 Ruby-Gnome2 multiple security vulnerabilities - FC
L1320 Gecko-sharp2 multiple security vulnerabilities - FC
L1321 Kazehakase multiple security vulnerabilities - FC
L1322 Chmsee multiple security vulnerabilities - FC
L1323 Evolution-RSS multiple security vulnerabilities - FC
L1324 Pcmanx-gtk2 multiple security vulnerabilities - FC
L1325 Prewikka open permissions on the prewikka.conf flaw - FC
L1326 Modplug CSoundFile::ReadMed song comment vulnerability - FC
L1327 Bash-completion improper quoting vulnerability - FC
L1328 Drupal UTF7 substitute for UTF8 interpretation weakness - FC
L1329 PAM_SSH USE=ssh username enumeration weakness - FC
L1330 Prelude Manager world readable DB password flaw - FC
W1975 Google Chrome Vulnerabilities - XP/Vista/W2k3/W2K8
L1277 Firefox XUL tree method & XSL stylesheet errors - SuSE
L1278 Openswan Dead peer detection error - SuSE
L1281 Gstreamer-plugins-base Vorbis comment tags error - SuSE
L1290 "Gnome-panel Dbus default ""al"" configuration error - SuSE"
L1291 PostgreSQL error message conversion error - SuSE
L1292 Adobe Reader_ja multiple security flaws and upgrade notice - SuSE
L1293 Ghostscript translate image to native color space weakness - SuSE
L1295 Xine-devel 4xm demuxer large current_track weakness - SuSE
L1296 Moodle TeX filter $$ sequence read weakness - SuSE
L1297 Gnutls certificate chains verification flaw - SuSE
L1331 Mpg123 store_id3_text out-of-bounds error - MDV
L1332 MySQL CREATE TABLE privilege bypass - MDV
L1333 Ghostscript translate image to native color space weakness - MDV
L1334 ClamAV malware detection bypass via RAR archive - MDV
L1335 KRB5 ASN.1 decoder dereference weakness - MDV
L1336 OpenAFS cache manager RX response weaknesses - MDV
L1337 XPDF JBIG2 decoder multiple flaws - MDV
L1338 Apache mod_proxy_aip POST request body flaw - MDV
L1339 Udev Netlink message and utility package flaws - MDV
L1340 Memcached process_stat memory allocation declosure - MDV
L1341 Libwmf use-after-free vulnerability in GD library - MDV
L1622 Kernel multiple security vulnerabilities - RHE5
M51 Adobe Reader JavaScript/getannots vulnerabilities - Mac OS X
S40 Dtrace ioctl handlers may induce panic - Solaris 9-10
S74 CA BrightStor ARCServe Web Server Vulnerabilities - Solaris
S223 Ifconfig modlist command may induce panic - Solaris 10
S347 Glassfish/Sun Java App Server Vulnerability - Solaris
W2887 Symantec WinFax Pro ActiveX Control Vulnerability
W2951 IBM Tivoli Storage Manager Backup agent Vulnerability
W3289 Adobe Flash Media Server Vulnerabilities
Updated Checks
H19 Kernel Vulnerability - HP-UX 11
H75 X Font Server - HP-UX 11
H78 Dtlogin (xdmcp) Double Free - HP-UX 11
H114 OpenView NNM Vulnerabilities HP-UX 11
H154 Libc Vulnerability - HP-UX 11
H163 IPv6 Neighbor Discovery Protocol Vulnerability - HP-UX 11
H178 Xserver vulnerabilities -HP-UX 11
S556 Gnu tar archive PAX header handling - Solaris 9 - 10
W1142 Anti-virus Signature Outdated - McAfee
W1986 Anti-virus Signature Outdated - Symantec
W1999 Anti-virus Signature Outdated - Trend Micro
W2067 Anti-virus Signature Outdated - F-Secure
W2070 Anti-virus Signature Outdated - CA eTrust
H170 IPFilter remote denial of service - HP-UX 11
M76 ClamXav / ClamAV signatures not the latest - Mac OS X
M80 Virex signature file out of date - Mac OS X
S33 ClamAV signatures not updated - Solaris
S233 Nscd cache failures for Cluster 3.2 - Solaris 10
W2012 Anti-virus signature outdated - Avast! 4
W2013 Anti-virus signature outdated - AVG 8 - W2K/XP/W2K3
Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 176
was released May 8, 2009. Sunbelt Software recommends you download the new
SNSI Vulnerability Update Definitions 176, scan, and patch your machines
today. To get the latest SNSI version, visit:
http://www.wservernews.com/090511-SNSI
Double-Take Announces New Pricing and Licensing Model for Virtual Systems
Double-Take Software (NASDAQ: DBTK) announced a new pricing and licensing
model for Double-Take for Virtual Systems that enables customers to simply
and cost-effectively protect an unlimited number of virtual machines under
one license. The new model makes it easy for customers to deploy disaster
recovery solutions based on VMware vSphere 4(tm) by licensing at the hypervisor
level, versus the guest virtual machine level, ultimately enabling customers
to reap the rewards of server virtualization while delivering a recovery
framework that keeps workloads available at all times:
http://www.wservernews.com/090511-Double-Take
|
|
WServerNews Fave Links |
|
This Week's Links We Like. Tips, Hints And Fun Stuff.
|
|
WServerNews - Product of the Week |
|
Image Spam Returns With A Vengeance
Spammers have turned back the clock and are recycling a years-old tactic by
planting their messages in images. It accounted for about 25% of all the spam
by the end of last month. Ninja Email Security has a dedicated image-spam
engine as one of the security layers. Ninja protects your users from viruses,
malware, phishing and spam in an incredibly user-friendly way for both the
admin and the end-user. If you buy VIPRE Enterprise you can get Ninja with a
great discount. Ninja runs on thousands of production sites. Check it out here:
http://www.wservernews.com/090511-Email-Security
|
|
|
|
|
Email me: