MY PROFILE | PRIVACY 
Vol. 14, #47 - Nov 9, 2009 - Issue #752
Which Is More Important -- The Backup, Or The Recovery?

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • FBI Warns Of $100M Cyber-Threat To Small Business
    • Vote in the Computer Weekly IT Blog Awards 2009
    • Quotes Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • Kiss Your Antivirus Bloatware Goodbye: A Look at VIPRE Enterprise - 11/10
    • Sunbelt Exchange Archiver™ Product Demonstration - 11/17
    • Malware Protection without Impact to Production & System Performance 11/19 in Tampa, 12/3 in Alpharetta
    • VIPRE Enterprise Product Demonstration - 11/24
  4. Tech Briefing
    • Microsoft Plans Six Patches Next Week, Ties November Record
    • Which Is More Important -- The Backup, Or The Recovery?
    • Wi-Fi Complexity Moves Into The Cloud
    • Details on Windows 7 Service Pack 1
    • Microsoft Re-Patches Last Month's Critical IE Update
    • Microsoft 'neutered' UAC In Windows 7, Says Researcher
  5. Windows Server News
    • Exchange Server 2010 Delivering Productivity Demo Showcase
    • Good News: Support for Exchange 2007 on Windows Server 2008 R2
  6. Third Party News
    • VM-Awareness with EventTracker 6.4
    • The Latest List Of Network Vulnerabilities
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Complete Windows Log Management - EventTracker Free Trial
Complete Windows Log Management - EventTracker Free Trial

Automate event log collection and archival from Windows, Linux/Unix, network devices, applications and more! EventTracker includes powerful real-time correlation, analytics and reporting. Improve operational efficiency, meet compliance and enhance security, all in one integrated package. EventTracker goes well beyond traditional log management and includes Windows performance, change and USB device monitoring. Proactively diagnose and prevent issues before they become costly service-disrupting incidents; improve availability; accelerate troubleshooting. EventTracker is the best choice for Windows log management. Download today!
http://www.wservernews.com/091109-EventTracker


Editor's Corner

FBI Warns Of $100M Cyber-Threat To Small Business

Cyber criminals are hacking daily into small- and medium-sized organizations, and steal millions of dollars. This is an ongoing scam that by now has moved more than US$100 million out of bank accounts in the U.S, the FBI warned last Tuesday. This cyber theft is now one of the top problems being addressed by the National Cyber Forensics and Training Alliance (NCFTA). It works hand in hand with the FBI and industry to share data about cyber attacks. NCFTA Executive Director Ron Plesco said: "Every year there seems to be a trend and this has been the trend this year".

Another report that came out this week showed that some small and midsize companies have the tendency to cut back on security spending, because they think that hackers prefer to target larger companies. Almost half of midsize organizations surveyed (43 percent) think larger organizations with 501+ employees are most at risk for a security attack. In truth, organizations with less than 500 employees actually suffer from more attacks on average. We -all- need a balanced approach to security management, against all threat vectors. Here is the FBI release:
http://www.wservernews.com/091109-ACH-Transfers


Vote in the Computer Weekly IT Blog Awards 2009

Who is your favorite blogger? Cast your votes in the 2009 ComputerWeekly.com IT blog awards. The shortlisted blogs are listed by category. Just click on the drop down menu beneath each category to pick your favorite. As there were so many interesting Twitter users to follow, they are presented with radio buttons - just select the button next to your choice. Choose your faves in as many or as few categories as you wish, and then click on 'Done' to submit your votes. The Sunbelt CEO's Blog is in category nine: IT Security:
http://www.wservernews.com/091109-IT-Blog-Awards


Quotes Of The Week

"Dig where the gold is ...unless you just need some exercise." -- John M. Capozzi

"What we obtain too cheap, we esteem too lightly." -- Thomas Paine

"Absence of evidence is not evidence of absence.." attributed to Dr. Carl Sagan




Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/091109-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/091109-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/091109-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Tolly Group: "VIPRE - 45% Less Memory, And 3.6x Scanning Speed"

The independent Tolly Group said in their September 2009 Anti-virus Performance Test Report: "Consumes up to 38% and 45% less memory, and offers up to 2.6x and 3.6x scanning speed compared to Symantec and McAfee." It's clearly time to kiss your antivirus bloatware goodbye. Sunbelt built VIPRE Enterprise; a completely new technology combining corporate antivirus plus an enterprise antispyware solution for total endpoint security designed by admins for admins. And that means EASY DEPLOYMENT. Competitive Upgrade price of $10/seat ends Dec 31st! Read the new performance white-paper here. No registration required:
http://www.wservernews.com/091109-VIPRE-Enterprise
<

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Russinovich retires NewSID tool - The Machine SID Duplication Myth:
http://www.wservernews.com/091109-SID-Duplication

Unlock the power of log data with EventTracker. Improve operations & security. Free Trial!
http://www.wservernews.com/091109-CT-EventTracker

Don't upgrade to Win7 before running this free utility called Win7 Upgrade Advisor from Microsoft. Its scans a PC to see if it's ready for Win7.
http://www.wservernews.com/091109-Win7-Upgrade-Advisor

Anyone moving to Win7 from XP and Vista should check out this free download, which helps you copy files and settings from one PC to another.
http://www.wservernews.com/091109-Windows-Easy-Transfer


Webinars & Seminars

Kiss Your Antivirus Bloatware Goodbye: A Look at VIPRE Enterprise - 11/10

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner.

When: Tuesday, November 10, 2009, 2:00 PM (EDT) Please register here:
http://www.wservernews.com/091109-Goodbye-Bloatware


Sunbelt Exchange Archiver™ Product Demonstration - 11/17

Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don't miss this Sunbelt Exchange Archiver demonstration.

When: Tuesday, November 17, 2009, 2:00 PM (EDT) Please registered here:
http://www.wservernews.com/091109-SEA-Demo


Malware Protection without Impact to Production & System Performance 11/19 in Tampa, 12/3 in Alpharetta

Join Sunbelt Software and Mike Osterman, president and founder of Osterman Research, Inc. for an informative seminar that examines the current malware landscape and the economic and performance impact of malware infections on your organization. Learn why a new approach to malware protection is required to better protect your users and your data - all without the performance and resource headaches of many traditional enterprise antivirus products. Also see a live product demonstration of VIPRE® Enterprise!

Thursday, November 19th in Tampa, FL:
http://www.wservernews.com/091109-Tampa

Thursday, December 3rd in Alpharetta, GA:
http://www.wservernews.com/091109-Alpharetta


VIPRE Enterprise Product Demonstration - 11/24

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner.

When: Tuesday, November 24, 2009, 11:00 AM (EDT) Please register here:
http://www.wservernews.com/091109-VIPRE-Demo


Tech Briefing

Microsoft Plans Six Patches Next Week, Ties November Record

Microsoft plans to will deliver six security updates on Tuesday, less than half the number it issued last month, to fix flaws in Windows and Office. More at Computerworld:
http://www.wservernews.com/091109-Six-Patches


Which Is More Important -- The Backup, Or The Recovery?

Who's doing the backups? Even IT guys get it wrong sometimes. A question often asked is, "how could anyone be so stupid as to not back up data?" Reflecting on this, sometimes a series of events can interfere with important and seemingly basic IT tasks, such as backups. Ideally, you want to to run them 24/7/365 and completely set-it-and-forget-it.

You have heard of Double-Take's world-class High-availability / Disaster Recovery software, but you may not be as familiar with Double-Take Software's newest BACKUP solution and how it can solve branch office data protection challenges.

Protecting data that is not in the primary datacenter amplifies all the traditional challenges of backup - either there is not enough bandwidth to accomplish a remote backup in the window available, or the process of handling and shipping tapes is in the hands of non-IT employees.

Introducing Double-Take Backup - a cutting edge disk-to-disk backup solution that makes the protection of remote data easier than ever. Forget about backup windows, and don't rely on non-IT employees to handle backup procedures. When it comes time to recover a server, recover it from any point in time to a new virtual machine or to a physical machine, even if the hardware is dissimilar.

Join this live webinar for a technical discussion covering:
  • Continuous Server Backups
  • Any-point-in-time recovery
  • Reducing and replacing tape dependencies
  • Achieving an RPO of 'near zero' data loss
  • Elimination of backup windows
  • Flexible recovery choices to dissimilar physical or virtual environments
  • Complete protection for branch offices.
Sign up for this webinar TODAY!
http://www.wservernews.com/091109-Double-Take


Wi-Fi Complexity Moves Into The Cloud

Network World reported that there are now at least three companies moving enterprise Wi-Fi control functions, management functions or both into the cloud. Meraki was first to announce the hosted Wi-Fi control and management model for midmarket enterprises in May with the Meraki Enterprise Wireless LAN System. This month, Aerohive said it was making its wireless LAN management tools available in the form of a software-as-a-service (SaaS) called Aerohive HiveManager Online. That announcement was followed quickly by Aruba Networks' AirWave division, which announced a SaaS called AirWave OnDemand, slated to be available in December. More:
http://www.wservernews.com/091109-Wi-Fi-Complexity


Details on Windows 7 Service Pack 1

With Windows 7 making its official release less than two weeks ago, Microsoft is preparing the operating system's first service pack. According to Wzor, the Windows 7 SP1 beta will be released in January of 2010. Wzor went on to further detail that SP1 will be available for OEMs in the Summer of 2010, with you and me updating our systems in the Fall months of 2010:
http://www.wservernews.com/091109-Service-Pack-Details


Microsoft Re-Patches Last Month's Critical IE Update

Microsoft on Monday re-patched Internet Explorer, the third time it's been forced to repair one of the updates delivered in its largest-ever bug fix, which was delivered on Oct. 13.
http://www.wservernews.com/091109-Re-patch


Microsoft 'neutered' UAC In Windows 7, Says Researcher

Computerworld has a story that Microsoft's decision to reduce the number of annoying security messages that Windows 7 delivers when users install software makes the new operating system more vulnerable to malware infection than Vista, a researcher said today. "UAC was neutered too much by Microsoft," argued Chester Wisniewski, a senior security advisory with Sophos, talking about Windows' Users Account Control (UAC), the security feature Microsoft debuted with Vista. UAC prompts users for their consent before allowing tasks such as program and device driver installation to take place. In an effect to quash user complaints -- which had condemned the constant intrusions -- Microsoft modified UAC so it appears less frequently in Win7:
http://www.wservernews.com/091109-UAC-in-Win7


Windows Server News

Exchange Server 2010 Delivering Productivity Demo Showcase

Microsoft Exchange Server 2010 demonstrations showcase Anywhere Access, Protection and Compliance, and Flexible and Reliable solutions.

Microsoft Exchange Server 2010 enables you to achieve new levels of reliability and performance by delivering features that simplify your administration, help protect your communications, and delight your users by meeting their demands for greater business mobility. This latest release of Exchange can help your customers achieve better business outcomes while controlling the costs of deployment, administration, and compliance. Demonstrate to customers how Exchange 2010 along with your services and solutions can solve critical business problems.

Instructions: Download the .exe file to your computer. This self contained executable contains the demo and a detailed script for the demo. When opened, a toolbar is visible at the bottom of the screen which will instruct the user what the next step in the demo is. The user can leave this Show Me feature turned on and follow the written instructions or turn off the Show Me mode so the demo can shown in presentation mode for customer meetings or events. Leverage this demo for training about Exchange 2010 and then use the demo for customer meetings and events.
http://www.wservernews.com/091109-Demo-Showcase


Good News: Support for Exchange 2007 on Windows Server 2008 R2

Kevin Allison, Microsoft GM Exchange Customer Experience said: "We always talk about listening to customers and sometimes this is written off by many as 'marketing speak'. In fact, we do take feedback seriously and no input is more important to our engineering processes than your voice. Earlier this year we made a decision in one direction, and due to the feedback we have received on this blog and elsewhere, we have reconsidered. In the coming calendar year we will issue an update for Exchange 2007 enabling full support of Windows Server 2008 R2. We heard from many customers that this was important for streamlining their operations and reducing administrative challenges, so we have changed course and will add R2 support. We are still working through the specifics and will let you know once we have more to share on the timing of this update. So, keep the feedback coming. We are listening."

Third Party News

VM-Awareness with EventTracker 6.4

Prism Microsystems is releasing a new version of its Security Information and Event Management solution, EventTracker, which extends security and compliance capabilities to all layers of the virtual infrastructure including the hardware, the barebones hypervisor, the VM management applications and the guest OS. With this new version, EventTracker fills a critical gap in the virtual security market, left open by traditional solutions that are unable to see beyond the veil of virtualization. For instance, privileged user activity within the virtual environment, or the flow of network traffic between virtual machines on a single host, often go undetected by conventional security systems, leaving companies open to all kinds of breaches and compliance risks. EventTracker 6.4 collects, correlates and analyses log data at all levels of the virtual environment and instantly alerts security staff of any suspicious activity for deep security protection for the dynamic, virtualized data center. In addition, the new version provides a large number of prepackaged reports for the most important regulations and mandates to track and report on activity within a virtual environment.

Also in the new release is a new feature that Prism refers to as "Enterprise Activity Monitoring". This new capability provides a dashboard that identifies any new or out-of-ordinary behavior by user, admin, system, process and IP address to detect hitherto unknown attacks such as zero-day breaches and malware. According to company representatives, this new feature is a valuable complement to EventTracker's correlation engine which identifies easily recognizable or known attacks. Enterprise Activity uses Statistical and Behavioral correlation to detect conditions which are simply new or unusual. The combination of the two in EventTracker 6.4 makes it a powerful tool to help companies proactively protect their critical IT assets from all forms of security attacks.

EventTracker 6.4 is scheduled for release this month. For more information on EventTracker, go to the company website at
http://www.wservernews.com/091109-TPN-EventTracker


The Latest List Of Network Vulnerabilities

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

New Checks	
L49	Xpdf multiple flaws Oct 2009 - Sci Linux	
L51	KDEGraphics multiple flaws Oct 2009 - Sci Linux	
L52	Poppler multiple flaws Oct 2009 - Sci Linux	
L53	Elinks HTML special entities off-by-one error - Oracle Linux	
L55	"Xen pyGrub loader ""password"" option virtualization error - Oracle Linux"	
L56	PostgreSQL reset role & session authorization flaw - Oracle Linux	
L57	PostgreSQL reset role & session authorization flaw - Oracle Linux	
L59	"CUPS pdftops filter weakness as the ""lp"" user - Oracle Linux"	
L61	Xpdf multiple flaws Oct 2009 - Oracle Linux	
L62	KDEGraphics multiple flaws Oct 2009 - Oracle Linux	
L64	SquirrelMail form submission CSRF weakness - CentOS	
L65	Xpdf multiple flaws Oct 2009 - CentOS	
L67	Xpdf multiple flaws Oct 2009 - CentOS	
L68	Gpdf multiple flaws Oct 2009 - CentOS	
L69	KDEGraphics multiple flaws Oct 2009 - CentOS	
L71	Kernel multiple vulnerabilities Oct 2009 - RHE	
L73	Samba password handling/filemode & smbd daemon flaws - RHE	
L74	Firefox/XulRunner/NSPR multiple security update Oct 2009 - RHE	
L75	SeaMonkey multiple security update Oct 2009- RHE	
L77	Pidgin invalid pointers in OSCAR & IRC protocols - RHE	
L50	Gpdf multiple flaws Oct 2009 - Sci Linux	
L58	SquirrelMail form submission CSRF weakness - Oracle Linux	
L60	Poppler multiple flaws Oct 2009 - Oracle Linux	
L63	Gpdf multiple flaws Oct 2009 - Oracle Linux	
L72	Samba smbd daemon infinite loop weakness - RHE	
L78	Kernel multiple vulnerabilities Oct 2009 - CentOS	
L79	Samba smbd daemon infinite loop weakness - CentOS	
L81	Samba password handling/filemode & smbd daemon flaws - CentOS	
L82	SeaMonkey multiple security update Oct 2009- CentOS	
L83	Firefox/XulRunner/NSPR multiple security update Oct 2009 - CentOS	
L84	Kernel multiple vulnerabilities Oct 2009 - Oracle Linux	
L85	Samba password handling/filemode & smbd daemon flaws - Oracle Linux
L87	Samba smbd daemon infinite loop weakness - Oracle Linux	
L88	Firefox/XulRunner/NSPR multiple security update Oct 2009 - Oracle Linux	
L89	SeaMonkey multiple security update Oct 2009- Oracle Linux	
L90	GD GetColors colorsTotal structure verification flaw - MDV	
L91	PHP GetColors colorsTotal structure verification flaw - MDV	
L93	Xpdf multiple flaws Oct 2009 - MDV	
L94	ProFTPD mod_tls dNSNameRequired X.509 handling error - MDV	
L96	Kernel multiple vulnerabilities Oct 2009 - MDV	
L97	Firefox/XulRunner/NSPR multiple security update Oct 2009 - MDV	
L98	Jetty5 URI directory traversal weakness - MDV	
L99	Asterisk SIP channel maximum width sscanf flaw - MDV/FC/RHE/CentOS
L100	- MDV	placeholder
L101	- MDV	placeholder
M84	Firefox Multiple Vulnerabilities - Mac OS X	
S328	Adobe Reader Multiple Vulnerabilities - Solaris 10	
W2122	Snort IPv6 Packet Processing Vulnerability	
W2559	Firefox 3.0/3.5 Multiple Vulnerabilities	
W2989	Vmware Server Java JRE Vulnerabilities	
W2995	VMWare Vulnerabilities	
W3126	Wireshark multiple dissector vulnerabilities	
W3757	Oracle Application Server Vulnerabilities (Oct. 2009)	
W3758	Oracle Collaboration Suite Vulnerabilities (Oct. 2009)	
W3759	Oracle E-Business Suite Vulnerabilities (Oct. 2009)	
W3760	Oracle Enterprise Manager Vulnerabilities (Oct. 2009)	
W3762	Oracle BEA Jrockit Vulnerabilities (Oct. 2009)	
W3763	Oracle BEA WebLogic Portal Vulnerabilities (Oct. 2009)	
W3764	Oracle BEA WebLogic Server Vulnerabilities (Oct. 2009)	

Updated Checks W1142 Anti-virus signature outdated - McAfee W1986 Anti-virus signature outdated - Symantec W1999 Anti-virus signature outdated - Trend Micro W2067 Anti-virus signature outdated - F-Secure W2070 Anti-virus signature outdated - CA eTrust W3722 Microsoft .NET 1.1 SP1 Common Language Runtime - W2K3 M76 ClamXav / ClamAV signatures not the latest - Mac OS X M80 Virex signature file out of date - Mac OS X S33 ClamAV signatures not updated - Solaris W2012 Anti-virus signature outdated - Avast! 4 W2013 Anti-virus signature outdated - AVG 8 - W2K/XP/W2K3 W2056 Anti-virus signature outdated - Norman
Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 203 was released November 4, 2009. Sunbelt Software recommends you download the new SNSI Vulnerability Update Definitions 203, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/091109-SNSI


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.




WServerNews - Product of the Week

Complete Windows Log Management - EventTracker Free Trial

Automate event log collection and archival from Windows, Linux/Unix, network devices, applications and more! EventTracker includes powerful real-time correlation, analytics and reporting. Improve operational efficiency, meet compliance and enhance security, all in one integrated package. EventTracker goes well beyond traditional log management and includes Windows performance, change and USB device monitoring. Proactively diagnose and prevent issues before they become costly service-disrupting incidents; improve availability; accelerate troubleshooting. EventTracker is the best choice for Windows log management. Download today!
http://www.wservernews.com/091109-POTW-EventTracker