MY PROFILE | PRIVACY 
Vol. 14, #48 - Nov 16, 2009 - Issue #753
Got Virtualization Skills? You're Hired

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • Got Virtualization Skills? You're Hired!
    • Is Your Antivirus 'Behavin'? - 30 Second Flash Survey
    • Sunbelt Software Reports Record YTD 2009 Growth
    • Vote in the Computer Weekly IT Blog Awards 2009
    • Quotes Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • Sunbelt Exchange Archiver Product Demonstration - 11/17
    • 11 Ways to Detect System Intrusions with the Security Log 11/17
    • SEMINAR: Malware Protection without Impact to Production & System Performance 11/19 in Tampa, 12/3 in Alpharetta
    • VIPRE Enterprise Product Demonstration - 11/24
  4. Tech Briefing
    • Microsoft Plugs 15 Holes, Including Critical Drive-By Bug
    • How To DDOS A Federal Wiretap
    • Unpatched SMB Bug Crashes Windows 7, Researcher Says
    • Intel To Release New Low-Cost And Enterprise-Class SSDs
  5. Windows Server News
    • Exchange Server 2010 Released
    • How Windows Server 2008 R2 Stands Up To Security Checks
    • The Top Four Hyper-V Virtualization Problems That Plague Admins
  6. Third Party News
    • Proof That VIPRE's MX-V Really Works
    • The Latest Batch Of Network Vulnerabilities
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Free Webinar: Active Directory and Group Policy
Free Webinar: Active Directory and Group Policy

In this webinar, Group Policy MVP Jeremy Moskowitz and founder of GPanswers.com will discuss several techniques to keep your Active Directory intact, and your Group Policy infrastructure humming along. You will learn from Jeremy about how to prevent disasters from accidental deletion, recover from GPO blunders, and learn what you can glean from the logs when a problem occurs. One lucky webinar attendee will win a free ASUS mini Laptop!
http://www.wservernews.com/091116-Active-Directory-Webinar


Editor's Corner

Got Virtualization Skills? You're Hired!

In September, Enterprise Management Associates (EMA), an analyst firm, released a report on virtualization that found a lack of skills or knowledge was the primary barrier to deploying virtualization successfully. They said:

"In the average organization, only around 25 percent of servers are actually virtualized, but that rate is growing every year. As a result, skills shortages are actually getting worse -- not better -- in 2008, only 31 percent of enterprises definitely had the skills they needed to manage their virtual deployments, down from 47 percent in 2006. In 2009, there are more experts, but there is even higher demand, yet budget cuts mean that training has not kept pace."

If you are an admin and know VMware, good for you. With unemployment rates going over the 10% mark, IT pros with virtualization skills are in high demand and earning top dollar. If you have VM and cloud expertise, you can earn a much higher salary right at the moment compared to other IT areas.

The certification that is most mentioned is VMware Certified Professional (VCP) with VMware Infrastructure 3 (VI3). If you have these certifications it is recommended you take the new VCP 4 exam ASAP, instead of having to sit through yet another training class. On the other hand, don't you think that running this would be the best job ever? LOL.
http://www.wservernews.com/091116-Grateful-Dead-Archive


Is Your Antivirus 'Behavin'? - 30 Second Flash Survey

Could you do me a big favor and take 30 seconds to fill out this super-quick, 6 question point-and-click survey? Please leave your email address if you want to be in the drawing for the 5 VIPRE Home Site Licenses. Thanks !!
http://www.wservernews.com/091116-Survey


Sunbelt Software Reports Record YTD 2009 Growth

Sunbelt Software, a leading provider of Windows security software, this week announced record revenue growth for the first three quarters of 2009 on the back of strong consumer and enterprise adoption of the company's VIPREŽ anti-malware product line, continued technology innovation, and increased demand for advanced malware analysis and data feed services. Coming off of ten consecutive quarters of revenue growth, Sunbelt increased revenue by 63% over the same nine month period of 2008, with strong growth in the enterprise, cybersecurity, OEM and consumer markets.

Sunbelt extended its product offerings by introducing a number of new product releases and proprietary technologies including:
  • New malware analysis technology, MX-Virtualization (MX-V):
  • VIPRE Email Security for Exchange Version 3.0
  • Sunbelt Exchange Archiver Version 4.0 and Sunbelt File Archiver V4.0:
  • Sunbelt Network Security Inspector (SNSI) Version 2.0:
  • Enhancements to Sunbelt CWSandbox and Threat Track data feeds
    http://www.wservernews.com/091116-Record-Growth


Vote in the Computer Weekly IT Blog Awards 2009

Who is your favorite blogger? Cast your votes in the 2009 ComputerWeekly.com IT blog awards. The shortlisted blogs are listed by category. Just click on the drop down menu beneath each category to pick your favorite. As there were so many interesting Twitter users to follow, they are presented with radio buttons - just select the button next to your choice. Choose your faves in as many or as few categories as you wish, and then click on 'Done' to submit your votes. The Sunbelt CEO's Blog is in category nine: IT Security:
http://www.wservernews.com/091116-IT-Blog-Awards


Quotes Of The Week

"Simplicity is the ultimate sophistication." -- Leonardo da Vinci

"I couldn't wait for success, so I went ahead without it." -- Jonathan Winters




Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/091116-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/091116-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/091116-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Tolly Group: "VIPRE takes 45% Less Memory, Boosts Scanning Speed 3.6x"

The independent Tolly Group said in their September 2009 Anti-virus Performance Test Report: "Consumes up to 38% and 45% less memory, and offers up to 2.6x and 3.6x scanning speed compared to Symantec and McAfee." It's clearly time to kiss your antivirus bloatware goodbye. Sunbelt built VIPRE Enterprise; a completely new technology combining corporate antivirus plus an enterprise antispyware solution for total endpoint security designed by admins for admins. And that means EASY DEPLOYMENT. Competitive Upgrade price of $10/seat ends Dec 31st! Read the new performance white-paper here. No registration required:
http://www.wservernews.com/091116-VIPRE-Enterprise
<

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Over 6.7 million desktops use Desktop Authority every day. Find out why. Download a 30 day trial for a chance to win $1,000!
http://www.wservernews.com/091116-Desktop-Authority

Unlock the power of log data with EventTracker. Improve operations & security. Free Trial!
http://www.wservernews.com/091116-EventTracker

How can I stress test my file server and figure out how many users it can support? Check out the new File Server Capacity Tool (FSCT) for this purpose:
http://www.wservernews.com/091116-FSCT

Remote Server Administration Tools for Win7 enables you to manage roles and features that are installed on ServerŽ 2008 R2, 2008, or 2003, from a remote Win7 box:
http://www.wservernews.com/091116-Remote-Server-Admin-Tools

Need Patch Tuesday Notifications? Here is the site where you can sign up for email notification of the monthly patches from MS.
http://www.wservernews.com/091116-MS-Security-Notifications


Webinars & Seminars

Sunbelt Exchange Archiver Product Demonstration - 11/17

Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don't miss this Sunbelt Exchange Archiver demonstration.

When: Tuesday, November 17, 2009, 2:00 PM (EDT) Please registered here:
http://www.wservernews.com/091116-SEA-Demo


11 Ways to Detect System Intrusions with the Security Log 11/17

You do everything you can to stop it but if someone or something makes it past all those preventive measures you need to know and in this Security Log Secrets webinar Randy Smith will show you at least 11 good indicators that the worst has happened. In the movies it looks so easy doesn't it? The system monitor starts flashing "Intrusion" in bold red letters and the protagonist with thick glasses brings up a diagram that allows him to track the intruder through the network. If it were that easy to detect and track the system would just prevent it in the first place. Therefore there's not event ID for "system intrusion detected". We have to be a little more subtle than that.

He'll show you how to interpret certain events and make inferences from the techie details to determine if you are dealing with an intrusion or not. Some of the techniques he shows you depend you following certain best practices in how you run and maintain your systems. He'll also show you some methods for laying traps ahead of time - again for the purpose of help you or your log management solution detect irregular activity that indicates a system compromise. Areas covered include:
  • Log tampering
  • Backdoors
  • Physical access attacks
  • Privilege account changes
  • Strange software
  • Firewall changes
This is indeed real training for free ? - don't miss it. Can't Make The Live Event? Register Anyway To Get The Recorded Version. Date: Tuesday, November 17, 2009 2:00:00 PM EDT Reserve your Webinar seat now at:
http://www.wservernews.com/091116-System-Intrusions


SEMINAR: Malware Protection without Impact to Production & System Performance 11/19 in Tampa, 12/3 in Alpharetta

Join Sunbelt Software and Mike Osterman, president and founder of Osterman Research, Inc. for an informative seminar that examines the current malware landscape and the economic and performance impact of malware infections on your organization. Learn why a new approach to malware protection is required to better protect your users and your data - all without the performance and resource headaches of many traditional enterprise antivirus products. Also see a live product demonstration of VIPRE Enterprise!

Thursday, November 19th in Tampa, FL:
http://www.wservernews.com/091116-Tampa

Thursday, December 3rd in Alpharetta, GA:
http://www.wservernews.com/091116-Alpharetta


VIPRE Enterprise Product Demonstration - 11/24

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner.

When: Tuesday, November 24, 2009, 11:00 AM (EDT) Please register here:
http://www.wservernews.com/091116-VIPRE-Demo


Tech Briefing

Microsoft Plugs 15 Holes, Including Critical Drive-By Bug

It was all over the news again, but this time Computerworld had the best summary. "Microsoft this week patched 15 vulnerabilities in Windows, Windows Server, Excel and Word, including one that will probably be exploited quickly by hackers. None affect Windows 7, the company's newest operating system.

"The 15 flaws fixed in Tuesday's six security updates were less than half the record 34 Microsoft patched last month in 13 separate bulletins. Of today's 15 bugs, three were tagged "critical" by Microsoft, while the remaining 12 were labeled as "important," the next-lowest rating in the company's four-step severity scoring system.

"Experts agreed that users should focus on MS09-065 first and foremost. That update, which was ranked critical, affects all still-supported editions of Windows with the exception of Windows 7 and its server sibling, Windows Server 2008 R2." Here is the TechNet write-up.
http://www.wservernews.com/091116-Security-Bulletin


How To DDOS A Federal Wiretap

Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S. Story at Computerworld:
http://www.wservernews.com/091116-DDOS-Federal-Wiretaps


Unpatched SMB Bug Crashes Windows 7, Researcher Says

A security researcher unveiled a new unpatched bug in Windows 7 and Server 2008 R2 that, when exploited, locks up the system, requiring a total shutdown to regain control.
http://www.wservernews.com/091116-SMB-Bug


Intel To Release New Low-Cost And Enterprise-Class SSDs

Intel will release a $120 solid-state disk (SSD) drive positioned as a server "boot drive" with only 40GB of capacity, but the drive could also be used in low-end laptops PCs and netbooks. Intel is also planning a new line of enterprise-class SSDs with 50GB, 100GB, and 200GB capacities, which would more closely mimic the capacities of high-end hard disk drives used in servers today, an Intel representative said. Intel's current line of enterprise-class drives, the X25-E series , have capacities of 32GB and 64GB. Get the whole story here:
http://www.wservernews.com/091116-SSDs


Windows Server News

Exchange Server 2010 Released

This week, at Tech Ed Europe in Berlin, Redmond unveiled the worldwide availability of Exchange Server 2010. In his keynote speech, Microsoft's Stephen Elop (Business Division President) said that the ROI for a E2010 deployment was about six months. In his own words: "Some of our customers are already reporting cost savings of 70% on the old exchange environment."

How so? Several innovations to the Exchange package. Improvements have been made to the E2010 disk drive technology to store user accounts. Elop said: "We are giving customers the opportunity to take low-cost disk drives and plug them directly into the Exchange server. In the past, customers would have invested in storage area networks (SANs), to provide Exchange's storage requirements."

Elop added to this: "We've also introduced advanced archiving capabilities that allow people to store information for longer and be able to retrieve it more quickly via a search that spans multiple mailboxes - all within Exchange. This means companies won't need to buy additional software for that purpose." This latter remark was taken with a grain of salt by the third party exchange archiving vendors that pointed out that there is not a lot of functionality there to really be compliant.

He continued with "The server is also cost effective because of the users' ability to to use Exchange as the single inbox for all forms of communication - including voicemail." It is true that E2010 has speech-to-text conversion technology. A voicemail can be converted to a text file and then read from mobile devices. Say goodbye to old voicemail systems!

However, Redmond is being challenged! Client Server News reported that "as of Monday Cisco is in the hosted e-mail business up against Microsoft Exchange Online, Google Gmail, IBM iNotes, heck, even Zoho Mail, but especially Microsoft, because it claims it can save users the price of Exchange Server and still leave them with the same experience.

"Cisco calls its Linux-based widgetry WebEx Mail and describes it as corporate-grade technology with native Outlook interoperability - figure contacts, calendars and such - that it got from its acquisition of PostPath last year. It says it's 70%-80% cheaper than Microsoft. Cisco says it'll scale past the size limitations of the traditional mailbox and free IT departments from the burden of e-mail infrastructure management and operation since it's in the cloud. Cisco aims to charge $3.50 a user a month for the fault tolerant, highly available service including 5GB of storage. For five bucks a head it'll kick in support for Outlook and ActiveSync. Another buck'll buy Blackberry support. And the mailbox can be expanded to a more compliance-sensitive 35GB though what that'll cost is still a mystery. Cisco's starting the rollout in the US with Europe scheduled for next year."

Here is the official MS Exchange Team E2010 Announcement, and the video:
http://www.wservernews.com/091116-Exchange-Server-2010

http://www.wservernews.com/091116-TechEd-Videos


How Windows Server 2008 R2 Stands Up To Security Checks

With every new Windows operating system release comes curious anticipation as to just how secure the system is out-of-the-box. So where does Windows Server 2008 R2 stand? This tip explores one expert's security discoveries on a full install of Windows Server 2008 R2 Enterprise Edition. (Email registration required)
http://www.wservernews.com/091116-Server-2008-Security


The Top Four Hyper-V Virtualization Problems That Plague Admins

While Hyper-V has made great strides with its R2 release, it still suffers from some inefficiencies and missing functionality. In this expert article, get an overview of four of the biggest problems with Hyper-V and Hyper-V R2 and some possible workarounds. (Email registration required)
http://www.wservernews.com/091116-Virtualization-Tips


Third Party News

Proof That VIPRE's MX-V Really Works

What is MX-V again? MX-Virtualization is a significant enhancement to the VIPRE product line. MX-V is a malware analysis technology that analyzes potential malware in a highly compact, proprietary virtualized Windows environment. Tightly integrated into the VIPRE scanning system, malware is executed in an environment that mimics key core Windows functions, and analyzes for certain malware signatures and behavioral characteristics. Without any user interaction, MX-V enables VIPRE to detect many types of malware without the necessity of creating a constant stream of dedicated signatures and heuristic systems. Using an emulation technique known as Dynamic Translation, MX-V is extremely fast, helping to protect against unidentified and zero-day threats without compromising system performance.

And here is the proof: ComputerWeekly reports: "New malware ducks most AV, warns Websense", and "Only two of forty anti-virus companies currently detect the malicious file once downloaded", said Carl Leonard, Websense Security Labs manager, F-Secure's DeepGuard, and Sunbelt's VIPRE technology. More at:
http://www.wservernews.com/091116-Malware-Ducks-AV


The Latest Batch Of Network Vulnerabilities

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

New Checks 
L100 Kernel multiple vulnerabilities Oct 2009 - FC  
L101 Zlib DeltaRPM rebundle to remove inftrees.h large tree flaw - FC  
L102 DNSMasq tftp_request & enable tftp errors - FC  
L103 Drupal-service administer content types permission error - FC  
L105 Perl Oauth session fixation vulnerability - FC  
L106 Xpdf multiple flaws Oct 2009 - FC  
L107 Pidgin invalid pointers in OSCAR & IRC protocols - FC  
L108 Sahana file exposure flaw in www/index.php - FC  
L109 SystemTap --unprivileged mode data size restriction flaw - FC  
L111 Python-markdown2 image reference & md5 HTML chunk errors- FC  
L112 SLiM curent directory in default path disclosure error - FC  
L113 Wordpress HTTP header handling of trackback messages flaw - FC  
L116 Wireshark OpcUa & TLS dissector errors - FC  
L117 RT escape bug in UI custom field display - FC  
L118 PyXML update position function flaw - FC  
L119 MimeTeX environ/input & counter directive vulnerabilities - FC  
L120 Python-4Suite-XML update position function flaw - FC  
L121 SquidGuard sgLog long URL with many slash characters flaw - FC  
S92 SSHd may incorrectly represent AES192/AES256 - Solaris 10  
S149 Kernel sdp driver memory exhaustion vulnerability - Solaris 10  
W3766 License Logging Server crafted message weakness - W2K  
W3767 Windows Kernel-Mode Drivers content handling flaw - W2K/XP/W2K3  
W3769 Active Directory/ADLDS LDAP stack space flaw - W2K/W2K3/XP/W2K8  
W3770 ADAM LDAP stack space flaw - W2K/W2K3/XP/W2K8  
W3771 Microsoft Office Excel 2002 - W2K/W2K3/XP  
W3772 Microsoft Office Excel 2003 - W2K/W2K3/XP/Vista  
W3774 Microsoft Office Excel Viewer 2003 - W2K/W2K3/XP/Vista  
W3777 Microsoft Word 2002 malformed record flaw - W2K/W2K3/XP  
W3778 Microsoft Office Word 2003 SP3 malformed record flaw - W2K/W2K3/XP/Vista  
W3779 Microsoft Word Viewer 2003/2003 SP3 malformed record flaw - W2K/W2K3/XP/Vista  
H99 Apache PHP init_request_info Vulnerability - HP-UX 11  
H108 Tomcat PHP and other Vulnerabilities - HP-UX  
L104 PhpMyAdmin PDF schema flaw & MySQL crafted name error - FC  
L110 JasPer jas_stream_printf & jas_alloc overflows - FC  
L114 BackupPC SSH and Rsync weakness in multiuser environment - FC  
L115 Poppler multiple flaws Oct 2009 - FC  
M17 Adobe Shockwave 11 Vulnerabilities - Mac OS X  
M87 Opera Browser Vulnerabilities - Mac OS X  
M99 Security Update 2009-006 / 10.6.2 - Mac OS X  
S6 Java JRE 6.0/5.0/1.4 Multiple Vulnerabilities  
S129 W utility Vulnerability - Solaris 8 - 10  
S146 Kernel SCTP/SDP Vulnerabilities - OpenSolaris  
S169 IPMP Vulnerability - Solaris 10  
S248 Apache2 modperl2 component vulnerabilities - Solaris  
S347 Glassfish HMAC XML Digital Signature Verification Vulnerability - Solaris  
S372 Trusted Extensions Policy configuration vulnerability - Solaris  
S373 Xscreensaver and Trusted Extensions Vulnerability - Solaris  
S455 PostgreSQL Vulnerabilities - Solaris 10  
W505 WebSense Email Security Vulnerabilities - W2k/ W2K3  
W608 BlackBerry Desktop Manager Lotus Notes Intellisync Vulnerability  
W1585 Adobe Shockwave Player Vulnerabilities  
W3075 Opera Multiple Vulnerabilities / latest not installed.  
W3084 Java JRE 6.0 / 1.6 Multiple Vulnerabilities  
W3085 Java JRE 5.0 / 1.5 Multiple Vulnerabilities  
W3086 Java JRE 1.4 Multiple Vulnerabilities  
W3765 Web Services on Devices API flaw - Vista/W2K8  
W3768 Windows Kernel-Mode Drivers content handling flaw - Vista/W2K8  
W3773 Microsoft Office Excel 2007 - W2K3/XP/Vista  
W3775 Microsoft Office Excel Viewer - W2K3/XP/Vista  
W3776 Microsoft Office System 2007 - W2K3/XP/Vista  

Updated Checks H98 ServiceGuard Grant of Privileges - HP-UX 11 H154 Libc Vulnerability - HP-UX 11 S85 OpenSSL PKCS#11 Engine session corruption vulnerability - Solaris 10 S259 HME driver patch may induce boot failures - Solaris 10 S294 Perl regex engine Vulnerability - Solaris 10 S436 International timezone law changes - Solaris 8 - 10 W1142 Anti-virus signature outdated - McAfee W1986 Anti-virus signature outdated - Symantec W1999 Anti-virus signature outdated - Trend Micro W2067 Anti-virus signature outdated - F-Secure W2070 Anti-virus signature outdated - CA eTrust W2493 Microsoft Windows Malicious Software Tool Not Updated H40 RBAC Vulnerability - HP-UX 11 H122 Veritas 4.X/5.X Vulnerabilities - HP-UX 11 M76 ClamXav / ClamAV signatures not the latest - Mac OS X M80 Virex signature file out of date - Mac OS X S2 GSS-API applications vulnerable - Solaris S33 ClamAV signatures not updated - Solaris S40 Dtrace ioctl handlers may induce panic - Solaris 9-10 S101 SSH CBC-mode Vulnerability - Solaris 9-10 S123 Name Service Cache Vulnerability - Solaris 10 S130 Kerberos Mech Libraries/SPNEGO/multiple vulnerabilities - Solaris 8 - 10 S167 Kerberos pam_krb5 Vulnerability - Solaris 8-10 S173 Vntsd grants unauthorized access - Solaris 10 S279 NFS sessions AES implementation is faulty - Solaris 10 S386 LDAP cache manager hangs - Solaris 8 - 10 S398 Libsasl may induce using applications to crash - Solaris 8 - 10 S435 Kerberos credential cache management vulnerability - Solaris S490 Auditconfig Excessive Privilege Vulnerability - Solaris S542 MySQL 4.0 Vulnerabilities - Solaris W2012 Anti-virus signature outdated - Avast! 4 W2013 Anti-virus signature outdated - AVG 8 - W2K/XP/W2K3 W2056 Anti-virus signature outdated - Norman
Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 204 was released November 11, 2009. Sunbelt Software recommends you download the new SNSI Vulnerability Update Definitions 204, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/091116-SNSI


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.


WServerNews - Product of the Week

Free Webinar: Active Directory and Group Policy

In this webinar, Group Policy MVP Jeremy Moskowitz and founder of GPanswers.com will discuss several techniques to keep your Active Directory intact, and your Group Policy infrastructure humming along. You will learn from Jeremy about how to prevent disasters from accidental deletion, recover from GPO blunders, and learn what you can glean from the logs when a problem occurs. One lucky webinar attendee will win a free ASUS mini Laptop!
http://www.wservernews.com/091116-Webinar-Active-Directory