MY PROFILE | PRIVACY 
Vol. 14, #53 - Dec 21, 2009 - Issue #758
Why Office 2010 Won't Support WinXP 64-bit

  1. Editor's Corner
    • Last Issue Of The Year
    • What Are Your Plans for 2010? Win that iPod!
    • Quotes Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • Kiss Your Antivirus Bloatware Goodbye: A Look at VIPRE Enterprise: 01/05
    • Securing your Exchange Server with VIPRE Email Security: 01/12
    • VIPRE Enterprise Product Demonstration: 01/19
    • Sunbelt Exchange Archiver Product Demonstration: 01/26
  4. Tech Briefing
    • Why Office 2010 Won't Support WinXP 64-bit
    • SP2 for Exchange 2007 Gotcha
    • Dell Offers Cheaper Quick-Boot System Based On Flash Memory
    • FBI: Rogue Antivirus Scammers Have Made $150M
    • Conficker Takes Down A Hospital
    • The 2009 Data Breach Hall Of Shame
    • Many IT Shops Budget For Server, Virtual Desktop Projects In 2010
    • Fixing Microsoft Hyper-V Virtual Machine Clustering Problems
  5. Windows Server News
    • Stratus ftServer Zero Downtime $50K Holiday Offer
    • Patch Management Made Easy With WSUS 3.0 SP2
  6. Third Party News
    • The Latest Multi-Platform network Vulnerability List
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • VIPRE Received The VB100 Award
VIPRE Received The VB100 Award

This is your last heads-up: VIPRE Enterprise 10$/Seat Competitive Upgrade Ends 12/31! That VB100 award should put any last doubts to rest. The independent Tolly Group said in their September 2009 Anti-virus Performance Test Report: "Consumes up to 38% and 45% less memory, and offers up to 2.6x and 3.6x scanning speed compared to Symantec and McAfee." It's clearly time to kiss your antivirus bloatware goodbye. Sunbelt built VIPRE Enterprise; total endpoint security designed by admins for admins. And that means EASY DEPLOYMENT. Click on the 'Request Info' tab and ask for a quote:
http://www.wservernews.com/091221-VIPRE-Enterprise

Editor's Corner

Last Issue Of The Year

Hi All,

This is the last issue of the year, and I wanted to take this opportunity to wish you all the happiest of holidays and may you have a great New Year's celebration. The next WServerNews will be Jan 11, and that will be the traditional Crystal Ball issue. Hopefully 2010 will be better than the dreadful 2009, good riddance!

What Are Your Plans for 2010? Win that iPod!

2009 is nearly gone and 2010 is almost here. ITIC and Sunbelt Software want to know how your organization's IT department and technology infrastructure fared over the past 12 months and what your budget and technology deployment plans are for the year ahead. We're running a new survey of multiple choice questions and one essay question. It should only take about five minutes to complete. All responses are kept confidential. And we're giving away two (2) iPods to the persons who provide us with the most insightful comment to the essay question. Remember to leave your Email address in the space with your essay comment so we can contact you if you win the iPod. Also anyone who completes the survey is entitled to a complimentary copy of the final report. Send me an Email directly at: [email protected]. Here's the link:
http://www.wservernews.com/091221-Survey


Quotes Of The Week

"Two rules for success in life: 1. Never tell people everything you know." -- Anonymous

"Your most unhappy customers are your greatest source of learning." -- Bill Gates




Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/091221-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/091221-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/091221-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

What VIPRE's MX-V Actually Does For You. Real World Example #13

I can hear you think: "Oh, another acronym invented by some marketing people. Big deal.." Not so fast! Check this out, fresh from SANS: "Microsoft and Sunbelt are currently the only two AV tools on Virustotal that do not seem to be perturbed by the rapid morphing of the EXE, and keep catching it reliably." (Click on the AV Coverage - Virustotal link)
http://www.wservernews.com/091221-Danger-Lurks

MX-Virtualization? analyzes malware in real-time, in a small, super-efficient secured memory "lock box" that emulates Windows. MX-V fools the malware into thinking it has taken over a PC. MX-V allows VIPRE to observe how the malware behaves and kill it before it can infect a machine. Get your 30-day eval:
http://www.wservernews.com/091221-VIPREEnterprise
<

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

End-of-Year Special #1: Sunbelt Network Security Inspector is a weapons-grade network scanner that helps you to fix holes. Now at 50% off before year-end:
http://www.wservernews.com/091221-SNSI

End-of-Year Special #2: Sunbelt Exchange Archiver is your rescue from PST file headaches, slow Exchange servers & compliance. Now at 50% off before year-end:
http://www.wservernews.com/091221-Exchange-Archiver

End-of-Year Special #3: Sunbelt VIPRE Enterprise is now VB100 certified but the $10/seat competitive upgrade program is going away December 31. Send that PO!
http://www.wservernews.com/091221-VIPRE



Webinars & Seminars

Kiss Your Antivirus Bloatware Goodbye: A Look at VIPRE Enterprise: 01/05

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner. When: Tuesday, January 5, 2010 2:00 PM (EST) Please register here:
http://www.wservernews.com/091221-Goodbye-Bloatware


Securing your Exchange Server with VIPRE Email Security: 01/12

Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, phishing, and other messaging threats. In this webinar, learn how the new version of VIPRE Email Security for Exchange (formerly Ninja Email Security) can help protect your network and cut your Exchange admin time in half with this powerful, policy-based email security product: When: Tuesday, January 12, 2010, 2:00 PM (EST) Please register here:
http://www.wservernews.com/091221-VIPRE-Email-Security


VIPRE Enterprise Product Demonstration: 01/19

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner. When: Tuesday, January 19, 2010, 11:00 AM (EST) Please register here:
http://www.wservernews.com/091221-VIPRE-Enterprise-Demo


Sunbelt Exchange Archiver Product Demonstration: 01/26

Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don't miss this Sunbelt Exchange Archiver demonstration. When: Tuesday, January 26, 2010, 2:00 PM (EST) Please registered here:
http://www.wservernews.com/091221-SEA-Demo


Tech Briefing

Why Office 2010 Won't Support WinXP 64-bit

Ars Technica has the story: "When the system requirements for Microsoft Office 2010 were first posted, we noticed that Windows XP 64-bit was mysteriously absent. We contacted Microsoft, and the company explained that while deciding on which versions of Windows to support in the next release of Office, it weighed the user experience behind the versions against broadly dropping support.

"For the Microsoft Office 2010 release, we will not support Windows XP 64-bit," a Microsoft spokesperson confirmed with Ars. Upon further inspection, we also noticed Windows Server 2003 support was missing. "For the best productivity and user experience, the benefits of 64-bit computing with Office 2010 is best experienced by utilizing the newly introduced 64-bit version of Office 2010 with Windows 7 (64-bit) or Windows Vista (64-bit) version." In short, Microsoft does not think the experience will be good enough on its previous operating systems. More at:
http://www.wservernews.com/091221-WindowsXP-64-bit


SP2 for Exchange 2007 Gotcha

Stefan Jafs asked this on the Sunbelt MS-Exchange Admin Issues List. Subject: SP2 for Exchange 2007, I know it became available a few months ago, did you guys upgrade? Should I?

Rob Campbell answered: I did. I highly recommend that you NOT enable the mailbox auditing feature. Other than that, no problems. When we enabled it, it caused email item attachments to get stripped from emails after they were sent, and it removed item attachments from some appointments but left an item reference attached. This caused the Availability Service to fail to return any FB information for a user that had one of those appointments anywhere in the search window. We had several re-occurring meetings get corrupted this way, and most of the attendees were executives and dept. managers. There for a while there would be blocks of several days/weeks that wouldn't return any information at all on a FB search of those users. It was a very long week trying to figure out what was doing it, and a very long weekend getting it straightened out. MS is supposed to be writing up a bug report on it, but I haven't seen it yet. Subscribe to the Exchange List here, it's a great and no-cost resource:
http://www.wservernews.com/091221-Exchange-List


Dell Offers Cheaper Quick-Boot System Based On Flash Memory

Lionel Menchaca, Dell's Chief Blogger wrote: "Back in September of 2009 we started shipping Latitude ON. The original version is an OMAP-based add-in card that delivers instant access and all day battery life for business users of the Dell E4200, E4300 and most recently the Latitude Z. Recently we rolled out Latitude ON | FLASH. This new addition to the Latitude ON family runs on a special flash memory module that snaps into an internal mini-card slot on supported systems." This new solution that can boot up a computer in seconds as an option for some laptops. Great idea.
http://www.wservernews.com/091221-Latitude-ON


FBI: Rogue Antivirus Scammers Have Made $150M

They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs.
http://www.wservernews.com/091221-Rogue-Antivirus


Conficker Takes Down A Hospital

Waikato District Health Board has been crippled by the Conficker computer worm which has caused all 3,000 PCs in the organization to be shut down. DHB technicians were working on a computer upgrade overnight when things started to go awry. "About 2am they noticed there were some issues with the computers. By 4am they realized a computer virus had got into our whole system: More at NZHerald:
http://www.wservernews.com/091221-District-Health-Board-Virus


The 2009 Data Breach Hall Of Shame

If there was anything even vaguely comforting about the data breaches that were announced this year it was the fact that many of them stemmed from familiar and downright mundane security failures. Computerworld has the list:
http://www.wservernews.com/091221-2009-Data-Breaches


Many IT Shops Budget For Server, Virtual Desktop Projects In 2010

After a year of stagnation, it looks like 2010 might be a year of IT investment, particularly where virtual desktops and cost saving virtualization projects are concerned. In this article, top virtualization experts offer their insights and predictions for what the virtualization market holds for 2010: (email registration required)
http://www.wservernews.com/091221-Virtual-Desktop-Projects


Fixing Microsoft Hyper-V Virtual Machine Clustering Problems

This expert tip discusses Hyper-V virtual machine problems and fixes, with contributions from Microsoft and hardware vendors, as well as workarounds that help the overall stability of virtual environments. Understand the importance of updating firmware and drivers, learn where to look for newest patches, and find out which tools are best for rebooting servers. (email registration required)
http://www.wservernews.com/091221-Clustering-Problems


Windows Server News

Stratus ftServer Zero Downtime $50K Holiday Offer

By Laura DiDio. One of the most impressive and incredible deals of this holiday season -- and one that large enterprise customers will be hard pressed to refuse -- is Stratus Technologies' pledge of Zero downtime for customers or $50,000 cash back.

The deal is targeted at large Windows Server 2008 enterprises that purchase expensive servers (over $20,000) because they require near mainframe like fault-tolerance and uptime of 99.999% or better.

Here's how it works: organizations that purchase any standard configuration of Stratus Technologies' most current ftServer 6300 enterprise-class x86 fault tolerant server equipped with Microsoft Windows Server 2008 and the required service contract, are eligible for $50,000 or a product credit if the server hardware, Stratus' system software or operating system failures cause unplanned downtime in a production environment within the guarantee period.

The guarantee period lasts up to six months following server deployment. Stratus executives vow that there are no hidden clauses or trap doors in the guarantee. Stratus Technologies headquartered in Maynard, Ma. has built its reputation on delivering rock-solid reliability of 99.999% uptime. That's the equivalent of less than one minute of per server downtime in a year! This is an admirable achievement by any standard.

The ftServer 6300 line is Powered by 2.93 GHz X5570 Intel Quad-Core Xeon? processors, the ftServer 6300 is optimized for large data center multi-tasking applications with high transaction rates, such as credit card authorization processing, high speed ATM networks, and as a powerful engine for database applications and virtualization environments. A typical ftServer 6300 configuration can actually cost less than the value of the payout. The offer is open to customers worldwide, and the program ends Feb. 26, 2010.

Specifically, customers can choose from a custom version of the ftServer 6300 or one of two pre-configured bundled configurations. The ftServer 6300 Power Bundles #1 and #2 are robust, high-end configurations that consist of Microsoft Windows Server operating system, disk drives and supporting peripherals, with a significant package discount compared to individually priced system components. Other server models in the ftServer line are not included in this program.

Stratus Technologies' decision to quite literally put its money where its mouth is a bold move and one that the overwhelming majority of vendors would never consider. In fact, ITIC can't recall any high tech hardware vendor in recent memory, offering these same terms. However, Roy Sanford, Stratus chief marketing officer, said the deal underscores confidence in Stratus Technologies is of its ability to deliver the highest levels -- 99.999% uptime -- or greater. "The Zero Downtime program is a show of confidence that our products consistently perform at the highest levels of availability. Our guarantee is right out there for all to see, customers and competitors alike."

Corporate enterprises that are risk averse, those that demand the highest levels of uptime or those that are in a betting mood are well advised to check out the Terms and Conditions of Stratus Technologies offer. You've literally got nothing to lose. Laura DiDio is Principal at ITIC a research and consulting firm in Boston. Stratus Technologies:
http://www.wservernews.com/091221-Stratus
.

Patch Management Made Easy With WSUS 3.0 SP2

One of the challenges that comes with running a network is keeping your operating systems patched and secure. In response to this problem, Microsoft has released Windows Server Update Service 3.0 SP2 as a means to centrally download updates and control how they are deployed to the computers throughout your network. Additionally, WSUS provides extensive reporting features to quickly give you a snapshot of your computers' status. If your network is big enough to have a server and use Active Directory, it's big enough to benefit from using WSUS:
http://www.wservernews.com/091221-Patch-Management


Third Party News

The Latest Multi-Platform network Vulnerability List

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

New Checks:
H1 Sendmail -Address Parsing - HP-UX 10/11  
H51 VRTSweb Vulnerability - HP-UX 11  
L257 Firefox multiple security vulnerabilities Dec 2009 - RHE  
L258 Firefox multiple security vulnerabilities Dec 2009 - Sci Linux  
S166 Sun Ray Multiple Vulnerabilities - Solaris 10  
H57 OpenView Data Protector App Recovery Manager Vulnerability - HP-UX 11  
L232 Libtool ltdl.c current working directory .la weakness - MDV  
L233 GnuTLS NULL character handling in X.509 signatures - MDV  
L234 NTP NTPv4 public key authentication flaw - MDV  
L235 OpenSSL multiple DTLS fragment errors - MDV  
L236 Ghostscript translate image to native color space weakness - MDV  
L237 DHCP client response permissions failure - MDV  
L238 ISC BIND DNSSEC response validation caching error - MDV  
L239 MySQL Apr-utl .htaccess/mod_dav & apr_brigade flaws - MDV  
L240 Neon \0 character & recursion during entity expansion flaws - MDV  
L241 Expat big2_toUtf8 function malformed UTF-8 flaw - MDV  
L242 Netpbm jas_stream_printf & windows height error - MDV  
L243 Xmlsec1 W3C XML Signature Syntax HMAC truncation error - MDV  
L244 Xine qt_error parse & 4xm movie file demuxer errors - MDV  
L246 Samba share restriction bypass & oplock break errors - MDV  
L247 Pidgin msn_slplink denial of service exploit - MDV  
L248 Mono ASP.net class library weaknesses - MDV  
L249 Apache SSL/TLS renegotiation handshake flaw- MDV  
L251 PHP dba_replace/openssl_apply/& sanity check errors - MDV  
L252 Ruby BigDecimal library context error - MDV  
L253 MySQL CREATE TABLE privilege bypass - MDV  
L254 ClamAV malware detection bypass via RAR archive - MDV  
L255 NTP malformed packet response log loop weakness - MDV  
L256 GIMP read_channel_data crafted PSD file flaw - MDV  
L259 Kernel multiple vulnerabilities Dec 2009 - RHE  
L260 Kernel multiple vulnerabilities Dec 2009 - Sci Linux  
M61 Mozilla Seamonkey URI/CSS Vulnerabilities - Mac OS X  
M62 Mozilla Firefox 3.0/3.5 Multiple Vulnerabilities - Mac OS X  
M103 Adobe Acrobat / Reader JavaScript Blacklist Framework Vulnerability  
M121 Adobe Flash Player Multiple Vulnerabilities - Mac OS X  
S59 Kernel IP module Vulnerability - OpenSolaris  
S170 Cluster Nodes may hang with Autopush - Solaris 10  
S207 Apache mod_perlrun/mod_status Vulnerabilities  
S239 Gnome PDF Viewer library Vulnerabilities  
S309 Symantec/Veritas NetBackup Storage Lifecycle Policy Vulnerability
S346 GlassFish Java JRE XML Parsing Vulnerability - Solaris  
S566 SunMC Libxml2  
W2473 Firefox 3.0/3.5 Multiple Vulnerabilities  
W2474 SeaMonkey Multiple Security Vulnerabilities  
W2600 Adobe Acrobat / Reader JavaScript Blacklist Framework Vulnerability  
W2680 Roxio Image Handling Vulnerability  
W2847 Indeo Codec Vulnerability - W2k/XP/W2K3  
W3376 Adobe Flash Player Multiple Vulnerabilities  

Updated Checks H19 Kernel Vulnerability - HP-UX 11 S270 aio_suspend() may induce system panic - Solaris 8 - 10 S283 AnswerBook2 Documentation Tag Handling - Solaris 7 - 8 S436 International timezone law changes - Solaris 8 - 10 W1142 Anti-virus signature outdated - McAfee W1986 Anti-virus signature outdated - Symantec W1999 Anti-virus signature outdated - Trend Micro W2067 Anti-virus signature outdated - F-Secure W2070 Anti-virus signature outdated - CA eTrust M76 ClamXav / ClamAV signatures not the latest - Mac OS X M80 Virex signature file out of date - Mac OS X S33 ClamAV signatures not updated - Solaris S111 SSL/TLS session renegotiation vulnerability S169 IPMP Vulnerability - Solaris 10 S243 TCP state vulnerabilities - Solaris 8 - 10 S352 NSS TLS/SSL Handshake Renegotiation Vulnerability - Solaris W2012 Anti-virus signature outdated - Avast! 4 W2013 Anti-virus signature outdated - AVG 8 - W2K/XP/W2K3 W2056 Anti-virus signature outdated - Norman W2112 SMB Client Security Signature Not Enabled W2113 SMB Server Security Signature Not Enabled W2682 IWA Credential Forwarding Protection Opt-In Informational
Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 208 was released December 18, 2009. Sunbelt Software recommends you download the new SNSI Vulnerability Update Definitions 208, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/091221-Security-Inspector


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

VIPRE Received The VB100 Award

This is your last Heads-Up: VIPRE Enterprise 10$/Seat Competitive Upgrade Ends 12/31! That VB100 award should put any last doubts to rest. The independent Tolly Group said in their September 2009 Anti-virus Performance Test Report: "Consumes up to 38% and 45% less memory, and offers up to 2.6x and 3.6x scanning speed compared to Symantec and McAfee." It's clearly time to kiss your antivirus bloatware goodbye. Sunbelt built VIPRE Enterprise; total endpoint security designed by admins for admins. And that means EASY DEPLOYMENT. Click on the 'Request Info' tab and ask for a quote:
http://www.wservernews.com/091221-VIPRE-Enterprise