MY PROFILE | PRIVACY 
Vol. 15, #4 - Feb 1, 2010 - Issue #762
Had The Chinese Shot ICBMs In 33 U.S.-Based Companies...

  1. Editor's Corner
    • Had The Chinese Shot ICBMs In 33 U.S.-Based Companies...
    • Act Now To Avoid The Apple iPad Apocalypse
    • Would you do us a favor and vote?
    • Quotes Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • Kiss Your Antivirus Bloatware Goodbye: A Look at VIPREŽ Enterprise - 2/2
    • Affordable, Enterprise Email Archiving - 2/9
    • VIPREŽ Enterprise Product Demonstration - 2/16
    • VIPREŽ Email Security for Exchange Product Demonstration - 2/23
    • Understanding Audit Logging in SQL Server 2008 - 2/18
  4. Tech Briefing
    • ITIC Sunbelt 2010 SQL Server Survey Results
    • Microsoft Ends Mainstream Support For SMS 2003
    • Upgrading To VMware vSphere: Five Pros And Five Cons
    • Internal Investigations: The Basics
  5. Windows Server News
    • Can Microsoft Win The Virtualization War Against VMware?
    • Microsoft's VECD Is Mandatory For Windows Virtualization
  6. Third Party News
    • WhatsUp Gold Acquires Dorian Software Creations.
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
Sunbelt Will Buy Out Your Antivirus Contract

Suffer from AV vendor lock-in? We'll buy it out up to 12 months! The independent Tolly Group said in their Antivirus Performance Test Report: "Consumes up to 38% and 45% less memory, and offers up to 2.6x and 3.6x scanning speed compared to Symantec and McAfee." The VB100 award was the cherry on the cake. VIPRE means world-class security. It's clearly time to kiss your antivirus bloatware goodbye. VIPRE Enterprise is by admins for admins. And that means EASY DEPLOYMENT. Click on the 'Request Info' tab and ask for your quote now:
http://www.wservernews.com/100201-VIPRE-Enterprise


Editor's Corner

Had The Chinese Shot ICBMs In 33 U.S.-Based Companies...

Techweb editor David Berlind pointed out in Information Week: "Had the Chinese shot intercontinental ballistic missiles into 33 U.S.-based businesses including those in the finance and defense industries as well as the Mountain View-based headquarters of Google, there would be no question in anyone's mind as to whether war had been declared on the U.S. Let's be honest with ourselves. It was an act of war and it deserves more of a response from the U.S. government than it is getting."

Them's fightin' words! But he's right. Calling it a Digital Pearl Harbor is a bit much, but these attacks are brazen and cannot continue without some hard words and measures from the "U.S. Guvmint.". However, in the mean time, you need to shore up your own defenses as well, whatever the size of your organization. The threatscape is rapidly evolving.

Size does not matter anymore. Cyber criminals are now customizing malware ploys for small and medium enterprises. It does not matter if you are small, it does not make you less of a target. On the contrary actually. The large businesses now are better defended, so cyber crime looks for easier to penetrate targets. CyberPatrol and the FBI came with seven good suggestions, which I have embellished somewhat :-)
  1. Create an Internet use policy and enforce it
  2. Train employees on cyber security
  3. Implement a web content filter
  4. Keep your endpoint security products updated religiously
  5. Reduce privileges as much as possible
  6. Deploy application whitelisting and heuristic detection
  7. Consider dedicating one PC strictly for online banking, no email of websurfing installed or allowed on that machine.
One more suggestion is add behavioral detection to point 6, so that you have detection by signatures, heuristics and behavior, to make sure you catch zero-day threats. A certain security product starting with a "V" comes to mind. To determine how you can better focus your security efforts, I recommend this insightful article in the New York Times. They analyze the United States' currents capabilities in deterring cyber attacks. Not very encouraging. We're on our own:
http://www.wservernews.com/100201-Digital-Combat

The other article I think is interesting is this 'man-bites-dog' story in ComputerWorld, where a Texas bank is suing a customer hit by an $800,000 cybertheft in a case that could test the extent to which customers should be held responsible for protecting their online accounts from security compromises. Great ammo to get budget!
http://www.wservernews.com/100201-Cybertheft


Act Now To Avoid The Apple iPad Apocalypse

Randall Kennedy at InfoWorld wrote: "We saw the damage the iPhone caused as the ill-fitting consumer technology invaded the corporate space. This time, IT needs to strike first. I hate disruptive technologies. They're antithetical to all that's sane and stable in enterprise IT. So when I hear that one out of every five tech-savvy consumers is interested in buying the Apple iPad, I start to squirm a bit in my chair.

"This fruity new wonder could prove to be the hottest item under the Christmas tree. And that means that, come January 2011, IT shops will be inundated with idiot users lobbying to hook their iPads into the corporate network." He's not entirely wrong. The new iPad threatens the netbook category, and cheap laptops are at risk of extinction as well. There are a few real show stoppers though, which mean end-users may not be purchasing first-generation iPads: the lack of a video camera and chat capabilities, and the lack of Flash support.

Unfortunately though, your users are going to want to have their email on this thing, with resulting security repercussions. More:
http://www.wservernews.com/100201-Apple-Tablet

But the real news out of Apple this week was the iPad Nano. LOL!
http://www.wservernews.com/100201-iPad


Would you do us a favor and vote?



VIPRE Enterprise is one of 9 finalists in the Security Product of the Year category in the 2010 Networking Computing Awards. Follow the link and cast your vote for VIPRE. Thanks!
http://www.wservernews.com/100201-Vote


Quotes Of The Week

"It's a funny thing about life; if you refuse to accept anything but the best, you very often get it." -- William Somerset Maugham

"Age wrinkles the body. Quitting wrinkles the soul." -- Douglas MacArthur,




Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/100201-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/100201-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/100201-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Wanted: VIPRE Enterprise Premium Beta Testers - Get A T-Shirt

VIPRE Enterprise Version 4 new stuff: a Bi-directional Firewall, HIPS, NIPS, IDS, Web Filtering, Ad Blocking, Bad URL Blocking, and Anti-Phishing. For good measure we allow you to write your own SNORT rules. And, it supports "tiering" and "peering" with the new VIPRE Site Service, which also allows granular admin control. And all this still with a very small, super-low overhead, single-agent footprint! Email [email protected] to receive a key for more than 5 workstations. Create your login at:
http://www.wservernews.com/100125-Beta-Forum-Login

You'll get an email with your confirmation. Log in, and then use this link to get the console; the agent automatically downloads.
http://www.wservernews.com/100125-Beta-Forum
<

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

ScriptLogic Perspective Network Management Solution. A comprehensive and affordable solution for bandwidth and network performance.
http://www.wservernews.com/100201-Perspective

Can You Install a Web Security Appliance in 15 mins? You can with the iPrism appliance. Sign up now for a demo & get a t-shirt!
http://www.wservernews.com/100201-iPrism

Here is a slick script (both VBS and CMD/BAT) for passively detecting admin rights across XP through Windows 7 including working properly for UAC:
http://www.wservernews.com/100201-Admin-Rights


Webinars & Seminars

Kiss Your Antivirus Bloatware Goodbye: A Look at VIPREŽ Enterprise - 2/2

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner.

When: Tuesday, February 2, 2010 2:00 PM (EST) Please register here:
http://www.wservernews.com/100201-Goodbye-Bloatware


Affordable, Enterprise Email Archiving - 2/9

Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don't miss this Sunbelt Exchange Archiver webinar.

When: Tuesday, February 9, 2010, 2:00 PM (EST) Please register here:
http://www.wservernews.com/100201-Email-Archiving


VIPREŽ Enterprise Product Demonstration - 2/16

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner.

When: Tuesday, February 16, 2010, 11:00 AM (EST) Please register here:
http://www.wservernews.com/100201-VIPRE-Demo


VIPREŽ Email Security for Exchange Product Demonstration - 2/23

Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, phishing, and other messaging threats. In this product demo, learn how the new version of VIPRE Email Security for Exchange (formerly Ninja Email Security) can help protect your network and cut your Exchange admin time in half with this powerful, policy-based email security product.

When: Tuesday, February 23, 2010, 2:00 PM (EST) Please register here:
http://www.wservernews.com/100201-VIPRE-Email-Security


Understanding Audit Logging in SQL Server 2008 - 2/18

With 2008, SQL Server finally has a real audit log capability. It's flexible, high performance and can report its events directly to the Windows Security Event Log which means you can leverage the security and integrity of the security log AND take advantage of whatever log management solution you currently use to collect, monitor and report server logs. This real training webinar is not free. For specialized topics where finding a sponsor is not practical. The fee is low and there is no sponsor presentation; your info will not be shared with anyone. It's all deep, technical training.

Title: Understanding Audit Logging in SQL Server 2008
Date: February 18, 2010 - 12:00PM US Eastern Time
This is real training. Space is limited. Reserve your Webinar seat now at:
http://www.wservernews.com/100201-Audit-Logging


Tech Briefing

ITIC Sunbelt 2010 SQL Server Survey Results

By Laura DiDio - Thanks to the 450 of you who responded and participated in the Sunbelt/ITIC 2010 Database Deployment Trends Survey. Your responses enable us to track deployment trends in this crucial market segment and your responses to the Essay question were very insightful.

Once again, Stu and I had a tough time picking the two (2) iPod winners because there were so many great comments. But the winners are: Aaron Horn and SpudGie. First runner up Andrew Baker wins a copy of Sunbelt's award winning VIPRE. Congratulations to the winners! We'll be contacting you soon. Anyone who completed the survey is entitled to a complimentary copy of the full Report. Email me at: [email protected]

The results of the ITIC 2010 Database Deployment Trends Survey, conducted during December and January, indicate that the overwhelming majority of organizations will remain with their chosen database platform provider, unless they have a compelling reason to switch.

Nearly three-quarters -- 72% -- of survey respondents indicated that they have not migrated or switched any of their major line of business (LOB) applications from one database platform to another over the last three years. At the same time, two out of 10 survey respondents indicated they have and will switch database platforms and applications if the business or technology needs dictate. Building a custom application was the reason most often cited for migrating to a new database platform.

And when organizations do elect to defect databases, Microsoft's SQL Server is the top choice among the 21% of respondents whose organizations switched platforms over the past three years. Database defectors chose to migrate to SQL Server by a two-to-one margin over the nearest competitor, Oracle. The respondents who switched database platforms represented organizations from SMBs to the largest enterprises. This is a clear indication that businesses are confident in SQL Server's ability as an enterprise-worthy database platform.

The survey also polled organizations worldwide on their database concerns. Interoperability, cost and performance topped the list of challenges end users face with respect to their current and planned database and server strategies. Almost 90% rated interoperability with existing or planned infrastructure as the most important factor to consider when choosing a server vendor, while 80% cited cost and 78% chose performance.

When it came to customer satisfaction with your current database vendor, Microsoft's SQL Server got SQL Server high marks for overall performance, reliability, ease of use and technical service and support, with two-thirds 66% -- rating it "Excellent" or "Very Good." IBM's DB2 also scored very high marks particularly from large enterprises where that platform is well entrenched. Approximately eight-out-of-10 respondent businesses -- 79% -- said Microsoft was their top choice for database needs, while rival Oracle was cited by just over 10% as the preferred database vendor; however nearly two-thirds of survey participants indicated they did not use the Oracle Database 11g in their organizations.

Among the other survey highlights:
  • Some 73% of respondents indicated that IT is the leading driver in the vendor selection process. Significantly, none of those polled said that IT departments were left out of the selection and purchasing process.
  • Over three quarters -- 76% -- of survey respondents indicated they have not migrated or switched any of their main line of business applications from one database platform to another within the past three years.
  • Among the 21% of businesses that have migrated database platforms, 46% said they switched to a custom application developed in-house; 27% switched to a custom application developed by a partner and 18% migrated over to a packaged ERP application while another 9% switched over to a packaged CRM application.
The sheer enormity involving any major server-based application upgrade explains why only 21% of the ITIC survey respondents said their organizations had migrated DB platforms during the past three years. Similarly, a majority of survey respondents also replied negatively to the question, "What is the likelihood that your organization will switch its applications from one DB to another?" Over half - 56% -- said it was "Very Unlikely" and they would only switch because of an unforeseen circumstance, while another 17% said it "was not an option" and under no circumstances would they abandon their current DB platform and applications. Another 17% said it was a possibility depending on the circumstances, while a 5% minority answered their organizations would "likely switch if there was a compelling business reason" and small 5% minority was "Unsure."

Nonetheless, 21% of those polled indicated they will switch, if a change is warranted. The top five reasons cited are:
  • Upgrade of an existing application
  • The need to improve performance
  • The addition of a new application
  • The need to improve security
  • The need to improve integration with an existing application
Interestingly, the survey data indicates that only a small minority of organizations make the decision to switch DB platforms and/or vendors based on the preference of an individual executive, DB administrator or because of a management change or merger/acquisition. This indicates that organizations recognize the need to install the DB platform that most closely aligns with the needs of the business. The results also show that one-third - 33% -- of organizations opt off their legacy DB platform because of a need to lower their TCO and ROI and in an effort to standardize DB platforms across the entire organization. -- Laura DiDio is the Principal at ITIC, a research and consulting firm based in Boston, Ma.

Microsoft Ends Mainstream Support For SMS 2003

A popular version of Microsoft's systems management software is sailing into the sunset. Support for Systems Management Server (SMS) 2003 has shifted from mainstream to extended support. Under the extended support policy, the company will no longer offer no-charge incident support, warranty claims or design changes and feature requests for SMS 2003. Find out more in this expert article:
http://www.wservernews.com/100201-SMS-2003-Support


Upgrading To VMware vSphere: Five Pros And Five Cons

There are some compelling reasons to upgrade to vSphere but also reasons why you may not want to. Depending on your environment and requirements, the reasons offered in this article will help you to decide whether or not to upgrade to vSphere:
http://www.wservernews.com/100201-Upgrading-to-VMware


Internal Investigations: The Basics

Internal investigations must uncover the truth about misconduct or fraud without damaging innocent employees. This is an interesting article at the CSO site and has the basics of how to plan and conduct a successful internal investigation. They start off with:

"Internal investigations are a vital part of a security program. It's a serious matter when an employee is alleged to be violating company rules. So-called 'insider threats' can cause as much damage as thieves outside. These threats come in many different forms, including:

Windows Server News

Can Microsoft Win The Virtualization War Against VMware?

Whether Microsoft can do to VMware what it's done to other tech incumbents over the past 20 years depends very much on whom you ask. Microsoft partisans say that the software giant can and will displace VMware Inc.'s server virtualization dominance much as it dispatched Novell's NetWare franchise. The VMware camp, on the other hand, contends that unlike Novell or WordPerfect or Lotus or Netscape Communications, VMware keeps changing the rules. Read this article now to learn what industry experts have to say about this debate:
http://www.wservernews.com/100201-Virtualization-War


Microsoft's VECD Is Mandatory For Windows Virtualization

VECD stands for "Virtual Enterprise Centralized Desktop." It's the license that Microsoft requires to use its desktop virtualization. VECD must be purchased in addition to the base Windows operating system license. If you want to virtualize Windows, you have to buy this VECD license as a second license. In this exclusive article, discover what industry expert Brian Madden thinks about this new license:
http://www.wservernews.com/100201-VECD


Third Party News

WhatsUp Gold Acquires Dorian Software Creations.

Ipswitch adds security event log management to their network monitoring portfolio. WhatsUp Gold, Ipswitch, Inc.'s network management division and a developer of innovative network management solutions, announced it has acquired Dorian Software Creations, Inc., the leader in providing complete, easy-to-use solutions for Windows Security Event Management (SEM) and Log Management for small businesses and enterprise-level organizations. The addition of Dorian Software's patented event log management technology to WhatsUp Gold's extensive suite of network management solutions will empower customers to collect, store, report, monitor and alert on event logs in real time. Along with forensic analysis, these capabilities ultimately ensure network security and facilitate adherence to compliance standards and processes. More:
http://www.wservernews.com/100201-Ipswitch-Acquires-Dorian


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.