MY PROFILE | PRIVACY 
Vol. 15, #32 - Aug 2, 2010 - Issue #790
Why No Internet Security Awareness Training?

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • Why No Internet Security Awareness Training?
    • Sunbelt Worldwide Threat Level Raised To High
    • Quotes of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • VIPRE Enterprise Premium Product Demonstration - 8/3
    • Introducing VIPRE Enterprise Premium, Version 4.0 - 8/10
    • VIPRE Email Security for Exchange Product Demo - 8/17
    • Affordable, Enterprise Email Archiving - 8/24
    • Desktop Virtualization: What it Means in 2010
  4. Tech Briefing
    • Microsoft Office: 10 Reasons to Dump It And Go With Online Apps
    • Fake Femme Fatale Shows Social Network Risks
    • New Outlook 2010 AutoComplete Cache and Suggested Contacts
    • Security: Top Hacks, Breaches and Compromises of 2010 (So Far)
    • What Your Phone App Doesn't Say: It's Watching
  5. Windows Server News
    • Adding Risk Management Analysis To A Disaster Recovery Plan
    • Top 5 Ways To Improve Virtualized Server Infrastructure Performance
    • Security Issues In Cloud Computing
    • What?S Inside The Virtual Desktop Grab Bag?
  6. Third Party News
    • ChargeBack Allows Visibility to Infrastructure Costs
    • "How VIPRE Could Be Improved." (humor)
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • myPassword. Securing your business, one password at a time.
myPassword. Securing your business, one password at a time.

In today?s fast paced mobile business environment, a comprehensive and cost effective identity management plan is more important than ever and critical to preventing devastating security breaches. myPassword is an easy to use, yet extremely powerful, self-service password management solution that provides end users with a cost-efficient, safe and secure method to reset forgotten passwords, meet complexity requirements and manage locked accounts. myPassword minimizes user downtime, dramatically decreases Help Desk costs and delivers an immediate ROI to your organization.
http://www.wservernews.com/100802-myPassword

Editor's Corner

Why No Internet Security Awareness Training?

Something I discovered recently is that a large section of organizations do not train their employees on even the basics of Internet Security. Things like how not to get phished, not to get infected. In short, how not to click on something they shouldn't. Most of us get mandatory sexual harassment training once a year. Why not training how to be secure online?

What do you think is causing this, especially with moving things in the cloud? I started a thread on the NTSYSADMIN list, to see what the people on that very popular list think about this. Their answers were quite interesting, and one of the participants gave a good summary:

"Many good responses have been provided thus far, but it comes down to the following for many organizations:
  1. Training of all sorts become early casualties of budgets. If there aren't enough reasons from a Senior Management standpoint to have that sort of training, it won't happen.
  2. Organizations assume that people already know.
  3. Organizations forward emails or links about the subject and assume that this is good enough.
  4. They don't hire someone who will manage the ongoing process of end-user security training, or they relegate it to someone with 19 hats who won't have the time to do it justice.
  5. There's a whole lot more than just security training that they're not doing -- sometimes including security itself. Security costs, but good security prevents more debilitating costs. Some organizations just don't get that yet." -- Andrew Baker.
And he's right about that. However, with the press the last few years full of stories about security breaches, lost databases, cyber bank heists and the like, don't you think that Senior Management would think it's about time to get regular Internet Security Awareness Training (ISAT) done by now?

Let me know if/how this is done in your organization. Please take 30 seconds and fill out the new SunPoll (anonymously): "In your organization, is end-user Internet Security Awareness Training (ISAT) done regularly?"
  • Yes, that is Policy here, and most get mandatory (semi)-annual ISAT
  • I send friendly emails regarding latest threats, scams, phishing, etc
  • They do not see the quantifiable ROI, so no budget for ISAT, unfortunately
  • There is no one to manage the ongoing process of end-user security training
  • They assume people already know, and nothing is done about it
  • Other (email me at [email protected])
Vote here, Bottom Right. Going to be interesting what the percentages are!
http://www.wservernews.com/100802-SunbeltSoftware

Now, you might want to answer something like: "Although there is no one to manage the ongoing process of end-user security training, and the executives may not see the quantifiable ROI, so (there is) no budget for ISAT, I do send friendly emails regarding latest threats, scams, phishing, and most get (non-)mandatory annual ISAT, there is no actual policy here." (LOL) In that case I want to hear your story. Write to me here: [email protected]

Sunbelt Worldwide Threat Level Raised To High

Sunbelt Software is raising its Worldwide Threat Level to "high" in light of unpatched vulnerabilities in three widely-used applications or systems and the Defcon and Black Hat conferences in Las Vegas this week.

Internet users should:
  • be sure anti-virus applications are updated and functional
  • avoid opening attachments in spam emails or clicking on links in spam
  • be cautious opening attachments or following links in email messages
  • be especially cautious in web browsing if they use QuickTime Player
  • be alert for updates that are expected soon to fix serious holes in QuickTime Player, Microsoft Windows and Cisco Industrial Ethernet 3000 series routers.
Be safe out there, folks!

Quotes of the Week

"Men of power have no time to read; yet the men who do not read are unfit for power." -- Michael Foot

"Ambition is the path to success. Persistence is the vehicle you arrive in." - Bill Bradley

"Those who cannot change their minds cannot change anything." -- George Bernard Shaw




Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/100802-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/100802-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/100802-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Get Answers in our LIVE daily Demo of VIPRE Enterprise v.4



Register for a live demonstration of VIPRE Enterprise Version 4.
  • See VIPRE Enterprise Version 4 live and in action
  • Learn about the features and functionality
  • Receive tips and best practices for configuration
  • Get LIVE answers to your questions from our Support team.
  • VIPRE Enterprise Version 4 combines antivirus, antispyware, client firewall (with VIPRE Enterprise Premium) and malicious website filtering technologies into a single agent to protect against the ever-changing wave of malware in the most comprehensive, highly efficient manner.
Register for one of our daily demos today and learn why VIPRE delivers all the necessary endpoint security you need, and nothing you don't:
http://www.wservernews.com/100726-Daily-Webinars

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Complete Windows Change Management - WhatChanged Free Trial Monitor Windows change with WhatChanged. Improve availability, accelerate troubleshooting. Free Trial!
http://www.wservernews.com/100802-WhatChanged

Simplify your life with mPowerTools - 100+ Reports - tackle AD chores in bulk - a search & replace tool - you'll never script again AND NO third party databases!
http://www.wservernews.com/100802-mPowerTools

I found something useful you might want to check out if you use VMs and need to charge departments for their use of shared IT resources.
http://www.wservernews.com/100802-Chargeback


Webinars & Seminars

VIPRE Enterprise Premium Product Demonstration - 8/3

Join us for a look at Sunbelt?s new VIPRE Enterprise Premium Version 4.0, powerful, high-performance endpoint malware protection. Be among the first to see the new version, which combines antivirus, antispyware and now firewall into a single agent. Plus take a deep dive into other new features including scalable multi-site tiering and role-based access control.

Tuesday, August 3, 2010, 2:00pm - 2:30pm EDT
http://www.wservernews.com/100802-VIPRE-Demo


Introducing VIPRE Enterprise Premium, Version 4.0 - 8/10

Be among the first to see Sunbelt?s new VIPRE Enterprise Premium Version 4.0 - powerful, high-performance endpoint malware protection. The new premium version combines antivirus, antispyware, and now client firewall and malicious website filtering technologies, into a single agent to protect against the ever-changing wave of malware in the most comprehensive, highly efficient manner.

Join us to hear how our approach to malware protection is different. We translated our years of experience in detecting and remediating sophisticated malware into the next-generation endpoint protection technology, VIPRE - without building on older generation AV engines or other sourced technology components. VIPRE is fast, efficient technology in a single, powerful threat engine with low impact on system resources.

Take a deep dive into new features including scalable multi-site tiering and role-based access control. Plus, learn why VIPRE delivers all the necessary security functionality you need and nothing you don?t.

Tuesday, August 10, 2010, 2:00pm - 3:00pm EDT
http://www.wservernews.com/100802-Introducing-VIPRE


VIPRE Email Security for Exchange Product Demo - 8/17

Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, phishing, and other messaging threats. In this product demonstration, learn how the new version of VIPRE Email Security for Exchange (formerly Ninja Email Security) can help protect your network and cut your Exchange admin time in half with this powerful, policy-based email security product.

Tuesday, August 17, 2010, 2:00pm - 2:30pm EDT
http://www.wservernews.com/100802-Email-Security-Demo


Affordable, Enterprise Email Archiving - 8/24

Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don?t miss this Sunbelt Exchange Archiver webinar.

Tuesday, August 24, 2010, 2:00pm - 3:00pm EDT
http://www.wservernews.com/100802-Email-Archiving


Desktop Virtualization: What it Means in 2010

This complimentary one-day seminar features industry analyst and blogger Brian Madden who explains how virtualization technologies can help you save time and money and simplify the management of your user's desktops. Coming to Washington D.C., Boston, Chicago and Irvine this year, Brian reviews the current state of desktop virtualization, application virtualization and streaming, and the evolution of thin client computing. Don?t miss out - reserve your seat today!:
http://www.wservernews.com/100802-Virtualization


Tech Briefing

Microsoft Office: 10 Reasons to Dump It And Go With Online Apps

With the launch of Microsoft Office 2010, many administrators are wondering if an expensive upgrade is worth the cost and hassle, especially since SaaS providers like Google and ZOHO have matured their hosted office offerings into something that is now business ready. Administrators only need a good reason to make the jump to SaaS, and here are ten of them. This slide show can be found on the Channel Insider website:
http://www.wservernews.com/100802-Microsoft-Office


Fake Femme Fatale Shows Social Network Risks

Social networking pages featuring the profile of a fake Navy cyberthreat analyst attracted some 300 friends in the intelligence, military and security communities in an experiment conducted by a security researcher. The lesson? Watch out for pretty faces online:
http://www.wservernews.com/100802-Social-Network-Risks


New Outlook 2010 AutoComplete Cache and Suggested Contacts

William Lefkovics wrote this item over at WinITPro. Small but very useful bit of data that causes users to send emails to the wrong person all the time.

"Outlook provides a cache of email addresses as you use them in new email messages. This cache, sometimes called a nickname cache, is intended to improve user productivity. As you type an address in an email address field, Outlook lists possible addresses matching the letters you?ve entered.

Historically, Outlook stores this cache in a local, profile-specific file with the extension .nk2. Outlook 2010 changes the location of the AutoComplete Cache. It?s no longer an .nk2 file but is now a hidden folder within an Exchange Mailbox or a .pst file, depending on the account type in Outlook. The principle is the same, of course; however, with the nickname cache in the mailbox, the content now travels with the user. MORE:
http://www.wservernews.com/100802-AutoComplete


Security: Top Hacks, Breaches and Compromises of 2010 (So Far)

eWEEK has a good little slide show this week. This has been a busy year for both hackers and computer forensic specialists. Whether it was the 4 million usernames and e-mail addresses swiped in a hack of The Pirate Bay or AT&T's Website hack that exposed the e-mail addresses of iPad 3G owners, the first six months of 2010 are a reminder of the realities of today's IT security landscape. With this backdrop, security professionals meet the week of July 26 at the Black Hat security conference in Las Vegas to discuss the latest threats and what can be done about them. While each of the most serious hacks and malicious breaches are different, many have a key similarity - insecure code. Others highlight the dangers of phishing and criminals exploiting potential gaps in physical security. Here are some of the more notable data breaches, hacks and exposures that made the news so far this year:
http://www.wservernews.com/100802-Compromises-of-2010


What Your Phone App Doesn't Say: It's Watching

LAS VEGAS - Your smart phone applications are watching you - much more closely than you might like. Lookout Inc., a mobile-phone security firm, scanned nearly 300,000 free applications for Apple Inc.'s iPhone and phones built around Google Inc.'s Android software. It found that many of them secretly pull sensitive data off users' phones and ship them off to third parties without notification. That's a major concern that has been bubbling up in privacy and security circles. The data can include full details about users' contacts, their pictures, text messages and Internet and search histories. The third parties can include advertisers and companies that analyze data on users." In one presentation, Lookout's CEO John Herring said the Jackeey Wallpaper app, which has been downloaded millions of times, can gather passwords, browser history, the subscriber ID, and SIM card numbers and text messages. Ouch. More at Associate Press:
http://www.wservernews.com/100802-Phone-Apps


Windows Server News

Adding Risk Management Analysis To A Disaster Recovery Plan

Business continuity and disaster recovery plans are enhanced when they include a risk management analysis - but this analysis is often neglected by IT departments. Learn how to improve your disaster recovery plan today with these risk management techniques:
http://www.wservernews.com/100802-Risk-Management


Top 5 Ways To Improve Virtualized Server Infrastructure Performance

Even the smallest adjustments to a virtualized server infrastructure can greatly enhance its performance. Start improving the effectiveness of your virtualized server for your users and clients today with these essential optimization tips: (Registration Required)
http://www.wservernews.com/100802-Virtualization-Tips


Security Issues In Cloud Computing

One of the major issues slowing cloud computing growth is security. Will things get better or worse for security in the cloud? Access this exclusive resource for all the recent cloud security news stories, tips and interviews: (Registration Required)
http://www.wservernews.com/100802-Cloud-Computing


What?S Inside The Virtual Desktop Grab Bag?

Desktop virtualization has grown into a veritable grab bag of useful and not-so-useful applications. Take an in-depth look at some virtual desktop innovations and determine which ones may be most valuable to your organization in this featured article:
http://www.wservernews.com/100802-Virtual-Desktop


Third Party News

ChargeBack Allows Visibility to Infrastructure Costs

I found something useful you might want to check out if you need to charge departments for their use of shared IT resources. Here is a blurb from their site. I have not tested this, so your mileage may vary, but it sounds very handy.

Chargeback is a powerful, easy to use and affordable product that enables admins to accurately map VMware and Microsoft Hyper-V virtualization costs against applications and users. Chargeback provides business level visibility and cost reporting, by application or business group and by actual resource consumption or allocation. Installed as a virtual appliance, Chargeback provides value within 20 minutes from download including:
  • Application level visibility into resource consumption
  • Business level visibility to virtual infrastructure utilization
  • Cost visibility based on usage and/or allocation
  • Custom usage reporting

http://www.wservernews.com/100802-vkernel-Chargeback


"How VIPRE Could Be Improved." (humor)

One Redmond Channel Partner Online reader gives some thoughts on how Sunbelt can improve their software:

"There's nothing to not like about Sunbelt and its VIPRE suite. I'm about to re-up and expand my subscriptions. Well, in the interests of full disclosure, I did e-mail some Sunbelt managers this "complaint" message: Years ago, I kinda liked the dangerous, exciting adventures I had with Symantec/Norton and Panda. By comparison, VIPRE is boresome. It gives me no emergencies. Not even close calls. No pirated browsers. Nothing! Where's the fun? For your PR benefit, let me suggest:
  • As scans run, display mock battles on the screen where Vipres eat canny, wiggly, fast-moving viruses.
  • Display messages like: "Today, 4,892,643 Windows users were infected with KarmaGeddon99. You weren't."
  • Each time VIPRE stops malware on its way in, play an audio-visual "SNAP!" like a mosquito-zapper incinerating its prey.
  • Give users a slick, on-screen TurboButton. It doesn't have to do anything. But pressing it will give us some feeling of participation.
You get the idea, right? Enough of this quiet, behind-the-scenes efficiency! Jazz it up! I'm still awaiting those product improvements." -- Jon
http://www.wservernews.com/100802-VIPRE-Enterprise-Premium


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.


WServerNews - Product of the Week

myPassword. Securing your business, one password at a time.

In today?s fast paced mobile business environment, a comprehensive and cost effective identity management plan is more important than ever and critical to preventing devastating security breaches. myPassword is an easy to use, yet extremely powerful, self-service password management solution that provides end users with a cost-efficient, safe and secure method to reset forgotten passwords, meet complexity requirements and manage locked accounts. myPassword minimizes user downtime, dramatically decreases Help Desk costs and delivers an immediate ROI to your organization.
http://www.wservernews.com/100802-POTW-myPassword