MY PROFILE | PRIVACY 
Vol. 15, #43 - Oct 25, 2010 - Issue #802
Check Out All The Cool Faves

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • First Year Win7 Sales: 240 Million
    • NIST: SQL Server Is The Most Secure Database Platform
    • Quotes of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinar & Seminars
    • VIPRE Enterprise Product Demonstration - 10/26
  4. Tech Briefing
    • HTML 5 Hysteria
    • Take new ITIC/GFI Survey - win a free iPad or iPod!
    • U.S. Takes The Prize For Most Infected PCs
    • Why It's Hard To Crash The Electric Grid
    • How Google Voice Works, And A Few Reasons To Use It
  5. Windows Server News
    • NIST: SQL Server Is The Most Secure Database Platform
    • E-Book: What's New in Windows Server 2008 and 2008 R2
    • VMware Maintenance Checklist: Daily, Weekly And Monthly Tasks
    • IT Handbook - Server Consolidation
  6. Third Party News
    • eWEEK: VIPRE Enterprise AV is Effective, Inexpensive
  7. WServerNews FAVE LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  8. WServerNews - Product of the Week
    • Get a Free software based VoIP PBX for Windows: 3CX Phone System
Get a Free software based VoIP PBX for Windows: 3CX Phone System

Free yourself of your archaic hardware PBX and move to a windows based phone system. Enjoy the advantages of VoIP & Unified Communications - lower call costs use extension from anywhere, video calls, Text chat, Presence, Fax to PDF and Voice mail to e-mail. 3CX Phone System is standards based and works with popular VoIP Providers, VoIP Gateways and IP phones. It also includes SIP clients for Windows, Android and iPhone. Download your Free Edition here:
http://www.wservernews.com/101025-3CX-Phone-System

Editor's Corner

First Year Win7 Sales: 240 Million

Friday Oct 22, 2010 is the one-year Win7 release anniversary. Redmond was all too happy to announce that it was the fastest selling OS in history, that Win7 runs on 93% of all new consumer PCs and now has a 17% global market share (competing against itself with WinXP still the vast majority).

Win7 also scores way higher in customer satisfaction, a welcome relief from the Vista days. The interesting thing is that Win7 has a higher percentage of happy customers than Apple. Businesses skipped Vista and are finally upgrading to Win7. That's the good news. But now...

The disappointing news is the new Windows 7 phone. It's just not fully baked yet. Four years after the release of the iPhone, and two years after Google introduced Android, Redmond comes out with something severely limited. Granted, the tiled UI is nice, and works well, but key features like are omitted, like copy and paste, visual voicemail, multitasking of third-party apps, no video calling and no wi-fi hotspot so you can tether other devices to the Internet. Jeez, my sprint EVO does almost all those things today: #PhoneFail

NIST: SQL Server Is The Most Secure Database Platform

Quick: Guess which of the major databases has compiled the best security record since January 2002? The answer is Microsoft's SQL Server. This may or may not surprise anyone reading this, but according to statistics compiled independently by the National Institute of Standards and Technology's (NIST) Common Vulnerabilities and Exposures (CVE) lists, the government agency that monitors security vulnerabilities by technology, vendor, and product, SQL Server has recorded the least number of vulnerabilities. Read the full article by Laura DiDio in the Server News Section.

Quotes of the Week

"Freedom of the press is guaranteed only to those who own one." -- A. J. Liebling

"Insanity - a perfectly rational adjustment to an insane world." -- R.D. Laing

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/101025-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/101025-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/101025-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

VIPRE Enterprise. Number One In Proactive Protection

VIPRE Enterprise provides the performance and protection you need to achieve total endpoint malware protection, all managed from a central console.

  • COMPLETE - All-in-one protection from today's malware
  • FAST - High-performance and low impact on system resources
  • EASY - Manage everything from one central command center
  • RELIABLE - Configurable, real-time monitoring technology
  • AFFORDABLE - 50% Competitive Upgrade Test drive VIPRE Today!

    Call us for a quote at: 1-800-688-8404, or fill out the form:
    http://www.wservernews.com/101025-VIPRE-Enterprise

  • Admin Toolbox

    Admin Tools We Think You Shouldn't Be Without

    Get a Free software based VoIP PBX for Windows: 3CX Phone System. Download your Free Edition here :
    http://www.wservernews.com/101025-VoIP-for-Windows

    Download the free sl360 Suite of Network Troubleshooting Tools Ping Scan, WMI Scan, TFTP Server, Syslog Server and a dozen more tools:
    http://www.wservernews.com/101025-sl360-Suite

    Simplify your life with mPowerTools: 100+ Reports, tackle AD chores in bulk, a search & replace tool - you'll never script again AND NO third party databases!
    http://www.wservernews.com/101025-mPowerTools


    Webinar & Seminars

    VIPRE Enterprise Product Demonstration - 10/26

    Join us for a look at VIPRE Enterprise, powerful, high-performance endpoint malware protection, which combines antivirus and antispyware into a single agent. Plus take a deep dive into other new features including scalable multi-site tiering and role-based access control:

    Tuesday, October 26, 2010, 2:00pm - 2:30pm EDT
    http://www.wservernews.com/101025-VPE-Product-Demonstration


    Tech Briefing

    HTML 5 Hysteria

    Ever heard of the DevProConnections site? It's an independent resource for Microsoft developers. I'm keeping up with what they have to say, and recently they featured an article that resonated. Since I installed the IE9 beta, several websites that I go to a lot have broken. I was wondering what that was, but this article puts the finger on the sore spot. Tim Huckaby wrote: "Then I suffered the next two weeks with all the Windows client applications I use that embed a browser control which were now broken. I really underestimated the pervasiveness of the browser control in the Win32 and WPF applications I use that are now all broken because of my IE9 installation and consequent incompatibility with HTML 5."

    The problem is that HTML 5 is being implemented in completely different ways by different vendors, and incompatibilities ensue. Worse, HTML 5 promises rich client applications that will work on all devices, but Huckaby continues: "the reality is that, even though the major browser platforms already have HTML 5 implementations in beta (including MS's IE9), the specification for HTML 5 is not even close to being completed/ ratified. It could be years. Adoption could be years after that."

    Ouch. That's much worse than I thought. And then there are Flash and Silverlight, and how those compare to HTML 5. This really is a very interesting article, and it's the "Warmly Recommended" this week:
    http://www.wservernews.com/101025-HTML-5


    Take new ITIC/GFI Survey - win a free iPad or iPod!

    We'd like to invite you to participate in the latest joint ITIC/GFI survey on Global Server Hardware and Server OS Reliability. It should only take a few minutes of your time to answer the multiple choice questions and one essay question. This survey polls organizations on their experience with the reliability, uptime and patch management experiences associated with the major server operating systems and server hardware platforms. All responses will be kept confidential. As always, we thank you in advance for your participation. As an added incentive, ITIC and GFI are giving away a free iPad and a free iPod to the survey respondent who provides the most insightful response to the final essay question. So be sure to provide us with your Email address along with your comment within the Essay question response. Once the survey is finalized, we'll publish the Executive Summary and survey highlights in this newsletter. To further show our appreciation, anyone who completes the survey can get a complimentary copy of the Report once it's published by sending an Email to Laura DiDio at: [email protected]. Here's the survey link:
    http://www.wservernews.com/101025-Survey


    U.S. Takes The Prize For Most Infected PCs

    Microsoft's Security Intelligence Report paints disturbing picture of widespread botnets -- but do Redmond's counting methods reflect reality? InfoWorld does not think so. For one, Windows XP SP2 is not taken into account. And there are still tens of millions of those out there. More over, there are other things that can throw off the count. Here is the article:
    http://www.wservernews.com/101025-Infected-PCs

    How Redmond describes their Security Intelligence Report (SIR):
    The Microsoft Security Intelligence Report (SIR) is a comprehensive evaluation of the evolving threat landscape and trends. The information can help you make sound risk-management decisions and identify potential adjustments to your security posture. Data is received from more than 600 million systems worldwide and Internet services. Volume 9 of the Security Intelligence Report covers the first half of 2010 (January 1 - June 30)and is divided into five sections. Here is the link with a 15 minute video:
    http://www.wservernews.com/101025-Security-Intelligence-Report


    Why It's Hard To Crash The Electric Grid

    Science Daily showed that is would be hard for terrorists to bring down the U.S. electric grid. Here is an excerpt: "Our paper confirms that it would be possible for somebody who wanted to do something disruptive to the power grid to do so," he says. "A lot of the infrastructure is out in the open," which does create vulnerability to planned attack. "But if you wanted to black out half of the U.S., it will be much more difficult than some of these earlier models imply," he says.

    "If you were a bad guy, there is no obvious thing to do to take out the power system," Hines says. "What we learned from doing the simulations is that if you take out the biggest substation, with the most flow, you get the biggest failure on average. But there were also a number of cases where, even if you took out the biggest one, you don't get much of a blackout." "It takes an incredible amount of information," he says, "to really figure out how to make the grid fail." More:
    http://www.wservernews.com/101025-Electric-Grid


    How Google Voice Works, And A Few Reasons To Use It

    Brian Reinholz at the Exchange & Outlook Update started out his very good write-up like this: "Are you a bit confused about what Google Voice is? Maybe it's because you've heard people talk about this service called Grand Central, a service that lets you route all calls to "you" (all of your phone numbers) and manage and sort them, but then you've also heard that Google has released a VoIP solution that is free and sure to kill Skype and Vonage. So which one is it?" Well, it's both, and I'm using it myself.

    One of the really unique things that Google Voice does is it offers a central hub where you can have all calls route to. And then, you can add a lot of logic to where the calls go from there. More...
    http://www.wservernews.com/101025-Google-Voice


    Windows Server News

    NIST: SQL Server Is The Most Secure Database Platform

    By Laura DiDio. Quick: guess which of the major databases has compiled the best security record since January 2002? The answer is Microsoft's SQL Server.

    This may or may not surprise anyone reading this, but according to statistics compiled independently by the National Institute of Standards and Technology's (NIST) Common Vulnerabilities and Exposures (CVE) lists, the government agency that monitors security vulnerabilities by technology, vendor, and product, SQL Server has recorded the least number of vulnerabilities - just 49 from January 2002 through June 2010.

    That is the fewest of any of the major databases. And so far in 2010, through June, SQL Server has a perfect record - no security bugs have been recorded by NIST CVE. Since 2003, the year after Microsoft's intensive Trustworthy Computing efforts launched, NIST recorded only 25 security vulnerabilities associated with Microsoft's SQL Server Database platform. As of June 2010, NIST had reported no SQL Server security flaws for 2010.

    And SQL Server was the most secure database by a wide margin: its closest competitor, MySQL (which was owned by Sun Microsystems until its January 2010 acquisition by Oracle) recorded 98 security flaws or twice as many as SQL Server.

    By contrast, during the same eight-and-a-half year period spanning 2002 through June 2010, the NIST CVE recorded 321 security vulnerabilities associated with the Oracle database platform, the highest total of any major vendor. Oracle had more than six times as many reported security flaws as SQL Server during the same time span. NIST CVE statistics recorded 121 security-related issues for the IBM DB2 platform during the past eight-and-a-half years.

    Solid security is an essential element for many mainstream line-of-business (LOB) applications, and a crucial cornerstone in the foundation of every organization's network infrastructure. Databases are the information repositories for many organizations; they contain much of the sensitive corporate data and intellectual property. If database security is compromised, the entire business is potentially at risk.

    At the same time, we recognize that businesses must bear at least 50 percent of the responsibility for securing their respective databases and entire network infrastructure. There is no such thing as 100 percent full proof security. Even the most inherently secure hardware, software and network infrastructures can fall prey to hackers or be undone by user error and mis-configuration. It's crucial for businesses to keep their databases updated and to perform regular audits, authentication and to restrict access rights and privileges on an as-needed basis.

    SQL Server's unmatched security record is the direct result of significant Microsoft investment in its Trustworthy Computing Initiative, which the company launched in 2002. In January of that year, Microsoft took the step of halting all new code development for several months across its product lines to scrub the code base and make its products more secure.

    Al Comeau, the Security Lead for SQL Server, told ITIC that Microsoft is focused on continually improving its track record by following the aforementioned precepts. The strategy is working. In the past 18 months since January 2009, Microsoft has issued only eight (8) SQL Server security-related alerts. To date in 2010 (January through June), there have been no SQL Server vulnerabilities recorded by Microsoft or NIST. Microsoft is the only database vendor with a spotless security record the first six months of 2010. ITIC conducted an independent Web-based survey on SQL Server security that polled 400 companies worldwide during May and June 2010. The results of the ITIC 2010 SQL Server Security survey support the NIST CVE findings. Among the survey highlights:
    • An 83% majority rated SQL Server security "excellent" or "very good."
    • None of the 400 survey respondents gave SQL Server security a "poor" or "unsatisfactory" rating.
    • A 97% majority of survey participants said they experienced no inherent security issues with SQL Server.
    • Anecdotal data obtained during first-person customer interviews also elicited a very high level of satisfaction with the embedded security functions and capabilities of SQL Server 7, SQL Server 2000, SQL Server 2005, SQL Server 2008, and the newest SQL Server 2008 R2 release.
    In fact, database administrators, CIOs and CTOs interviewed by ITIC expressed their approbation with Microsoft's ongoing initiatives to improve SQL Server's overall security and functionality during the last decade starting with SQL Server 2000.

    ITIC's independent survey data and first-person customer interviews validate NIST findings. The ITIC 2010 SQL Server Security survey data indicates 97% of the more than 400 respondents have not experienced any security issues with the Microsoft database platform during the last five years. Customers interviewed by ITIC expressed high praise for the ease-of-use, improved manageability and the breadth and depth of the documentation available for SQL Server.

    The high user satisfaction rate was typified by the comment of a database admin at a Mid-Atlantic bank. The financial institution has 3,000 end users and recently switched from the Oracle database to SQL Server 2008. "We wanted to improve the security and performance of our database platform. We chose to migrate to SQL Server 2008 specifically because of its tight security [compared to Oracle]," the DBA said. "SQL Server is reliable and consistent. Me and my fellow DBAs are sleeping much more peacefully these days," he added.

    Among the 2% of survey participants that did report security issues with SQL Server, the overwhelming majority - 87% - attributed the problems to third-party tools or misconfiguration errors. Anyone who'd like to see the full list of NIST CVE database vulnerabilities by vendor platform can search for themselves at the following URL:
    http://www.wservernews.com/101025-NIST-CVE-Database

    Anyone who would like a complimentary copy of the full ITIC database security report can Email me directly at: [email protected]. Laura DiDio is Principal at ITIC, research and consulting firm based in Boston.

    E-Book: What's New in Windows Server 2008 and 2008 R2

    This chapter excerpt from the guide "Mastering Windows Server 2008 R2" summarizes the defining features of Windows Server 2008. Gain insight into areas that R2 improves on and discover six categories that both Server 2008 and R2's new features fall into, including Active Directory, network changes, new setup technologies and more:
    http://www.wservernews.com/101025-Windows-2008-R2


    VMware Maintenance Checklist: Daily, Weekly And Monthly Tasks

    At times, VMware administrators go through the motions of daily VMware maintenance tasks, but it's important to reflect on why we carry out these duties. This expert tip details necessary daily, weekly and monthly maintenance tasks and why it's important to keep up with each of them:
    http://www.wservernews.com/101025-VMWare-Checklist


    IT Handbook - Server Consolidation

    Server consolidation can save your organization money by increasing utilization rates and reducing power and cooling costs. Learn how capacity planning and virtualization technologies can help you meet your server consolidation goals in this expert handbook:
    http://www.wservernews.com/101025-Server-Consolidation


    Third Party News

    eWEEK: VIPRE Enterprise AV is Effective, Inexpensive

    "Our experience with Symantec AV was troubled. We encountered multiple issues installing the management console which Symantec support was not able to resolve. Performance of the Symantec agent effected end user system performance. For these reasons we looked at other managed AV solutions and after several trials with various other AV products we settled on VIPRE Enterprise AV and have been very satisfied with the results. The product does what it is supposed to do without any complications or unneeded complexity. VIPRE Enterprise "just works"."
    http://www.wservernews.com/101025-VPE-eWeek

    And here is where you start with getting your 30-day Eval:
    http://www.wservernews.com/101025-VPE-Download


    WServerNews FAVE LINKS

    This Week's Links We Like. Tips, Hints And Fun Stuff





    WServerNews - Product of the Week

    Get a Free software based VoIP PBX for Windows: 3CX Phone System

    Free yourself of your archaic hardware PBX and move to a windows based phone system. Enjoy the advantages of VoIP & Unified Communications - lower call costs use extension from anywhere, video calls, Text chat, Presence, Fax to PDF and Voice mail to e-mail. 3CX Phone System is standards based and works with popular VoIP Providers, VoIP Gateways and IP phones. It also includes SIP clients for Windows, Android and iPhone. Download your Free Edition here:
    http://www.wservernews.com/101025-VoIP-PBX-Software