MY PROFILE | PRIVACY 
Vol. 16, #9 - Mar 7, 2011 - Issue #818
Reliability Survey Biggest Security Surprise: Microsoft

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • Reliability Survey Biggest Security Surprise: Microsoft
    • Win7 SP1 Redux
    • Quotes of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • VIPRE Antivirus Business Product Demonstration - 3/22
    • VIPRE Email Security for Exchange Product Demo - 3/8 and 3/29
    • Webinar: Ensuring Your Organization's Integrity and Security in a Digital World - 3/17
  4. Tech Briefing
    • If Stuxnet Was Act Of Cyberwar, Is U.S. Ready For A Response?
    • What Happens If You Installed Every Windows Version In Order?
    • Browser Session Hacking: How To Counter
    • 20 Awesome Tech Products At DEMO
  5. Windows Server News
    • VShield Manager: Installing VMware's Virtual Security Appliance
    • Top 10 Cloud Computing Providers Of 2011
    • Like 'Cloud,' The Term 'App' Is Often Misused
    • Top 10 Virtualization Management Tools
  6. Third Party News
    • 20 Hot IT Security Issues
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  8. WServerNews - Product of the Week
    • mPowerTools - The Ultimate IT Administrator's Tool
mPowerTools - The Ultimate IT Administrator's Tool

Tackle your Active Directory chores in bulk while streamlining the configuration and execution of common IT tasks. Our efficient and flexible Search and Replace engine eliminates time spent manually digging through AD to find and change information. mPowerTools provides over 100 preconfigured, customizable reports, - or, you can create your own - without scripting. Here's what one Namescape customer has to say about mPowerTools: "I am so indebted to you for mPowerTools. I've modified thousands of accounts the last few days, and spent about 1/10 of the time that I would have otherwise."
http://www.wservernews.com/110307-mPowerTools


Editor's Corner

Reliability Survey Biggest Security Surprise: Microsoft

By Laura DiDio -- Server Hardware and OS Reliability Survey Results.
Part 2: Security. 'Administrators rate Windows Server 2008 R2 and IBM AIX v7 as most secure.'

Thanks once again to the nearly 500 of you who participated in the third annual GFI Software and ITIC joint 2010-2011 Global Server Hardware and Server OS Reliability survey. As always your responses were enlightening and very frank!

As we mentioned last month, this was a very broad, comprehensive survey, so we'll be presenting the survey results/highlights in three parts. The second installment summarized below, details your responses to the security of your server operating systems and the impact that security has on the overall reliability of your environments. The third and parts will include the results on user satisfaction with vendor products, technical service and support.

Thanks as well to the over 250 of you who left very insightful essay comments. It's getting harder and harder to choose the iPad and iPod winners but we managed. The iPad goes to: cook_t at chattanooga.gov. The iPods go to: billbach at goldstarsoftware.com and bahola at pensionspecialists.com. Great observations everyone; we will be in touch shortly to get your mailing information and send you your prizes.

As always anyone who participated in the survey can receive a complimentary copy of the full report by sending me an Email at: [email protected] The Report will be sent to you within the next two weeks.

Respondents Give IBM AIX v7 and Windows Server 2008 R2 Highest Security Marks

Each of these surveys invariably serves up some unexpected responses. And in this survey the biggest surprises came in your responses regarding the security of your server operating systems.

Nine out of 10 -- 90% -- of the 468 respondents to ITIC's 2010-2011 Global Server Hardware and Server OS Reliability survey rated the security of Windows Server 2008 R2 and IBM's AIX v7 as "Excellent" or "Very Good". The IBM and Microsoft distributions received the highest security ratings out of 18 different Server Operating System distributions (See graphic below). Three-quarters or 75% of survey participants gave HP UX 11i v3 "Excellent" or "Very Good" security ratings; this was the third highest ranking of the 18 major server OS distributions polled. This was followed by distributions Ubuntu Server 10 and Debian GNU/Linux 5, which tied for fourth with 71% of those polled ranking the popular open source distribution security as "Excellent" or "Very Good."

The biggest surprise of course, was Microsoft. Over the past decade Microsoft has struggled to shed the stigma that Windows is a porous server OS. It is now nine years since Microsoft publicly launched its Trustworthy Computing Initiative which was designed to make all of the company's software inherently more secure by default and by design. Based on your responses, Microsoft has succeeded - particularly with Windows Server 2008 R2.

Of particular note, Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 are the only three operating systems out of the 18 different server OSes in the GFI/ ITIC poll in which the majority of the respondents indicated that the security has improved over the past 3 years. This is an 18 percent improvement over Windows Server 2008 and a 30 percent jump in the number of survey participants who gave a similar rating to Windows Server 2003

In all of the other 15 distributions, the majority of survey participants indicated that the security of the other server OS platforms "has remained the same."

It must also be stated that based on the results of past surveys, the Windows Server OS was the platform that most needed to strengthen and shore up its security.

Other distributions like IBM's AIX, HP's UX, Red Hat Enterprise Linux , Novell SuSE Linux Enterprise and Apple's Mac OS X 10.x have consistently garnered high marks and praise from customers.

Among the other security highlights in the ITIC/GFI 2010-2011 Global Server Hardware and Server OS Reliability Survey:

In response to the question: "Estimate the impact or perceived impact that server OS security has on overall network reliability"
  • 10% of respondents said "No impact, they are separate and distinct"
  • 37% of participants said "minimal impact
  • 21% said "moderate impact
  • 17% said "significant impact
  • 12% said "extremely crucial, server OS and security are intertwined"
Conclusions and Recommendations

Server OS security is fluid and not static. Customer perception can and does change the minute a security flaw is found or malware is unleashed that successfully penetrates or threatens to compromise the security of any platform.

We spoke to many of you via Email and phone interviews. Based on those conversations we determined that the biggest customer complaint was not with the inherent security of a specific server OS platform, but rather in finding a fix and getting technical service and support when the organization was stymied. In these particular instances, the organizations were very large enterprises and a common complaint was that searching for a fix was akin to finding "proverbial needle in a haystack."

Since the underlying reliability and security of nearly all the server operating systems and server hardware has improved, the majority of the more moderate and severe Tier 2 and Tier 3 outages are mainly due to integration and interoperability issues e.g., incompatible applications or drivers. Laura DiDio is principal at ITIC a research and consulting firm based in Boston.

View the Surver Results:
http://www.wservernews.com/110307-Survey-Results-Chart


Win7 SP1 Redux

Perhaps I was a bit too hasty with giving SP1 my blessing. I got feedback from people that there are lots of problems, as explained on various MS technet forums, and non-MS blogs. Google "Windows 7 SP1 error", "Windows 7 SP1 install fail", etc., apparently there are many hours of reading. One IT professional reported that with a new Dell (factory image), after installing all the pre-SP1 updates, EI8 worked fine until SP1 was installed. Then IE8 would not work at all. After uninstalling SP1, IE8 worked fine again. The "solution" was to uninstall SP1, then also uninstall ALL OTHER MS PATCHES, *then* install SP1 (and any subsequent patches). After that IE8 was OK. It appears that instead of saying SP1 "went gold", it would probably be more accurate to say "went pewter" :) Hat tip to Eric Pierce

Quotes of the Week

"Concentrate all your thoughts upon the work at hand. The sun's rays do not burn until brought to a focus." -- Alexander Graham Bell, born this week in 1847.

"Yes, we did produce a near-perfect republic. But will they keep it? Or will they, in the enjoyment of plenty, lose the memory of freedom? Material abundance without character is the path of destruction." -- Thomas Jefferson

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/110307-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/110307-WXPnews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/110307-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

"Gullible End-user Cause Of Cyberheist!"

NOT how you want to make the evening news! Today, more than 60 percent of malware infections are caused by social engineering. The bad guys bypass your endpoint security and go after your users. Is it really going to take a serious security incident for your organization to start training those uneducated end-users? It only takes -one- naive user to click on a phishing link to cause enormous damage, up to bankruptcy. If you are frustrated with malware infections, it's time to do something really effective about it. Need ammo to convince management? Get your Free Security Audit now, and find out what percentage of your employees are Phish-prone™:
http://www.wservernews.com/110307-Free-Security-Audit


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

rDirectory's Community Edition is a pre-configured, easy to use, web-based directory and search engine that downloads in just minutes - and it's absolutely free!
http://www.wservernews.com/110307-Namescape

Frustrated with gullible end-users causing malware infections? Need ammo to get budget to train those users? Here is a great and free way to get it:
http://www.wservernews.com/110307-Free-Security-Audit

Process Hacker is a feature-packed free tool for manipulating processes and services on your computer. Wow, this is one powerful piece of code:
http://www.wservernews.com/110307-Process-Hacker


Webinars & Seminars

VIPRE Antivirus Business Product Demonstration - 3/22

Join us for a look at VIPRE Antivirus Business, powerful, high-performance endpoint malware protection, which combines antivirus and antispyware into a single agent. Learn why VIPRE delivers all the necessary security functionality you need and nothing you don't!

Tuesday, March 22, 2011, 2:00pm - 2:30pm EDT
http://www.wservernews.com/110307-Webinar-Mar22


VIPRE Email Security for Exchange Product Demo - 3/8 and 3/29

Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, phishing, and other messaging threats. In this product demonstration, learn how the new version of VIPRE Email Security for Exchange (formerly Ninja Email Security) can help protect your network and cut your Exchange admin time in half with this powerful, policy-based email security product.

Tuesday, March 8, 2011, 2:00pm - 2:30pm EST
http://www.wservernews.com/110307-Webinar-Mar8

- and -

Tuesday, March 29, 2011, 11:00am - 11:30am EDT
http://www.wservernews.com/110307-Webinar-Mar29


Webinar: Ensuring Your Organization's Integrity and Security in a Digital World - 3/17

You can't watch the TV or surf the web today without over the top advertisements stating that your PC is probably infected with a virus that is slowing it down and causing permanent damage. Although the advertisements are often misleading, the reality is that viruses and other types of malware can cripple an organization-destroying productivity and reputation, especially if an organization becomes the source of a malware outbreak for a customer. In this seminar, we'll look at the common types of malware, how they attack, and the methods to mitigate them-including looking at multiple layers of security and malware protection with emphasis on end-point protection and the key features that should be considered when choosing your end-point protection approach and best practices.

12:00PM ET / 9:00AM PT / 5:00PM GMT
Date: Thu, Mar 17, 2011
Location: This is an Internet based event.
http://www.wservernews.com/110307-Webinar-Mar17


Tech Briefing

If Stuxnet Was Act Of Cyberwar, Is U.S. Ready For A Response?

George V. Hulme at CSO Mag stated: "With Stuxnet setting back Iran's disputed nuclear program, that country has vowed to take "pre-emptive" strikes against the powers it believes launched the attack, a recent news story in the Tehran Times reported.

"An electronic war has been launched against Iran," an official was quoted as saying. Accurate or not, most reports and expert conjecture peg the responsibility for the creation of Stuxnet with the United States and Israel. If Iran retaliates and attacks industrial controls or the Supervisory Control and Data Acquisition (SCADA) systems, are our systems prepared and secure enough to withstand an advanced and targeted attack? The short answer is no. And here is the story why:
http://www.wservernews.com/110307-Stuxnet-Cyberwar


What Happens If You Installed Every Windows Version In Order?

An experiment to see the effects of installing every major upgrade version of windows, in order, on the same machine, using VMware. This is a 9:49 min video sitting on Youtube, and actually very interesting to see, a blast from the past straight to present time:
http://www.wservernews.com/110307-Windows-Upgrade


Browser Session Hacking: How To Counter

There is a new type of malware, and the OddJob code is its first version in the wild. This method of session hijacking is fairly new and can also be seen in a Firefox plugin called "FireSheep". Firesheep and OddJob function in the same way such that they ride along the session ID, where no actual credentials are ever captured. In addition to clearing the cookies and logging out of the session, make sure that your antivirus program stays updated, too. I personally make a habit of not only logging out of my session, but also have my browser clear history/cookies when it closes. There is a setting to automatically do this for you.

20 Awesome Tech Products At DEMO

Build-your-own iPhone and Android apps, cloud services, photo tools and more on display at DEMO Spring 2011. About 50 start-ups will unveil hot new products at the DEMO Spring 2011 conference in Palm Desert, Calif., this week. Mobile applications for iPhone and Android, cloud-based services for businesses and consumers, security for Facebook, and even a headset that reads your mind will be on display. Each vendor will get just six minutes to impress the crowd; Networkworld has an early look at 20 of the hottest companies you'll see at the show:
http://www.wservernews.com/110307-DEMO-Products


Windows Server News

VShield Manager: Installing VMware's Virtual Security Appliance

vShield Manager is a virtual security appliance that controls the vShield security suite. Installing vShield Manager is the first step toward improving VMware security. Ensure a successful installation with this expert tip:
http://www.wservernews.com/110307-VShield-Manager


Top 10 Cloud Computing Providers Of 2011

Get a head start on your cloud research with this top ten list of the best cloud computing service providers in 2011. Companies were judged by industry experts on traction, innovation and track record. Find out who came out on top!:
http://www.wservernews.com/110307-Top-10-Cloud-Providers


Like 'Cloud,' The Term 'App' Is Often Misused

Like the term "cloud," the "app" label is used to describe everything these days. But when is an app an application, and when is it just a Web service? And when does it matter? Receive answers to all your app questions in this featured article:
http://www.wservernews.com/110307-App-Terminology


Top 10 Virtualization Management Tools

There are lots of virtualization management tools out there, but which ones are right for your infrastructure? This exclusive tip features ten tools IT pros should consider:
http://www.wservernews.com/110307-Virtualization-Management-Tools


Third Party News

20 Hot IT Security Issues

From malware on Google's Android phones to the U.S. Defense Advanced Research Projects Agency trying to understand how stories or narratives impact security and human behavior, the security world certainly is never boring. Here we take a look at 20 security stories that have shaped the industry in the past few months. Read More at NetworkWorld:
http://www.wservernews.com/110307-20-Hot-IT-Security-Issues


WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff



WServerNews - Product of the Week

mPowerTools - The Ultimate IT Administrator's Tool

Tackle your Active Directory chores in bulk while streamlining the configuration and execution of common IT tasks. Our efficient and flexible Search and Replace engine eliminates time spent manually digging through AD to find and change information. mPowerTools provides over 100 preconfigured, customizable reports, - or, you can create your own - without scripting. Here's what one Namescape customer has to say about mPowerTools: "I am so indebted to you for mPowerTools. I've modified thousands of accounts the last few days, and spent about 1/10 of the time that I would have otherwise."
http://www.wservernews.com/110307-mPowerTools