MY PROFILE | PRIVACY 
Vol. 16, #12 - Mar 28, 2011 - Issue #821
CYBERHEIST - Please read this important issue

  1. Editor's Corner
    • CYBERHEIST - Please read this important issue
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • VIPRE Email Security for Exchange Product Demo - 3/29
    • BriForum Europe 2011: Last Day To Save 100!
  4. Tech Briefing
    • Redmond Ships Windows Intune
    • False Alarm! Windows Update Not Pushing Out IE9
    • Rogue System Admins Install Games On Hacked Servers
  5. Windows Server News
    • Preparing Your Applications For A Windows 7 Migration
    • Ten Questions To Ask When Storing Data In The Cloud
    • The Ultimate Guide to Application Virtualization
    • What Server App-V Means For Applications In The Cloud
  6. Third Party News
    • Buy VIPRE Business in March and you could win an iPad!
  7. WserverNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  8. WServerNews - Product of the Week
    • Buy VIPRE Business in March and you could win an iPad!
Buy VIPRE Business in March and you could win an iPad!

Purchase a VIPRE Antivirus Business license with 50 seats or more between now and March 31, 2011 and you'll be entered to win one of two Apple iPads; plus you'll receive a FREE VIPRE t-shirt. With VIPRE Business, protection from the latest malware is faster and easier than you ever thought possible. You'll benefit from fast scan times, fast threat detection, and fast system performance - plus easy deployment and management. Please see terms and conditions of promotion:
http://www.wservernews.com/110328-VIPRE-Business

Editor's Corner

CYBERHEIST - Please read this important issue

Quite a few of you wrote me and asked if I was still working for Sunbelt after the acquisition by GFI, since I still write the newsletter. The answer is no, however I was asked to continue as the WServerNews Editor, as an independent contractor. But in the mean time I have been quite busy with a new company, and I'm unveiling it now!

I had a bit of time to see what I wanted to do with my life after the acquisition, and had a look at the current state of malware and cybercrime. Essentially I was scouting for an area where I could make myself useful for system administrators, like I have been for the last 20 years.

Well, I observed that quite a few workstations still get infected with malware despite the best endpoint protection money can buy. Yes, you most definitely need it, and I still recommend VIPRE strongly as the best product out there. But why do workstations get infected all the time? Bad guys go after your end users with social engineering tactics, and bypass security software with zero-day attacks. That is why your end-users -also- need Internet Security Awareness Training, so that they will not fall for these phishing attacks. Really, your users are the weakest link in network security.

The bad guys have become quite sophisticated, and moved beyond simple identity theft. They use zero-day exploits to infect workstations, hack into the network, dig for the accounting workstations, put a combo keylogger/trojan on those PCs and wait in stealth for accounting to open up their browser and log on to their operating bank account. Once they do, bingo! They wait until accounting logs off, then the bad guys log back in and transfer as much money out as they can: a Cyberheist! There are hundreds of victims of this new racket, perpetrated by Eastern Europe organized crime. Here is a website made by companies that are the victim of cyberheists. Click on the map, and click on the examples (there are many more that are not on the map):
http://www.wservernews.com/110328-Victims_Map

So that is why I started my new company: KnowBe4. We provide next-gen Internet Security Awareness Training (ISAT). A whopping 80 percent of you do not have a formal security awareness program in place, but it's really time that you do. Things on the Internet move vast, but Internet crime is moving faster. And the 20 percent that do have an ISAT program in place, the vast majority of those programs are static (and stale) HTML training, once or twice a year. That simply does not cut it anymore.

You need next-gen training to keep up with the bad guys and prevent a cyberheist. So that is what I created for you. You get three things:
  1. A free Phishing Security Test that gets you the Phish-prone percentage of your users.
  2. On demand, up-to-date training that makes sure the end user understands the principles of phishing, spear phishing, malware and social engineering. Then we drill them to make sure it gets applied.
  3. Next, you get to create a campaign of scheduled Phishing Security Tests, that keep those end-users on their toes. You can send simulated phishing attacks in the frequency you want. If they fall for it, they get instantly corrected. You can see exactly who fails in your admin console.
I priced the ISAT so that it would be a no-brainer. The average cost is only about 7 bucks per user per year! KnowBe4 is 100% cloud-based, so it makes no difference if you have 50 users or 50,000. We can scale in the blink of an eye. The whole thing works out of the box. It's set-it-and-forget it. Your whole organization will be a lot more secure, and you will have a lot less frustration with infected workstations. Everybody wins.

To explain the Cyberheist threat to non-technical management, including business owners, I wrote a book called CYBERHEIST that will be released early May on Amazon, but there is a page there now with a short description. I will let you know when it becomes available. Check it out here:
http://www.wservernews.com/110328-Cyberheist-Preview

WServerNews subscribers can apply for a free copy of the Cyberheist ebook:
http://www.wservernews.com/110328-Cyberheist-ebook

However, what I recommend you do now, for free, is get the Phish-prone percentage of your users. That is powerful ammo for management. Once CEO that saw the number (20%) literally said "Holy crap, what do we do now?". The answer of course is "train those end-users".

The KnowBe4 website is ready for you, it's just three easy steps:
  1. Signup here, with your corporate email address. This is the preliminary step of creating your 'Account Owner" record:
    http://www.wservernews.com/110328-Signup
  2. Confirm the email that comes back and create your account.
  3. To do the free Phishing Security Test(PST), 1) Enter your company credit card in the billing info section. It will not be charged! The card is there just to prevent unauthorized use, and allows you to later subscribe to the actual ISAT courseware. (We are fully PCI compliant).
  4. Upload the list of email addresses you want to send the PST to. And Voila! A few hours later the admin console will show you the Phish-prone percentage of your users. The number might be higher than you hope for.
Sign up here to start creating your Account:
http://www.wservernews.com/110328-Signup

Let's get those users trained to prevent a cyberheist!

Quote of the Week

"Passwords are like underwear. Change yours often, don't share with friends, be mysterious and don't leave them lying around." -- posted on Facebook

"If you think education is expensive, try ignorance." -- Derek Bok

"The truth does not change according to our ability to stomach it." -- Flannery O'Connor

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/110328-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/110328-WXPnews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/110328-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Frustrated With Gullible End-users Causing Malware Infections?

Today, more than 60 percent of malware infections are caused by social engineering. The bad guys bypass your endpoint security and go after your users. Is it really going to take a serious security incident for your organization to start training those uneducated end-users? It only takes -one- naive user to click on a zero-day phishing link to cause enormous damage, up to bankruptcy. If you are frustrated with malware infections, it's time to do something about it. Need ammo to convince management? Get your Free Phishing Security Test now, and find out what percentage of your employees are Phish-prone[tm]. That will shake loose some budget!:
http://www.wservernews.com/110328-Phishing-Security-Test


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

rDirectory's Community Edition is a pre-configured, easy to use, web-based directory and search engine that downloads in just minutes - and it's absolutely free!
http://www.wservernews.com/110328-rDirectory

Frustrated with gullible end-users causing malware infections? Need budget approval from management? Do the Free Phishing Security Test on all users!:
http://www.wservernews.com/110328-Phishing-Security


Webinars & Seminars

VIPRE Email Security for Exchange Product Demo - 3/29

Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, phishing, and other messaging threats. In this product demonstration, learn how the new version of VIPRE Email Security for Exchange (formerly Ninja Email Security) can help protect your network and cut your Exchange admin time in half with this powerful, policy-based email security product.

Tuesday, March 29, 2011, 11:00am - 11:30am EDT
http://www.wservernews.com/110328-Product-Demo


BriForum Europe 2011: Last Day To Save 100!

Join leading independent industry experts including Brian Madden, as well as top solution providers and hundreds of your peers, at the most advanced, technical, hands-on desktop virtualization event taking place 10-11 May in London. Today is the last day to save 100, so register now!
http://www.wservernews.com/110328-BriForum-Europe-2010


Tech Briefing

Redmond Ships Windows Intune

Paul Thurrott reported: "At the Microsoft Management Summit (MMS) in Las Vegas this week, Microsoft announced the immediate availability of Windows Intune, the company's new cloud-based PC management and security service. Windows Intune is available in 35 countries and comes with a 30-day free trial, so IT pros and admins can try out the service in the real world.

"Windows Intune will help you manage and secure PCs from virtually anywhere-all you need is an Internet connection," says Microsoft General Manager Gavriella Schuster. "[And] Windows Intune includes upgrade rights to current and future versions of Windows Enterprise, so you can standardize on one version of Windows and give your employees the best Windows experience." More, and a link to the 30-day free trial version is at at:
http://www.wservernews.com/110328-Windows-Intune


False Alarm! Windows Update Not Pushing Out IE9

In spite of what you may have read on Microsoft's @IE Twitter posts, Internet Explorer 9 is not getting pushed onto desktops. InfoWorld had the best write-up of this story: "It all started on March 17 when the folks in charge of Microsoft's @IE official Twitter account responded to a question about manually downloading Internet Explorer 9. The tweet said: "@aiomedia IE9 roll out automatically via Windows Update on March 21. It will take some time depending on where you live in the world." More:
http://www.wservernews.com/110328-IE9-Auto-Update


Rogue System Admins Install Games On Hacked Servers

Yes, some of us are not quite as law-abiding as we all think. This is a fun story that was dug up by Paul McNamara over at Network World: "Back in January, Scandinavian gamers hijacked a New Hampshire medical center's server to host "Call of Duty: Black Ops" sessions. When asked about that incident, Stephen Heaslip of the gamer site Blues News told Network World that hackers are not the most likely individuals to commandeer corporate servers for illicit gaming: Such appropriations are more often the work of IT administrators, he said. When asked if he could put us in touch with some of these rogue game server admins, Heaslip posted a call to his readership -- and four volunteers stepped forward. More:
http://www.wservernews.com/110328-Rogue-Game-Servers


Windows Server News

Preparing Your Applications For A Windows 7 Migration

Though Windows 7 is still a part of the Microsoft Windows family, everything that functions flawlessly on XP and even Vista may not be "set and forget" after the transition. Discover four expert tips for easing application-related issues when migrating to Windows 7:
http://www.wservernews.com/110328-Windows-7-Migration


Ten Questions To Ask When Storing Data In The Cloud

Most IT pros know that security is an issue when using public cloud services, but that doesn't mean they should be completely avoided. Gain insight into 10 questions you should ask a potential provider when considering their services for your data storage needs in order to determine whether it is an optimal solution for your organization:
http://www.wservernews.com/110328-Ten-Cloud-Questions


The Ultimate Guide to Application Virtualization

Application virtualization is a great way to manage desktop applications and migrate legacy applications to Windows 7. This expert guide will help you determine which application virtualization technologies are best-suited for your needs and will help ease implementation and management hang-ups:
http://www.wservernews.com/110328-Application-Virtualization


What Server App-V Means For Applications In The Cloud

There is a lot of hype around the recent release of Microsoft's Server Application Virtualization product, Server App-V, but what can this solution really do for you? This exclusive tip deconstructs the potential benefits of Server App-V and provides essential considerations for determining if it is right for your organization:
http://www.wservernews.com/110328-Server-App-V


Third Party News

Buy VIPRE Business in March and you could win an iPad!

Purchase a VIPRE Antivirus Business license with 50 seats or more between now and March 31, 2011 and you'll be entered to win one of two Apple iPads; plus you'll receive a FREE VIPRE t-shirt. With VIPRE Business, protection from the latest malware is faster and easier than you ever thought possible. You'll benefit from fast scan times, fast threat detection, and fast system performance - plus easy deployment and management. Please see terms and conditions of promotion.
http://www.wservernews.com/110328-VIPRE-Business


WserverNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff



WServerNews - Product of the Week

Buy VIPRE Business in March and you could win an iPad!

Purchase a VIPRE Antivirus Business license with 50 seats or more between now and March 31, 2011 and you'll be entered to win one of two Apple iPads; plus you'll receive a FREE VIPRE t-shirt. With VIPRE Business, protection from the latest malware is faster and easier than you ever thought possible. You'll benefit from fast scan times, fast threat detection, and fast system performance - plus easy deployment and management. Please see terms and conditions of promotion.
http://www.wservernews.com/110328-VIPRE-Business