W2Knews[tm] (the original NTools E-News) Electronic Newsletter
Vol. 5, #21- May 8, 2000
Published by sunbelt-software.com since 1996 - ISSN: 1527-3407
'Immediate Notification Of Important Windows NT/2000 Events'
******************* over 600,000 SUBSCRIBERS*****************
This Issue of W2Knews contains:
1. EDITORS CORNER:
* Thank You For Your Feedback, Really. / FIRST WINNER
of our Recommend a Friend & Win $500 Campaign
2. TECH BRIEFING:
* Virus Protection too late? Try this BUG SWATTER, cause
mutations are sure to follow!
3. NT RELATED NEWS:
* Biometric Additions to Windows to Bolster Security
* Results from Sunbelt/Giga Hardware Reliability Survey
* Gartner Group Sez: Linux Not Taking Over World.
4. NT THIRD PARTY NEWS:
BEEN INFECTED BY THE VIRUS ALREADY? NEED AN EXTERMINATOR?
Here are some third party tools that have come to the rescue:
* SCRIPTLOGIC cleans up the Morning After
* LOVE KILLER by ECM V2.5
* FileScreen Blocks LoveBug
5. HINTS AND TIPS: PRACTICE SAFE EMAIL
6. THE NT/2000 STOCK WATCH - Thursday Friday 28, 2000
7. HOW TO USE THE MAILING LIST
Instructions on how to subscribe, sign off or change your address.
******************** SPONSOR: NETIQ **************************
How will you monitor Active Directory? Ensure the replication,
verification and day-to-day health of Active Directory with
AppManager - the most trusted applications management solution
for Window NT/2000. Find out why companies like Microsoft, NASDAQ
& PlanetOutdoors.com chose AppManager to get a grip on centrally
managing their Windows environments. For more AppManager info and
a *FREE* white paper on monitoring Active Directory, visit:
http://www.netiq.com/go.asp?ID=66
**********************WHAT IS W2Knews?***************************
Sunbelt W2Knews (the original NTools E-News) is the World's first
and largest E-Newsletter designed for NT/2000 System Admins that
have the job to get and keep NT up & running in a production
environment. Sunbelt launched this electronic newsletter early 1996.
Every week we keep the Windows NT/2000 community informed and aware
of new developments of NT and 3-rd party System Management Tools.
You get hints and tips that will enable you to better utilize and
understand Win NT/2000 and help to pass your Certification Exams.
Info and Stu's bio: http://www.sunbelt-software.com/w2knews.htm
Via (separate) NTools E-NewsFlashes we will send you important
breaking news like new service packs, killer viruses, etc. Sunbelt
Software is the first and largest provider worldwide of Third
Party System Management Tools for Windows NT. Tell Your Friends!
All back issues are here, searchable and indexed on key words:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=nt-list&text_mode=0
-------------------------------------------------------------------
1. "EDITORS CORNER"
Hello NT/2000 Pros,
Well, the Microsoft Breakup 'opinion piece' I sent was certainly
the one with the highest amount of feedback EVER. I'd like to
thank you all for your feedback, comments and viewpoints. It
was fascinating to read all the different ways you are looking
at this issue. I started with answering everyone personally, but
the volume was just too much. -And- I had to write the newsletter
you are now reading. Again, I really appreciate your feedback,
whether you agree or if you told me I was nuts. I learned a lot!
----
Our first WINNER can now choose from a digital camera, a Palm,
color printer, MP3 player, camcorder or any other cool gadget
at Amazon.com. Our 'Word of Mouth' campaign is getting popular!
How does it work? You fill out the form, we invite them, and
when they subscribe, BOTH of you will be entered for the draw
that week. Less than 1 minute work & repeat for more friends!
CLICK & WIN AT: http://www.sunbelt-software.com/
This weeks winner is David Johns at qgraph. When we called
him he was real happy! We order these online. This is how it
looks, they get sent by EMAIL, so you have them right away.
> Thank you for your Amazon.com gift certificate order!
> Your order summary appears below. To see the latest
> information about your order, please visit:
> http://www.amazon.com/your-account
>
> ----------------------------------------------------
> Quantity: 1
> Amount: $ 500.00
>
> Gift certificate(s): $ 500.00
> Shipping: free
> Tax: $ 0
> -------
> TOTAL: $ 500.00
>
> Will be sent to: [EMAIL PROTECTED]
> Thank you for shopping at Amazon.com!
Want one too? Go to our home page and recommend a friend!
CLICK & WIN AT: http://www.sunbelt-software.com/
Warm regards,
Stu.
Email me with feedback at: [EMAIL PROTECTED]
**************************SPONSOR*****************************
Need to track the serial number and model of all your machines?
Tired of paying extra because you can’t effectively track your
leased equipment? Computing Edge Inventory +Solution gathers
PC serial number and full end-user details, including location,
which can be viewed from any web browser. Simple to deploy; zero
footprint; report via the Internet/Intranet. Numerous W2K pre-
deployment reports! Same great value with UNIX Inventory +Solution.
Register to win a Compaq 18' flat screen monitor. Retail value:
$3200. 30-day FREE trial! http://www.computingedge.com
****************************************************************
2. TECH BRIEFING:
* Virus Protection too late? Try this BUG SWATTER, cause
mutations are sure to follow!
Well, the world is now a few days into a new rash of a mailvirus
infection. Technically it uses 'worm-technology', but carries a
nasty payload so it can be legitimately called a virus. More
over, it was relatively easy to change the script, so a few
copycat worm/viruses are already out there. Latest count is at
least 5 or 8 by now. Small alterations make the email message
look different, but execute an almost identical script. Worse,
it is likely that similar variants are coming down the pike,
using Widows Scripting host, Java scripts and/or HTML scripts.
The mutated 'Mother's Day' that surfaced yesterday deletes all
.ini and .bat files from local directories and drives, yikes!!
By now, there is more known than on Thursday morning when I sent
you the first warning. This script contains 5 attacks, and seems
to have originated in Manilla. I was alerted to a site that
shows the different parts of the script and what they do. I'm
sure there are more sites but I thought this one did a good job
explaining the script's evil ways: http://www.needguide.com/
NOT OPENING A LOVELETTER FROM SOME ONE YOU KNOW?
So now, how to handle these kinds of things? Training your users
to 'practice safe email' is not watertight. Despite repeated
warnings from me personally to the whole staff even a week or
two ago, two people still opened this thing up and infected the
whole company anyway. I mean, you get a love letter from some
one you know and you don't open it up? <grin>.
Russ Cooper from the NTBUGTRAQ has two works on dealing with
email and security that you could use to train users.
http://ntbugtraq.ntadvice.com/safemail.asp
and
http://ntbugtraq.ntadvice.com/outlookviews.asp
I quote Russ: "Neither are intended to be a complete solution.
You should contact your support group and find out what, if
anything, you need to do to ensure your anti-virus programs
are up-to-date. I know that Symantec, Datafellows, and even
NAI have updated definitions available for this latest wave.
Regardless of how much you might think someone is going to
send you a love letter, you should treat any anonymous email
as you would a knock at your door at 3:00am in the morning"
One of the problems is that often your virus protection software
is too late. Things as nasty as this spread SO fast that it is
logistically unlikely _all_ signature files of everyone can be
updated in time. That means you still run the risk of getting
hit, even though you have anti-virus software running. Now what?
YOU'RE ON THE TITANIC AND YOU FEEL THE BOAT SINKING...
All of you have your own personal network of contacts that give
you early warnings you when these thing happen. Colleagues, users,
discussion lists, friends on the Net, you name it. Often we are
warned and know this thing is in the wild, but our anti-virus (AV)
signatures are not there yet, your AV software cannot block any
attachments, or you are desperately trying to get through to the
website of your AV-vendor, but they are maxed out and you cannot
get in. You're on the Titanic, you know the boat is sinking,
you know there is help on the way but it's not here N O W...
I have one more additional 'Bug Swatter' for you that complements
your anti-virus solution. It's called MAIL ESSENTIALS. There are
two key things this tool provides: 1) BLOCKS ALL EMAILS CONTAINING
SCRIPTS AT THE EMAIL SERVER LEVEL. You may perhaps get some false
alarms that way, but it's better to be safe than sorry. Works
well with Exchange but also SMTP.
2) YOU can enter a search string IMMEDIATELY that filters the
critters out before they even come in your mail servers and AV
software to begin with. So you could enter the specific 'lovebug'
words and anything that contains this is prevented entry. That
way you don't have to shut down your Exchange IMS (Internet Mail
Service) and normal bizz operations continue, saving extremely
costly downtime.
THINK SUPER LOW COST 'EMAIL FIREWALL'
MAIL ESSENTIALS is a 'content checking gateway' that you install
as it were 'before' your mail servers. AV-tools work by letting
all emails IN, and then try to disable them. Content Checking
gateways prevent entry in the first place, and stops all messages
that could be dangerous. It's not a virus protection tool, but it
can integrate with one. Better to think: 'Email Firewall'.
With MailEssentials, blocking this virus is easy: Just set Mail
Essentials to block VBS attachments in the Content Checking tab.
This will block any incoming/outgoing infected mail. This way,
the Mail Essentials resolution will block all viruses of this
kind, as it will quarantine any attachments using a VB script.
This means that Mail Eessentials will also catch any variants of
the Love Letter virus using VB script.
Even if you do not plan to buy it, I suggest you download the
free 30-day eval from our High Speed FTP server and cover your
behind asap. I decided to give you all the pricing right away
so you can get approval from management immediately. This tool
is kind of a nobrainer because it is so cheap, and plays nice
with your existing anti-virus software.
SKU: License: US$: Euro: UK:
---------------------------------------------------
P6106540010 10 Users $250.00 272 £159
P6106540020 20 Users $375.00 407 £238
P6106540030 25 Users $450.00 489 £286
P6106540040 35 Users $675.00 733 £428
P6106540050 50 Users $895.00 972 £568
P6106540060 100 Users $1495.00 1623 £948
P6106540070 250 Users $1995.00 2165 £1265
P6106540080 500 Users $2495.00 2708 £1581
P6106540090 UNLIMITED(!) $2995.00 3250 £1898
Price applies to any number of Exchange/SMTP servers as long
as they are within the same site (ie The number of servers
is irrelevant, as long as the number of users are all within
the same site)
MailEssentials Product Specs page and download forms are at:
http://www.sunbelt-software.com/product.cfm?id=610
(Oh yeah, if you buy now you get a free Windows 2000 upgrade)
Next, if your LAN is already infected, how to get rid of it?
Check out the NT THIRD PARTY NEWS section, as some of our vendors
have solutions ready for you that are faster than doing everything
by hand.
****************************************************************
3. NT RELATED NEWS:
* Biometric Additions to Windows to Bolster Security
Microsoft has made a deal with I/O software to include software
that uses 'biometric' devices such as fingerprint, voice patterns
or eye scanners to boost (online) security.
I/O Software has written an API that allows for instance a mouse
with a built in fingerprint scanner to replace the username /
password drudgery with plug-and-play. Pretty useful as a matter
of fact. Just grab your mouse and NT authenticates you. I want it!
The fact that MS decided to pick up this particular API more or
less standardizes the field, which is in this case especially
useful to that we can get some competition from hardware vendors
that now have an API they can interface with for their biometric
devices. It's not sure when we will see this appear, but I would
just love to see this in a coming service pack. Microsoft, are
you listening? ;-)
------------------------
* Results from Sunbelt/Giga Hardware Reliability Survey
The GIGA Information Group and Sunbelt do regular surveys. This
time we looked at Hardware reliability and surveyed over 800 out
of our customer base. The actual users of the hardware are normally
the most reliable source of the total vendor experience: products/
support/sales/customer relationship.
Rob Enderle, the VP Mobile Desktop & Internet Technology of Giga
is in the process of writing a detailed Planning Assumption for
Giga's customers, but Sunbelt has received a sneak peak so we can
talk about the very interesting results. We will come out soon
with nice graphs on our website that show everything much clearer
than just this text.
Most customers buy a mix of desktop and notebook computers from
a particular vendor. IBM customers are showing a clear preference
in terms of notebook sales, and HP in terms of desktop sales which
is consistent with current beliefs. It is interesting to see how
closely Dell and Compaq match each other, supporting the belief
that Dell has become the replacement vendor for Compaq. When asked
for their Service experience, Dell and Gateway come out first,
followed by 'Other', IBM and Compaq.
There is much more to follow about this one. I'll keep you up to
date!
------------------------
* Gartner Group Sez: Linux Not Taking Over World.
According to recent research by Gartner Group, the battle to
dominate the general-purpose mid-range server market is over and
Windows has won.
George Weiss (Gartner Hardware and Operating Systems Group VP and
research director) claimed they are not saying that Linux is dead,
but that it 'aint gonna' take over the world either. Gartner
calculated that during the coming five years all the Linux and
Unix flavors combined, (and that includes Solaris, HP-UX and AIX),
are going to find themselves with about the same market share of
the general-purpose server market as Windows.
Gartner's estimations are that just 2 or 3 Linux vendors will really
survive. Caldera and Red Hat will be among them as they have enough
critical mass. Many others are going to stay small players. Not
included in their report are the embedded market or so the new
breed of 'server appliances'.
They interviewed a bunch of Independent Software Vendors and only
about 30%-35% of these that currently support Windows or Unix, told
them that their mission-critical products will support Linux in 2002.
Linux will be high on the porting priorities for 60%-65% "but will
not dislodge current top-tier operating system platforms," and with
that he means Windows and Unix. Main reason: "They're really hard
pressed trying to figure out how to make money in this market."
One of the results of the survey was they concluded that
companies that are currently cozying up to Linux (like IBM) are
speaking Linux out of the corner of their mouth but really are
trying to sell their existing Unix OS'es like AIX.
*****************************************************************
4. NT THIRD PARTY NEWS:
BEEN INFECTED BY THE VIRUS ALREADY? NEED AN EXTERMINATOR?
Here are some third party tools that have come to the rescue
* SCRIPTLOGIC cleans up the Morning After
The developer of ScriptLogic has published a custom script for
ScriptLogic that will clean up the after effects of the Lovebug
worm virus. Now that everyone has updated their virus signatures
to catch it, the clean-up must still be done. That's where this
script comes in. It removes the infections, creates a log file
of what machines were found to be infected and can optionally
remove the vbs and other vbscript associates from the registry
so that users can't double click on the attachment and re-infect
their systems.
http://www.sunbelt-software.com/product.cfm?id=299
---------------------------
* LOVE KILLER by ECM V2.5
The developer of Enterprise Configuration Manager (ECM) released
an ECM script that you can use to identify and eliminate the virus
on an enterprise wide basis. You can import it into your existing
deployment on your network and take a look at it. Below is the
Read Me so you can see how to do it.
Detecting the I Love You Virus Using ECM 2.5:
1) Run SQL Query Analyzer.
2) Select your ECM database.
3) Load the love.sql script provided.
4) Run the Query. This query loads new file alerts that will
identify any machine that has been infected by the Worm Virus.
It will also write an event to the event log for any machine
that meet these file criteria, as well as any machine whose
AutoExec.bat has been modified.
5) Stop and restart the collector so it will pick the new file
alerts.
6) Run a instant collection against your machines. Selecting
static information and file alerts.
7) If any of these files exist on your machines you will receive
a file alert in the GUI as well as a event written to the event
log of your collector machine.
How to load the Love Killer for ECM 2.5
This is a batch file that is designed to be run as a job submission
that will delete all files related to the 911 Virus from any of
your monitored systems.
1) Save the lovekiller.bat to a shared location on your network.
2) From the General Configuration menu select the Job Submissions
Tab.
3) Click Add.
4) Name the Job
5) In the Command(s) to Execute window put the UNC of the
lovekiller.bat, i.e. \\wpfile01\virus\lovekiller.bat.
6) Leave the options default.
7) Select an account to authorize this job and a job password.
8) Click Ok. Click Ok. And Click OK to update the collector
with the new settings.
9) Log out of the console machine and have the Account that
was chosen to authorize the virus job log in and authorize
the job from the General Configuration | Job Submission Tab.
10) From the General Configuration menu select the Collection
Times Tab.
11) Select your Default Group.
12) Click add to create a new collection time. Name the collection.
13) Click Next. Select File Alerts. Click Next.
14) Select Run a Job and Select the Virus Job.
15) Establish what frequency and when you want to run this job.
Click Finish.
More info: http://www.sunbelt-software.com/product.cfm?id=522
---------------------------
* FileScreen Blocks LoveBug
Virus scanning is a critical component of any network. However,
by the time a virus such as the "LOVEBUG" virus is identified
and detected, it's usually too late. Virus companies may take
hours to post a fix, while the virus continues to run its course
throughout your network.
FileScreen 2000 screens files by name and file type from being
written to your Windows NT/2000 servers. So, executables such
as Melissa and Visual Basic files such as "lovebug.vbs." never
have a chance to propagate in your domains and cause serious
damage. FileScreen 2000 lets you get a grip on it by choosing
what file types to screen including:
Executable files--block dangerous viruses such as Melissa.
Visual Basic files--protect your data from LoveBug perils.
Application files--avoid software license infringement suits.
Sound files--keep your servers from becoming another jukebox.
Movie files--jokes, movies have no business on your network.
Graphic files--usually large in size and often of no value.
More info: http://www.sunbelt-software.com/product.cfm?id=422
****************************************************************
5. HINTS AND TIPS: PRACTICE SAFE EMAIL
* Have a Corporate Safe Email Policy AND enforce it.
* Use 'belt and suspenders'. Combine an AV-solution with a
'content checking gateway' and file screening tools.
* Instruct users with:
- Be careful with emails if you don’t know the sender.
- Even if you DO know the sender, never execute files if
you’re not aware of the content. Ask your system/network
administrator before running the file.
* Help avoid mail spamming.
* Though your anti-virus might not have been able to prevent
this one, update your virus data patterns anyway.
****************************************************************
6. THE NT/2000 STOCK WATCH - Friday May 5, 2000
Data Return is Rocketing up again! Novell loses almost half :-(
52 WK 52 WK P/E WEEK
SECURITY CLOSE HIGH LOW RATIO CHNG
---------------------------------------------------------------------
Advanced Micro Devices... 92 1/4 92 3/8 15 5/8 66 +5.4%
BMC Software............. 44 1/4 86 5/8 36 45 -5.4%
BindView Development Corp 8 7/16 45 3/4 7 1/2 +4.6%
Cisco Systems............ 67 3/4 82 26 -2.2%
Citrix Systems Inc....... 43 3/8 122 5/16 20 1/4 66 -28.9%
Compaq Computer.......... 27 3/16 34 18 1/4 73 -6.8%
Computer Associates...... 53 1/16 79 7/16 40 15/16 42 -4.9%
Data Return Corporation.. 29 1/4 94 1/4 13 3/4 +19.0%
Dell Computer............ 49 7/8 59 3/4 31 3/8 82 -0.4%
Electronic Data Systems C 61 7/8 76 11/16 47 7/8 42 -10.0%
Gateway Inc.............. 53 7/16 84 28 3/8 38 -3.3%
Hewlett Packard Co....... 136 3/4 156 67 43 +1.2%
Intel Corp............... 123 3/8 145 3/8 50 1/8 53 -2.6%
Intergraph Corp.......... 6 9/16 10 1/4 3 3/16 -3.6%
International Business Ma 107 7/8 139 3/16 89 3/4 26 -3.2%
Legato Systems Inc....... 12 9/16 82 1/2 9 1/4 74 -2.8%
Micron Electronics Inc... 10 3/16 20 11/16 9 24 -4.6%
Microsoft Corp........... 71 1/8 119 15/16 60 42 +1.9%
Mission Critical Software 35 1/8 77 5/8 16 -2.4%
NCR Corp................. 36 3/16 52 5/8 26 11/16 11 -6.3%
NetIQ Corporation........ 37 1/4 81 1/2 14 3/4 +1.3%
Network Associates Inc... 25 13/16 37 3/16 11 5/8 +1.4%
Novell Inc............... 11 44 9/16 9 3/4 18 -43.9%
Oracle Corp.............. 76 13/16 90 11 1/4 -3.9%
Qualcomm Incorporated.... 109 3/4 200 21 1/2 +1.2%
Seagate Technology....... 48 7/8 76 25 1/8 11 -3.6%
Silicon Graphics......... 7 3/16 18 7/8 6 1/2 0.0%
Sun Microsystems Inc..... 90 1/2 106 3/4 27 99 -1.5%
Sybase Inc............... 24 15/16 31 7 1/8 33 +23.5%
Symantec Corp............ 60 1/2 81 5/8 17 3/4 23 -3.1%
Unisys Corp.............. 24 7/16 49 11/16 19 1/2 15 +5.3%
Veritas Software Corp.... 100 3/16 174 15 1/8 -6.5%
Dow Jones 30 Industrials. 10,577.86 -1.4%
*******************************************************************
7. "HOW TO USE THE MAILING LIST" Instructions on how to subscribe,
sign off or change your email address
TO SUBSCRIBE TO THE LIST (Tell your friends!)
Click: http://lyris.sunbelt-software.com/scripts/lyris.pl?join=nt-list
and fill out the form, simple & easy: 1 minute work.
Or by email, send a blank message to the following address:
[EMAIL PROTECTED]
_____________________________________________________
TO QUIT THE LIST
1) The Web Way:
http://lyris.sunbelt-software.com/scripts/lyris.pl?
choose the NT-List, use your email address that is at
the bottom of each newsletter and leave the list via
the web interface.
2) The Email Way: Simply follow the personalized
instructions at the very end of this newsletter.
_____________________________________________________
TO CHANGE YOUR ADDRESS
First unsubscribe and then resubscribe as per the
procedure above.
********************************************************************
FOR MORE INFORMATION
On the World Wide Web point your browser to:
For the newsletter and our website:
http://www.sunbelt-software.com
For Tech Support on Sunbelt products mentioned:
http://www.sunbelt-software.com/scripts/rightnow.exe
Email for US sales information to:
[EMAIL PROTECTED]
Email for US Tech support to:
[EMAIL PROTECTED]
Email to the US Editor:
[EMAIL PROTECTED]
Email for European Sales to:
[EMAIL PROTECTED]
Email for European Tech support to:
[EMAIL PROTECTED]
At the time of this newsletter's release, all links were
checked to verify their accuracy and validity. However,
due to the ever changing pages of various sites, some links
may later prove to be invalid. We regret any inconvenience
should you be unable to open any of these links.
********************************************************************
Things Our Lawyers Make Us Say:
This document is provided for informational purposes only.
The information contained in this document represents the
current view of Sunbelt Software Distribution on the issues
discussed as of the date of publication. Because Sunbelt
must respond to changes in market conditions, it should not
be interpreted to be a commitment on the part of Sunbelt
and Sunbelt cannot guarantee the accuracy of any informa-
tion presented after the date of publication.
INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
FREEDOM FROM INFRINGEMENT.
The user assumes the entire risk as to the accuracy and the
use of this document. This document may be copied and
distributed subject to the following conditions: 1) All text
must be copied without modification and all pages must be
included; 2) All copies must contain Sunbelt's copyright
notice and any other notices provided therein; and 3) This
document may not be distributed for profit. All trademarks
acknowledged. Copyright Sunbelt Software Distribution, Inc.
1996-2000.
[archive@jab.org] This is a posting from the
nt-list, To unsubscribe, send a blank email
to [EMAIL PROTECTED]
