W2Knews[tm] (the original NTools E-News) Electronic Newsletter
Vol. 5, #41- September 11, 2000 - Issue #215
Published by sunbelt-software.com since 1996 - ISSN: 1527-3407
'Immediate Notification Of Important Windows NT/2000 Events'
*******************over 600,000 subscribers**************************
This 'Special Security Issue' of W2Knews contains:
1. EDITORS CORNER:
* NEW: Scan Your Own Networks 'Outside-in' Like A Hacker Would
2. TECH BRIEFING:
* What is Network Perimeter Defense, and what is Scanning?
(If YOU don't hack your systems, who will?)
3. NT/2000 RELATED NEWS:
* Operating System Vulnerabilities On The Rise
* Security Specialist Shortage: How do I get to be one?
* Protecting Your Network Perimeter Is A Continual Process
4. NT/2000 THIRD PARTY NEWS:
* BRAND NEW NETWORK SECURITY SERVICE: QualysGuard[tm]
(You definitely want to check this one out!)
* Critical Security Questions and Answers
5. W2Knews 'FAVE' LINKS:
* NEW: This Week's 3 Cool Security HotLinks
6. HINTS AND TIPS:
* Where do I get Security Books?
7. THE NT/2000 STOCK WATCH - Week of September 8, 2000 -
8. HOW TO USE THE MAILING LIST
Instructions on how to subscribe, sign off or change your address.
*************************SPONSOR*********************************
Looking for detailed hardware and software inventory of all your PCs?
Computing Edge Inventory +Solution gathers PC serial number, BIOS
& registry details, comprehensive software auditing, disk, OS, system
configs, and full end-user info. Track your data from any browser
with numerous pre-packaged reports. Zero footprint-- nothing has
to be installed on the client, run it from the network. Fits on a
single floppy to inventory non-networked systems.
30-day FREE trial! http://www.computingedge.com
**********************What Is W2Knews?**************************
Sunbelt W2Knews is the World's first and largest e-zine designed
for NT/2000 System Admins and Power Users that need to keep these
platform up & running. Every week we get you pragmatic, from-the-
trenches news regarding NT/2000 and 3-rd party System Management
Tools. W2Knews will help you to better understand NT/2000 and pass
your Certification Exams. You will get breaking news like new
tools, service packs, sites, or killer viruses via W2KNewsFlashes.
Sunbelt Software is THE NT/2000 e-business tools site. At the end
of this message are links to all indexed and searchable back issues.
-------------------------------------------------------------------
1. "EDITORS CORNER"
* A Brand New Security Scanning Concept
Hi NT/2000 Pros,
Before we go into the Big Announcement, a reminder. This is the LAST
WEEK you can vote for your 'fave' TOOLS at the W2Knews Target Awards
2000. Vote now! http://www.sunbelt-software.com/targetawards/
Winners will be announced in the W2Knews issue next weekend.
------------
And here is the big announcement. You told us Security was your
headache #1. So, I went out and looked at the current market, did
my homework and found out some very interesting things. Now I
understand better why you say it really IS a major pain:
- More and more vulnerabilities are found, it's on a steep rise.
- The amount of your (distributed) machines has mushroomed
- The attacks get increasingly sophisticated
- You have less and less time to dedicate to Security
- It is getting harder and harder to simply keep up, as there are
a multitude of (sometimes conflicting) information sources.
- There is NO centralized, simple way to manage vulnerabilities
- But your management insists you need to keep things tied down
(while increasing exposure via Internet-based applications)
The real problem is that you almost have to be a hacker yourself
to be sure no one else can penetrate your networks. But who has
time to burn the midnight oil, find out about vulnerabilities,
how to exploit them, penetrate your own site, and then plug all
the holes found?
Recently I read a survey and it was found that something like
60% of U.S. MIS managers would not hesitate to put Kevin Mitnick
on their payroll. (In case you have been creating code locked up
in a closet for a few years, Kevin Mitnick is probably the world's
most famous hacker who recently came out of prison.) A very recent
quote from Mitnick is "What you don't know will hurt you".
The upshot of all this? It would be great if you could have your
own hacker on your payroll, who would protect your network. Too
bad though, that ain't gonna happen. The next best thing is
QualysGuard[tm].
This is the new service that we are introducing. In a nutshell,
it's an internet-based artificial intelligence solution that allows
you to scan your own systems from the outside in, just like a hacker
would, using all known holes and exploits, and then plug the holes
you find.
Built and maintained by Security Consultants, (white-hat hackers)
and updated d a i l y (!) with the latest exploits found. It's a
subscription service, you only use a browser. No installation,
training, updates and all the other hassle. Check it out and watch
the (web) demo: http://www.sunbelt-software.com/product.cfm?id=545
I guess you now understand why I'm so excited about QualysGuard. We
ran it on our own network but I'm not going to tell you what I found.
<blush>
Warm regards,
Stu.
(Email feedback to [EMAIL PROTECTED])
***************************SPONSOR*********************************
"You, The Black Hats, And Your Network" -- Discover how intruders
break in. We have a revolutionary new approach for you: now you can
scan your own networks like intruders would. Use QualysGuard[tm] to
get the "outside-in" view on your networks. You'll be surprised at
what you'll learn about your external security risks and their rela-
tive severity. This is the essential missing link in your security
toolkit. Get an instant on-line demo right now at:
http://www.sunbelt-software.com/product.cfm?id=545
****************************************************************
2. TECH BRIEFING:
* What is Network Perimeter Defense, and what is Scanning?
(If YOU don't hack your systems, who will?)
DEFINITION:
Network Perimeter Defense is also called Security Auditing and it
is a process that identifies network computing equipment and the
security vulnerabilities associated with these devices. This info
can be used to measure security, manage risks, and eliminate the
security vulnerabilities found before unauthorized users can
exploit potential security holes.
'Scanning' is what both white-hat and black-hat hackers do. They
use a series of both freeware and shareware programs and write
their own scripts to attack and penetrate networks. It is a highly
specialized kind of activity, but more and more automated tools are
being used to hack into sites.
The question really is, if you do not have a process like this in
place, when (not if) is some one going to penetrate your network
and cause damage. There are a few specialized IT Security consul-
tants out there, but they are scarce and expensive. It's up to you
to batten down the hatches. Many of you bought STAT and this is a
great tool for inside hole-scanning, that you certainly should
continue to do. But scanning 'outside-in' was missing up to now,
so you should add QualysGuard. Having you own 'attack tool' in
place is an essential part of a strong defense.
And being able to scan your own networks, scheduled automatically
and get extensive reports on what was found is really a MUST if
you want to continue to protect against intruders. Check out:
http://www.sunbelt-software.com/product.cfm?id=545
****************************************************************
3. NT/2000 RELATED NEWS:
* Operating System Vulnerabilities On The Rise
Everything is getting online, companies are integrating systems with
their vendors, interdependencies are created, e-commerce and its
next evolutionary step called 'e-business' are rapidly developing.
All this makes strong network security a must. The only way to
get there is with robust corporate security programs that include
regular network audits for vulnerability assessment and for
corrective action. Until now, these audits were typically done
by using purchased software or homegrown solutions.
Of course these are initially better than no proactive approach
at all, but those solutions often have serious shortcomings that
could give you a false sense of security. Some of the drawbacks
of a setup like this are:
- Can be expensive and cumbersome (time consuming) to apply.
- Results are sometimes difficult to understand.
- They offer little in the way of risk assessment or scoring.
- Often lack recommendations for fixing vulnerabilities.
- They look at the network from the inside out, and thus miss
the holes hackers can see.
- They can become quickly and dangerously outdated as new holes
are uncovered constantly, literally at internet speed.
And in the mean time, the amount of vulnerabilities found in the
popular OS-es is on the rise. The trends are the same for Linux,
Solaris and Windows, and the totals for all three look something
like this: (I'm being conservative)
1997: 25
1998: 75
1999: 200
2000: 300
2001: 600
Conclusion: all of the above points to a need for a new approach
to security auditing that is:
- Affordable
- Extremely easy to deploy and use
- Effective for Risk Assessment and corrective recommendations
- ALWAYS up to date on the latest vulnerabilities
If you run an environment with Windows, (and/or) Linux/Unix I
strongly suggest you have a look at the new service we provide:
http://www.sunbelt-software.com/product.cfm?id=545
-----------------------------
* Security Specialist Shortage: How do I get to be one?
Just like MCSE, there are Certifications for Security specialists.
And Oh Boy, are they needed! I think this is one of the most urgent
needs of corporate IT, and hardest to find. What kinds of Certs
are there?
LevelOne Certification for everyone involved in Security is called
GSEC. (GIAC Security Essentials Certified). You can take this live
or online.
LevelTwo Certs for advanced security professionals are:
- GCIA: GIAC Certified Intrustion Detection Analyst
- GCIH: GIAC Certified Advanced Incident Handler
- GCFA: GIAC Certified Firewall Analyst
- GCIX: GIAC Certified Unix Security Analyst
- GCNT: GIAC Certified Windows NT Security Analyst
Around the globe, these GIAC certs mean excellence in security skills.
GIAC certified professionals have studied up-to-date material, passed
difficult exams, and have proven their mastery through practical
demonstrations. If you have the time, this is a really good career
move. More at: http://www.sans.org/giactc.htm.
-----------------------------
* Protecting Your Network Perimeter Is A Continual Process
The Internet has basically created a perimeter around your corporate
network that you need to defend. I have been doing some digging and
the most recent data I could get my hands on was the 2000 Computer
Crime and Security Survey by the CSI and FBI. Just a few of the
highlights of this recent survey:
- 70% reported serious attacks
- 42% acknowledged financial loss
- 59% reported more Internet attacks than internal attacks-
this trend is continually up
- 120% increase in loss last year.
And all of this is true. Just as an illustration, I just opened up
my BlackICE tool, and checked the last few days. I'm on a Cablemodem
with a 24 hour connection so this NT WS is a prime target for hackers.
Today I had 9 attacks on this box, most of them port probes, and it's
only 12:30. Yesterday there were 15. I'm sure you get the point.
The problem is that your risk of intrusions is a moving target. It
would be nice if you could do a vulnerability assessment, plug the
holes and be done with it. But no, your network is growing, there
are continual machine changes and multiple software installs and
upgrades. Each of these can cause one or more new holes to appear.
On the other hand, the threats multiply too. There are about 4 new
vulnerabilities discovered each day, with newly invented exploits
to go along with them and there is more and more "hobby hacking".
These are also called 'script kiddies' and are usually not very
harmful, unless they unleash something that brings your server
down.
The solution to all of this requires an ongoing process. There is
no 'cure' for it, there is only a professional approach of managing
the vulnerabilities. You have to continually test and retest:
- points of access
- potential vulnerabilities
- problem areas
- and continue to worry about it.
In short, you need to institute a (or expand your existing) corporate
Vulnerability Management program that will be your Internet Bodyguard.
Nothing better than to check out the new QualysGuard that is just that:
http://www.sunbelt-software.com/product.cfm?id=545
*****************************************************************
4. NT THIRD PARTY NEWS:
* BRAND NEW NETWORK SECURITY SERVICE: QualysGuard[tm]
(You definitely want to check this one out!)
I'm excited about this solution. Why? I know it's going to make
your life a lot easier and protect your networks in a unique new
way. QualysGuard is the first security tool built from the ground
up to fully leverage the power of the Internet. It allows you to
scan your own networks from the outside in and find holes. Lights-
out, scheduled, with extensive reporting for both the CIO and
the system- and network admins. This is _very_ cool leading edge
stuff, and a great additional (complementary) tool if you already
run something like STAT.
What does it do:
- Gives you a visual map of your network from the outside
- Automatically and intelligently audits all the devices for
vulnerabilities (runs device-dependent tests)
- Delivers an immediate easy-to-understand risk assessment
- Gets you detailed recommendations for fixes and solutions
What does it do for YOU:
- Frees up more time in your interrupt driven working conditions
- Gives you a handle on security issues and how to fix them
- You have a 'white-hat hacker' backup team supporting you 24/7
- You don't have to burn the midnight oil maintaining security
expertise from 20 different sources
- No need to spend your time training, installing and updating
shrink-wrapped tools
- The QualysGuard analysis does not bring your networks down
as it has intelligent load monitoring.
What it does for MIS, CIO Management:
- Provides and overall 'helicopter view' of the security posture
of the organization
- Brings relief in finding and keeping internal security staff
- Now easier to bring more processes and functions to the web
- Incredible value, and much cheaper than hiring a hacker
- Gives them a way to measure and manage effectiveness of the
corporate security precautions.
What it gives all of you: Job Security.
QualysGuard is online and on-demand. You access it with your own
account, and a password over the internet. When you subscribe
to this service, a range of IP addresses you want scanned will
be set up in your account. (Yes, we check if they really belong
to you.) The service is available online to authorized security
personnel 24 hours a day to run and scan:
- 150+ CGI tests
- 50+ Backdoor tests
- 300+ Remote vulnerabilities
- Full TCP/UDP (User Datagram Protocol) checks
- Network TCP/IP
- UNIX OS
- Windows NT/2000
- Web Servers
- Mail Servers
- FTP Servers
- Firewall Scans
- Routers
- Switches
- And an average of 4 new vulnerabilities e v e r y day.
You can schedule regular audits on a daily, weekly or monthly
basis to monitor your network vulnerabilities so that you are
sure you are covered. The tool avoids using up network bandwidth
or crashing your servers.
This tool is always private and secure. The service is designed
to ensure the privacy and security of each subscriber's data. We'll
be happy to explain how this works, and it's also in the Sunbelt
Software Knowledge Base.
Want to see how it works? Fill out the DOWNLOAD FORM and you'll
get a 2-3 minute web based immediate demo. Cool Stuff!
Check out: http://www.sunbelt-software.com/product.cfm?id=545
-----------------------------
* Critical Security Questions and Answers
I have received some questions that I'll answer in this W2Knews
so that everyone has the benefit of them.
Q1: As a security consultant, I am familiar with products like ISS,
Cybercop, Retina, as well as many of the freebie tools like SATAN,
SAINT, Nessus, whisker, etc. That said, I am curious what QualysGuard
does that is new or different in the way of vulnerability scanners.
A1: The unique concept is the fact you can subscribe to a service,
which will automate the scanning for you, and manages the database
of vulnerabilities in pretty much real-time.
---
Q2: Is it designed to audit NT or Unix machines (or both)?
A2: Both, but it finds out what kind of server or device it looks
at and then only runs vulnerabilities relative to the device. It
has many years of security consulting expertise built in to the
AI-engine.
---
Q3: Is the scanning technology new?
A3: It uses known methods to scan and penetrate sites from the
outside in. What is new is that it is now available as a managed
service that is schedulable and consistent. It also provides a
historic database of vulnerabilities found and fixed for upper
management purposes.
---
Q4: Is the reporting capability considerably different than its
competitors?
A4: I would have to do some more research on this point, as I'm
not intimately familiar with the other players in this area. We'll
do this and come back on it. Can they send automated emails to
warn for critical holes found?
---
Q5: The web page says "over 600 vulnerabilities" putting this on
par with ISS (who boasts roughly that amount). Given companies like
E&Y offering solutions that scan a database of 2200 vulnerabilities,
the disparity in numbers begins to stand out.
A5: The numbers do not tell all. Unfortunately these are used for
marketing purposes and it depends entirely on how you count, and
what you count. You know the old saying: Lies, damn lies, and
statistics. What really is important is the type of holes they
test for from the outside, which are different from the things
you scan for from the inside out.
---
Q6: Is your product available for trial use in any capacity?
A6: There are three phases. 1: the web-demo, 2: Our reps have
a demo account that allows a scan of a live system set up at
Qualys. 3: Incidental cases can scan one (1) IP address only
but only after signing some legal paperwork.
---
Q7: How reliable are these Qualys guys? How do I know that they
won't break in my systems?
A7: Qualys was founded in 1999 with a veteran management team
that has its history in Security Consulting. It's Venture Capital
backed and has as one of its main investors VeriSign, (VRSN) which
is the world's number one provider of Internet trust services.
---
Q8: Do I need any kind of equipment on my side at all?
A8: No, this runs completely from an outside Qualys Internet
Server that sits in a secure co-hosting facility.
---
Q9: Do I need to be an expert in security to be able to set up
and use QualysGuard?
A9: No, you supply the IP-range you want to scan and get the
paperwork signed. From there on out it is clicking on your
Favorites button, provide the password and click the SCAN button.
The reports show you what was found, how severe it is and how
to fix it.
---
Q10: I already have a firewall, do I still need QualysGuard?
A10: Yes. Firewalls are essential to network security but are
very complex and often badly configured. QualysGuard tests the
effectiveness of your firewall as well as apps such as Web,
ftp and mail that are naturally accessible through firewalls.
Rule changes can expose your networks, so firewalls need a
regular program of "hygiene".
Q11: I already have an intrusion detection product, why would
I need QualysGuard?
A11: These tools are reactive, you need a proactive approach
as when some one is hacking your system, there is a good chance
it is already too late.
Q12: How secure is the QualysGuard solution? How do I know
that no one else finds out about the holes in my network?
A12: The map and scan results are encrypted with 1024-bit
protection, as a subscriber you are connected with SSL, there
is no archiving (not even backups) and it is completely
inaccessible without the password - even by Qualys. All of
their machines are located at top-tier hosting facilities.
Bonus Q13: How long does it take to scan?
Bonus Answer: Only about 2.5 min per IP, the scanning engine
is highly efficient.
Check out: http://www.sunbelt-software.com/product.cfm?id=545
****************************************************************
5. W2Knews 'FAVE' LINKS:
==============
All the tools hackers use to break into systems are discussed at
the hackingexposed site: http://www.hackingexposed.com
==============
Need to get Security Trained? Start by looking at the SANS site:
http://www.sans.org/giactc.htm
==============
Want to talk to security experts, attend class, and want it October
15-22, 2000 in Monterey, CA? http://www.sans.org/NS2000.htm
==============
Developing for Windows in Europe? If so, then the best conference for
you to attend this year is the WinSummit developer's conference in
Davos, Switzerland: October 2 to 6: http://www.WinSummit.com
****************************************************************
6. HINTS AND TIPS:
Did you know about the new Sunbelt BookClub? Now, this is no ordinary
BookClub. Not only are we are offering 11 books from New Riders, an
industry-leading publisher, but I've managed to pass some savings on
to you. There are some good titles in there that will help you plan
good Windows 2000 Security. With the Sunbelt BookClub, you will receive
up to 40% off the latest Windows 2000 titles.
These books will help you:
· Install and Configure Windows 2000
· Manage DNS and DHCP
· Develop unified directory strategy to support enterprise applications
· Clarify Security issues for reliable client performance
· Create techniques using VB and VBScript to automate task
Those are just a few of the items covered. You have to see it to
believe it. Visit the Sunbelt Windows 2000 BookClub at
http://www.sunbelt-software.com/bookclub/
Two other specific Security titles that I recommend are:
- HACKING EXPOSED - McClure and Scambray - Publisher is Osborne, the
is ISBN 0-07-212127-0
- HACK PROOFING your network - Russell and Cunningham - Publisher is
Syngress - The ISBN is 1-928994-15-6
*******************************************************************
7. THE NT/2000 STOCK WATCH - Week of September 8, 2000 -
52 WK 52 WK P/E WEEK
SECURITY CLOSE HIGH LOW RATIO CHNG
---------------------------------------------------------------------
Advanced Micro Devices... 32 1/16 48 1/2 8 1/4 31 -14.2%
BMC Software............. 24 1/4 86 5/8 16 1/8 25 -14.9%
BindView Development Corp 10 3/4 45 3/4 6 +4.8%
Cisco Systems............ 63 7/8 82 32 1/2 -6.8%
Citrix Systems Inc....... 22 11/16 122 5/16 14 1/4 39 +0.8%
Compaq Computer.......... 32 5/8 35 18 1/4 48 -3.5%
Computer Associates...... 31 3/4 79 7/16 23 11/16 15 -0.7%
Data Return Corporation.. 21 7/8 94 1/4 13 1/4 +12.1%
Dell Computer............ 38 7/8 59 3/4 34 7/8 58 -9.7%
EMC Corp................. 96 13/16 100 30 -0.4%
Electronic Data Systems C 49 76 11/16 38 3/8 32 -2.0%
Gateway Inc.............. 62 37/64 84 41 5/8 41 -8.8%
Hewlett Packard Co....... 121 3/8 136 3/16 52 1/4 36 -3.0%
Intel Corp............... 65 3/8 75 13/16 32 1/2 58 -11.5%
Intergraph Corp.......... 6 3/8 9 3 3/16 +6.2%
International Business Ma 129 1/2 137 11/16 89 3/4 33 -3.0%
Legato Systems Inc....... 14 1/4 82 1/2 8 1/8 +9.0%
Micron Electronics Inc... 12 1/2 20 11/16 8 3/16 37 -13.4%
Microsoft Corp........... 69 5/16 119 15/16 60 41 -1.2%
NCR Corp................. 39 5/8 47 26 11/16 12 -3.3%
NetIQ Corporation........ 49 7/8 81 1/2 21 -16.3%
Network Associates Inc... 23 1/4 37 3/16 16 1/4 66 -10.5%
Novell Inc............... 10 3/4 44 9/16 7 13/16 23 -11.7%
Oracle Corp.............. 86 9/16 93 20 -6.5%
Qualcomm Incorporated.... 61 9/16 200 38 1/8 70 +3.9%
Quest Software Inc....... 56 98 1/8 18 -2.1%
Seagate Technology....... 58 76 26 9/16 13 -2.1%
Silicon Graphics......... 4 1/4 5 3/16 2 -11.6%
Sun Microsystems Inc..... 120 3/4 129 5/16 40 7/8 -6.1%
Sybase Inc............... 27 1/2 31 10 3/16 38 -0.9%
Symantec Corp............ 48 81 5/8 31 3/8 17 -7.9%
Unisys Corp.............. 14 3/8 49 11/16 9 1/8 10 +7.9%
Veritas Software Corp.... 117 1/4 174 28 5/8 -3.6%
Dow Jones 30 Industrials. 11,220.65 -0.1%
*******************************************************************
8. "HOW TO USE THE MAILING LIST" Instructions on how to subscribe,
sign off or change your email address
TO SUBSCRIBE TO THE LIST (Tell your friends!)
Click: http://lyris.sunbelt-software.com/scripts/lyris.pl?join=w2knews
and fill out the form, simple & easy: 1 minute work.
Or by email, send a blank message to the following address:
[EMAIL PROTECTED]
_____________________________________________________
TO QUIT THE LIST
Go here, choose the list you are on, and follow instructions:
http://lyris.sunbelt-software.com/scripts/lyris.pl
or follow instructions at the very end of this newsletter.
____________________________________________________
TO CHANGE YOUR ADDRESS
First unsubscribe and then resubscribe as per the procedure above.
******************************************************************
FOR MORE INFORMATION
On the World Wide Web point your browser to:
For the newsletter and our website:
http://www.sunbelt-software.com
For Tech Support on Sunbelt products mentioned:
http://www.sunbelt-software.com/scripts/rightnow.exe
Back Issues are here, all searchable and indexed. NT-list:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=nt-list&text_mode=0
Back Issues of W2Knews are all here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=w2knews&text_mode=0
Cannot unsubscribe? Send an email to a live person:
[EMAIL PROTECTED]
Email for US sales information to:
[EMAIL PROTECTED]
Email for US Tech support to:
[EMAIL PROTECTED]
Email to the US Editor:
[EMAIL PROTECTED]
Email for European Sales to:
[EMAIL PROTECTED]
Email for European Tech support to:
[EMAIL PROTECTED]
At the time of this newsletter's release, all links were
checked to verify their accuracy and validity. However,
due to the ever changing pages of various sites, some links
may later prove to be invalid. We regret any inconvenience
should you be unable to open any of these links.
********************************************************************
Things Our Lawyers Make Us Say:
This document is provided for informational purposes only.
The information contained in this document represents the
current view of Sunbelt Software Distribution on the issues
discussed as of the date of publication. Because Sunbelt
must respond to changes in market conditions, it should not
be interpreted to be a commitment on the part of Sunbelt
and Sunbelt cannot guarantee the accuracy of any informa-
tion presented after the date of publication.
INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
FREEDOM FROM INFRINGEMENT.
The user assumes the entire risk as to the accuracy and the
use of this document. This document may be copied and
distributed subject to the following conditions: 1) All text
must be copied without modification and all pages must be
included; 2) All copies must contain Sunbelt's copyright
notice and any other notices provided therein; and 3) This
document may not be distributed for profit. All trademarks
acknowledged. Copyright Sunbelt Software Distribution, Inc.
1996-2000.
