W2Knews[tm] (the original NTools E-News) Electronic Newsletter Vol. 5, #52- October 30, 2000 - Issue #226 Published by sunbelt-software.com since 1996 - ISSN: 1527-3407 'Immediate Notification Of Important Windows NT/2000 Events' *******************over 600,000 Readers****************************** This Issue of W2Knews contains: 1. EDITORS CORNER: * How was Microsoft Cracked? 2. TECH BRIEFING: * My Downtime Math Was Off, here's the correct numbers! 3. NT/2000 RELATED NEWS: * You Can Now Rent MS-Apps in Web Cafes * MS Releases MINI-SQL * How To Avoid Sending 'Out Of Office' to mailing lists * The Page File Is A Possible Vulnerability 4. NT/2000 THIRD PARTY NEWS: * And What Happens When Your Plan B Fails? * Sybari Forms Strategic Alliance With CA 5. W2Knews 'FAVE' LINKS: * This week's three Fave Links from Sunbelt. 6. BOOK OF THE WEEK: * MCSE Training Guide (70-240): Windows 2000 Accelerated Exam 7. THE NT/2000 STOCK WATCH - Week ending October 27, * "Choppy Waters" 8. HOW TO USE THE MAILING LIST Instructions on how to subscribe, sign off or change your address. *********************** SPONSOR: SURFCONTROL************************* FREE -- Internet Filtering Software Trial -- Internet seduction may be costing your company a fortune in network bandwidth and lost productivity. Remove the mystery and find out who's CyberSlacking with SurfControl. Monitor, report, block and control access to all TCP/IP protocols. Get immediate results & detailed reports. You've got responsibility for the network, download an easy way to manage it. FREE 30-day trial! http://www.surfcontrol.com/promo/w2k1028 **************************What Is W2Knews?*************************** Sunbelt W2Knews is the World's first and largest e-zine designed for NT/2000 System Admins and Power Users that need to keep these platform up & running. Every week we get you pragmatic, from-the- trenches news regarding NT/2000 and 3-rd party System Management Tools. W2Knews will help you to better understand NT/2000 and pass your Certification Exams. You will get breaking news like new tools, service packs, sites, or killer viruses via W2KNewsFlashes. Sunbelt Software is THE NT/2000 e-business tools site. At the end of this message are links to all indexed and searchable back issues. --------------------------------------------------------------------- 1. "EDITORS CORNER" * How was Microsoft Cracked? Just last Friday, MS reported that system crackers broke into their corporate network. The Wall Street Journal reported on it both that day but provided more detail today (Monday 30-th) and gave a lot of specifics. Interesting to see that Corporate IT Security has become headline news at the largest newspapers in the USA. A Senior official from MS said they detected the trespass from its earliest moment and monitored it while it was going on to make sure they would be able to provide enough evidence to the FBI. The attack lasted only 12 days instead of the 'weeks or months' that were reported last Friday. That was based on a false assumption, and it does not look like any source code was compromised. The 'crack' played from Oct. 14 to Oct. 25. MS feels very comfortable that it accumulated enough data to identify the cracker and but cannot comment any further due to the criminal investigation. No arrests are imminent yet though. MS is considering how to further tighten their security measures. So, how did they get in? Here's the most likely scenario. A common cracker's tool called the QAZ trojan was sent by email (spam) to a family computer of a MS employee. This person used that computer to check their email and work on the MS corporate network. The QAZ code (or a companion tool) stole some passwords from that PC and emailed them back to the cracker. This allowed them to later log onto the MS network posing as the authorized employee. It's not 100% confirmed, but it looks this is how they got in. So, what is the QAZ worm? An attachment that when it inadvertently gets installed disguises itself as NOTEPAD. QAZ then sends a remote signal to a computer in Asia with the location of the infected PC. QAZ contains a backdoor that allows the remote attacker to gain control of the local machine over port 7597, and it spreads around over the machines in that domain. Then other cracker tools are used to penetrate further. As of September 14, there are at least four variants of the original virus. More on this particular one over at the Symantec website, and a free tool you can download to run and search-and-destroy this particular critter on your own systems. I just tried it. Takes a minute per machine, depending on how big your C:\ drive is. http://www.sarc.com/avcenter/venc/data/qaz.trojan.html However, this opens up another can of worms: How are you going to stop this from happening to your own networks? Now the security perimeter has been moved outside your firewall! Food for thought. Warm regards, Stu. (email me with feedback: [EMAIL PROTECTED]) PS, If I see any good 'end-of-year' deals I'll send you a W2KnewsFlash ************************SPONSOR: ECORA******************************* STILL MANUALLY DOCUMENTING YOUR NT AND EXCHANGE NETWORKS? With ECORA you can automatically document and redocument your servers at a fraction of the time and cost. Comprehensive text & graphics. All formats. Behind your firewall or over Web. No software to install or maintain. No agents to load. Free trial. https://www.ecora.com/cgi-bin/stats/b.pl?h=ww ********************************************************************* Want to sponsor W2Knews? Email [EMAIL PROTECTED] --------------------------------------------------------------------- 2. TECH BRIEFING: * My Downtime Math Was Off! I was on the road last week (Paris and Amsterdam) and I did not have my normal resources at hand so I used my (now shown to be miserably failing) memory for the downtime math <grin>. Here is the real scoop on downtime. Thanks to all of you that made me aware of my wayward wanderings. Here goes: - 1 year = 365 days = 8760 hours - Two 9s uptime = 99% = 87.6 hours (3.65 days) downtime a year. - Three 9s uptime = 99.9% = 0.1% downtime = 0.001 = 8.76 hours downtime a year i.e. three 9s is only about 1 working day. - Four 9s uptime = 99.99% = .876 hours = 52.56 minutes downtime a year, less than 1 hour. - Five 9s uptime = 99.999% = 5.256 minutes downtime a year. Having corrected this now, there is still an incredible need to make sure that disasters do not hit you. Have you seen the Microsoft Cluster Server Disaster Recovery Video already? It's an online seminar that is also hosted on the MS online seminars website. The link to the seminar is at the bottom of this page, and you can choose for high or low bandwidth. http://www.sunbelt-software.com/product.cfm?id=111 ********************************************************************* 3. NT/2000 RELATED NEWS: * You Can Now Rent MS-Apps in Web Cafes Like I have predicted a long time ago, it's finally happening. MS will rent its software on a per-use basis for the first time through a chain of budget Internet cafes called 'easyEverything'. This new humongous outfit in New York with 800 seats (yes you read that right) will open in Times Square on Nov 28. You will be able to rent MS- Office for a small fee per session, something like 2 bucks. It's a trial balloon for MS, because under the .NET initiative they will start charging consumers a regular monthly fee rather than a lump sum up front. MS will learn from this pilot, and see where they need to tweak and adjust. easyEverything is planning on an aggressive expansion. They expect most users will be people that already use MS-Office at work or at home but are on the road and need to use it. How much for all of it? 1) The customer buys Internet Access at the main desk for something like 1 Dollar for 15 minutes, Fees vary depending on peak times. 2) They log onto a PC in the Café. They can see in realtime how much credit they have left. 3) A separate 2 bucks per session is charged for use of MS-Office or Words and includes Encarta. Printing: 35 cents per b/w page and 70 cents for color. ------------------------- * MS Releases MINI-SQL Last Thursday, MS introduced the smallest flavor of SQL Server yet, a special version designed for WinCE hardware. Redmond worked for more than a year on the new SQL code and it fits inside 1MB! The full name is "SQL Server 2000 Windows CE Edition" and can be used to replicate data from a CE-handheld to its Big Brother SQL that sits on your corporate server. The small CE flavor lets users that are on the road run their SQL apps and then transfer data when the gadget is hooked up again to the home mothership. And, to make things easy, you get a so called 'CE unlimited deployment license' for free with the $499 SQL Server 2000 Developer Edition license. There is a 'BUT' though. You do not need additional licenses to connect to a back-end SQL Server database if the back-end server is covered by a (quite expensive) per-processor license. Otherwise the WinCE client needs a SQL Server CAL. Gotta watch it there. ------------------------- * How To Avoid Sending 'Out Of Office' to mailing lists Outlook has a very handy assistant that allows you to send the 'OOO' message when you are not in. But mailing lists generally put your account on hold, or delete you when they get these. To avoid sending OOFs to mailing lists, you can do the following: 1. Create a Public Folder & name it whatever you want to. Make a note of its SMTP address. 2. Subscribe that SMTP address to the mailing list (for instance "MS-Exchange Admin Issues"). 3. Set your own mail subscription to the "no mail" option. Then, the PF will receive all mail sent to the list & since PFs can't be out of the office, they won't return OOFs. You, however, can still have OOFs set up to go to the internet (if you really want to) AND can still post to the list. Then *everyone* will be happy! ------------------------- * The Page File Is A Possible Vulnerability SearchWIN2000.com sent this tip that I thought was a good one. It came from Tertius Genis, who works for Weyerhaeuser Corp. The tip discusses one way that security breaches can happen- through the page file-and how to avoid them. The page file, a hidden file called pagefile.sys, is the one your computer uses to page out programs and/or data to hard disk when memory resources are getting low. It's the same thing as the swap file in Unix. When you install Windows 2000, the installation program sets the size of the swap file to 1.5 times more than you have physical memory in your machine. For example, a 250 MB machine would have a default swap file size of 775 MB. But the page file leads to a serious problem. A few of the attacks on Windows NT Security about which information is publicly available rely on the fact that the NT page file is left intact on shutdown and can subsequently be scanned for useful information. There's no good reason that the page file isn't erased, and doing so can plug a potential hole in your NT or Windows 2000 armor. To clear the page file at shutdown, you need to change the registry. Make sure you back up the registry prior to implementing the change, so if you mess up, you can go back to where you were. Change the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\MemoryManagement\ClearPageFileAtShutdown Drill down to the key, and set the value in the dialog box that appears when you double-click on it. To have the file cleared at shutdown, set the value of the key to 1. To leave the page file intact at shutdown, set the value to 0. ********************************************************************* 4. NT THIRD PARTY NEWS: * And What Happens When Your Plan B Fails? Plan A is of course your Backup. Are you testing your Backups for the ability to recover? Some one told me they restored their backups to another machine every week, and that quickly getting files back to restore was a piece of cake that way. Not a bad idea actually. But Plan B, how about that? Do you have one? Backup Tape not readable (we had one like that a week or so ago), or simply does not restore the way you thought it would? It could be a deadly virus, a worm or a bad rain storm. I was just in Paris and a rep from an Italian company told me a true story. An Olivetti site in Italy was in the path of a river that had been fine for decades. Then, suddenly, something like 30cm of rain fell in that region. The river destroyed 40 bridges and large sections of their town were flooded. The Olivetti site wound up with a whopping 200 servers literally under water for a week. All hardware was ready to trash! So here comes my question regarding your Plan B. Do you have the right business continuity plan in place? Is your business critical data off site at all times? Are you able to fail over to a machine that is still up & running somewhere? I strongly suggest you spend some time to ask yourself: "What would happen if Server so-and-so would completely die? Here is a link with some good white papers that will help you underway. Check the section White Papers, Documents and Other Files on this page: http://www.sunbelt-software.com/product.cfm?id=111 ------------------------- * Sybari Forms Strategic Alliance With CA Sybari Software, a well respected antivirus and security specialist for Groupware solutions, announced it entered into a partnership with Computer Associates International, Inc. With this alliance, Sybari is able to offer existing and new Antigen users the ability to use CA's InoculateIT and Vet engines for virus scanning. "We believe that CA's InoculateIT and VET are invaluable additions to our current product offering" said Robert Wallace, president and CEO of Sybari Software, Inc. "By integrating their leading engines with our comprehensive scanning methodology in Antigen further strengthens our position as leaders in the antivirus and security market." Sybari's Antigen is a comprehensive antivirus and security solution specifically developed to protect Exchange and Notes environments. Through the integration of multiple virus scanning technologies, such as CA's InoculateIT and VET, Antigen is able to protect the most complex messaging infrastructures from malicious virus attacks. It is Antigen's ingenious architecture that enables mail admins to select from several of the leading scan engine technologies available in the market. "With the rise in email-borne viruses and worms, Groupware antivirus solutions are essential," said Simon Perry, vice president, security solutions, Computer Associates. "Our partnership with Sybari will help organizations increase productivity by protecting email and other mission-critical applications from viruses." More at: www.sybari.com ********************************************************************* 5. W2Knews 'FAVE' LINKS: === If you run Exchange, this is your DISASTER BIBLE. Read it THREE TIMES. http://www.microsoft.com/exchange/techinfo/Disaster.htm === How does NLB work? Network Load Balancing is a good HA feature in W2K. http://www.microsoft.com/WINDOWS2000/library/howitworks/cluster/nlb.asp. === Want to subscribe to a Windows specific SECURITY list server? Go here: http://63.88.172.96/go/loader.asp?id=/security/howto-faq.htm === ********************************************************************* 6. BOOK OF THE WEEK: * MCSE Training Guide (70-240): Windows 2000 Accelerated Exam This exam covers all of Windows 2000. This will be seen by many exam candidates as the first path to take to achieve Windows 2000 certification coming from the Windows NT Server 4 track. Written in keeping with the Training Guide series, you will find pre-chapter quizzes, chapter reviews, case studies, glossaries, and much more, written based on the exam objectives. To supplement the top-notch content, the Training Guide offers a version of ExamGear which gives you the chance to try your hand at adaptive testing and other new testing technologies--all with the look and feel of the real exams. Suggested Retail: $59.99 - But available at Sunbelt Bookclub: $38.99 http://www.sunbelt-software.com/bookclub/ ********************************************************************* 7. THE NT/2000 STOCK WATCH - Closing numbers Friday 27, 2000 52 WK 52 WK P/E WEEK SECURITY CLOSE HIGH LOW RATIO CHNG --------------------------------------------------------------------- Advanced Micro Devices... 20 1/2 48 1/2 9 1/8 12 -7.8% BMC Software............. 18 86 5/8 13 38 +2.4% BindView Development Corp 7 1/2 45 3/4 4 1/2 +31.8% Cisco Systems............ 50 11/16 82 32 5/8 -11.5% Citrix Systems Inc....... 20 15/16 122 5/16 14 1/4 37 -2.3% Compaq Computer.......... 29 15/16 35 18 3/8 33 +4.6% Computer Associates...... 31 1/8 79 7/16 23 5/8 15 +18.0% Data Return Corporation.. 10 9/16 94 1/4 12 7/8 -33.7% Dell Computer............ 27 15/16 59 3/4 22 1/16 42 -1.7% EMC Corp................. 88 13/16 104 15/16 32 3/8 -11.1% Electronic Data Systems C 48 13/16 76 11/16 38 3/8 32 +2.7% Gateway Inc.............. 50 9/32 84 42 9/64 33 -11.7% Hewlett Packard Co....... 87 3/4 136 3/16 52 1/4 26 -8.5% Intel Corp............... 46 3/8 75 13/16 33 3/8 36 +7.6% Intergraph Corp.......... 5 7/16 9 3 3/16 -1.1% International Business Ma 93 3/4 134 15/16 86 23 -1.0% Legato Systems Inc....... 9 5/16 82 1/2 8 1/8 -6.8% Micron Electronics Inc... 7 15/32 20 11/16 6 1/2 17 +3.2% Microsoft Corp........... 67 11/16 119 15/16 48 7/16 40 +3.8% NCR Corp................. 41 1/16 47 29 1/2 12 -4.0% NetIQ Corporation........ 87 96 28 7/8 -5.5% Network Associates Inc... 19 1/16 37 3/16 15 5/16 50 +0.3% Novell Inc............... 8 33/64 44 9/16 7 1/2 18 +3.0% Oracle Corp.............. 34 3/16 46 1/2 10 11/16 88 -3.0% Qualcomm Incorporated.... 74 7/8 200 50 7/8 85 +0.1% Quest Software Inc....... 45 98 1/8 23 5/8 -23.4% Seagate Technology....... 68 79 3/16 26 9/16 41 -14.0% Silicon Graphics......... 4 3/8 5 3/16 2 0.0% Sun Microsystems Inc..... 103 3/16 129 5/16 44 84 -13.0% Sybase Inc............... 21 1/16 31 11 5/8 30 -6.6% Symantec Corp............ 38 81 5/8 31 1/16 12 +5.3% Unisys Corp.............. 12 3/8 36 1/16 9 1/8 11 +2.0% Veritas Software Corp.... 140 3/4 174 39 7/8 -15.6% Dow Jones 30 Industrials. 10,590.62 +3.5% --------------------------------------------------------------------- 8. "HOW TO USE THE MAILING LIST" Instructions on how to subscribe, sign off or change your email address TO SUBSCRIBE TO THE LIST (Tell your friends!) Click: http://lyris.sunbelt-software.com/scripts/lyris.pl?join=w2knews and fill out the form, simple & easy: 1 minute work. Or by email, send a blank message to the following address: [EMAIL PROTECTED] _____________________________________________________ TO QUIT THE LIST Go here, choose the list you are on, and follow instructions: http://lyris.sunbelt-software.com/scripts/lyris.pl and unsubscribe from either the nt-list or w2knews. You can see which list you are on looking at the FROM address of the newsletter. (It takes a week for this change to filter through so you may still get one or two news items before the flow stops). ____________________________________________________ TO CHANGE YOUR ADDRESS First unsubscribe and then resubscribe as per the procedure above. ********************************************************************* FOR MORE INFORMATION On the World Wide Web point your browser to: For the newsletter and our website: http://www.sunbelt-software.com For Tech Support on Sunbelt products mentioned: http://www.sunbelt-software.com/scripts/rightnow.exe Back Issues are here, all searchable and indexed. NT-list: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=nt-list&text_mode=0 Back Issues of W2Knews are all here: http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=w2knews&text_mode=0 Cannot unsubscribe? Getting it twice? Send an email to a live person: [EMAIL PROTECTED] (It will take about a week for the change to filter through the systems, so you may still receive one or two newsletters before the flow stops.) Email for US sales information to: [EMAIL PROTECTED] Email for US Tech support to: [EMAIL PROTECTED] Email to the US Editor: [EMAIL PROTECTED] Email for European Sales to: [EMAIL PROTECTED] Email for European Tech support to: [EMAIL PROTECTED] At the time of this newsletter's release, all links were checked to verify their accuracy and validity. However, due to the ever changing pages of various sites, some links may later prove to be invalid. We regret any inconvenience should you be unable to open any of these links. ********************************************************************* Things Our Lawyers Make Us Say: This document is provided for informational purposes only. The information contained in this document represents the current view of Sunbelt Software Distribution on the issues discussed as of the date of publication. Because Sunbelt must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of Sunbelt and Sunbelt cannot guarantee the accuracy of any informa- tion presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain Sunbelt's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright Sunbelt Software Distribution, Inc. 1996-2000.