W2Knews[tm] (the original NTools E-News) Electronic Newsletter
Vol. 5, #52- October 30, 2000 - Issue #226
Published by sunbelt-software.com since 1996 - ISSN: 1527-3407
'Immediate Notification Of Important Windows NT/2000 Events'
*******************over 600,000 Readers******************************
This Issue of W2Knews contains:
1. EDITORS CORNER:
* How was Microsoft Cracked?
2. TECH BRIEFING:
* My Downtime Math Was Off, here's the correct numbers!
3. NT/2000 RELATED NEWS:
* You Can Now Rent MS-Apps in Web Cafes
* MS Releases MINI-SQL
* How To Avoid Sending 'Out Of Office' to mailing lists
* The Page File Is A Possible Vulnerability
4. NT/2000 THIRD PARTY NEWS:
* And What Happens When Your Plan B Fails?
* Sybari Forms Strategic Alliance With CA
5. W2Knews 'FAVE' LINKS:
* This week's three Fave Links from Sunbelt.
6. BOOK OF THE WEEK:
* MCSE Training Guide (70-240): Windows 2000 Accelerated Exam
7. THE NT/2000 STOCK WATCH - Week ending October 27,
* "Choppy Waters"
8. HOW TO USE THE MAILING LIST
Instructions on how to subscribe, sign off or change your address.
*********************** SPONSOR: SURFCONTROL*************************
FREE -- Internet Filtering Software Trial --
Internet seduction may be costing your company a fortune in
network bandwidth and lost productivity. Remove the mystery and
find out who's CyberSlacking with SurfControl. Monitor, report,
block and control access to all TCP/IP protocols. Get immediate
results & detailed reports. You've got responsibility for the
network, download an easy way to manage it. FREE 30-day trial!
http://www.surfcontrol.com/promo/w2k1028
**************************What Is W2Knews?***************************
Sunbelt W2Knews is the World's first and largest e-zine designed
for NT/2000 System Admins and Power Users that need to keep these
platform up & running. Every week we get you pragmatic, from-the-
trenches news regarding NT/2000 and 3-rd party System Management
Tools. W2Knews will help you to better understand NT/2000 and pass
your Certification Exams. You will get breaking news like new
tools, service packs, sites, or killer viruses via W2KNewsFlashes.
Sunbelt Software is THE NT/2000 e-business tools site. At the end
of this message are links to all indexed and searchable back issues.
---------------------------------------------------------------------
1. "EDITORS CORNER"
* How was Microsoft Cracked?
Just last Friday, MS reported that system crackers broke into their
corporate network. The Wall Street Journal reported on it both that
day but provided more detail today (Monday 30-th) and gave a lot of
specifics. Interesting to see that Corporate IT Security has become
headline news at the largest newspapers in the USA.
A Senior official from MS said they detected the trespass from its
earliest moment and monitored it while it was going on to make sure
they would be able to provide enough evidence to the FBI. The attack
lasted only 12 days instead of the 'weeks or months' that were
reported last Friday. That was based on a false assumption, and it
does not look like any source code was compromised. The 'crack'
played from Oct. 14 to Oct. 25.
MS feels very comfortable that it accumulated enough data to identify
the cracker and but cannot comment any further due to the criminal
investigation. No arrests are imminent yet though. MS is considering
how to further tighten their security measures.
So, how did they get in? Here's the most likely scenario. A common
cracker's tool called the QAZ trojan was sent by email (spam) to a
family computer of a MS employee. This person used that computer
to check their email and work on the MS corporate network. The QAZ
code (or a companion tool) stole some passwords from that PC and
emailed them back to the cracker. This allowed them to later log
onto the MS network posing as the authorized employee. It's not 100%
confirmed, but it looks this is how they got in.
So, what is the QAZ worm? An attachment that when it inadvertently
gets installed disguises itself as NOTEPAD. QAZ then sends a remote
signal to a computer in Asia with the location of the infected PC.
QAZ contains a backdoor that allows the remote attacker to gain
control of the local machine over port 7597, and it spreads around
over the machines in that domain. Then other cracker tools are
used to penetrate further. As of September 14, there are at least
four variants of the original virus.
More on this particular one over at the Symantec website, and a
free tool you can download to run and search-and-destroy this
particular critter on your own systems. I just tried it. Takes
a minute per machine, depending on how big your C:\ drive is.
http://www.sarc.com/avcenter/venc/data/qaz.trojan.html
However, this opens up another can of worms: How are you going to
stop this from happening to your own networks? Now the security
perimeter has been moved outside your firewall! Food for thought.
Warm regards,
Stu.
(email me with feedback: [EMAIL PROTECTED])
PS, If I see any good 'end-of-year' deals I'll send you a W2KnewsFlash
************************SPONSOR: ECORA*******************************
STILL MANUALLY DOCUMENTING YOUR NT AND EXCHANGE NETWORKS?
With ECORA you can automatically document and redocument your
servers at a fraction of the time and cost. Comprehensive text &
graphics. All formats. Behind your firewall or over Web. No
software to install or maintain. No agents to load. Free trial.
https://www.ecora.com/cgi-bin/stats/b.pl?h=ww
*********************************************************************
Want to sponsor W2Knews? Email [EMAIL PROTECTED]
---------------------------------------------------------------------
2. TECH BRIEFING:
* My Downtime Math Was Off!
I was on the road last week (Paris and Amsterdam) and I did not have
my normal resources at hand so I used my (now shown to be miserably
failing) memory for the downtime math <grin>.
Here is the real scoop on downtime. Thanks to all of you that made
me aware of my wayward wanderings. Here goes:
- 1 year = 365 days = 8760 hours
- Two 9s uptime = 99% = 87.6 hours (3.65 days) downtime a year.
- Three 9s uptime = 99.9% = 0.1% downtime = 0.001 = 8.76 hours downtime
a year i.e. three 9s is only about 1 working day.
- Four 9s uptime = 99.99% = .876 hours = 52.56 minutes downtime
a year, less than 1 hour.
- Five 9s uptime = 99.999% = 5.256 minutes downtime a year.
Having corrected this now, there is still an incredible need to
make sure that disasters do not hit you. Have you seen the Microsoft
Cluster Server Disaster Recovery Video already? It's an online
seminar that is also hosted on the MS online seminars website.
The link to the seminar is at the bottom of this page, and you
can choose for high or low bandwidth.
http://www.sunbelt-software.com/product.cfm?id=111
*********************************************************************
3. NT/2000 RELATED NEWS:
* You Can Now Rent MS-Apps in Web Cafes
Like I have predicted a long time ago, it's finally happening. MS
will rent its software on a per-use basis for the first time through
a chain of budget Internet cafes called 'easyEverything'. This new
humongous outfit in New York with 800 seats (yes you read that right)
will open in Times Square on Nov 28. You will be able to rent MS-
Office for a small fee per session, something like 2 bucks.
It's a trial balloon for MS, because under the .NET initiative they
will start charging consumers a regular monthly fee rather than a
lump sum up front. MS will learn from this pilot, and see where they
need to tweak and adjust. easyEverything is planning on an aggressive
expansion. They expect most users will be people that already use
MS-Office at work or at home but are on the road and need to use it.
How much for all of it?
1) The customer buys Internet Access at the main desk for something
like 1 Dollar for 15 minutes, Fees vary depending on peak times.
2) They log onto a PC in the Café. They can see in realtime how much
credit they have left.
3) A separate 2 bucks per session is charged for use of MS-Office or
Words and includes Encarta. Printing: 35 cents per b/w page and
70 cents for color.
-------------------------
* MS Releases MINI-SQL
Last Thursday, MS introduced the smallest flavor of SQL Server yet,
a special version designed for WinCE hardware. Redmond worked for
more than a year on the new SQL code and it fits inside 1MB! The
full name is "SQL Server 2000 Windows CE Edition" and can be used
to replicate data from a CE-handheld to its Big Brother SQL that
sits on your corporate server.
The small CE flavor lets users that are on the road run their SQL
apps and then transfer data when the gadget is hooked up again to
the home mothership. And, to make things easy, you get a so called
'CE unlimited deployment license' for free with the $499 SQL Server
2000 Developer Edition license.
There is a 'BUT' though. You do not need additional licenses to
connect to a back-end SQL Server database if the back-end server
is covered by a (quite expensive) per-processor license. Otherwise
the WinCE client needs a SQL Server CAL. Gotta watch it there.
-------------------------
* How To Avoid Sending 'Out Of Office' to mailing lists
Outlook has a very handy assistant that allows you to send the 'OOO'
message when you are not in. But mailing lists generally put your
account on hold, or delete you when they get these.
To avoid sending OOFs to mailing lists, you can do the following:
1. Create a Public Folder & name it whatever you want to. Make
a note of its SMTP address.
2. Subscribe that SMTP address to the mailing list (for instance
"MS-Exchange Admin Issues").
3. Set your own mail subscription to the "no mail" option.
Then, the PF will receive all mail sent to the list & since PFs
can't be out of the office, they won't return OOFs. You, however,
can still have OOFs set up to go to the internet (if you really
want to) AND can still post to the list. Then *everyone* will be
happy!
-------------------------
* The Page File Is A Possible Vulnerability
SearchWIN2000.com sent this tip that I thought was a good one.
It came from Tertius Genis, who works for Weyerhaeuser Corp.
The tip discusses one way that security breaches can happen-
through the page file-and how to avoid them. The page file, a
hidden file called pagefile.sys, is the one your computer uses to
page out programs and/or data to hard disk when memory resources
are getting low. It's the same thing as the swap file in Unix.
When you install Windows 2000, the installation program sets the
size of the swap file to 1.5 times more than you have physical
memory in your machine. For example, a 250 MB machine would have
a default swap file size of 775 MB.
But the page file leads to a serious problem. A few of the
attacks on Windows NT Security about which information is
publicly available rely on the fact that the NT page file is left
intact on shutdown and can subsequently be scanned for useful
information. There's no good reason that the page file isn't
erased, and doing so can plug a potential hole in your NT or
Windows 2000 armor.
To clear the page file at shutdown, you need to change the
registry. Make sure you back up the registry prior to
implementing the change, so if you mess up, you can go back to
where you were.
Change the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\MemoryManagement\ClearPageFileAtShutdown
Drill down to the key, and set the value in the dialog box that
appears when you double-click on it. To have the file cleared at
shutdown, set the value of the key to 1. To leave the page file
intact at shutdown, set the value to 0.
*********************************************************************
4. NT THIRD PARTY NEWS:
* And What Happens When Your Plan B Fails?
Plan A is of course your Backup. Are you testing your Backups
for the ability to recover? Some one told me they restored
their backups to another machine every week, and that quickly
getting files back to restore was a piece of cake that way.
Not a bad idea actually.
But Plan B, how about that? Do you have one? Backup Tape not
readable (we had one like that a week or so ago), or simply
does not restore the way you thought it would? It could be a
deadly virus, a worm or a bad rain storm. I was just in Paris
and a rep from an Italian company told me a true story.
An Olivetti site in Italy was in the path of a river that had
been fine for decades. Then, suddenly, something like 30cm of
rain fell in that region. The river destroyed 40 bridges and
large sections of their town were flooded. The Olivetti site
wound up with a whopping 200 servers literally under water for
a week. All hardware was ready to trash!
So here comes my question regarding your Plan B. Do you have
the right business continuity plan in place? Is your business
critical data off site at all times? Are you able to fail over
to a machine that is still up & running somewhere? I strongly
suggest you spend some time to ask yourself: "What would happen
if Server so-and-so would completely die? Here is a link with
some good white papers that will help you underway. Check the
section White Papers, Documents and Other Files on this page:
http://www.sunbelt-software.com/product.cfm?id=111
-------------------------
* Sybari Forms Strategic Alliance With CA
Sybari Software, a well respected antivirus and security specialist
for Groupware solutions, announced it entered into a partnership
with Computer Associates International, Inc. With this alliance,
Sybari is able to offer existing and new Antigen users the ability
to use CA's InoculateIT and Vet engines for virus scanning.
"We believe that CA's InoculateIT and VET are invaluable additions
to our current product offering" said Robert Wallace, president and
CEO of Sybari Software, Inc. "By integrating their leading engines
with our comprehensive scanning methodology in Antigen further
strengthens our position as leaders in the antivirus and security
market."
Sybari's Antigen is a comprehensive antivirus and security solution
specifically developed to protect Exchange and Notes environments.
Through the integration of multiple virus scanning technologies,
such as CA's InoculateIT and VET, Antigen is able to protect the
most complex messaging infrastructures from malicious virus attacks.
It is Antigen's ingenious architecture that enables mail admins to
select from several of the leading scan engine technologies available
in the market.
"With the rise in email-borne viruses and worms, Groupware antivirus
solutions are essential," said Simon Perry, vice president, security
solutions, Computer Associates. "Our partnership with Sybari will
help organizations increase productivity by protecting email and
other mission-critical applications from viruses." More at:
www.sybari.com
*********************************************************************
5. W2Knews 'FAVE' LINKS:
===
If you run Exchange, this is your DISASTER BIBLE. Read it THREE TIMES.
http://www.microsoft.com/exchange/techinfo/Disaster.htm
===
How does NLB work? Network Load Balancing is a good HA feature in W2K.
http://www.microsoft.com/WINDOWS2000/library/howitworks/cluster/nlb.asp.
===
Want to subscribe to a Windows specific SECURITY list server? Go here:
http://63.88.172.96/go/loader.asp?id=/security/howto-faq.htm
===
*********************************************************************
6. BOOK OF THE WEEK:
* MCSE Training Guide (70-240): Windows 2000 Accelerated Exam
This exam covers all of Windows 2000. This will be seen by many exam
candidates as the first path to take to achieve Windows 2000
certification coming from the Windows NT Server 4 track. Written in
keeping with the Training Guide series, you will find pre-chapter
quizzes, chapter reviews, case studies, glossaries, and much more,
written based on the exam objectives. To supplement the top-notch
content, the Training Guide offers a version of ExamGear which gives
you the chance to try your hand at adaptive testing and other new
testing technologies--all with the look and feel of the real exams.
Suggested Retail: $59.99 - But available at Sunbelt Bookclub: $38.99
http://www.sunbelt-software.com/bookclub/
*********************************************************************
7. THE NT/2000 STOCK WATCH - Closing numbers Friday 27, 2000
52 WK 52 WK P/E WEEK
SECURITY CLOSE HIGH LOW RATIO CHNG
---------------------------------------------------------------------
Advanced Micro Devices... 20 1/2 48 1/2 9 1/8 12 -7.8%
BMC Software............. 18 86 5/8 13 38 +2.4%
BindView Development Corp 7 1/2 45 3/4 4 1/2 +31.8%
Cisco Systems............ 50 11/16 82 32 5/8 -11.5%
Citrix Systems Inc....... 20 15/16 122 5/16 14 1/4 37 -2.3%
Compaq Computer.......... 29 15/16 35 18 3/8 33 +4.6%
Computer Associates...... 31 1/8 79 7/16 23 5/8 15 +18.0%
Data Return Corporation.. 10 9/16 94 1/4 12 7/8 -33.7%
Dell Computer............ 27 15/16 59 3/4 22 1/16 42 -1.7%
EMC Corp................. 88 13/16 104 15/16 32 3/8 -11.1%
Electronic Data Systems C 48 13/16 76 11/16 38 3/8 32 +2.7%
Gateway Inc.............. 50 9/32 84 42 9/64 33 -11.7%
Hewlett Packard Co....... 87 3/4 136 3/16 52 1/4 26 -8.5%
Intel Corp............... 46 3/8 75 13/16 33 3/8 36 +7.6%
Intergraph Corp.......... 5 7/16 9 3 3/16 -1.1%
International Business Ma 93 3/4 134 15/16 86 23 -1.0%
Legato Systems Inc....... 9 5/16 82 1/2 8 1/8 -6.8%
Micron Electronics Inc... 7 15/32 20 11/16 6 1/2 17 +3.2%
Microsoft Corp........... 67 11/16 119 15/16 48 7/16 40 +3.8%
NCR Corp................. 41 1/16 47 29 1/2 12 -4.0%
NetIQ Corporation........ 87 96 28 7/8 -5.5%
Network Associates Inc... 19 1/16 37 3/16 15 5/16 50 +0.3%
Novell Inc............... 8 33/64 44 9/16 7 1/2 18 +3.0%
Oracle Corp.............. 34 3/16 46 1/2 10 11/16 88 -3.0%
Qualcomm Incorporated.... 74 7/8 200 50 7/8 85 +0.1%
Quest Software Inc....... 45 98 1/8 23 5/8 -23.4%
Seagate Technology....... 68 79 3/16 26 9/16 41 -14.0%
Silicon Graphics......... 4 3/8 5 3/16 2 0.0%
Sun Microsystems Inc..... 103 3/16 129 5/16 44 84 -13.0%
Sybase Inc............... 21 1/16 31 11 5/8 30 -6.6%
Symantec Corp............ 38 81 5/8 31 1/16 12 +5.3%
Unisys Corp.............. 12 3/8 36 1/16 9 1/8 11 +2.0%
Veritas Software Corp.... 140 3/4 174 39 7/8 -15.6%
Dow Jones 30 Industrials. 10,590.62 +3.5%
---------------------------------------------------------------------
8. "HOW TO USE THE MAILING LIST" Instructions on how to subscribe,
sign off or change your email address
TO SUBSCRIBE TO THE LIST (Tell your friends!)
Click: http://lyris.sunbelt-software.com/scripts/lyris.pl?join=w2knews
and fill out the form, simple & easy: 1 minute work.
Or by email, send a blank message to the following address:
[EMAIL PROTECTED]
_____________________________________________________
TO QUIT THE LIST
Go here, choose the list you are on, and follow instructions:
http://lyris.sunbelt-software.com/scripts/lyris.pl
and unsubscribe from either the nt-list or w2knews. You can see which
list you are on looking at the FROM address of the newsletter. (It
takes a week for this change to filter through so you may still get
one or two news items before the flow stops).
____________________________________________________
TO CHANGE YOUR ADDRESS
First unsubscribe and then resubscribe as per the procedure above.
*********************************************************************
FOR MORE INFORMATION
On the World Wide Web point your browser to:
For the newsletter and our website:
http://www.sunbelt-software.com
For Tech Support on Sunbelt products mentioned:
http://www.sunbelt-software.com/scripts/rightnow.exe
Back Issues are here, all searchable and indexed. NT-list:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=nt-list&text_mode=0
Back Issues of W2Knews are all here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=w2knews&text_mode=0
Cannot unsubscribe? Getting it twice? Send an email to a live person:
[EMAIL PROTECTED]
(It will take about a week for the change to filter through the
systems, so you may still receive one or two newsletters before
the flow stops.)
Email for US sales information to:
[EMAIL PROTECTED]
Email for US Tech support to:
[EMAIL PROTECTED]
Email to the US Editor:
[EMAIL PROTECTED]
Email for European Sales to:
[EMAIL PROTECTED]
Email for European Tech support to:
[EMAIL PROTECTED]
At the time of this newsletter's release, all links were
checked to verify their accuracy and validity. However,
due to the ever changing pages of various sites, some links
may later prove to be invalid. We regret any inconvenience
should you be unable to open any of these links.
*********************************************************************
Things Our Lawyers Make Us Say:
This document is provided for informational purposes only.
The information contained in this document represents the
current view of Sunbelt Software Distribution on the issues
discussed as of the date of publication. Because Sunbelt
must respond to changes in market conditions, it should not
be interpreted to be a commitment on the part of Sunbelt
and Sunbelt cannot guarantee the accuracy of any informa-
tion presented after the date of publication.
INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
FREEDOM FROM INFRINGEMENT.
The user assumes the entire risk as to the accuracy and the
use of this document. This document may be copied and
distributed subject to the following conditions: 1) All text
must be copied without modification and all pages must be
included; 2) All copies must contain Sunbelt's copyright
notice and any other notices provided therein; and 3) This
document may not be distributed for profit. All trademarks
acknowledged. Copyright Sunbelt Software Distribution, Inc.
1996-2000.
