SoCalITProAssociation Newsletter                           Volume 2 Number 8
Southern California Information Technology Professional Association          August 1, 2004

Welcome Members, Visitors and Friends!
Well, the Vi-Writers are at it again. ZDNet is reporting new attacks from MyDoom variants, a new worm, Atak, that hides form AV software by sleeping, and other viscious viroids. Keep up with your AV updates. In the meantime, the Pottsylvanians are spying on us, too!
"Natasha, is Moose and Sqvirrel!"
"Boris, darlink, I tink dey are startink to use anti-spyvare softvare!"
"Natasha, ve must report dis to Fearless Lidder!"
Well, I'll give you a hint about getting rid of those nasty bugs in this issue. Our Father, who art in Redmond is on time with one update, and late as usual with another. It looks like Winternals is about to release a new, mouthwatering application. I wonder if we could get Mark Russinovich to come down and explain it to us? By the way, our meetings seem to be getting better and better. If you haven't been attending, you really should. If the first MCT corner is any indication of the quality of the technical info you'll receive, you really don't want to miss these! And the presentation from agile360 was an eye-opening intro to the wave of the future. So, BE THERE! I will!

--Editor
Inside this Issue:
Microsoft announces the releases a major Office update
Sleeper Worm avoids detection
Windows XP update delayed
Winternals Appoints Mike LaPeters
New Meeting Feature: MCT Corner
Meeting Announcement: August 12, 2004
Previous Meeting...
Favorite Third Party Tools: Webroot Spy Sweeper
Opinions and Commentary Department
Final Notes…
Email the Editor

And Now, The News...

Microsoft™ announces the releases a major Office update

Service Pack 1 (SP1) for Office 2003 is now available for download from Microsoft's Office Update site. Get your's right away!

Top

Sleeper Worm avoids detection

Munir Kotadia of ZDNet UK reported from London on July 13, 2004 that a new mass-mailing worm, Atak avoids detection by AV software by going to sleep. "Although antivirus companies do not expect it to cause much damage, they say it will be a nuisance because it can generate a large amount of spam," said Kotadia.

"Atak tries to tell when someone is stepping through the code to analyze whether it is a virus or not. Often, a virus will contain lots of code that is designed to make it more complicated for (antivirus) companies to write the detections," said Graham Cluley, senior technology consultant for antivirus company Sophos.

"Atak is not thought to be a serious threat. But because of recent detection and in-built protection, the worm's full functionality has not yet been fully analyzed. However, it is known that the worm contains text that seems to threaten other well-known worms and viruses, such as MyDoom, Bagle and Netsky".

Clearly, this is another one to watch for in the near future.

Top

Windows XP update delayed

Microsoft on Monday said that a long-awaited update of Windows XP, Service Pack 2, will be sent to manufacturing in August, a month later than expected.

Top

Press Release: Winternals Appoints Mike LaPeters Vice President of Worldwide Sales

Former Veritas Sales Director to Develop Channel and Worldwide Sales Strategy For Winternals Enterprise Solutions

(Austin, TX - July 12, 2004) Winternals, a leading provider of Microsoft systems availability and performance solutions, today announced the appointment of Mike LaPeters as Vice President of Worldwide Sales. LaPeters will be responsible for formulating an ongoing channel strategy and for oversight of the company's sales activity.

"Our next phase of growth will come from the channel," said Edwin Brasch, president and CEO of Winternals. "Mike's proven track record in developing and managing distribution channels and penetrating untapped global markets will drive the adoption of Winternals solutions."

LaPeters' hiring precedes the release of Recovery Manager 2.0, Winternals' flagship product for Intelligent Recovery in the Microsoft enterprise. Recovery Manager restores unstable and unbootable Windows NT/XP/2000/Server 2003 computers anywhere on the network from a single installation on one computer-without the downtime and data loss inherent in other recovery solutions.

"Recovery Manager is an exciting product line and one of the factors that influenced my decision to join Winternals," LaPeters said. "Having spent my entire career in the backup and recovery space, I recognize Recovery Manager's approach as an essential addition to the overall backup strategy of every Microsoft enterprise - granular, operating system-level recovery that does not impact critical data."

About Winternals
Founded in 1996, Winternals is a leading provider of systems infrastructure availability and performance solutions for Microsoft-based enterprises worldwide. Winternals solutions empower IT professionals to rapidly resolve the daily emergencies that arise when administering Windows systems and maintain high availability of mission critical systems. By accelerating recovery, improving data integrity, increasing productivity, and optimizing performance, Winternals reduces the total cost of ownership for the Microsoft-based enterprise. Headquartered in Austin, Texas, Winternals counts among its customers 48 of the Fortune 50 and 95 of the Fortune 100. For more information on Winternals visit www.winternals.com.

For more information, please contact:
Barbara Prinsell, Director, Strategic Communications
Winternals Software LP
1-800-408-8415
512-381-2720 (phone)
http://www.winternals.com
bprinsell@winternals.com

Top

New Meeting Feature: MCT Corner

Beginning at 6:30 pm, each meeting, QuickStart Intelligence will be providing a 30 minute training session with one of its Microsoft Certified Trainers. Last month, Mike Simpson magically condensed a three day course on Troubleshooting Exchange (#2011) into a thirty-minute briefing. Mike stressed that to troubleshoot Exchange problems, you need to have a certain depth and breadth of knowledge of Exchange and its processes; a clear view and understand of the "BIG PICTURE" not only of how Exchange communicates with its clients, but how it fit into the entire structure of the corporate network; a good understanding of cause and effect; and access to the Microsoft Knowledge Base, Technet, and a decent test lab. He then proceded into the nitty-gritty of common maddening problems, appropriate because MAD.EXE is the Exchange System Attendant.

This month's presentation will be SharePoint Portal Server. The presentation will begin promptly at 18:30.

Top

Meeting Announcement: Thursday, July 8, 2004

Topic - Barracuda SPAM Firewall
Barracuda Networks will demonstrate their premier product, the Barracuda SPAM Firewall.

There may (or may not) be a presentation by Microsoft on the new Service Pack 2 for Windows XP.

Door prizes and software.

As always please RSVP on the http://www.SoCalITPro.org website. The link is on the lower left hand side of the home page.

Top

At the Previous Meeting...

At the July meeting, first Mike Simpson of QuickStart Intelligence gave a rapid-fire talk on Troubleshooting Exchange (See article above).

Then the meeting was turned over to Omar Yakar, omar.yakar@agile360.com, President and Founder of agile360, http://www.agile360.com, who took us on an exciting trip through the world of Virtual Servers.

The following information is summarized (and the tables plagiarized--I hope he doesn't mind) from his powerpoint presentation, but to get the full effect of the live demonstration, you really had to be there! (Shouldn't you be coming to more meetings? You're missing out on a lot of great presentations, not to mention the free stuff and the door prizes!)

Why should we use virtual servers, when we are so concerned with possible failures and downtime, that we usually think in terms of having at least two boxes for every server function? (Gotta have a failover cluster for the exchange servers, and one for the sql servers, and one for the IIS servers, and one for the DNS server, and one for accounting department, and one for the marketing department, and one for the production department and one for the test bench systems, and two SANS, in case one fails, and then we also need some for...)

Mr. Yakar listed the Benefits of Server Virtualization:
  • Increase computing capacity without buying or having to manage additional computers.
  • Gartner states that the average server is utilized at approximately 15%.
  • Develop, test, and deploy more new applications, more thoroughly and quickly.
  • Support multiple software products and operating systems, which allows you to improve the quality of your products and enhance your competitive advantage.
The next table described what virtual server solutions might be, and why:

What Why
IT operations & server consolidation
  • Reduce data center sprawl, simplify cable management, reduce power consumption and lower overall operational expenses
  • Decrease TCO by 40%
  • Allocate hardware resources on the fly
High availability;
Backup and Disaster Recovery;
Rapid Provisioning
  • Decrease server downtime
  • Failover-in-a-box, n+1 failover
  • Copy snapshots of entire virtual machines to disk, tape or remote “hot sites” without interruption
  • Reduce lost business caused by extended recovery times
Software development and test server consolidation;
Rapid deployment
  • Create server configurations in minutes instead of days
  • Move from test to production without mirroring machines


His next table gave an overview of the Virtual Server software available (though Microsoft Virtual Server is not yet available, it should be released soon...):

Product Microsoft Virtual Server VMware GSX Server™ VMware ESX Server™
Target Market Test Lab / Departmental environments Test Lab / Departmental environments Business critical environments
System architecture Host OS Host OS Installs directly on the hardware
Usage Server apps Server apps Server apps
Overhead Up to 40% Up to 40% 3-20%


Hey! Wow, man, look at that overhead on the ESX server! That's L O W ! You could run up to eight virtual servers on a single box! Well, you might want to run only four or five to optimize resources and allow for occasional spikes in usage. But think of the real estate you'll save. You'll reduce data center rack space, lower your overall power consumption, improve overall utilization of the server equipment you already have, and improve flexibility, because virtual servers can be moved from one machine to another very quickly and efficiently.

Mr. Yakar discussed the challenges of converting to virtual servers, then introduced Plate Spin's Power P2V application, that makes the whole process of conversion and management of virtual servers a breeze! To prove it, he did a real-time, online conversion of a server to a virtual server, in front of the whole group! He said the process would take about an hour. I timed it. It took 52 minutes! Wow! Could you rebuild one of your servers from a bare metal box in 52 minutes? This was I m p r e s s i v e with a capital I! A typical manual or semi-automated conversion of a server will take the ordinary admin from one to two days. When using Power P2V, it takes ten minutes of operator time, and one to two hours of run time...and P2V can do multiple conversions at the same time!!!

The secret to the virtual server system is that each VServer is simply a file on a SAN, and can be installed, moved, or reinstalled on any box with the right hardware requirements.

So, do you want to save time, money, physical resources, and electricity? Then you know what you have to do! Email Omar Yakar, omar.yakar@agile360.com, or go to http://www.agile360.com.

Omar says, "Agile360 is a professional services and systems integration firm with offices in Irvine and San Diego with a focus on simplifying, streamlining and automating IT operations. They perform IT assessments, systems architecture, implementation and project management around Microsoft, Cisco, Citrix, VMware and security technologies."

Regards,
Omar Yakar
President
agile360 - Solutions for the agile business

Top

Favorite Third Party Tools Department: Webroot Spy Sweeper

I don't know about your system, but it seems that anytime I connect to the Web, I get some variety of adware, and occasionally, some real spyware. I run both Spy Sweeper, which I received from Webroot's giveaway at our March 2004 meeting, and SpywareGuard. Both of them work, because on occasion I get popup messages from one or the other letting me know they caught something nasty. Both of them have captured those dastardly keystroke loggers. Spy Sweeper appears to be the more active of the two, because it pops up more frequently, and is scheduled for a full run Friday (although I do run it more often than that). As I write this, for example, Spy Sweeper has found nine cookies, and traces of 12 somethings, not listed in its window, and has 32 more minutes to run. (And of course, I need to log back onto the Web now, so I'll have to re-run the program later!)

(Okay, I'm off the Web again, let's see if I picked up any more garbage...running Spy Sweeper again...)Yes, I'm off the Web now, and Spy Sweeper has found two more items, one of them, its own System Monitor, Spy Sweeper Update. It also found another system monitor, iOpus Starr. If you want further information on any threat that Spy Sweeper detects, such as iOpus Starr, simply click the Further Details button, and Spy Sweeper wisks you to their website giving you a page that looks like this:

-------------------------------------

Name:

iOpus Starr

Author:

iOpus Software GmbH

Category:

System Monitor

Threat Assessment:

High

 

Description:

Iopus Starr is a system monitoring tool that logs keystrokes, usernames, passwords, chat conversations, visited Web sites and more.

Characteristics:

iOpus Starr is a monitoring tool that captures screenshots and logs keystrokes, including usernames, passwords, access times, window titles, chat room conversation and visited Web sites. The data is saved into an encrypted log file for later retrieval; the data also can be emailed to a remote PC. The program runs in the background, so it is completely invisible to the user.

Method of Infection:

iOpus Starr can be installed only by someone with administrative access to your computer, such as a system administrator or someone that shares your computer.

Additional Comments:

None

-------------------------------------

Now that is useful information! It's obvious, I don't want iOpus on MY system! So I click Next... Spy Sweeper asks me if I want to remove its own update monitor, and I say NO, because I really do want their updates, as SOON as they released. The last page tells me that the application has removed 66 traces of spyware since installation. Actually, I think that's since the last time I cleared the quarantine folder, because I was clearing disk space. I'm sure there were something like 128 traces in that folder before I emptied it, a few months ago. (Yeah, my system does seem to accumulate a lot of crud. I have an AV scan done every Friday evening, as well, and last week's scan picked up nine new infections! If we average nine viruses and 12 spyware items during the average week, one may assume we are under constant attack by the Forces of Evil. Thank The Powers That Be for the wonderful people at Webroot!)

Spy Sweeper is easily configurable. You can select which drives, when, and even which software to quarantine on a regular basis. The interface is intuitive to use. Well, what are you waiting for? If you didn't install the free copy from the meeting, Fry's presently has Spy Sweeper available at a sale price, so stock up! You need this one. To find out more about Spy Sweeper and other fascinating Webroot products, go to http://www.webroot.com.

Next month, another look at 2xExplorer (unless someone has something else they'd like to tell us about).



Top

Opinions and Commentary Department

(Gripes-R-Us Dept.)

Some corporations seem to think that in order for software to be of any value, it has to be expensive. Their managers assume that inexpensive software or freeware is of no value. Some managers apparently assume that a GNU opensource license means that the software is either inconsequential, or that because they wouldn't have a piece of paper to show the software police, they'd better not have any such 'tainted' software on their systems. It's better to spend a lot of money for the license, than to take the chance that someone will try to sue us. Right?

But in this furiously fluxuating freemarket frightening economy, where costs must be held down at any cost (including, too often, the cost of the welfare of the employees), shouldn't we be looking for alternatives to expensive software? True the overhead costs of the Admin's is often higher than some of the applications, but that may not be the case if you need licenses for five thousand copies of an expensive app. So, should you be looking for cheaper alternatives, or not? Who makes the corporate software expense decisions, the accountant, the CEO, the IT managers, you? (And if it's someone other than you or the IT manager, to they have the knowledge and experience to select the proper application software?)

Another consideration is that companies that charge a high price for their software claim they also have the developmental resources to test it, extensively, under many operating environments and varying conditions, and in the operating presence of many other application packages. (Right...this is obviously why we are always told to shut down other applications when installing new ones. Obviously the new apps were so well tested that they couldn't possibly interfere or interact with anything else, could they?) And they have the resources to spend the time making sure the user interfaces are simple, intuitive, blah, blah, blah. If that's true, why do we still find so many bugs when we pay those high prices? Why do we still have to spend so much time juggling applications and making certain configurations do not interefere?

So, are they right to look first for the price tag, and the official license, or is what really matters whether or not the software does the job efficiently? What's your take on this?

Top

Reader Feedback

'Aaa Mahn, wha'chu got to say?

--Editor

Top

Final Notes…

> Be sure to be at the meeting by 6:30 pm for the MCT Corner lesson on !

> If you any ideas for an article that you might like to write for this Newsletter, or about any third-party software that you would like to share with our members, please submit your article to the Editor, contact information below. Please use the Rich Text Format (.rtf file) for your article, and in the subject line of your email, put the word, Newsletter, so I don't accidently delete your email. (I tend to delete emails from people I don't know unless the subject line clearly indicates something important.)

See you at the meeting on Thursday, August 12, 2004, enjoy!

Robert Holtzman, Editor
rholtzman@socalitpro.org

Top

SoCal IT Pro/OCNTUG Newsletter                                     Volume 2 No. 8                               08/01/2004

EOF