WMIC Samples from John Howard

John Howard is a Microsoft IT Pro Evangelist from the UK, and he's posted some cool and useful WMIC Samples.

UK Government's Security Awareness Site is Launched

The UK Government has just launched a new security awareness site. ITsafe.gov.uk is "designed to provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack. It consists of both the Advice on this website, and a low-volume Alerting Service."

This site is a part of the Government and business partnership programme Project Endurance, which is being funded by a number of commercial organisations and government departments/agencies. See here for ITsafe's partner list.

Thus far, the site is not overly compelling although this will improve with time. The information is limited and the site design requires a lot of server hits - the amount of information returned from each hit is limited. Content wise, the site is very new - there are no security alerts, no security advisories, and only two "other" advisories (one relating to a buffer overflow issue with Trend AntiVirus software and the other a FireFox vulnerability). The amount of information that is displayed for each issue is also limited, although links to more information are provided.

Despite these minor grumbles, this is a a great start to Project Endurance. You can sign up to receive ITsafe bulletins by email by going here. One nice touch with the sign up - the signup form asks for an itsafe word. This word is then added to the subject heading in the email - highly useful for filtering purposes. It would also reduce the risk of phishing attacks allegedly coming from itsafe.

For more security links, see Technorati's Security page.

VMware Workstation 5 Public Beta

VMware has now released a public beta of VMware Workstation Version 5.0. Visit the VMware Workstation 5 Beta site and download your copy today!

Features in the beta that I like include:

* Multiple snapshot and snapshot management capabilities--for capturing and managing multiple configurations

* Teams feature--for managing connected virtual machines and simulating "real world" multi-tier configurations

* Cloning functionality--for copying virtual machines and sharing them with colleagues. This includes the ability to convert a VPC VM into a VMware Workstation VM! * Improved USB support - just about everything's supported inside a guest. * Support for 32-bit and 64-bit hardware. * NX bit support - the VMware "hardware" now supports this bit, for OSs that can make use of it (e.g. XPSP2, Server2k3SP1).

The beta is a LOT quicker to save and restore VMs. I run (for better or worse) my mail server inside a VMware VM using VMware 5.0, and this VM is run from my main workstation (a nice dual proc Xeon box). Since I am regularly rebooting my workstation, I also have to save and then restore the mail server - which now takes just seconds. For a fuller set of details on what's in VMware Workstation 5.0, see the beta page on VMware's web site.

So does VMware 5.0 stack up against VPC 2004? The the current version of Vmware has more features than VPC already. VMware 5.0 adds many useful and important features that power users will appreciate, thus widening the feature gap. I've not seen pricing yet, so I can't comment on that yet!

So where does that leave VPC? Well, being a Microsoft product, it is less less expensive than the competition, and has fewer features. BUt, it is fully supported by Microsoft. VPC is aimed at corporate customers who do not want to have to deal with potential support issues arising from using MS OSs inside a VM, and customers not needing the extra features. VPC is ideal for desktop Windows XP user who needs to run applications that are only work in earlier versions of Windows. VPC is also a very valuable tool for Microsoft demo warriors and trainers (who get VPC VMs from Microsoft!).

At the end of the day, I'll end up using both products. I've got, for example, a set of fantastic ISA Server Enterprise Edition labs which will stay as VPC VMs, while my mail server will continue to run in VMware. As an MCT, most of training courses I run these days run either in part or in whole using VPC VMs. VMware is a much heavier duty product, with a higher spec - I think of it as the 'workstation' vs 'pc' type product. I'll continue to use it at home and in those cases whe the extra featues are needed.

VMware rocks!!

Microsoft Application Compatibility Toolkit 4.0

Application compatibilty is a major issue for almost all desktop deployments. To put it simply, if you don't have compatible applicaitons, you don't have a deployment. There are a few major areas where application compatibility can be an issue: Setup, and kernel mode drivers beign two of many. Far too many setup applications are baddly written to look to see if the OS is windows 95, and fail to install if not (even thought the app will happily run on XP!). These and loads of other issues can be remediated, but it does take time and effort.

However, some issues can not be easily fixed or even fixed at all. For example, applications that come with .VXD kernel mode drivers (for win9x). These do not work in the NT versions of Windows. In such a case, you either stick with Winoows 9x (possibly running your App within a virtual machine running 9x), or get a newer version of the applicaiton or the driver for one that runs on 2000/XP/2003.

Application comptability has been a major focus of MS for some time, and they've done some great work, to some degre behind the scenes - application compatibity is an OS feature and is used often without you even knowing it - automatically fixing applications. as a result of this work, MS has also produced Application Compatibility Toolkit, which contains tools and documentation to assist you in remediating most, if not all compatibilitly issues. Many issues can be remediated by using the toolkit. The toolkit enables you to apply individual fixes to an application and test the results. Once you fix the application, you can create custom application compatibility database (an SDB file). By using sdbinst.exe, you install that sdb to your system and from then on, every time the application runs, it gets properly dealt with at run time. It's dead cool stuff - and I suspect most users, and most admins are blissfully unaware of it!

A revised version of the application compatibility toolkit, version 4.0, is in the works - and should be due anytime soon. MS is now adveretising the TechNet Support WebCast: How to use Microsoft Application Compatibility Toolkit 4.0 to manage application compatibility on Microsoft Windows. If you are doing deployment, I'd advise taking a look at this webcast.

Work Your Proper Hours Day - Friday 25th February 2005

Here in the UK, the TUC has declared today as Work Your Proper Hours Day.

Changes in Windows XP Product Activation

Based on a blog entry over at Aviran's Place Microsoft is planning further changes changes in Windows XP Product Activation. From the end of the week, Microsoft is plannign on diabling the internet activation process for OEM versions of Windows. From the article,it appears that MS will require anyone wanting to re-activate their OEM copy of Windows to contact the activation centre by phone, where the folks will ask you questions. The first phase of this move afects product keys from onlyl the top 20 direct selling OEMs, but no doubt this will become the norm as soon as MS can do it.

For most corporate users, this has no effect at all, since they are using retail or volume licensed copies. What it will hit is the hobbyist, and enthusiast who has bought an OEM box, and wants to re-install the OS. It will be interesting to see how this develops!

Windows XP SP2 AU Block Soon To Be Removed

When Windows XP SP2 was released in August 2004, Microsoft blocked the Windows Automatic Update and Windows Update from automatically serving the SP to all and sundry. Well, this blocking is soon going to end. For organisations that have already updagraded to SP2, this is no big deal - but if you haven't and if you have users that rely on AU - be prepared!

From mail I've had today "Beginning 12 April 2005 this temporarily blocking mechanism will expire and systems with Automatic Update enabled or interactively download SP2 via Windows Update will begin receiving SP2. Note that this is also the scheduled day for the monthly cumulative release of security updates. We strongly encourage customers to take the appropriate steps to implement SP2 deployment decisions by that time.

April patching day is going to be an interesting one!

MBSA 2.0 Beta

Microsoft has now opened the nominations for the beta of MBSA 2.0, the next version of MBSA. MBSA 2.0 is planned to utilise WUS infrastructure for security update scanning. MS wants help to improve the quality of this product and is currently accepting anominations into the MBSA 2.0 beta program.

You can nominate yourself for this beta by going to http://beta.microsoft.com, log into the system using a MS Passport ID. Then use the guest ID of "MBSA20" and complete the survey. If you are seleted, you will be contacted by MS with full details. If you are not selected, there will be a public beta starting late March. My take is to test this tool (and file bugs if you find any!!).

IE7 Here We Come

It appears that MS is listening after all to the noise being generated by Fire Fox. As traffice to this blog shows, Firefox is making real inroads into IE's market share. The hit stats for this blog indicate over 35% usage of Firefox, with IE 6 at 58%.

Bill Gates is using the RSA Security show to announce a new version of IE. To be dubbed IE7, a beta is to be released this summer, with release "when the product is ready". IE7 is meant to be a major release focusing on security and usability. Security issues to be tackled in IE7 include phishing, malware, and spywaare. There is no news yet of precisely what will be in it, but from the demo I saw recently, browsers tabs do seem to be included! :-)

Download Solaris 10 for Free

As reported widely, Sun have started allowing folks to download Solaris 10 for free. It's a big download, which you can get at the Solaris 10 Download Center. There's both X86/x86 imgaes and SPARC images. Both come on either multiple CDs or a DVD. If you opt for the DVD, it comes in several parts that you need to download and combine. I'll post more once I've managed to download the DVD and run up Solaris in a VM.

Great Presentation Tips

Venkatarangan is a fellow Regional Director, and like me gives a lot of presentations. He's written up some great presentation tips. If you are a trainer, or someone who has to present a lot, you'll probably know all these points. It's a great refresher even so!

A neat FireFox Trick

As I noted in a recent blog post, I've been using the Firefox browser as my main browser on my home workstation. This has proved to be successful - I like a lot of the features of the browser (although to be fair, much of what I actually enjoy most comes from 3rd party extensions rather than to firefox itself). One key Firefox feature I do love is tabbed browsing. This enables me to have a single window with a large number of related pages open at once. The update all tabs makes a co-ordinated update of all the pages quick and easy.

It turns out that if you feed Firefox a set of URLs, separated by teh "|" character, FF can open a window, with each page in a separate tab. Going further you can create a desktop short cut, with the shortcut pointing to the "|" delimited string of site names to create a short cut to a tabbed set, all in one window. For some things I do, this is really handy. You all probably knew this, but I thought it was cool. Now all I've got to so is to work out how to save as set of open tabs (opened by manual browsing) as a single shortcut from within FireFox.

On the dangers of blogging

I came across an interesting page this morning: List of fired bloggers, folks whose blog entry or entries got them fired. Does your firm have a policy in place regarding the status of blogging and what can/can not be said? The company I work for currently has no formal policy on blogging. And in the absence of any formal policy, it can be difficult to know what will get you fired. And all too often, as the folks on this page have learned to their cost, some organisations might be said to react in a bizarre way to blog posts.

So, until and unless your organisation adopts a formal policy, you may be better off simply not mentioning the company you work for You should also probably refrain from making jokey comments in your blog about your pointy haired bosses, your lack of email, your having to wear meaningless badges in lieu of having any kind of real security, etc, etc. It's clear that some organisations have had a sense of humour bypass as well as all common sense glands removed.

The del.icio.us Complete Tool Collection

I recently blogged about del.icio.us, a social bookmarking site. I'm finding this a fantastic way to both save and categorise my own bookmarks and to share them with myself and others across across the Internet. To make using del.icio.us easier, see Absolutely Del.icio.us - Complete Tool Collection.

Access Based Directory Enumeration (A Windows Server 2003 SP1 New Feature)

At long last - the feature that every Novel admin wants! In a blogcast entitled Access Based Directory Enumeration (A Windows Server 2003 SP1 New Feature) John howard shows how you can make windows not enumerate folders that the user does not have access to. Cool stuff - available (sans gui sadly) in Windows 2003 SP1. See the blogcast for details on how this work.

The mail bombing from NEMF.COM Continues

As of lunch today, the mail bombing from nemf.com seems to have abated, although I'm still not certain the issue has been resolved. I've now rejected over 22,000 mails from administrator@nemf.com. I've used their website to find out mail addresses of anyone who might be able to help - but this far, nothing. Of course,I'm bouncing all mail from these guys so I may not ever see their apology.

I'm being mailbombed!

I don't quite know what I did to upset someone, but since just before midnight, I've been under a mailbomb attach from 'administrator@nemf.com'. It appears that someone behind this site received mail from the patch management mailing list that I'd submitted earlier. However, the mail filter at nemf.com seemed to have taken exceptoin to my post, and decided it was spam. It's been telling me about it ever since. I had several hundred mails before I managed to get a bounce filter installed. But since then, I've bounced over 10,000 more mails back to them. Right now my mail client seems to be coping, but only just. As I type this, my client is bouncing up to 5 mails a second and the curent backlog is just about 1000 mails yet to download.

If you are the administrator of nemf.com,or know the administrator - could you tell them please to shut off their spam filter till it's a bit more reliable? But if you are the administrator, you'll need to use a different email addres as I've blocked your domain from my site.

The .NET Celebrity Auction for Aceh Aid at IDEP

A group of Microsft Regional Directors auctioned off some of our time to help the relief work in Acheh. We have raised a fair bit of money ($10,183, assuming everyone pays up) which fantastic. Thanks to Stephen Forte for running with this!

Hotmail Stats

While it's possibly fashionable to play down Hotmail, you can't deny it's a big and popuular service. To get some idea of just how big and popular Hotmail has become, head over to A Little Blog - Who knew? for some interesting statistics. Did you know that Hotmail is used in over 220 countries and territories? This is more countried than are recognised by the United Nations!

Anti-adware misses most malware

In a somewhat depressing article entitled Anti-adware misses most malware, Brian Livinston reviews an anti-spyware study conducted by Eric Howes (at the University of Illinois in the US. Another study by the National Cyber Security Alliance suggests that: while 77% Think They Are Safe from Online Threats, in fact, 67% of Computers Lack Current Anti-Virus Software -and 1 in 5 Are Infected with Virus. Worse, 80% of Home Computers are infected with Spyware/Adware. There is clearly a huge perception gap here, with very some obvious security implications for anyone who uses the internet.

But the most interesting thing about Howe's research (and which you can really only discover by reading Livingston's analysis!) is how effective the existing programs actually are - or should I say how INEFFECTIVE. The most effective tool in Howe's tests was Giant AntiSpyware, which has been purchsed by Microsoft. But even this tool fixed less than two thirds of the adware that was installed. As many folks have been saying: you shoudl use more than one product to do spyware detection and removal. Livingston's analysis shows that using Giant plus other tools improves the perccentage of adware fixed (but this still leaves 30% or more of the adware!).

I take three things away from this article: the advertisers (and malware writers) are keeping ahead of the technology (which is scary enough), people are far less secure than they think they are, and while no product is perfect, MS certainly did buy the best of the anti-spyware bunch! The down side of that is that the bad guys are now targeting the MS anti-spyware package!

Beware the .EXE -- Post a PDF Please

I've always been somewhat unhappy about having to download documentation that's packaged via an Exe. I dislike having to run programs picked off the net, especially when they're unsigned and are just documentation. I can sort of see why distributing the original Word document might be sub-optimal.

In an interesting article, Planet PDF makes a great argument for PDF as opposed to .exe files Distributing documentation as PDF (or for the bandwidth challenged, pdf in a zip file) makes so much more sense. As firms begin to use Software Restriction Policies that limit what programs a user can run, there is a need to recondider the 'documentation via .exe' approach. I would hope all large firms that post documentation on the web listen to this argument and take notice!

del.icio.us - social bookmarking

I've been playing a bit with social bookmarking over at del.icio.us. The basic concept behind social bookmarks is that each user posts their own bookmarks, with a description and zero, one or more tags. The tags can be anything meaningful to you as an indexing aide. These bookmark lists are be shared, so you and your colleagues can share bookmarks, for example. You can also see people who have used either the same tags, or the same URL in a book mark. Thus you can find people who might share a common interest and then view bookmark lists.

I've set up my bookmark list at http://del.icio.us/tfl. Right now there's not too many entries (some users have literally thousands of entries!). But I'm sure the list is not goint to remain so small. From my bookmark page, you can see two of my bookmarks, for example, are also bookmarked by other people. You could then browse those individuals and view their bookmark lists (from where you can repeat the process ad infinietunm - or until the data/time runs out!). If on your travels, you find something interesting, you can easily copy it back to your bookmark list.

This is fantastic if you are on the road using a 3rd party terminal, etc. By using del.icio.us, my links are available to me anywhere I could probably use them! You can also share your lists with others and see what others deem useful enough to bookmark too. I'm certainly going to put the bookmarks I have setup on my home PCs onto my bookmark list!

Effective C#

Bill Wagner is a fellow Regional Director, and a pretty smart guy. He's just published a neat book, Effective C#, which has finally made it to the top of my 'must read' pile. This book contains great tips on how to write beter code - and also how to design better under .NET.

The book is divided into 6 logical sections (e.g. C# Language Elements, .NET Resource Management, etc). In each section you'll find a series of essays, each discussing a particular issue in C#. Each essay provides a clear explanation of the issue, offers the programmer alternatives, and shows how to write the most effective code. The tone is very rational - just the facts, with no emotion to cloud the reader's judgment.

Now, I'm not a programmer, and can only do really simple things in C#, so many of the topics in this book are beyond me. Even though I'm not the target audience, I found it a great read. I sure learned a lot!

Is Free NT Support From Microsoft Dead?

The answer to this question is that it's totally dead. Take a look at Microsoft Security Bulletin MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834).

The first two litems of software are NT4, and contain links to the necessary patches. While I think it's a great thing that MS is still keeping NT4 users patched, I really thought that NT4 was beyond the stage of free security patches.

The World's Longest Alphabetical Email Address

This is a bit of fun, and one potential way to avoid getting spammed. The idea behine AbcdefghijklmnopqrstuvwxyzAbcdefghijklmnopqrstuvwxyzAbcdefghijk.com - The World's Longest Alphabetical Email Address is that you have a really, really, really long email address! The basic free account is free, supported by ads - and with Firefox and Adblock, the experience is quite good.

Security MVP

I got a nice email this week from Microsoft, which said I've been selected to be a Security MVP (over and above my MVP award for Software Distribution). This is pretty cool. For more information about the Security MVPs see the IT Pro Security Community page.

Get Ready for February Microsoft Patches

The relentless battle against bugs continues, and this month, there are a number of patches being distributed. These include the following

• 9 Microsoft Security Bulletins affecting Microsoft Windows. At least one of these is Critical and some of these updates require a restart.
• 1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. This is moderate and may require a restart.
• 1 Microsoft Security Bulletin affecting Microsoft .NET Framework. Rated as important, the update requires a restart.
• 1 Microsoft Security Bulletin affecting Microsoft Office and Visual Studio. Rated Critical, this update requires a restart.
• 1 Microsoft Security Bulletin affecting Microsoft Windows, Windows
• Media Player, and MSN Messenger. This is rated as Critical and requires a restart.

WHEW! Start planning now! And thanks to Susan Bradley. MVP Extroriainre, for the heads up on these.

Windows Update Service Name Change?

Microsoft's Windows Update Service is working it's way through it's stabalising phase. Beta 2 was out last November, an RC is due in the next few months, and RTM planned late this half (ie by the end of June). One issue that's been noted with the prodcut is the name. WUS simply is a bad name (aside from the sound of the name when spoken sounding sub-optminal and highly mockable) because it's not a Windows Update Service. It's a Software Update service, initially updating Windows, Office, SQL, Exchange. It also does more than just update software - since in theory at lests, updates to DDKs/SDKs etc could ge shipped vis WUS.

With WUS (or whatever it's called) being a key security product in the small to medium business sector for the coming few years, it's important to get the name right. Every product should pass the Ronseal test: it should do what it says on the tin. By comparion SBS passes this test with flying colours - it's THE small busines server product - a product for small businesses. WUS, on the other hand, fails.

Whatever the name change, there are some changes coming, providing useful improvements over features in the public beta. I'm looking forward to the RC, and putting the product through it's paces. It's also worth remembereing that the beta is not planned to be upgradeable to RTM (and probably not upgradeable to the RC), something that may deter some small businesses testing the beta.

For more on WUS, see the WUS Wiki: http://wus.editme.com