Details of IIS7 begin to emerge

Like Robert McLaws, I've seen IIS7 a couple of times over the past few months, but could not disclose much about it. But now the lid's off, and some folks have started! See href="http://www.longhornblogs.com/robert/archive/2005/05/25/14114.aspx">Robert McLaws blogs about IIS7 for more on IIS7. I agree that it is looking very cool.

Microsoft Delivers New Tools to Help Reduce Spam

Microsoft yesterday announced new toosl to help reduce spam. First, there's the MSN Postmaster web site, http://postmaster.msn.com/ which was "developed to give bulk e-mailers/senders, ISPs, e-mail service providers (ESPs), postmasters, and domain administrators a location to learn more about issues and solutions related to sending communications to MSN Hotmail consumers."

The second feature is known as Smart Network Data Services, (SNDS). SNDS generates reports on the mail traffic that is sent to MSN Hotmail and Hotmail customers. This can help an ISP, for example, to deteming the volume of e-mail being sent from its IP space to MSN Hotmail, how that e-mail is impacted by MSN Hotmail spam filtering, and what percentage of its e-mail has been marked as spam by MSN Hotmail and MSN customers. This can help the ISP to take appropriate action in cases of zombies, or spammers using their network to send bulk spam.

PC Pro: News: Vodafone introduces revolutionary 'simple' mobile phone

PC Pro reports that Vodafone introduces a revolutionary 'simple' mobile phone. It's just a phone. It's not a PDA, not a mini-laptop, not a mini-tv. It's a phone. What a concept - a phone that's just a phone!

Phone Bill Traps Man

In USA Today, there is a report of a man trapped overnight in a lift due to nonpayment of a phone bill. The man was working in a government building over the weekend, went to the lift which broke down and he became stuck. The emergency phone did not work because the phone bill had not been paid. And the emergency bell wasn't much good since there was no one in the building to hear it. He eventually got out when a cleanign crew arrived

Not a great way to spend the evening. But it does drive home the importance of paying your bills on time. As it turns out, the phone company appears partly at fault as they sent the bill to the wrong place.

Google Toolbar 3.0 beta

A beta for the latest version of the Google tool bar has been released as a web download (just over 500kb). PC magazine has a review of the beta which looks nice! When I used IE as my main browser I found the Google tool bar a great add-in, but as I now mainly use FireFox, this tool bar, which is IE only, is less useful. ill, it's nice that there are some nice new features. One I especially like is the spell checker for web forms. When I do blog entries for http://securitybiz.blog.co.uk, for example, their web based blog engine has no spell checker, so the spell checker would be useful.

This blog has had a fair number of mentions about Google lately. I guess that's because they are constantly pumping out cool stuff. Google certainly is doing some interesting things. It's no wonder MS is a little nervous about them.

And Speaking of Google

Google's featured a lot in this blog of late. It's not really intentional, maybe it's because they're doing interesting things. The Google story on Forbes Magazine's site is very interesting. It gives some insight into Microsoft's battle in the search engine space. It's quite a long article, but worth the read.

Google's famed chef leaving

Life must be hard for Google Employees. Silicon Beat reportrs that Google's famed chef is leaving.

Google's Portal Page

Google's experimental Portal Page is good enough for your home page. Released earlier this week, the /ig page provides you with a good browser home page. It appears like the world and her brother have blogged this - so if you haven't seen it yet, head over and check it out. Most of the features, however, appear to be US only (e.g weather requries a US zip code, etc).

Calypso Wireless Dual Mode WiFi-GPRS Phones to be distributed in the UK

Now this sounds incredibly cool - a handset that will switch seamlesslly between GPRS and WLAN. BUSINESS WIRE reports that US company Calypso Wireless, Inc has done a deal with Franc Telecom, Ltd. to distribute real time two way video conferencing broadband WiFi-GSM/GPRS mobile telephones in the UK by the 4th quarter of this year.

I want one!

Format Utility for USB Drive from HP

HP have released a Windows-based Format Utility for HP Drive Key or DiskOnKey USB Device to make the drive bootable. It works on other USB sticks too!

GMail Drive Shell Extension

This utterly cool powertoy, GMail Drive shell extension 1.0.5, creates a new drive on your system, mapped to your gmail account. You can now store up to you 2gb limit on line for free.

And you think your job is bad?

I came across the My Worst Call of the Day blog today. The writer is a custoemr service rep and has some incredibly, umm, "interesting" callers.

60 companies want to wire up the Tube

The Register reports that 60 companies want to wire up the London Underground. The only place in London where you don't here those awful Nokia ring tones - but not for long.

ServerMask: Improve IIS Security

One feature of IIS that has often been requested is some way of removing all traces of the server version. If you surf to www.psp.co.uk, the server rather gives away what version of IIS is running. Doing a get on my site produces, inter alia, the following headers:

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET

Knowing that this site is runing IIS 5 tells the potential cracker a lot about the OS that's runnning (i.e. Windows 2000) and therefore what attacks may work, or which do not work on that platform.

Port80's ServerMask product strips off the banners indicating what version of IIS you are running. Which in turn just adds another layer of protection to your defense in depth strategy.

Phishers Tell the Truth!

Several pieces of phish/spam hit my email box today - with perhaps the most truthful subject line I've seen in a long time: "We just offer to you take your MONEY!" Yup - were I to go to their phishing site, all they can offer me is to take my money! I wonder how many suckers they'll get on this one?

Two More QA Bloggers

I'm pleased to see two of my QA coleagues are now blogging. James Winters, for his sins is into Java but also .NET, has just started a blog, entitled Architect or Cobbler? James joins QA Principal Technolgist David Wheeler who also publishes a blog titled .NET and other stories.

Both blogs are pretty developer oriented, and require the reader to be able to read a bit of code! James has started looking at Indigo, while Dave is writing longer pieces on (at the moment) Windows Forms. Interesting reading!

Paint.NET - A free image and photo manipulation program

Tue latest update to Paint.NET has just been released. It's available for free download under the MIT License.

256GB Ram Chips

I can't tell if this is just an April Fool's joke, or real - but idea of 256GB NON-VOLITILE RAM chips is pretty neat. It's more than large enough to replace a hard disk - and just think of the potential battery life without the hard disk spinning.

But take a look at the two laptops the company has announced:an ultra lite Tablet pc that sounds a bit too good to be true: 100GB/256GB AtomChip NVRAM and Storage, 4.0GHz AtomChip CPU, 8.9" 16:9 wide view color TOSHIBA LTPS TFT LCD with (32-bit) 1024 x 600 (XGA-W ) high resolution display, with tablet capabilities. There's a slighly larger laptop with similar specc although a small-ish screen (but with all the other goodies one could want). The site does not appear to display prices so no idea on that.

WPA2 comes to Windows XP

As most IT Pros know, Wireless Encryption Protocol (WEP) as originally designed is not very secure. While better than nothing, it's not a great deal better and is easily cracked. In a great Cable Guy article, The Cable Guy (aka Joe Davies) explains WPA2 in the latest installment of his monthly TechNet column. A great introduction to WPA2. And there's an update to Windows XPSP2 to allow you to use WPA2.

[later]

I agree with the point Barry makes in the comments: you need up to date drivers for your network cards. Not all manufacturers are totally up to speed.

Online Communities - Myth or Reality?

The eLearning network are holding a conference on On-Line Communities. Lorna Williamson, from Microsoft, is one of the speakers and I'll be on stage as part of her presentation, discusising the MVP programme. For more information on the conference, see the eLearning Network future conference page.

Foxpro 1.04

On May 9th, Mozilla issued a security advisory citing two critical flaws in Firefox 1.03 (the shipping version). An updated version 1.04 is now available from the FireFox download page. If you run FireFox, upgrade now!

WinDirStat - a tool for looking at directories

Thanks to a post over on Benjaman Mitchel's blog, I took a look at WinDirStat. A pretty cool program that looks through the folders on a volume and displays the results in traditional directory listing format, but also as set of prettily coloured rectangles sized according to the size of the actual folder. THis is shown on Ben's blog (I'd include a picture here, but it's huge!).

Private IM and Blogs for Teams

Combine the concepts of communities, blogging, IM and outsourcing, blend in a bit of small project ethos, and you might come up with ubergroups.com - On-demand IM and blogs for teams, as they style themselves.

The idea is that a group shares a privte IM and blog space. The blogs can be the ideas one team member has for his/her area, some sample code. I've not played with it, but I imagine that with a little customisation, blogs could even be spec or actual code repositories. There are adhoc and permanent chat rooms - with logs that can be used to document agreement on some action or other, or just for other folks to look at (e.g. for compliance). Team members can be around the globe and need no client software aside from a browser that can do SSL. All traffic to ubergroups is based on 128-bit SSL, with a Thawate cert.

Having had a play, the fim seems based in the US, on the west coast. There seems no option to adjust the time zone. Speed is not too bad, but the features do appear a bit on the light side. Cost, for works at a $5/user per month (for 11+ users ), and a bit less for fewer users. See their pricing page for details.

UK Security Blog

A new security business blog: http://securitybiz.blog.co.uk. Comments?

Microsoft makeover gives Longhorn a red face

I hope this is a joke, but over at Silicon.com, Jo Best reports that Microsoft has given Longhorn a red face. I suppose that's one way to get rid of Blue Screens Of Death. See a picture here and read Mary Jo's take here.

MBSA 2.0 Web Cast

MS has announced both the MBSA 2.0 beta, but has also announced a MBSA Webcast. Sadly, it's at 11:00 Redmond time, which means 19:00 here in the UK, but the web cast should be available for download later.

Locking Down Devices

In two blog entries (here and here), I described the issues and one small solution, to the problem of removable device security. And Mitch Tulloch also wrote about the basic issue.

My original article was about the issues of locking down USB devices, which I thought at the time was key issue. But actually, the issues over portable devices extend beyond just USB thumb drives - it includes access to floppy disks, wi/fi devices, serial/parallell/usb/firewire ports, etc - anything a user can plug in. The question is how do you restrict people who shoudn't use external devices from doing so, while allowing those who should to have only their appropriate access? It's one more security nightmare, especially as Mitch points out, if XP has a driver for the device, an unprivaleged user can simply plug it in and away they go.

In a blog article for the UK Security Business Blog, I took a look at one solution: Ecora's DeviceLock. It has an Auditing Capability to audit user activity for a particular device type, a nice management tool, Group Policy integration and the ability to communicate through the firewall. The costs are $35/host (based on 1-49 hosts, off the US web site - UK firms would presumably need to add VAT). I assume deals can be done for larger numbers, or multinationals, etc.

Interestingly, after posting this article, I discovered another product called DeviceLock from a company called Slimline, the author of the product sold by Ecora. And for more information, TechRepublic has an on-line review of this product. From my quick calculations, the prices on SlimLine's web site are lower than Ecora's.

Pingback: http://www.blog.co.uk/main/htsrv/trackback.php/19806

Auditor Live-CD

As noted in a recent blog entry, I've been playing around with some Linux-based live-cds (CDs you can boot from without having to install Linux on your machine). Auditor is one live cd I downloaded and ran up on my Dell Inspiron 8600. I used a Toshiba PCMCIA (orinoco gold) card and within a few minutes, I had kismet up and running and sniffing traffic and could also use many of the other tools. Sadly, I can't seem to get Auditor to run on my old Dell Lattitude.

Auditor is based on Knoppix, and contains over 300 security tools, including kismet, air crack and many others. The authors have also set up some forums for support and guidance on the tool set. All in all, a pretty cool set of tools that work out of the box!

Security "LiveCDs"

The Register has an interesting article entitled Live CD paradise which describes the growing number of Linux LiveCDs - bootable Linux images. The cool thing about some of the security focused LiveCDs is is that they contain a huge array of security tools all one simple package. And as the CDs are bootable, you can run them directly on your laptop (or desktop) without having to load any OS software. You can find a full list of Live CDs at The Live CD List, which shows hundreds of ditros you can download and use pretty much immediately. Sixteen of the listed downloads are security related.

The Register's article discusses 5 separate security LiveCDs, including Knoppix and Auditor. According to the Register's article, Audiotr comes complete with working wireless sniffing tools (e.g. Kismet) that work out of the box - just boot your CD and so long as your wireless card is supported you can start sniffing. As soon as I've downloaded this CD, I'll be testing it out!

Ads On Blogs

I've been working with Google's AdSense programme over the past few days. As eagle-eyed readers might have noticed, I've changed the left hand column on the blog, and have added a Google Search Bar and a set of 4 simple text ads. The intention is not to make money - I'm not allowed to tell you how lucrative or otherwise Google AdSense is anyway. Rather, my intention is to experiment with the medium and see how well it works (or not). I'm also interested in how well the ads match up in a web log (since the latter changes hopefuly on a fairly regular basis). I'd welcome comments by mail to tfl-google@psp.co.uk.

The Flying Unix Blog - Go Alina!

Alina, one of my most valued colleges, has started up her Flying Unix blog. As a Unix person who flys light aeroplanes, I understand her blog title but others might not!

In her latest article Good for you, Amazon Alina points out a book she bought for information on Solaris 10 that was less than satisfactory, and what Amazon did in response. Good for you Alina - in pointing out where the upgrade was covered more in the title page than anywhere, and good for Amazon to deal with a poor book.

For Those Paranoid About Wireless

In many buildings I've visited in London, Manchester and Edinburgh, I've found one or more wireless networks belonging to firms other than the one I was visiting. I've also found any number of wide open private wireless networks scattered around the place. In my own firm's head office, just outside the Chairman's office, I regularly see a network belonging to another firm. These other networks my laptop can see are, in the main, "protected" by the use of WEP, but some are wide open (or have a WEP key the same as the SSID). And with a bit of web suring, you might discover that certain firms have a standard SSID and WEP key for all their sites, which makes getting onto these networks trivial when you can stand outside and just leech the signal. In additon to the 802.11 networks, there are also bluetooth devices andd IR based devices in a number of public or semi public areas that are also potentially vulnerable.

So what's to be done? Several things really. First, as far as 802.11 goes, you should be investing in more advanced wireless security products as well as the use of smart cards, etc. WEP is easy to crack for the dedicated hacker who loads up a Linux laptop, and uses readily available tools. And since most firms using standard WEP are not likely to change WEP keys that often, WEP really is not adequate for preventing much more than casual usage attempts. For a look at the tools available, or perhaps to scare yourself silly as to how easy this might be, Google is your friend.

The use of WPA etc, make cracking 802.11 networks harder, but if you can avoid any RF signal from entering or leaving your site, you reduce if not emiminate the risks from the passer by attacker. A US firm, Force Field Wireless has several products aimed at helping you to reduce the RF emisions. Their DefendAir Radio Shield paint, or your own paint mixed with Paint Additive, reduces the RF transmission through any paintable surface. With a few coats, you get little or no useful RF emsssions through walls, ceilings, etc. This might be an ideal product for use in a board room - although remember that the RF spectrum that is eliminated includes cell phones! And an office with no cell phones ringing is not all bad.

For the even more paranoid, a UK firm, Glasslock has special glass to reduce the the risk of evedropping via the glass.

These things are not a particularly cheap way of doing things. The paint additive is US$34.95 enough to mix with 1 gallon of your own paint, or buy ready mixed paint at US$69.95/US Gallon (128 fl oz). But there are places and uses for these things. And besides, even if you aren't paranoid, they're probably still out there looking to get to you, your network and your data.

Free Fonts

The FontShop regularly features some free fonts you can download. From their Fre Fonts page, you can download several free fonts. Today the fonts include: Arnhem Bold (a nice bold serifed font), FF Nexus Sans Bold (a gold sans serifed font), Blackcurrant Cameo (a cute font but not for every day use) and FF Dingbests (a selectio of dignbap fonts - pictograms that can ve useful in a variety of communicatios).

FireFox Passes 50 Million Downloads

When I rebuilt my laptop after a hardware refresh, I added the TickerFox extension - a download counter odometer extension. This extensions adds a counter of the number of downlaods to date of FireFox. I noticed this afternoon, the counter has hit 50 million. And in the time it took me to write this entry, another 2 thousand downloads occured (sorry for such slow typing). WOW!

Patch Management Best Practices E-book

For those wanting to know more about the best practices in patch management, Ecora has a free electronic book Patch Management Best Practices E-book which you can download. Written by Anne Stanton and Susan Bradley this is a great read for anyone tasked with making patch managemenet happen in their organisation.

I'm going to TechEd US!

I got a nice email last week that said "The MCT Community has spoken, and your session, MSF and MOF: What Is It, and Why Should an MCT Care?? has been selected as a breakout session in the MCT track at TechEd 2005. In addition, you have been selected to represent the community as an MCT Ambassador at the TechEd Track Cabanas. Now all I have to do is find a hotel!

Windows Server R2 Beta 2 Gets A Lot Closer

As reported by Mary Jo, in an eWeek article titled Microsoft Delivers Windows Server R2 Beta 2, the release of R2 comes a little closer.

For me, R2 is one of the best secrets around - hardly anyone seems to have heard of it. Thus far this calender ear, I've had very, very few delegates who've even heard of R2, let alone had seen it, or had much awareness of what it was and would do. I'm downloading B2 now, and hope to have a small new forest built with it by the end of the weekend!

Windows Installer 3.1 is available

The latest version of the Windows Installe, Windows Installer 3.1 is available for download from Microsoft.

VMware Workstation 5.0 ships

VMware have now shipped VMware Workstation 5.0. For more details on what's in this new version: see the VMware Workstation 5.0 home page.

I've had the various beta and release candidate drops running here for some time with fantastic stability, and great performance. All in all, a nice product and a big improvement over 4.5.

Mounting ISO files virtually

Like many MSDN customers, I have a large on-line collection of ISO images of most MS products, for installation onto my test networks. They work great for Virtual Machines - you can just mount the ISO as easily as putting a real CD/DVD into a physical drive.

MS released a cool tool to beta testers years ago called VCD (Virtual CD), which allows you to mount the ISO into your real system. I always thought it was a beta-only release - thanks to a pointer from fellow MVP Duncan McAlynn's blog, it looks likle MS have released it on the download site.

This is one of those "must have" tools in every admins tool box.

The download is an self extracting .exe and contains three files. There's a short readme.txt file, plus a front end (VCdControlTool.exe) and a driver (VcdRom.sys). Naturally, you need the appropriate rights to load drivers in order to use VCD.

Visual Studio Hosted Labs

Microsoft has opened the Visual Studio Hosted Experience where you can do free hands on labs with the latest VS/Yukon technology. Cool!

Mistakes in Articles

I hate it when I read a magazine article that contains mistakes. And I hate it even more when it's my article that is in error. Sadly, although we try, writers do occasionally get it wrong. That happened recently to me - the March edition of Service Management Magazine contains an article about Beta 2 of WUS (Windows Update Service) with 3 minor errors. I wrote the article back in early December, just after WUS B2 was released before I'd really had a chance to really play with it in anger. Since then,the product has been renamed Windows Server Update Service (WSUS) and an improved release candidate for WSUS has been released (and I've filed a bunch of bug reports {grin}). The product has moved on a great deal - and for the better.

I've had a strong mail from Jason Leznek, a Product Manager for WSUS at Microsoft who is "concerned over the inaccuracies" in the article. He also demands that the mistakes get put right as quickly as possible. Since magazine articles are written a long time in advance (the WUS article that appeared mid-March was completed in early December '04), getting the errors corrected in the print edition is going to take some time. In the meanwhile, I'm happy to post these corrections both here in my blog and in the WSUS newsgroups.

There were three relatively trivial errors contained in the article:

1. The article suggested that SQL suport was not included in WSUS. SQL is supported and I've seen two SQL patches already. But since installing one of them (MS03-031) my ISA Server firewall service no longer starts up automatically. Exchange is also meant to be supported in WSUS, but I've see no Exchange patches yet and the Windows Server 2003 SP1 update has also not been seen yet. While I still can't understand why MS won't suport ALL main stream MS products with this first release (aside from sheer inertia), but that's the way it is.

2. The article incorrectly stated that the WSUS was not supported on the Windows Server 2003 Web edition. Web Edition is supported, although there are some minor restrictions for its use. See http://www.wsuswiki.com/WSUSRestritionsWith2k3Web for more details on using the Web edition for WSUS.

3. MS also are unhappy at my view that WSUS is not AD integrated. Jason points out that the Automatic Update client can get WSUS configuration from a Group Policy setting, for those computers that are members of an AD domain. So he's right, byut up to a point. The WSUS server itself, however, is unaware of the AD. This means WSUS target groups are not obtained from AD, for example - the WSUS administator has to create them manually. Additionally, the WSUS server does not get it's list of machines from the Active Directory - WSUS only knows about those machines that have made a connection. This means that in a larger domain environment it's more difficult to determine which machines have never contacted the WSUS server and are therefore potentially unpatched - and initial client remediaion remains a deployment issue for larger organisations. So while the AD client is AD aware, the server isn't - I can't really say that WSUS is AD-integrated the way that, for example, ISA Server or Exchange is.

Having made these mistakes, the real question is whether I still feel that WSUS is a good product? Basically yes, although my enthusiasm is certainly not quite as high as it was earlier. WSUS is not as easy to use as I'd have liked, and client remdiation still seems to be an issue (although the clientdiag.exe shipped with the RC does indeed help to resolve most of the easy issues). One example of usability issues I've seen us an AU client (which happens to be my mail server that is otherwise running just fine) which has registered with the WSUS server but has never picked up updates from WSUS. There's no error messages in WSUS, and the client diagnostic tool fails. I certainly feel some empathy for admins who want this to be a simple, simple, simple product. Maybe that's a point though - patching is not simple. But even so, WSUS is not as simple a product as I'd have liked. Another example of lack of ease of use of WSUS concerns the April updates, released yesterday - which I've just finished installing on my test network. In all the communication material I've seen from MS in the past 24 hours, each update is titled with the MSRC ID, e.g MS05-19, MS05-20, etc. However the titles of the updates issued to WSUS only use KB numbers, with the MSRC ids burried in the update's detail pages (which is slow to bring up). While you can open each patch individually, and work out the MSRC number, this is harder than it should be. Some more joined up thinking and communication about these updates sure would be useful, or the abilitiy to add columns to the UI.

So should you go for WSUS? For smaller, all MS environments, it's appropriate, especially since WSUS is a free tool and it's miles better than SUS which it replaces. For larger larger either all or mostly-all Microsoft environents, SMS is propbably a better bet - it delivers a lot more functionality (albeit at a price) and the remediation approaches are well understood in the community. And for more heterogenous environements, you may need to either run multiple products (using WSUS for your Windows systems or look at some of the 3rd party tools on the market since support for non-MS products and services is not included in WSUS and there are no formal released plans, thus far, for this to happen (at least that I'm aware of!). And if you do decide to take WSUS, be prepared for some up front work to get it up and running.

And finally - an apology for the mistakes made in the article. I'll try to get the next article proofread and edited better.

Interesting Blog Comments

I'm just back from a few days away and I got a rather rude shock in my mail - a copy of a somewhat snide comment posted to this blog. I noted last Thursday that the WSUS Wiki had moved to a new site and had some new content. Someone posted a complaint about critical comments being removed, and wondereing if the WSUS Wiki would be be handled the same way.

I've got no real idea what this comment is on about, although I think it's referring to a comment in an earlier posting regarding the WSUS RC. I subsequently made some updates to the blog entry as I was about to head off (and have tonight clarified things a bit more). But as the complaint is not clear, I can't tell. For the record, I made an error in a blog entry - and that was put right last week.

As to be expected, there has been a tremendous amount of updating of the WSUS Wiki, based on the RC. I'm sure comments have been modified in the light of both the RC and (for my part at least) a better understanding of what the WSUS team is doing with their product. I sincerely hope that the wiki will be accurate and correctly focused and that when errors are made they are corrected quicly and appropriately.

I don't mind getting critical comments here. When I get it wrong, I try to make it right and fix the issue. But it does really rather annoy me when I get comments and mails (like this one) from users who feel they can remain anonymous. Microsoft employees really should know better.

So if you have a point to make, or want to correct an error or make any sort of comment, then be honest and use your name. Better yet, email me privately at tfl@psp.co.uk and I'll be very happy to fix any errors made here.

I never really could understand why folks turn off blog comments - till now.

50K Visitors AND a new name for the site

With the release of the WSUS RC, the WSUS Wiki has been reborn, nopt only with new content reflecting the RC, but also a new site: WSUS - Windows Server Update Services Wiki.

Microsoft ships Windows Server 2003 SP1

SP1 for Windows Server 2003 has now shiped as noted in this story from vunet.com entitled "Microsoft releases Windows Server 2003 SP1".

The SP1 home page is at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx, and you can get the SP from http://tinyurl.com/4kja2.

If you are using SBS, I'd recommend you NOT install this SP, but wait for the SBS version of the service pack.

Gates buys into $400m aircraft start-up - silicon.com

According to this silicon.com article, Bill Gates has bought into a $400m aircraft start-up .

It puts a whole new meaning on the slogan "Where do you want to go today"!

WSUS RC1 is shipping

As of 16:00 today GMT, Microsoft is shipping the latest beta of it's free update service now known as Windows Server Update Services (aka WSUS). WSUS represents a big improvement over SUS and WUS Beta 2. Although the name is still a curiosity, it's an important step on the road on the path to a better patch experience for users. I'll post more details, and comments as soon as I've finished the installation!

See the now updated WSUS site at http://www.microsoft.com/wsus or go to the WSUS Wiki.

[update - 3 April]

The comments to this entry (below) relate to an error I made in posting this article. When I first installed WSUS, there were no updates listed for Exchange or SQL (hence the earlier comment - done before the very long synch process). But after the first synch, they did in fact appear. This is possibly confusing to new admins, but understandable. Thus far, I've not seen any actual updates offered for these products, but I've been away a bit and have not had much testing time to put in. I would be very pleased to see Microsoft come out with more details on precisely how the applications (Exchange, etc) are to be handled.

Same Mag - New Name

Perhaps I should sub-title this "what I do in my spare time for fun"! I've been writing for the same magazine for coming up to 6 years. Well, I say the same magazine, except it has had several owners and several titles over the years. I started (in August 1999) as a regular columnist for Back Office Magazine. This esteemed title became Enterprise Server Magazine (ESM) where I was Windows Editor (and occasional feature writer). From the start of this year, we've had another name change - to Server Management magazine.

Get more information about Server Management magazine and its focus from the media information page. The magazine is print only, and is free to a controlled subscription list for UK subscribers (or you can pay for delivery to foreign countries). To subscribe, see the on line subscription page.

Tension in Open Source Land - Etomite Discontinued

Many Open Source (or Free Software) advocates paint a rosy picture of community developed software. The idea of hundreds of developers around the world, devoting their time free to develop outstanding software is a noble one. And one that sometimes pays off. Some of the OSS/FS I've seen has been pretty darned good, and you can't beat the price! For example, I'm using WIX for building installation programs for example - it's just plain better than any other tool I've found for developng the relatively simple MSIs I need.

But is this rosy picture a true reflection of what actually happens in all open source projects? Does a "great idea" suddenly create a vibrant and giving community from which everyone benefits? And what happens when the developers of an open source project want to take it to the next level and actually want to make some money out of their labour? For at least one answer, take a look at the post from Alex announcing that Etomite (an open source content management project) is being discontinued

I've not used Etomite personally, but my good MVP buddy Scott Korman (he of www.susserver.com fame) does. Scott was planning on using it for a new community venture - then out of the blue came the news that the project was being discontinued. It was a blow to Scott, since Etmoite was a good tool for his requirements. We were both struck by some of the observations made by Alex about his reasons for discontinuing the project.

Alex certainly is angry. His efforts have resulted in an almost derisory level of contrubutions (US$300) and he's also seen folks just plain rip off his code. I suppose the final insult is finding his own forums being used to slag him off. While the picture painted by Alex is not entirely negative, it must make some folks wonder if it's all worth it. Some parts of the community may dislike big software vendors, it's almost fashionable to hate Microsoft. But at least you know where you stand with them.

WMIC Samples from John Howard

John Howard is a Microsoft IT Pro Evangelist from the UK, and he's posted some cool and useful WMIC Samples.

UK Government's Security Awareness Site is Launched

The UK Government has just launched a new security awareness site. ITsafe.gov.uk is "designed to provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack. It consists of both the Advice on this website, and a low-volume Alerting Service."

This site is a part of the Government and business partnership programme Project Endurance, which is being funded by a number of commercial organisations and government departments/agencies. See here for ITsafe's partner list.

Thus far, the site is not overly compelling although this will improve with time. The information is limited and the site design requires a lot of server hits - the amount of information returned from each hit is limited. Content wise, the site is very new - there are no security alerts, no security advisories, and only two "other" advisories (one relating to a buffer overflow issue with Trend AntiVirus software and the other a FireFox vulnerability). The amount of information that is displayed for each issue is also limited, although links to more information are provided.

Despite these minor grumbles, this is a a great start to Project Endurance. You can sign up to receive ITsafe bulletins by email by going here. One nice touch with the sign up - the signup form asks for an itsafe word. This word is then added to the subject heading in the email - highly useful for filtering purposes. It would also reduce the risk of phishing attacks allegedly coming from itsafe.

For more security links, see Technorati's Security page.

VMware Workstation 5 Public Beta

VMware has now released a public beta of VMware Workstation Version 5.0. Visit the VMware Workstation 5 Beta site and download your copy today!

Features in the beta that I like include:

* Multiple snapshot and snapshot management capabilities--for capturing and managing multiple configurations

* Teams feature--for managing connected virtual machines and simulating "real world" multi-tier configurations

* Cloning functionality--for copying virtual machines and sharing them with colleagues. This includes the ability to convert a VPC VM into a VMware Workstation VM! * Improved USB support - just about everything's supported inside a guest. * Support for 32-bit and 64-bit hardware. * NX bit support - the VMware "hardware" now supports this bit, for OSs that can make use of it (e.g. XPSP2, Server2k3SP1).

The beta is a LOT quicker to save and restore VMs. I run (for better or worse) my mail server inside a VMware VM using VMware 5.0, and this VM is run from my main workstation (a nice dual proc Xeon box). Since I am regularly rebooting my workstation, I also have to save and then restore the mail server - which now takes just seconds. For a fuller set of details on what's in VMware Workstation 5.0, see the beta page on VMware's web site.

So does VMware 5.0 stack up against VPC 2004? The the current version of Vmware has more features than VPC already. VMware 5.0 adds many useful and important features that power users will appreciate, thus widening the feature gap. I've not seen pricing yet, so I can't comment on that yet!

So where does that leave VPC? Well, being a Microsoft product, it is less less expensive than the competition, and has fewer features. BUt, it is fully supported by Microsoft. VPC is aimed at corporate customers who do not want to have to deal with potential support issues arising from using MS OSs inside a VM, and customers not needing the extra features. VPC is ideal for desktop Windows XP user who needs to run applications that are only work in earlier versions of Windows. VPC is also a very valuable tool for Microsoft demo warriors and trainers (who get VPC VMs from Microsoft!).

At the end of the day, I'll end up using both products. I've got, for example, a set of fantastic ISA Server Enterprise Edition labs which will stay as VPC VMs, while my mail server will continue to run in VMware. As an MCT, most of training courses I run these days run either in part or in whole using VPC VMs. VMware is a much heavier duty product, with a higher spec - I think of it as the 'workstation' vs 'pc' type product. I'll continue to use it at home and in those cases whe the extra featues are needed.

VMware rocks!!

Microsoft Application Compatibility Toolkit 4.0

Application compatibilty is a major issue for almost all desktop deployments. To put it simply, if you don't have compatible applicaitons, you don't have a deployment. There are a few major areas where application compatibility can be an issue: Setup, and kernel mode drivers beign two of many. Far too many setup applications are baddly written to look to see if the OS is windows 95, and fail to install if not (even thought the app will happily run on XP!). These and loads of other issues can be remediated, but it does take time and effort.

However, some issues can not be easily fixed or even fixed at all. For example, applications that come with .VXD kernel mode drivers (for win9x). These do not work in the NT versions of Windows. In such a case, you either stick with Winoows 9x (possibly running your App within a virtual machine running 9x), or get a newer version of the applicaiton or the driver for one that runs on 2000/XP/2003.

Application comptability has been a major focus of MS for some time, and they've done some great work, to some degre behind the scenes - application compatibity is an OS feature and is used often without you even knowing it - automatically fixing applications. as a result of this work, MS has also produced Application Compatibility Toolkit, which contains tools and documentation to assist you in remediating most, if not all compatibilitly issues. Many issues can be remediated by using the toolkit. The toolkit enables you to apply individual fixes to an application and test the results. Once you fix the application, you can create custom application compatibility database (an SDB file). By using sdbinst.exe, you install that sdb to your system and from then on, every time the application runs, it gets properly dealt with at run time. It's dead cool stuff - and I suspect most users, and most admins are blissfully unaware of it!

A revised version of the application compatibility toolkit, version 4.0, is in the works - and should be due anytime soon. MS is now adveretising the TechNet Support WebCast: How to use Microsoft Application Compatibility Toolkit 4.0 to manage application compatibility on Microsoft Windows. If you are doing deployment, I'd advise taking a look at this webcast.

Work Your Proper Hours Day - Friday 25th February 2005

Here in the UK, the TUC has declared today as Work Your Proper Hours Day.

Changes in Windows XP Product Activation

Based on a blog entry over at Aviran's Place Microsoft is planning further changes changes in Windows XP Product Activation. From the end of the week, Microsoft is plannign on diabling the internet activation process for OEM versions of Windows. From the article,it appears that MS will require anyone wanting to re-activate their OEM copy of Windows to contact the activation centre by phone, where the folks will ask you questions. The first phase of this move afects product keys from onlyl the top 20 direct selling OEMs, but no doubt this will become the norm as soon as MS can do it.

For most corporate users, this has no effect at all, since they are using retail or volume licensed copies. What it will hit is the hobbyist, and enthusiast who has bought an OEM box, and wants to re-install the OS. It will be interesting to see how this develops!

Windows XP SP2 AU Block Soon To Be Removed

When Windows XP SP2 was released in August 2004, Microsoft blocked the Windows Automatic Update and Windows Update from automatically serving the SP to all and sundry. Well, this blocking is soon going to end. For organisations that have already updagraded to SP2, this is no big deal - but if you haven't and if you have users that rely on AU - be prepared!

From mail I've had today "Beginning 12 April 2005 this temporarily blocking mechanism will expire and systems with Automatic Update enabled or interactively download SP2 via Windows Update will begin receiving SP2. Note that this is also the scheduled day for the monthly cumulative release of security updates. We strongly encourage customers to take the appropriate steps to implement SP2 deployment decisions by that time.

April patching day is going to be an interesting one!

MBSA 2.0 Beta

Microsoft has now opened the nominations for the beta of MBSA 2.0, the next version of MBSA. MBSA 2.0 is planned to utilise WUS infrastructure for security update scanning. MS wants help to improve the quality of this product and is currently accepting anominations into the MBSA 2.0 beta program.

You can nominate yourself for this beta by going to http://beta.microsoft.com, log into the system using a MS Passport ID. Then use the guest ID of "MBSA20" and complete the survey. If you are seleted, you will be contacted by MS with full details. If you are not selected, there will be a public beta starting late March. My take is to test this tool (and file bugs if you find any!!).

IE7 Here We Come

It appears that MS is listening after all to the noise being generated by Fire Fox. As traffice to this blog shows, Firefox is making real inroads into IE's market share. The hit stats for this blog indicate over 35% usage of Firefox, with IE 6 at 58%.

Bill Gates is using the RSA Security show to announce a new version of IE. To be dubbed IE7, a beta is to be released this summer, with release "when the product is ready". IE7 is meant to be a major release focusing on security and usability. Security issues to be tackled in IE7 include phishing, malware, and spywaare. There is no news yet of precisely what will be in it, but from the demo I saw recently, browsers tabs do seem to be included! :-)

Download Solaris 10 for Free

As reported widely, Sun have started allowing folks to download Solaris 10 for free. It's a big download, which you can get at the Solaris 10 Download Center. There's both X86/x86 imgaes and SPARC images. Both come on either multiple CDs or a DVD. If you opt for the DVD, it comes in several parts that you need to download and combine. I'll post more once I've managed to download the DVD and run up Solaris in a VM.

Great Presentation Tips

Venkatarangan is a fellow Regional Director, and like me gives a lot of presentations. He's written up some great presentation tips. If you are a trainer, or someone who has to present a lot, you'll probably know all these points. It's a great refresher even so!

A neat FireFox Trick

As I noted in a recent blog post, I've been using the Firefox browser as my main browser on my home workstation. This has proved to be successful - I like a lot of the features of the browser (although to be fair, much of what I actually enjoy most comes from 3rd party extensions rather than to firefox itself). One key Firefox feature I do love is tabbed browsing. This enables me to have a single window with a large number of related pages open at once. The update all tabs makes a co-ordinated update of all the pages quick and easy.

It turns out that if you feed Firefox a set of URLs, separated by teh "|" character, FF can open a window, with each page in a separate tab. Going further you can create a desktop short cut, with the shortcut pointing to the "|" delimited string of site names to create a short cut to a tabbed set, all in one window. For some things I do, this is really handy. You all probably knew this, but I thought it was cool. Now all I've got to so is to work out how to save as set of open tabs (opened by manual browsing) as a single shortcut from within FireFox.

On the dangers of blogging

I came across an interesting page this morning: List of fired bloggers, folks whose blog entry or entries got them fired. Does your firm have a policy in place regarding the status of blogging and what can/can not be said? The company I work for currently has no formal policy on blogging. And in the absence of any formal policy, it can be difficult to know what will get you fired. And all too often, as the folks on this page have learned to their cost, some organisations might be said to react in a bizarre way to blog posts.

So, until and unless your organisation adopts a formal policy, you may be better off simply not mentioning the company you work for You should also probably refrain from making jokey comments in your blog about your pointy haired bosses, your lack of email, your having to wear meaningless badges in lieu of having any kind of real security, etc, etc. It's clear that some organisations have had a sense of humour bypass as well as all common sense glands removed.

The del.icio.us Complete Tool Collection

I recently blogged about del.icio.us, a social bookmarking site. I'm finding this a fantastic way to both save and categorise my own bookmarks and to share them with myself and others across across the Internet. To make using del.icio.us easier, see Absolutely Del.icio.us - Complete Tool Collection.

Access Based Directory Enumeration (A Windows Server 2003 SP1 New Feature)

At long last - the feature that every Novel admin wants! In a blogcast entitled Access Based Directory Enumeration (A Windows Server 2003 SP1 New Feature) John howard shows how you can make windows not enumerate folders that the user does not have access to. Cool stuff - available (sans gui sadly) in Windows 2003 SP1. See the blogcast for details on how this work.

The mail bombing from NEMF.COM Continues

As of lunch today, the mail bombing from nemf.com seems to have abated, although I'm still not certain the issue has been resolved. I've now rejected over 22,000 mails from administrator@nemf.com. I've used their website to find out mail addresses of anyone who might be able to help - but this far, nothing. Of course,I'm bouncing all mail from these guys so I may not ever see their apology.

I'm being mailbombed!

I don't quite know what I did to upset someone, but since just before midnight, I've been under a mailbomb attach from 'administrator@nemf.com'. It appears that someone behind this site received mail from the patch management mailing list that I'd submitted earlier. However, the mail filter at nemf.com seemed to have taken exceptoin to my post, and decided it was spam. It's been telling me about it ever since. I had several hundred mails before I managed to get a bounce filter installed. But since then, I've bounced over 10,000 more mails back to them. Right now my mail client seems to be coping, but only just. As I type this, my client is bouncing up to 5 mails a second and the curent backlog is just about 1000 mails yet to download.

If you are the administrator of nemf.com,or know the administrator - could you tell them please to shut off their spam filter till it's a bit more reliable? But if you are the administrator, you'll need to use a different email addres as I've blocked your domain from my site.

The .NET Celebrity Auction for Aceh Aid at IDEP

A group of Microsft Regional Directors auctioned off some of our time to help the relief work in Acheh. We have raised a fair bit of money ($10,183, assuming everyone pays up) which fantastic. Thanks to Stephen Forte for running with this!

Hotmail Stats

While it's possibly fashionable to play down Hotmail, you can't deny it's a big and popuular service. To get some idea of just how big and popular Hotmail has become, head over to A Little Blog - Who knew? for some interesting statistics. Did you know that Hotmail is used in over 220 countries and territories? This is more countried than are recognised by the United Nations!

Anti-adware misses most malware

In a somewhat depressing article entitled Anti-adware misses most malware, Brian Livinston reviews an anti-spyware study conducted by Eric Howes (at the University of Illinois in the US. Another study by the National Cyber Security Alliance suggests that: while 77% Think They Are Safe from Online Threats, in fact, 67% of Computers Lack Current Anti-Virus Software -and 1 in 5 Are Infected with Virus. Worse, 80% of Home Computers are infected with Spyware/Adware. There is clearly a huge perception gap here, with very some obvious security implications for anyone who uses the internet.

But the most interesting thing about Howe's research (and which you can really only discover by reading Livingston's analysis!) is how effective the existing programs actually are - or should I say how INEFFECTIVE. The most effective tool in Howe's tests was Giant AntiSpyware, which has been purchsed by Microsoft. But even this tool fixed less than two thirds of the adware that was installed. As many folks have been saying: you shoudl use more than one product to do spyware detection and removal. Livingston's analysis shows that using Giant plus other tools improves the perccentage of adware fixed (but this still leaves 30% or more of the adware!).

I take three things away from this article: the advertisers (and malware writers) are keeping ahead of the technology (which is scary enough), people are far less secure than they think they are, and while no product is perfect, MS certainly did buy the best of the anti-spyware bunch! The down side of that is that the bad guys are now targeting the MS anti-spyware package!

Beware the .EXE -- Post a PDF Please

I've always been somewhat unhappy about having to download documentation that's packaged via an Exe. I dislike having to run programs picked off the net, especially when they're unsigned and are just documentation. I can sort of see why distributing the original Word document might be sub-optimal.

In an interesting article, Planet PDF makes a great argument for PDF as opposed to .exe files Distributing documentation as PDF (or for the bandwidth challenged, pdf in a zip file) makes so much more sense. As firms begin to use Software Restriction Policies that limit what programs a user can run, there is a need to recondider the 'documentation via .exe' approach. I would hope all large firms that post documentation on the web listen to this argument and take notice!

del.icio.us - social bookmarking

I've been playing a bit with social bookmarking over at del.icio.us. The basic concept behind social bookmarks is that each user posts their own bookmarks, with a description and zero, one or more tags. The tags can be anything meaningful to you as an indexing aide. These bookmark lists are be shared, so you and your colleagues can share bookmarks, for example. You can also see people who have used either the same tags, or the same URL in a book mark. Thus you can find people who might share a common interest and then view bookmark lists.

I've set up my bookmark list at http://del.icio.us/tfl. Right now there's not too many entries (some users have literally thousands of entries!). But I'm sure the list is not goint to remain so small. From my bookmark page, you can see two of my bookmarks, for example, are also bookmarked by other people. You could then browse those individuals and view their bookmark lists (from where you can repeat the process ad infinietunm - or until the data/time runs out!). If on your travels, you find something interesting, you can easily copy it back to your bookmark list.

This is fantastic if you are on the road using a 3rd party terminal, etc. By using del.icio.us, my links are available to me anywhere I could probably use them! You can also share your lists with others and see what others deem useful enough to bookmark too. I'm certainly going to put the bookmarks I have setup on my home PCs onto my bookmark list!

Effective C#

Bill Wagner is a fellow Regional Director, and a pretty smart guy. He's just published a neat book, Effective C#, which has finally made it to the top of my 'must read' pile. This book contains great tips on how to write beter code - and also how to design better under .NET.

The book is divided into 6 logical sections (e.g. C# Language Elements, .NET Resource Management, etc). In each section you'll find a series of essays, each discussing a particular issue in C#. Each essay provides a clear explanation of the issue, offers the programmer alternatives, and shows how to write the most effective code. The tone is very rational - just the facts, with no emotion to cloud the reader's judgment.

Now, I'm not a programmer, and can only do really simple things in C#, so many of the topics in this book are beyond me. Even though I'm not the target audience, I found it a great read. I sure learned a lot!

Is Free NT Support From Microsoft Dead?

The answer to this question is that it's totally dead. Take a look at Microsoft Security Bulletin MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834).

The first two litems of software are NT4, and contain links to the necessary patches. While I think it's a great thing that MS is still keeping NT4 users patched, I really thought that NT4 was beyond the stage of free security patches.

The World's Longest Alphabetical Email Address

This is a bit of fun, and one potential way to avoid getting spammed. The idea behine AbcdefghijklmnopqrstuvwxyzAbcdefghijklmnopqrstuvwxyzAbcdefghijk.com - The World's Longest Alphabetical Email Address is that you have a really, really, really long email address! The basic free account is free, supported by ads - and with Firefox and Adblock, the experience is quite good.

Security MVP

I got a nice email this week from Microsoft, which said I've been selected to be a Security MVP (over and above my MVP award for Software Distribution). This is pretty cool. For more information about the Security MVPs see the IT Pro Security Community page.

Get Ready for February Microsoft Patches

The relentless battle against bugs continues, and this month, there are a number of patches being distributed. These include the following

• 9 Microsoft Security Bulletins affecting Microsoft Windows. At least one of these is Critical and some of these updates require a restart.
• 1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. This is moderate and may require a restart.
• 1 Microsoft Security Bulletin affecting Microsoft .NET Framework. Rated as important, the update requires a restart.
• 1 Microsoft Security Bulletin affecting Microsoft Office and Visual Studio. Rated Critical, this update requires a restart.
• 1 Microsoft Security Bulletin affecting Microsoft Windows, Windows
• Media Player, and MSN Messenger. This is rated as Critical and requires a restart.

WHEW! Start planning now! And thanks to Susan Bradley. MVP Extroriainre, for the heads up on these.

Windows Update Service Name Change?

Microsoft's Windows Update Service is working it's way through it's stabalising phase. Beta 2 was out last November, an RC is due in the next few months, and RTM planned late this half (ie by the end of June). One issue that's been noted with the prodcut is the name. WUS simply is a bad name (aside from the sound of the name when spoken sounding sub-optminal and highly mockable) because it's not a Windows Update Service. It's a Software Update service, initially updating Windows, Office, SQL, Exchange. It also does more than just update software - since in theory at lests, updates to DDKs/SDKs etc could ge shipped vis WUS.

With WUS (or whatever it's called) being a key security product in the small to medium business sector for the coming few years, it's important to get the name right. Every product should pass the Ronseal test: it should do what it says on the tin. By comparion SBS passes this test with flying colours - it's THE small busines server product - a product for small businesses. WUS, on the other hand, fails.

Whatever the name change, there are some changes coming, providing useful improvements over features in the public beta. I'm looking forward to the RC, and putting the product through it's paces. It's also worth remembereing that the beta is not planned to be upgradeable to RTM (and probably not upgradeable to the RC), something that may deter some small businesses testing the beta.

For more on WUS, see the WUS Wiki: http://wus.editme.com

Microsoft: No licence, no Windows updates

Microsoft seems to be pushing ahead with the Genuine Advantage programme, whereby you have to prove you are licensed before you can get updates for your Windows system. The article in Computer Weekley, Microsoft: No licence, no Windows updates describes Microsoft's plans.

I spoke with Joe Petersen, one of the many VPs in the Windows team, on Tuesday night. He described this expansion as a way of rewarding people who had legitimte copies of Windows. I'm just fine with this, however half of my legitimate machines report themeselves as NOT genuine. Joe was aware of this issue, and promised that it would be resolved before MS pushed ahead with Genuine Advantage. I hope so!

BlackBelt Security Webcasts

MS has just announced a Digital BlackBelt Security Webcast Series. This will be several months of detailed drill down into Security "problems and solutions" specifically for developers.

Here's the list:

The Software Security Crisis: Selling Management on the Need to Invest in Secure Software Development (Level 100) Friday, February 4, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-8)

Building an Intentionally Secure Development Process (Level 200) Friday, February 18, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-8)

Security Principals and Guidelines (Level 200) Friday, March 4, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-8)

Protecting Secret Data (Connection Strings, Passwords, etc.) (Level 200) Friday, March 18, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-8)

Defending the Database (Part 1 of 2): The SQL Injection Attack in Detail (Level 300) Friday, April 8, 2005 11:00 A.M.-12:30 P.M. Pacific Time, United States and Canada (UTC- 7)

Defending the Database (Part 2 of 2): Making the Right Design Choices (Level 300) Friday, April 22, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-7)

Beating the Hacker: Don't Let Them Steal Your Code (Level 200) Friday, May 6, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-7)

Social Engineering: and Making Your Software and Mitigating System Vulnerability (Level 200) Friday, May 20, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-7)

Stop Ashlee Simpson from "Singing" Petition

I have no idea who Ashlee Simpson is, and can not recall ever hearing her name or her singing. Having said this, Stop Ashlee Simpson from "Singing" Petition is doing the rounds, and thus far, has over 190,000 signatures (and seems to be growing by 10-20k signatures per day). The original petition was created by Bethany Decker in the US, as a bit of a protest. She never dreamed it would become a popular cause.

So what impact is this likely to have. One could argue that 190,000 people can't all be wrong. On the other hand, you could assume that 'all publicity is good publicy', and that this will just help her albumn sales. But what I do find very aumusing is that on the view signature pages, the site owners have put in Google Ad frame - advertising Ashlee Simpson tickets and her 'music'.

The .NET Celebrity Auction for Aceh Aid at IDEP

So go on over and bid at eBay for item 5552696499 (Ends Feb-02-05 06:00:00 PST) - The .NET Celebrity Auction for Aceh Aid at IDEP.

Direct Show / Windows Media Player .SHN Plug-In

While the world is entranced by MP3s and MP3 players, a small segment of the digital music revolution is more interested in lossless music. Using the filetypes of SHN (Shorten) or FLAC (free lossless audio codec), these file formats give better quality but result in larger files. I have a library approaching 1 terrabyte of lossless music, the centre piece of which is my collection of around 500 Greateful Dead live shows (a collection that will shortly be growing when the additional of 2TB of disk space on "back order" finally arrives!).

While SHN and FLAC files offer better quality, you need to use WinAmp, plus the relevant WinAmp Plug-ins to play them in stead of Media Player. There has been no plug in to Microsoft's Media Player to support these formats.

Welcome then to Direct Show / Windows Media Player .SHN Plug-In written by someone at RIT in the US. Don't know too much more about the author, other than his email address from the site. But it works OK (so far) and I can hear no real difference in sound quality between MedialPlayer and WinAmp with their respective plug-ins loaded.

And if you are into live music, the Live Music Archive contains tens of thousands of live concerts, many in SHN/FLAC format. This includes 2777 Grateful Dead Shows, 19 New Riders shows, and 2 Phil Lesh and Friends shows. Oddly, there's no Jerry Garcia Band or Bob Weir shows.

Clever Social Engineering

Sophos researchers have discovered a new worm which poses as breaking news headlines. The worm, named W32/Crowt-A, sends mail with the subject line, message content and attachment names all gathered in real time from CNN. For corporate users that receive news bulletins via email (I sure do!), the less savy are going to open the attachment, and load the malware. Read the Sophos bulletin for more information on the work, and it's payload.

Winternals Administrator's Pak 5.0

Winternals is the commercial software firm run by Mark Russinovich and Bryce Cogswell. It's sister www.sysinternals site, is (or sure should be) well know by Windows power users around the globe as the source of outstanding free utilities. I've lost count of the number of times I've used their tools to really do useful things (e.g. regmon, filemon, bginfo, just to name a few!). Sysinternals takes those free tools to the next level and produce some really great commercial systems management tools.

One of Winternals' tools is the Administrator Pak. The current version 4.2 edition is a great set of tools enabling you to revive unbootable or damaged systems, diagnose problems with Windows, etc. The pack includes ERD Commander 2003, Disk Commander, NTFSDOS Professional, Remote Recover, Monitoring Tools, and TCPView Pro.

Winternals is due to ship Version 5.0 later this month. The new version features improved versions of both ERD Commander and Remote Recover, a centralised navigator, and some new tools including Insight for Active Directory, AD Explorer, and Crash Analyzer Wizard. This later tool uses the standard crash dump tools you can download from MS to help you to diagnose the source of blue screens!

Full product details have not yet been posted to Winternal's site. The current version is licensed on a per administrator basis, enabling each admin to use the tools on an unlimited number of systems. A neat licensing model - here in the UK, the RRP for each license is US$1410/admin (plus US$282/year maintenance). No prices have been disclosed for the new version yet.

RDs help the Tsunami Victums of Banda Aceh

A group of Microsoft Regional Directors are banding together to raise money for Tsunami victims. I hope we raise a lot of cash!

MSN Messenger 7.0 Beta Available

Microsoft has released an MSN 7.0 Messenger Beta. There are a couple of new features, including drag and drop backgrounds and the ability to set status before logon (you can see who's online before others know you've logged in). I've been playing with it much of today and it appears solid!

EPIC 2014 - A look at the future

I'm not sure if the EPIC 2014 is satire, or not. It is certainly an interesting look at how some of the big players (i.e. Microsoft and Google) could develop over the coming decade.

Microsoft Windows Internals - A New Book

This is the long awaited book on Windows 2003 by David Solomon and Mark Russinovitch. Every self respecting Windows Geek must own this book! Keeping with the tradition started by Helen Custer, Dave and Mark have produced another definitive book on the internals of Windows. See the web site, and buy this book!

On the Value of Patching

In a recent USA Today.com article, entitled Unprotected PCs Can be Hijacked in Minutes, the authors demonstrate both how important patching is, and the value of firewalls! The article also demonstrates how hostile the Interent can be.

The study ran for two weeks and looked at how vulnerable certain types of systems were, both to being attacked, and to being attacked successfully. The XP SP1 and Mac OSX systems were attacked at about the same level (340 attacks/hour), with 9 succesful XPsp1 attacks, and none for the Mac, or the systems running Linspire (Linux),and XP SP2 with the Internet Firewall enabled.

If this doesn't demonstrate how important it is to keep up to date, I don't know what does!

Avalon Preview Released for XP

At the last PDC, Microsoft presented it's vision for Longhorn, the next version of Windows. At that time, the idea was you'd get loads of cool new stuff (whizzy presentation layer, a to die for file system, etc) by upgrading to Longhorn. It turns out that Longhrn was a bit of a tall order, and the requirement to upgrade to Longhorn was something many corporates were uncomfortable with - many of them still had not fully deployed XP yet, let along wanting to think about another roll out a couple of years down the line. So last summer, Microsoft had a rethink on the scope and direction of all this technology, the result of which was that WinFS was removed from Longhorn and is meant to come later. Additionally, MS announced Avalon (the new presentatiuon layer) and Indigo (the communications layer) were to be backported to Windows XP.

As reported over on Slashdot Microsoft has now released an initial beta of Avalon. Dubbed a Community Technology Preview (CTPs), it's a huge 261MB download. This was first made available to MSDN customers in November 2004, Microsoft has now made this a lot more widely available. CTP releases are not always super stable, so if you do decide to install it, you should probably avoid installing it on your primary workstation(s). In order to use the Avalon CTP, you also need a beta version of the .NET Framework Version 2 (download from Microsoft - it's 24MB!) your XP system (which can be XP Tablet!) needs to be at SP2, and you probably need a DirectX 9 capable graphics card as well.

You can read the slashdot reader's comments over at Slashdot. As usual, there's loads of anti-MS stuff and rather inaccurate comments, , but some good information. And for details on the release itself, head over to the MSDN Site and look at the Avalon November 2004 Community Technology Preview article. And for the low-down nitty gritty on WinFX, see the WinFX On-line SDK.

Secunia - Internet Explorer Command Execution Vulnerability Test

Thanks to my fellow RD, Hector M Obregon, for pointing out the latest new IE vulnerability. Hector pointed me to a New Scientist Article which descrives the flaw. Security Firm Secunia has posted details of this flaw on their site. They have also posted a Vulnerability Test that shows whether your system is vulnerable.

Patch this one as soon as possible.

Firefox on the Ascendency

I've been using Firefox a lot lately, and have switched over to it on my main workstation as my primary browser. It does NOT handle all sites perfectly, but these are few enough that I don't mind. I like the extra features that I get with Firefox and the plugs ins. When I get a suitable supply of tuits, I shall pepare a more detailed look.

It looks like I'm not the only one who is switching. For some weeks now, I've been noticing an interesting upswing web hits based on Firefox. Usage is on the upswing, based on a highly unscientific survey, aka a quick look at two websites (this blog and The WUS Wiki Site). In both cases, the stats come from Site Meter as I have their free counters running on these two sites which track (IIRC) just the last 1000 connections.

If you look at the WUS Wiki Browser Share stats, Firefox has a 22.22% share, IE 6.X 74.75%, IE 5.X 1.01%, Netscape 3.x 1.01% and Opera 7.X 1.01%.

Looking at the stats on this blog, the stats are: Firefox 26%, IE 6.X 69%, IE 5.X 3%, Netscape 4.X 1% Opera 6.x 1%.

So roughly, IE's market share is down to around 75%, with Firefox at around 20%, with the others making up the numbers.

You can't read a great deal into these numbers as they change regularly over time - I regularly see huge swings in percentages, e.g. the other morning, IE had a 90% share on my personal blog. But they are certainly an indication that usage of Firefox is growing, and in places has grown to a a resptibly healthy healthy level.

Computing the size of a directory is more than just adding file sizes

I never tire of reading Raymond Chen's The Old New Thing blog. . While sometimes he's way over my head with coding or API details, often his posts contain great explanations on some of the things that Windows does.

In a recent post, Computing the size of a directory is more than just adding file sizes, Raymond looks at why computing the size of a directory is difficult. The things you can put into a directory these days is a bit advanced from the days of DOS 1.0! And, to some degree, his post makes you want to question whether the concept of the "size of a directory" is actually meaningful.

More on Microsoft Windows AntiSpyware Beta

I posted about this yesterday - and I've been playing with this a bit today, first on my main desktop (which was pretty clean). It generated a couple of false positives, and the deep search identified problems contained in one of the restore points. The scan on my laptop was pretty clean too.

Some observations:

1. The download is 6.23 MB.

2. MS have a simplified FAQ at http://www.microsoft.com/athome/security/spyware/software/faq.mspx

3. It installs on XP without needing a reboot.

4. It does not deal with cookies.

5. It looks an awful lot like Counterspy.

6. There is an open newsgroup for folks to talk about the product. Sadly, there are a lot of anti-MS posters there, which diminishes the value of the group a bit.

Microsoft release Spyware Beta

Microsoft yesterday released a free public beta of the recently acquired Giant anti-sypware program. MS has a (anti) Spyware site for more information and to download the free beta. I'll post more when information on this as I play with it.

The Worlds Safest Online Computing Environment

According to a recent study entitled: Deep study: The world's safest computing environment , a UK Security firm says BSD and Apple MSC OSX (which is based on BSD) are the safest. In a survey conducted by IT security firm mi2g, the firm analysed 235k successful digital breaches against a global set of 24x7 permanently connected systems.

Their results show that Linux was the most breached (65.64% of all breaches recorded), while breeches of Windows based systems remained steady (25.19%). MAC OS X or BSD based online computers trended down to 4.82%. The breaches analysed hit all sectors, including home based systems (32%), SMBs (54.9%) and larger enterprises (only 2.5%). From these numbers, the smaller business was hit hardest.

For more information on BSD and MAC OSX,and a good bit of background on BSD, see Darwin/Mac OS X: The Fifth BSD over on BSDDatanetworks.com.

WUS - Windows Update Services Nearing Completion

Windows Update Services (WUS) is nearing completion - with a broad reach Beta, with Beta 2 available freely - and is due out this year. WUS is, in essence, SUS V2 and provides a number of new features currently available with SUS.

WUS is roughtly a year late so far - with expected RTM '1st half of 2005'. In October 2003 at the World Wide Partner Coference in New Orleans, I heard Steve Balmler announce SUS V2 would be delivered in the the 1st half of 2004. According to the transcript, he said "I guarantee you that if I come back to this conference, which I will -- when I am back at this conference next year, I am going to ask people whether they've deployed Software Update Services 2.0. And if as few hands go up as went up today, I'm going to have a real issue with our product development people or with our marketing people, because, believe me, this is targeted at one of the key pain points that you and our customers have identified."

WUS Beta 2 shipped last November, and RTM is due 1st half of 2005 (i.e. by end of June). Beta 2 is a solid product - it pretty much works, although there are as ever in a beta, a few minor issues to resolve.

As delivered Beta 2 provides a lot more facilities than were available in SUS, including:

• Client targeting - supports different updates for different clients
• Supports Exchange, SQL, Office, as well as Windows upates (despite the name!)
• Better reporting
• A thorough API to allow you to write add on tools/reports
• Ability to remove a patch.

For more information on what's new, see the WUS Wiki Page on What's new in WUS.

WUS is far from perfect (and I'm not talking about the minor bugs you sort of expect to have with a beta!). The biggest problem to me is it's usability. I find it harder to use and troubleshoot than it should be. Some specific examples of this include:

• From the main WUS Admin console, there are a series of dashboard figures on the number of updates available, the number approved and the numbers not approved. These numbers to not add up properly.
• From the admin console, you can see clients that have yet to be udpated. But there is no easy way to actualy see which clients these are, and what updates are missing.
• The client updates should 'just work'. But when they don't (9/11 of my systems worked fine first time, 2/11 didn't and still don't. It would be faster to fully reinstall the OS than it's taken me to troubleshoot this (unsucessfully).
• There are no client troubleshooting tools.
• There is no control over downloading updates (downloading it either on or off).
• There is no support for 3rd party patching - it's MS only.

WUS is a great step forward, but it's late and needs more work.

Microsoft revokes Passport

Given that E-Bay has dropped Passport, The Register's story: Microsoft revokes Passport service was not all that surprising. When it worked, Passport was great - and enabled me to not have to remember the myriad of passwords that MS sites seem to require. But it was all too often the cause of problems (and to this day the 'automatically log me on' feature rarely works and every site that became Passport enabled seemed to have had teething troubles. And it was not cheap for partners either. Perhaps the most interesting point in the article comes towards the end, where the story notes that Microsoft has some "real identity management aspirations". It will be interesting to see where MS goes in this area.

US ISP wins $1bn in damages from spammers

In a recent article, The Register reports that a US ISP wins $1bn damages from spammers. I wonder if any of the spammers will ever pay.

Windows Update Services Wiki

In a recent post, I wrote about the WUS Service Beta 2. I've been playing with it a lot over the holidays (and filing a bunch of bug reports). Due out by the end of the 1st half of 2005, this is a great step forward from SUS. But there is a lot of work still to do on usability! One neat feature of the beta has been the creation of the Windows Update Services Wiki. This is all community developed and includes information on installation, deployment as well as FAQs and details of confirmed issues. The cool thing is that this is all being developed by the community - this is not a Microsoft site (although some MS employee do contribute!). An interesting thing about the site is the traffic analysis - take a look, it's global (and IE only accounts for 78% of the traffic). The site is getting around 180 hits/day, with an average of 3.4 page hits/visit. Not bad given the new-news of the product!