Last month, you could've slept through Patch Tuesday, there was
so
little action. But now that you're all rested, you can handle tomorrow's
Patch Tuesday with its
eight
remedies, six of them critical.
Once again, remote code execution (RCE) is the theme of the day, as all patches
address this stubborn bugaboo. If you have Windows XP, Vista, Windows 2000 or
Windows Server 2003 or 2008, get your spackle ready -- cuz it's time to patch!
Posted by Doug Barney on December 08, 20080 comments
IBM once owned the PC business. It, along with Philip "Don" Estridge,
created the IBM PC and in the process made DOS the dominant OS. It tried to
maintain dominance with OS/2, but Microsoft lost interest (as it lost control)
and went with Windows instead. The rest is antitrust history.
IBM would like nothing better than to reassert itself on the desk. Its answer?
A set of open source productivity apps all delivered through virtual
Linux servers. IBM has made headway with a similar approach in Europe and
many internal Big Blue users are on open source clients.
Are you ready for a fully open desktop environment? Answers should be sent
in an open and honest manner to [email protected].
Posted by Doug Barney on December 08, 20080 comments
Symantec just
released
a study claiming that as of now, software authors are writing more malware
apps than legitimate, useful programs. And the company says next year will be
even worse.
First, a little caveat. Symantec sells security software, so it's in the company's
interest to scare us. That said, Symantec has always been honest with me so
I must take it at its word.
Here's what Symantec thinks we're in for in 2009: There will be more malware
spread through social networking, more attacks on virtual machines and more
spam.
What are your biggest security headaches? Send 'em to [email protected].
Posted by Doug Barney on December 04, 20080 comments
I avoid fighting people that are bigger and better trained than me (which means
I'll have to stop fighting my two sons pretty soon). So I would certainly never
want to irritate an organization with 3 million people, many of whom are armed,
and a huge complement of planes, bombs, tanks and guns.
But that's just what some idiotic hackers are doing by releasing
malware aimed at U.S. Defense Department computers.
Fortunately, military defenses kept the attacks from reaching deep into the
network, but the malware did infect a range of computers in Afghanistan and
elsewhere. If they found the source of these attacks, a little shock and awe
is clearly in order.
Posted by Doug Barney on December 04, 20080 comments
On Tuesday,
Fred
posed a question to fellow Redmond Report readers -- what should he do to
keep his home WEP Wi-Fi connection secure? Here are your responses:
Regarding Fred's question on wireless: WEP is commonly defeated in under
10 minutes, so if someone decides to target your network, any available resource
will be open to them. I'd worry less about the man next door than I would
about the boy next door, who might try to break into your network just for
the 'fun' of doing so. Another worry with WEP is having a stranger gain Internet
access through your network and then use it for criminal activity, which would
trace back to your IP address.
-David
If you don't share anything on your computer, including hidden shares,
a hacker can get access to the Internet only. The harm here is that they can
capture your Internet traffic, but this would be very unlikely in a home environment.
Even if they do capture Internet traffic, https sites are safe because of
encryption. For example, your username and password for most Web-based e-mail
is safe because it is encrypted; the log in page is usually https://something.
However, the e-mail packets themselves are probably not encrypted and can
be captured. You can configure Firefox to encrypt all Gmail traffic, but this
is an exception. If you use e-mail handlers like Outlook or Thunderbird, your
SMTP port is 25 and your POP port is 110, your mail transmissions can be easily
captured. Hackers can also use peer-to-peer file transfers and slow down your
Internet connection (the odds against this happening are astronomical).
I can hack 128-bit WEP encryption in 10 minutes if I am close enough
to the access point, usually within 100 feet. The farther away, the more time-consuming
the hack. Right now, the average hacker would not bother with any WPA because
WEP is easy and plentiful. Almost all wireless routers and network cards can
be configured with WPA. If you really want to be safe, use WPA-2 with AES
and more than 20 characters in the encryption key. Also, keep potential hackers
more than 300 feet away. This is almost as safe as a wired network.
Once again, if you don't have anything shared, including hidden shares,
and you don't have sensitive e-mails, there is not much to worry about from
Wi-Fi.
-Earl
Have you tried the IE 8 beta? A few of our readers have and their responses
are mixed:
I have used IE 8 on Vista SP1 for four or five months without any issues.
-David
One problem I've had with the IE 8 beta is when I tried to uninstall it,
it completely hosed my system, basically reverting it back to the factory
default programs and settings. I had to use System Restore to restore my system
the way it had been, including the beta version of IE 8. I'm using Window
Vista Ultimate with 4GB RAM and a 2.20 gigahertz Intel Core2 Duo processor.
-Bob
Joseph thinks the open source business model isn't necessarily "broken,"
as one
analyst said; it might just be suffering from a perception problem:
Making money from 'free' software is not anything new. There are hundreds
of VARs out there that sell products at near-cost to get the implementation
contract. The problem is marketing -- when I had my own consulting business,
I put on a "free" seminar at a local community college and hardly
anyone showed up. I raised the "price" to $99 for the same seminar
and got an overwhelming response from businesses. There is a price-point at
which people perceive "cheap" to be valueless.
-Joseph
And finally, "cloud" might be Microsoft's new buzzword, but Alan
isn't buying into it:
I do not need the cloud, and I do not care about it. It is insecure at
best.
-Alan
Tell us what you think! Leave a comment below or send an e-mail to [email protected].
Posted by Doug Barney on December 04, 20080 comments
Microsoft has been cleverly trying to turn the subject away from Vista and
toward...well, toward just about anything else! Vista TV commercials mention
Mojave more than the V-word, and the new, big Redmond word is "cloud."
On the desktop, Microsoft isn't shy about promoting Windows 7 and making it
seem this OS is right around the corner. And it is -- at least in beta form.
It looks like the first beta will be out
this January. An alpha (I call it that, even though Microsoft has its own
odd nomenclature) is already in the hands of developers who find it pretty solid.
One thing is pretty clear: Windows 7 is an extension of Vista. This means the
hardware makers must build super-fast machines to give proper performance, that
peripheral vendors must work with Microsoft on good drivers, and that Microsoft
must clean up its code. If all three happen, Windows 7 could be a big success.
Now, let's see how they all do!
Posted by Doug Barney on December 04, 20080 comments
Even though Microsoft is planning to kill off OneCare next year, it's still
touting
the product as a success. A couple of you happen to agree:
I've been very happy with OneCare, mainly for two reasons relating to
my 84-year-old dad's PC. First of all, OneCare wakes the PC in the middle
of the night to do an automated backup to an external hard drive. Dad isn't
aware of this and can't accidentally disable it, so it provides some protection
against his other often careless actions.
And, as part of my OneCare "circle," his system status gets
reported in the OneCare console on my home PC, alerting me to potential issues
as they occur. I haven't had much in the way of problems with OneCare, but
I'd speculate that the cost of providing free support was a big factor in
Microsoft's decision to stop offering it.
-David
I do not know why Microsoft would want to eliminate a necessary product,
especially since it was one of the cheapest packages around. Honestly, in
my opinion, I believe that anti-virus software should be FREE. Protecting
computers from malware and viruses is a necessity and should be provided with
the OS, instead of from the greedy, pay-or-else companies like Symantec. This
is the very reason I use Grisoft AVG.
If companies want to charge for their firewall or parental control products,
fine, but basic protection from hackers should be at the forethought of everyone.
How can you prevent viruses and zombies if we cannot afford the product? Symantec,
McAfee and others are no better than the pirates in Somalia.
-Anonymous
Earlier this week, one
reader wrote that the latest IE 8 beta has been a welcome change to IE 7.
But Rick begs to differ:
You have had one good comment for IE 8. Here's one not-so-good comment:
It stinks, especially on a corporate (government) LAN. Of course, that could
be because the government hasn't caught up with anything in years except Al
Capone.
Anyway, I tried it at home on a Vista upgrade machine and it crashed
too many times. I will have to wait for the RTM version. Although it could
just be that once again, there are way too many features for the average Web
surfer and MS has dumbed it down to where the geek (like me) tries to "fix
it." C'est la vie.
-Rick
Opinions? Criticisms? Let us have 'em! Leave a comment below or send an e-mail
to [email protected].
Posted by Doug Barney on December 03, 20080 comments
Desktop virtualization has been around for...I don't know. About at least 20
years. But there's a new debate over VDI, or Virtual Desktop Infrastructure.
Citrix has long had server-based thin client computing, so VDI isn't the first
stab at this kind of processing. Instead, VDI adds an additional layer of virtualization
on top of the hardware so that each client has a more dedicated experience (virtual
gurus, feel free to correct or polish my definition by writing [email protected]).
Of course, others do have differing definitions. What does VDI actually mean?
The answer is murky and is discussed here.
VMware is getting deeper in the VDI game with the release of VMware
View 3, a suite of tools that creates images for users' virtual desktops,
allows users to work even when they're offline (a big shortcoming of thin clients),
and also includes virtual printing.
Some believe VDI isn't
ready for prime time. Here's
what Citrix thinks.
Posted by Doug Barney on December 03, 20080 comments
How serious is Microsoft about the cloud? Besides building new cloud infrastructure
software and retooling all its apps for remote computing, Microsoft is
pouring
huge bucks into its datacenters, to the tune of 10,000 new servers every
month.
Microsoft has an interesting new approach to building datacenters with efficiencies
that remind me of state-of-the-art supplies like Wal-Mart has. Microsoft's approach
is all modular and snap-in, and the center is architected to deliver Just in
Time capacity (the same way a good supply chain delivers products Just in Time).
Are you starting to think more about clouds? If so, why? Send your thoughts
to [email protected].
Posted by Doug Barney on December 03, 20080 comments
Vista is still one of the great mysteries of software. Many like it and can't
for the life of them understand why it gets such a bad rap. Others hate it and
can't for the life of them understand why Microsoft built it in the first place.
For most Microsoft products, the first service pack stamps out the bugs and
makes it usable. The first Vista SP helped, but wasn't enough to change Vista's
bad reputation. Fortunately, SP2
is getting closer, as it's now in wide-scale beta.
Have any of you tried Vista SP2? If so, wadda ya think? Answers welcome at
[email protected].
Posted by Doug Barney on December 03, 20080 comments
While less conservative than it was two decades ago, IBM isn't exactly a wild
and crazy company. So when IBM told me that electronic holiday toys
could
include malware, I had to trust the information.
The idea is that toys, especially those that connect via USB, could be loaded
with software to give hackers a backdoor entry to your machine and maybe your
network.
Posted by Doug Barney on December 02, 20080 comments
There's just no shortage of opinions when it comes to the "Vista Capable"
sticker lawsuit. Today, it's the Microsoft defenders' turn:
OK...just a sanity check here. All of you whining about this, please
look carefully at the your computer and see if you can figure out who manufactured
it. Those whose computers were manufactured by Microsoft, keep complaining
about MS. The rest of you, aim your complaints at the computer manufacturer!
So much whine, bring on the cheese!
-Terry
I think MS should win the case. It's fun to knock the "Big Dawg"
which is why people tend to root for underdogs. I believe Microsoft didn't
even have to put that label on the hardware. Let's not blame it for the ignorance
of others.
-Michael
In my opinion, Vista is not just Vista Ultimate. I believe (correct me
if I am wrong) there are other editions including Home Basic, Home Premium,
Business, etc. If a machine can run Vista Basic (without the razzmatazz of
Vista Ultimate), then the machine is "Vista Capable." If the sticker
said "Aero Capable," then we have a different game entirely. I use
an HP dv2910us with 3GB RAM, and it's very capable of running Aero, but I
use the Windows Classic theme. Just because Aero is turned off, doesn't mean
I am not running Vista.
Microsoft should pay, but not through its nose.
-Anonymous
I think everyone is missing the point about the "Vista Capable"
stickers. Yes, Microsoft goofed when it allowed manufacturers to use them.
However, Microsoft did not manufacture any of those low-end computers or place
the stickers on the computers. Most of the blame should go to the manufacturers
who wanted to mislead consumers about low-end computers.
Another important question is: Why does Vista have so many flavors? Could
Microsoft be making these stripped-down products in response to manufacturers'
needs? Could it be making them to make more affordable products? After all,
it doesn't cost Microsoft any more money to ship Ultimate than it does to
ship Home Basic. Unlike Apple, Microsoft does not control the entire manufacturing
practice for its computers. If it did and forced manufacturers to make high-end
computers, it would deny access to a large segment of the populace.
-Earl
As they try to hang MS, how many of those same folks are trying to fry
the auto companies for the mileage ratings posted on the windows of new cars?
I know the auto companies all say, "Well, those are the numbers from
the government testing," but I don't hear any of them saying, "Here's
what you should really expect to get."
-Anonymous
After news broke that Jerry
Yang was leaving Yahoo, Doug wrote that he'd be happy with just 1 percent
of Yang's success. He's not alone:
I totally agree with you on your statement. Look at the high-tech industry
as a whole and the persons who started to develop companies. How many have
created something major and then let go from the company? If I am not mistaken,
this happened recently at VMware.
-Lee
Bill doesn't think OneCare deserves the bad rap it's been getting:
One of my pet peeves with the nightly "news" programs has been
the way they casually plant uncorroborated, inaccurate statements in the programs
and repeat them frequently. One of your recent Redmond Reports contains such
a statement: "problem-plagued
Live OneCare." I have this product installed on many systems with
many happy VSB users. Version 2, the current one, has worked well. It's easy
to administer and has been successful in protecting the computers. I have
not had to repair or clean viruses from any of these systems. It is less intrusive
than any of the other anti-virus programs that are on other computers I administer.
I am happy with OneCare and hate to see it go. But then I am a user,
not a journalist.
-Bill
And finally, Fred needs some Wi-Fi security answers. Can
some knowledgeable reader help him out?
After my initial consternation upon reading your report
on the latest Wi-Fi hack, I began to wonder. As a Wi-Fi user in my home,
a single-family house in a neighborhood of single-family houses, on a short
street that dead-ends between two minor cross streets, how concerned should
I be about the insecurity of my simple WEP Wi-Fi connection at home?
Agreed: In a hotel or at a public hot spot, I'm at serious risk. But
how about at home, under the circumstances described above?
-Fred
Got an answer for Fred? Want to comment on anything else we've covered today?
Fill out the form below or send an e-mail [email protected].
Posted by Doug Barney on December 02, 20080 comments