Barney's Blog

Blog archive

Doug's Mailbag: IE Security, Lieberman Software Praise, Windows 7 Disgust, More

One reader discusses that the IE security breech patched this week may not be the fault of Microsoft:

The issue is not just with browsers, but with us Web designers and developers.

We keep making our sites to require scripts and ActiveX controls. We keep using Flash, Silverlight and any other "cool" graphic appeal we get out hands on. We throw everything, including the kitchen sink, on the front-end just because we can.

All of these add to the security problem. Most of the security hacks are not from IE or any other browser, but from the junk we add. Our sites are totally unusable if one does not allow scripts, ActiveX, etc. So users must leave their browsers open to hackers.

Don't blame the browsers, blame ourselves.

After Doug recently blogged about hackers cracking IE 8 in two minutes, one reader calls him on singling out only Internet Explorer:

I've read a few stories now on this hacker event and how they cracked IE. Not only was IE hacked but so were Firefox, Safari and Opera. In fact, the only one that wasn't hacked (Google Chrome) had just gotten a big round of patches the day before the event. That way the hackers didn't have any time to plan their attack. My guess is that Chrome would fail too.

I'm with Microsoft on this one. Even a locked steel door can get broken into if someone wants in bad enough.

While the industry is still raving and ranting about Windows 7, one reader has had enough:

I am really getting sick of hearing about Windows 7. It is OK but it's just an evolutionary step from it predecessor -- not god's gift to the computer world.

I have two part-time jobs. One is as a consulting project manager for the prime contractor to a government organization. In this capacity, I design and create MS Access clients to Oracle databases. The organization is still using Windows XP and Office 2003 products and is happy with the capabilities and performance. Everything is centrally controlled and to even get Framework installed in my profile, I need the approval of my task manager. People complain but the help desk does a good job and is very responsive and knowledgeable. We have been working on transitioning some of our applications to Office 7 but it is difficult because most of our simulation software has embedded calls to Windows 2000 applications. Very talented people are working on this but it seems like a waste of resources to spend this money so Microsoft can make money by selling new products because they weren'tsmart enough to get all of us to subscribe.

In my second job I support very small businesses, generally doctors' and dentists' offices. These are peer-to-peer networks of six to eight Windows XP computers with one being a "server." All applications run on XP, Vista or 7, but everyone is happy with the installed XP versions. There is no desire to upgrade to Windows 7 especially since they would need to do a clean install on their existing computers and would have to upgrade all of them at the same time. When a new computer arrives with Windows 7 Pro, I set them up to run in XP.

I see no movement on the part of the government contractor to switch to 7. However, it will happen sometime. As to the doctors and dentists, they will not move until they have to. Probably when their applications are only available for Windows 7. Meanwhile I have to listen to the same old Windows 7 hymn.

That felt good, time to go jog and then have a beer.

An industry administrator comments on what makes Lieberman Software so great:

We have been running RPM in our environment now for over two years and have nothing but good things to say about it. We leverage RPM to randomize all of our Managed Desktops and Production server local administrator passwords. This is to remain inline with our internal password compliance standards. We are managing roughly 2500 clients with very minimal system overhead. The server runs in our VMware ESX environment with the database residing in our production SQL cluster. All in all the system takes up very little resources because it is agent-less and accesses machines via the RPC shares in windows. We have a heterogeneous environment and since RPM looks at the RID IDs of the accounts, users can rename the local administrator account to whatever they feel like.  However, RPM will still find the account and change the password when the job runs -- a very nice feature. The other great part of RPM is it's not tied down to one specific OS. We manage all of our Windows (XP, Vista, 7) machines as well as our managed Apple (10.5, 10.6) computers with the same system and service account. A very unique feature in today's marketplace.

Our help desk also likes the Web interface for accessing all of the managed desktop passwords. It's AD integrated and allows you to add users or groups for permissions delegation, bypassing the need to engage in the tedious task of create new users accounts for everybody. Their main use of the Web interface is, for instances, where they need local administrator access for software installations and general troubleshooting. Our security team also taps into the Web interface for forensic purposes. 

The product is a breeze to set up and the documentation is very detailed, walking you through all aspects of the product. I have had one or two odd issues with the product since implementing it, and when I call in for support I always get top-notch service and very knowledgeable people. 

We are looking to implement the upgraded version of this product ERPM, which you talk about in your article. We think this will save us a ton of time in our service account management and also remain in compliance.

Finally, while one reader uses Microsoft's Bing, he knows it's far from perfect:

I like Bing, and use it more than Google these days.

At first, my main criticism was that it gave too many results that were randomly using one or another of the keywords, and were not targeted to sites with all of the keywords. That seems to have gotten better over time, but it took a long time.

Also, it often suggests words that are similar, but have no connection to the keywords used.

A third criticism is that leading returns on the searches often seem to be paid advertisements -- again, only remotely or not at all connected to the search.

That said, I believe that it is giving Google a run for its money. At the moment, I use Bing slightly more than Google, just to give them a boost. I like to see competition in technology. If they make it better, I may give up Google altogether -- I think that they have gotten too smug and take users for granted.

Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on April 02, 2010