Friday, February 27, 2009

Australia's Obscene CEOs

OK, time for a bit of a rant on this. We all know that Sol Trujillo managed to achieve no positive motion whatsoever for the Australian consumers whilst he was CEO of Telstra and that he got a $30m handshake deal for this lack of motion with the extra bonus of sacking thousands of Telstra staff during his tenure. Corporate responsibility is obviously something Telstra either knows absolutely nothing about or knows a lot about and knows even more about how to avoid it.

We all hope that whoever Telstra hires to replace Sol is someone who knows how to run a communications company (monopoly) so that it not only benefits themselves and their shareholders, but also their clients. That's something that's been badly needed for years.

Now, add to this the outright theft of about $1.2m from Pacific Brands' staff by their CEO, Sue Morphet. Last year she went from an already excessive package of $685,ooo and change (as the GM of their Underwear and Hosiery Division) to $1.86m (as their CEO) and at the same time has sacked (and is planning to sack) 1,800 staff and is moving a lot of their work offshore to "offset rising costs". I wonder if they can continue to justify this corporate greed, social irresponsibility and wanton destruction of people's lives if we all stop buying anything they make? And remember, with Pacific Brands it isn't just their CEO who's taking from the poor, but other executive management as well.

Remember, also, that Pacific Brands received $15m from the government over the last 2 years to retool and reskill. It looks like the executives reskilled their new cars and bank accounts with this money.

If you want to send a message to Pacific Brands that lets them know how you feel about this corporate irresponsibility, have a look at their website to see which brands to avoid buying - and let your friends know not only what they are doing to their staff, but with our money (the $15m of taxpayer funding they received).

And don't think it stops with just these two - there's a lot more out there who need to be brought into the attention of the public, especially in these GFC times. Fair's fair.


The Outspoken Wookie

Thursday, February 26, 2009

Small Businesses Evading Exchange?


According to this article, James Gaskin's happy to see that David Ferris agrees with him that "Small Businesses (are) Evading Microsoft Exchange E-mail". Oh, really? There's a lot moving to Gmail because they offer the same functionality?

For starters, when Gmail goes offline for 2.5 hours as it did a few days back and takes your email down with them, if you'd been running SBS in your office, you'd still have access to all of your email, calendars, contacts and so on. No downtime due to the cloud dissipating in low humidity environments.

Can CRM (Microsoft's CRM or other parties' CRM solutions) integrate with Gmail? How about other Line of Business applications? Can you sync your calendar, contacts and email to your PDA? Can other staff members search across the company's calendars and find a suitable time to book a meeting for multiple attendees? Will you be informed of this appointment and be able to accept/reject it on your PDA, desktop or laptop? Can you keep a regular backup of your Gmail information for the whole company in case of system failure/cloud failure/legal reasons/disaster recovery/sensible business practice?

Can your business accept the Google Terms and Conditions associated with your business correspondence and Intellectual Property being stored on/hosted on/passed through their system?

Yes, I know that Gmail (and other mail solutions) can provide some or many of these features and other features that Exchange provides, but I certainly don't see nor hear of SMBs abandoning Exchange for Gmail. Not right now, and probably not for a while.

Yes, SBS 2008 is no longer a really affordable Small Business office solution (small as in 3-10 users) like it was with SBS 2003, however for the 10+ business it is still quite good value. I'm also not saying that Gmail isn't valid in a number of situations, small or medium businesses included here with larger businesses, and even some colleges and universities are looking (or moving) to Gmail for their student mail. I'm not saying that Exchange will always be better nor even that it is even better now for all of your clients, but is Gmail, the cloud and unreliable Internet connectivity like we have here in Australia a good combination *now*?

I'd like to see better Internet connectivity and more reliable Internet connectivity here in Australia which will really allow us to look at the Cloud as a viable replacement for in-house infrastructure, but right now, unless you have a fiber connection into your office, "reliable" isn't something most people would label their Internet connectivity with.

So, if anyone is seeing SMB clients moving to Gmail, *please* let me know as I'm interested in seeing how many people agree with James and David's viewpoint here. I just don't see it myself nor from any of the other SMB IT consultants I've spoken with.


The Outspoken Wookie

Wednesday, February 25, 2009

Adobe Flash Player Update

A recently announced vulnerability in Adobe Flash Player has been addressed by the latest Flash Player: available from here.

Beware, however, that if you already have Flash Player installed and click on the "Agree and Install Now" button, it won't actually be updated (as has always been the way with Flash Player updates). You need to either a) uninstall the Flash Player first, then go here and install the new one, or b) go here and complete the Distribution Agreement and then download an installer that you can distribute as per your Agreement terms.


The Outspoken Wookie

VMWare vCenter (Virtual Center) 2.5 Update 4

There's a security update for VMWare vCenter (formally Virtual Center) 2.5 available that addresses recently discovered vulnerabilities in Apache Tomcat server. The patch can be foung here. Please be aware that the only update that is on their regular updates page at the time of publishing this blog entry is U3 (ie, not the current latest update).

The following software is affected by this issue:

Replace with/
Apply Patch
VirtualCenter2.5WindowsVirtualCenter 2.5 Update 4
VirtualCenter2.02WindowsUpdate pending...
Server2.xany affectedpatch pending
ESX3.5ESX affectedpatch pending
ESX3.0.3ESX affectedpatch pending
ESX3.0.2ESX affectedpatch pending

Please note that VMWare ESXi is not affected by this vulnerability.


The Outspoken Wookie

Monday, February 23, 2009

Did we need another reason to look elsewhere for a PDF reader?

Adobe Reader has yet another exploit. They seem to have these found with monotonous regularity and with similar monotonous regularity, take way too long to address them properly.

This one affects all versions of Adobe Reader as well as Adobe Acrobat - in particular the JavaScript engine in these products. The recommended workaround (until Adobe can be arsed releasing an update, currently updates for Acrobat 9 and Reader 9 are scheduled for 11 March 2009, older versions will need to wait longer for this security update) is as follows:

In Adobe Reader or Adobe Acrobat, go to Edit\Preferences\JavaScript, then uncheck the "Enable Acrobat JavaScript" and then click "OK".

Please note that this is the next in what's becoming a long line of exploits against Adobe Acrobat/Reader's JavaScript engine.

A better option may be to look at something like Foxit Reader by Foxit Software. Sure, they have not been totally vulnerability free (who has?), but they seem to have a lot less and fix them a lot quicker (ie, take them more seriously) than Adobe does.


The Outspoken Wookie

Thursday, February 19, 2009

Nick King Post-Event

So, with Nick King having visited Brisbane, Sydney and Melbourne with only 18, 10 and 10 attendees respectively, I think that this gives a clear answer to the question from Microsoft about what we think of the current state of affairs and the future of MS Technical training in the SMB IT market space. Unfortunately.

Now, this post will likely piss some people off. That's definitely not the reason for the post, but then I'm not one to pull punches. So I won't.

Microsoft has failed when it comes to technical training in the SMB market space, and they have a well established history of failure. They've pissed enough of their channel partners off that we just don't believe they can deliver valuable technical training any more. The grand total of 38 people that took the time to meet with and discuss the situation with Nick should be a loud, scary statement to Microsoft of what they've done with this area of their responsibility.

The absolute worst example of Microsoft's lack of ability in delivering technical training was the recent EBS 2008 Hands On Lab that was pulled and totally reworked after I sent a letter on behalf of all of the Brisbane Lab attendees. Basically, every single lab failed, one snapshot was left in RegEdit to start, and the reboot after this resulted in constant BSODs, making that lab useless, we don't even know why they were in RegEdit without explaining this anyway, the notes often were plain wrong, the course, delivered in December, was built on RC0 code (ie, old and KNOWN to be broken), FTMG failed to work properly at all, the lab machines were seriously underpowered and the experience was, without a doubt, the absolute worst training experience I've ever experieced and I know the same was said by those other attendees in Brisbane. The ball was well and truly dropped with this course.

Nick assured me that, even though Microsoft didn't bother to take the time to reply to my email, they had taken action to "restructure" the team responsible for producing this Hands On Lab and to ensure that a situation like this never occurs again.

As I explained to Nick, Microsoft really, really shot themselves in the foot with this Hands On Lab - of the 10 attendees in Brisbane, 9 were IT consultants and one was from a Distributor. Out of the 9 resellers/consultants who attended, a resounding 9 have decided that if this is the best knowledge and support Microsoft can give on this product, that there's no chance we'll be promoting this to our clients. One fairly large company in Brisbane is also no longer looking at EBS as an option for the clients they had initially considered EBS appropriate for. Microsoft won't be making their sales targets in EBS if this is the best technical support and training they can provide.

It will take quite a while before attendees of this course want to even look at EBS again, let alone want to shell out for more training on it.

Excom who was stuck delivering this course, have been really good - Adele (in Brisbane) who is my new account manager has been following this up and keeping in communication with me. Something Microsoft didn't have the time or willingness to do. Excom realise how badly this course will affect them and as I have explained to Adele the state of affairs with the SMB IT community's level of trust in MS training, she understands how this situation will affect their own profitability and that of the other Microsoft Training Partners. They are taking the situation seriously. After all, with business taking some measure of a hit right now for many people, this is the ideal time to do some training to skill up before the market picks up again. Maybe we could get some good Ubuntu, NOWS SBE and training in since Microsoft has nothing of value to offer. :)

And the SBS 2008 Hands On Labs were an introductory course, again not what was sold to the SBSC community and user groups - we ALL had ample access to the WEBS and SBS pre-release code (thanks very much to Robbie Upcroft for this - he went above and beyond the call to make this available to anyone who wanted it) and should have covered pretty much all of what this Lab covered. Granted, the Migration secion of this course (2 hours out of the 2 days) was beneficial to people who'd not performed a migration before, however again the information in the course was already out of date and was using pre-release code. This course, however, was not a complete waste of 2 days of our lives, like the EBS course was.

Before this, in November Microsoft toured The Wayne and Robbie show to the User Groups which, again (and unfortunately) turned out to be a Vendor Salesfest instead of the advertised technical training from Wayne after his trip to Seattle to spend 2 weeks learning from PSS about WEBS and SBS. We got what was reported to be 24 minutes of this material (The Wayne says it was about 45 minutes), but whatever the time, it was overshadowed by all of the salesy crap Microsoft was pushing. Unacceptable. Not what was marketed to the User Groups.

We all know how the WESS Pre-Day at Tech Ed '09 worked out. So enough said about that Sales and Marketing event.

Does Microsoft even know what Level 300 technical training is? Apparently not. As I mentioned to Nick King on Monday, Microsoft has to do some serious work on Expectation Management - it seems what Microsoft considers Level 300 Technical Training is what the community considers Level 100. There's a great gulf between what we've been asking for and sold and what Microsoft's actually delivered.

If you have a look here, you'll see the levels as per the Microsoft Webcasts. Why are these levels not also applicable to SMB IT technical training in Australia? Why does SMB IT Technical Training at Level 300 down here equate with Level 100 webcasts? Or even here as related to MSDN? Or even here for the events held in Ireland?

The more I look at this, across the board Microsoft has one definition for Level 300 Technical Training and they have simply not lived up to it when delivering any technical training to the SMB IT Pro community, except for the short time at The Wayne and Robbie show - a lot shorter than we all believed we'd be receiving. So it seems not to be an Expectation Management issue as I spoke to Nick about, it seems to be a "Microsoft simply doesn't understand their own technical training levels" thing. I'm now even more disappointed.

So, with all of that in mind, as it seems that Microsoft is out of answers, what answers can we, the community, come up with? And this is SMB IT Pro answers, not necessarily Microsoft answers. What are the areas that we think are important for training - which products, technologies, solutions? Which manufacturers? What level of training are we after? What are we doing now to keep our skill levels up - or, more appropriately, improve them - whilst there's a bit of a slow down in business in preparation for the return of life as we knew it?

I'm talking with a few people about SMB IT Pro training to see what they think. I'd definitely like some feedback from the Aussie SBSCs out there so we can come up with a plan that can reach the many SBSCs and other SMB IT Professionals out there, not only in the capital cities, but everywhere. What would you like to see happening?


The Outspoken Wookie

Ubuntu's Shuttleworth Opens Up

I received a link to this online PDF from Intel earlier today. It is an interesting read from one of the bigger players in the Linux world, Mark Shuttleworth, the founder of Canonical Ltd and a general Open Source enthusiast, Entrepreneur and socially and ethically responsible "nice guy". He's also spent a shade under 10 days in space aboard Soyuz TM-34 and the ISS. OK, *now* I'm jealous!!! :)

Mark was one of the developers of the Debian Linux distribution and came back in 2003 (or was it 2004) with the Ubunto distro based on Debian Linux. Ubuntu is *probably* regarded as the most common Linux distro used on Netbooks, notebooks, desktops and servers, maybe just behind Redhat/Fedora. I know we've been using it at a few client sites for a while and it has been stable and reliable, rarely needing a reboot and able to handle its workload with a swift efficiency some other operating systems can only dream of (and some probably even see as being totally unattainable).

Canonical sees Intel's new Atom processor as a serious opportunity to gain market share whilst delivering a product that its end users are asking for - a usable, quick, secure, mobile operating system for use on Atom-based devices. I wonder how Microsoft's upcoming Windows 7 will compete in this market space that they are far from winning, especially when a visionary like Mark is also playing in there. Microsoft really misses their visionary.


The Outspoken Wookie

Monday, February 16, 2009

Windows Essential Business Server Preparation and Planning Wizards

(Update: This has the new, improved and functional version of the link now!)

For all the Brisbanites, and after tomorrow the Melbournians and on Wednesday the Sydneysiders (and the rest of those who are attending the Live Meeting of Nick King's sessions), here's the link to the two wizards he mentions.

And just to clarify, the Wizard shown in the slides (at least in Brisbane) was the Windows Essential Business Server Preparation Wizard. ;)


The Outspoken Wookie

Saturday, February 14, 2009

Microsoft Targets Their Own Channel for Extinction

When it comes to companies that many, many end users don't trust, Microsoft is probably top of that list. People have seen Vista! (And they will remember it for quite some time.)

Now, Microsoft has decided to try what they failed dismally at once before and open retail stores in major cities worldwide.

I wonder what they are trying to achieve - getting "up close and personal" responses from those people they've shafted by releasing Vista about a year too early in its long-extended development cycle, or just pissing off their loyal channel (well, maybe once-loyal) by competing directly with them?

Now, are we concerned about this ourselves? Not really. Why? Because we know about and support a LOT more than just Microsoft products. Can you imagine going to "Shop Microsoft" and asking whether is a valid choice for your computer and coming away with anything other than a head full of propaganda and a copy of Microsoft Office Professional for your home PC? Nah, didn't think so.

Those resellers who support mainly home users and micro businesses are quite possibly the targets here, and exactly why Microsoft wants to eat away at their channel partners from the ground up is something I really have to sit back and look at. How often does a structure that's had its foundations undermined last?


The Outspoken Wookie

Friday, February 13, 2009

Optus - What Service!

I'm calling on behalf of a client to connect 2 new services (9:05 AM on a Friday), and when I get through their menu system, this is the response I receive...

"Unfortunately, due to temporary service difficulties, we cannot connect your call at this time. Please try again later."


The Outspoken Wookie

Thursday, February 12, 2009

David Byrne

On Saturday 7 Feb I headed into the Brisbane Convention Centre with Simon Budden to see David Byrne on the Brisbane leg of his current "Songs of David Byrne and Brian Eno" tour. Now, I've been a *massive* David Byrne fan way back to the early Talking Heads days of Talking Heads: 77 as well as being a fan of Brian Eno who has worked with both Talking Heads and David Byrne since around 1978. I'd have to put down David Byrne as the most important influence on my career in the music/entertainment industry which, although I'm not working in it full time, I'm still active in and can't see that changing until I lose my hearing. :)

So, how was the concert? Excellent. It almost checks off one of the things I've always wanted to do - see Talking Heads. Since that won't happen any time in this reality, this has to be as good as that wish will get. Can I die a happy man now? Probably!

For a review of the Brisbane gig, have a read of this. For more reviews of the Songs of David Byrne and Brian Eno tour, have a read of this.

All I can end with is, well, Ooh, What A Day That Was! :)


The Outspoken Wookie.

Tuesday, February 10, 2009

Windows 7 Beta closing soon

Windows 7 is the next release of the Windows client operating system, built on the secure foundation of Windows Vista and Windows Server 2008. Performance, reliability, security, and compatibility are core tenets of this release as we collect your feedback to meet our engineering goals. The Beta is closing on February 10th so ake sure you download it soon!


The Outspoken Wookie

Nick King Event

As most UG members would know, Nick King, the EBS/SBS Product Manager responsible for technical training (and probably some other salesy stuff) will be in Australia on Feb 16, 17 and 18 for 6:00 PM meetings in Brisbane, Melbourne and Sydney (respectively, with the Sydney one also being webcast, not that I have an address for this yet). These meetings are for the SBSC and SMB IT folks to come along and a) let Nick know how they feel about Microsoft's recent efforts with respect to technical training, b) let Nick know what they would like to see from Microsoft when it comes to future technical training and c) to actually receive some technical training (apparently).

So, for all those who are able to get to the Microsoft offices in Brisbane (16 Feb), Melbourne (17 Feb) or Sydney (18 FReb) for a meeting from 6:00 PM to around 8:00 PM, I'm sure we'll all learn something from this event. And those who cannot make it can attend the Live Meeting event of the Sydney event, details of which I'll post when I receive them.

If there's questions you'd like answered, PLEASE comment on this blog entry so we can collate them (or email them to myself or The Wayne) and give them to Nick before his presentation to allow him to give real answers, not "aahhh, I'll get back to you on that" responses. It is always good to be prepared...

Nick is apparently aware of the really, really bad experiences we all had with the SBS and especially EBS Hands on Labs held recently, so whilst there will no doubt be some mention of these, we need to look at what Microsoft can do to make things better than we've been experiencing with their training of late. Wayne says that "Nick can talk across any type of level from sales/marketing to deep technical" however as we've all been "sales" talked to at technical training events, I'm sure we'd like to keep this as technically focussed as possible.

So, if we can all make it to these events physically or virtually, offer input on Microsoft's technical training abilities, responsibilities and performance in the SMB market of late, offer suggestions on how these experiences can be improved and then learn somtthing from Nick whilst he's here, it should be time well spent.

Here's a rough agenda for the evening, as given by The Wayne:

10 minutes – Introduction of the event / Key people
50 minutes - Open Q&A / Feedback session
1 hour Tech Training supplied by Nick – “as deep as we want to go” – I’ve (The Wayne) suggested the topic of SBS Migrations would be the most relevant


The Outspoken Wookie

Saturday, February 07, 2009

What Microsoft seems not to understand about security

Back in the Microsoft Dark Ages, when Windows 9x roamed free, Microsoft Bob was still a fond memory to those on its project team and security was a word Microsoft had not yet truly learned the meaning of, we didn't expect them to release anything that was designed with security as a primary concern. After all, they didn't really understand what it was.

Scroll forward to 2009 - a totally different era in the computing world. Vendors such as Quicken are (amazingly) starting to realise that their clients want to run their desktops securely (kinda sorta - there's big issues with the QuickBooks PDF engine if UAC is enabled in Windows 7 Beta 1), the average user is starting to understand that running as a local administrator means they act as a magnet to filth like AntiVirus 2008, AntiVirus 2009 or whatever other moniker it goes by this week, the average sysadmin is starting to understand that having everyone's computer in the company running with all users as local administrators isn't sane, business owners are starting to realise that the value of the data on their notebooks often far outweighs the value of the notebooks themselves and the owners of some small businesses realise that without any real security for their network and data, they have no real chance of surviving. Does Microsoft understand this? Apparently not.

I recently blogged my thoughts on the state of affairs regarding the Windows 7 Firewall default configuration (here) and referenced the issues I had with the Windows Vista Firewall default settings (here and here) and received (in part) this reply from Scott Roberts, the Lead Program Manager for Windows Network Security:

You might not be aware that we have added a number of new, on by default, items to the Windows Operational Logs. This avoids overloading the base logs.

You can view them by using the following paths:
Firewall : Event viewer -> Applications and Services Logs-> Microsoft -> Windows -> Windows Firewall with Advanced Security -> Firewall
Connection Security: Event viewer -> Applications and Services Logs-> Microsoft -> Windows -> Windows Firewall with Advanced Security -> Connection Security

There are also, other, non-default verbose versions of these logs that can be enabled in the WFAS MMC.

We were not able to justify the security benefit, management overhead, and usability impact to enable, by default, the outbound firewall’s ability to block all traffic not already permitted. It is fairly simple to enable for corporate administrators and IT Pros. You can enable this in a handful (~6) clicks from the start menu. Simply right click the node ‘Windows Firewall with Advanced Security’ properties once you launch the tool, click properties, and then select Outbound Connections ‘Block’.

While I understand that this doesn’t address your feedback about making this the default I can share with you that we reviewed this issue in great detail. The realities of the OEM channel somewhat mitigate the impact of this in the consumer space and our GP controls mitigate it the managed space.

First, let me say that I do appreciate Scott taking the time to read my blog and reply on this point, I'm not sure that I can see much sense in his answer in today's environment (as compared to the Microsoft Dark Ages, where it would have been the expected answer). Whilst Scott and his team may not have been able to justify the overhead, security impact and usability impact by enabling outbound filtering in the Windows Firewall, many, many home users and pretty much every single business user can justify it.

One of the things that we've done where possible is to not only block outbound smtp traffic at the gateway firewall from all IPs except the on-premise Exchange (or other) mail server, but to block outbound traffic to ports other than 20 and 21 (ftp), 22 (ssh), 80 (http), 443 (https), 444 (CompanyWeb-2003), 873 (rsync) and 4125 (RWW-2003) so that rogue applications are extremely limited in what they can do to send confidential data outside the network.

In addition to this outbound filtering, some of the other steps we take are:

  • configuring user accounts as "Limited User" not "Local Administrator" (where possible)
  • run a decent AntiVirus product on all desktops and servers
  • externally filter emails to reduce inbound spam and malware issues
  • use Group Policy to configure the users' Windows Firewall and other security settings
  • keep the desktops and servers regularly updated
  • ensure the staff at our client sites understand that if an email arrives with an attachment they are not expecting - *any* executable, anything that *feels* vaguely weird, or anything that comes from someone they don't know, they are not to open it but let us know or just delete the file and ask the original sender if they meant to send it (and if so, send it again, still contacting us if they feel it may be fishy)

Probably the main reason (if not the only reason) that Windows XP users ran a non-Microsoft firewall on their desktop was that the Windows XP Firewall provided no outbound blocking whatsoever. So, Microsoft claimed they learned from this and released the Windows Vista Firewall with outbound blocking. or so they claimed. As I mentioned previously, oubound filtering was disabled by default and *far* from easy for the home user to work out how to enable. So many users keps up with their third party firewall application because it provided security that was simply not built in nor easily configurable in the operating system (where it most definitely belongs).

So I bring this issue to people's attention so that we can all learn from this. We can learn that Microsoft still doesn't take desktop security all that seriously and Microsoft can learn that we want them to take desktop security seriously.

Then they release Windows 7 Beta 1 and have the same default security (or rather insecurity) settings - no outbound filtering enabled by default. They claim that this is because they couldn't justify the security it added compared to the usability it removed. Seriously - how many people want a bucketload of non-standard (ie, mainly those I listed above) ports open on their desktops? Obviously, this is easy to address - just as Microsoft addressed the "Automatic Updates" issue with Windows XP SP2 - put up a screen suggesting that although the default is to allow all traffic outbound to every destination on all ports, Microsoft recommends that users enable outbound blocking, and clicking on "this" button will do that for all non-standard traffic. This would allow ftp, http, https, pop3, networking, home groups and all other *standard* protocols and ports to work as expected yet block all other ports. There would obvioualy need to be a Control Panel applet to configure this - unlike the Advanced Firewall applet that isn't available through the Control Panel.

Really, how hard could that be?

And whilst I'm going on about Microsoft not understanding desktop security, I remember speaking to Michael Risse (Vice President, Worldwide Small and Midmarket Business Group) and Robbie Upcroft (Product Manager - SMB Servers, Australia) at WPC in July 2008 in Houston and also emailing Steve Ballmer (and being totally ignored, might I add) during his Keynote address when he was espousing the value BitLocker can add to an organization's security, about the lack of BitLocker in Windows Vista Business. I know a number of other people have bought this up as being a serious oversight. The issue is that SMB owners cannot see any real value in buying SA for a desktop OS as when their machine dies or is replaced at the end of its viable lifetime (usually 3 - 4 years), they need (as in are required) to buy another OEM OS anyway - which will be whatever's current. So SA is pretty much useless as they will be *extremely* unlikely to upgrade their OS without upgrading their desktops. SA provides BitLocker via Vista Enterprise. Vista Ultimate (the home user's "big boy" Vista also provides BitLocker. Vista Business - the OS that would be specified and installed on more Business laptops than any other version of Vista (yet less than the number of XP copies installed on business laptops) fails to include BitLocker.

Oversight? Massive. Planned oversight? No doubt. How else will they be able to justify (sic) selling SA on desktop OS licenses?

Now with Windows 7 on the horizon, Microsoft has made the same planned oversight - to not include BitLocker in Windows 7 Professional - the Windows 7 version that will most likely be installed on SMB laptops. This means that SMB laptops will need either SA (not likely at all) or Windows 7 Ultimate (aka a home user OS) to get BitLocker security for their files.

Can anyone see any sense in this at all? Anyone?

What is Microsoft thinking? Back in March 2005 they released The Trustworthy Computing Security Development Lifecycle which detailed their much trumpeted "SD3+C" ideology of "Secure by Design, Secure by Default, Secure in Deployment, and Communications". Not allowing Vista Business nor Windows 7 Professional users - the majority of business users - to have access to BitLocker achieves *NONE* of these goals and actively works against all of them.

Are we going to sit back and let this happen or are we going to let Microsoft know that treating SMB clients' security with this disrespect is unacceptable?


The Outspoken Wookie

Thursday, February 05, 2009

Cisco Wireless LAN Controller Vulnerability

There has been multiple vulnerabilities recently discovered in the Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers. The affected products are:

  • All Cisco Wireless LAN Controller (WLC) platforms
  • Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (WiSM)
Cisco has posted an advisory on their website and updated firmware for the affected devices is also available through that site.


The Outspoken Wookie

Windows Mobile 6.1 is great for business – yours and your customers'

Grow your business by providing your customers with mobility solutions based on Exchange and Windows Mobile 6.1. A Windows Mobile solution can help you drive revenue, create new opportunities for your value-added services and for a limited time, may help you win a Samsung Omnia smartphone powered with Windows Mobile 6.1 software! Get started and learn how to make the most of the benefits these mobility solutions offer you and your customers.

Tell your customers about the latest Optus Windows Mobile offers (click here for the PDF).

Visit the Partner web page for more Windows Mobile and SBS Server information.


The Outspoken Wookie

HP JetDirect Vulnerability

There has been a recently discovered vulnerability in the HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect printers. The affected printers are:

  • HP LaserJet 2410 with firmware prior to 20080819
  • SPCL112A HP LaserJet 2420 with firmware prior to 20080819
  • SPCL112A HP LaserJet 2430 with firmware prior to 20080819
  • SPCL112A HP LaserJet 4250 with firmware prior to 20080819
  • SPCL015A HP LaserJet 4350 with firmware prior to 20080819
  • SPCL015A HP LaserJet 9040 with firmware prior to 20080819
  • SPCL110A HP LaserJet 9050 with firmware prior to 20080819
  • SPCL110A HP LaserJet 4345mfp with firmware prior to 09.120.9
  • HP Color LaserJet 4730mfp with firmware prior to 46.200.9
  • HP LaserJet 9040mfp with firmware prior to 08.110.9
  • HP LaserJet 9050mfp with firmware prior to 08.110.9
  • HP 9200C Digital Sender with firmware prior to 09.120.9
  • HP Color LaserJet 9500mfp with firmware prior to 08.110.9
HP has released a security bulletin and updated firmware for the affected devices.


The Outspoken Wookie

Wednesday, February 04, 2009

VNC Viewer Security Vulnerabilities

UltraVNC and TightVNC (both derived from the original VNC code) have recently had vulnerabilities discovered in their client (viewer) software. UltraVNC Viewer has been updated to to address this vulnerability, however as the last TightVNC release was waaaaaaaayyy back in May 2007, (they *are* promising 1.3.10 will be released on Feb 10, addressing this vulnerability - a little slack if you ask me) I'd recommend replacing any TightVNC installs you have with the latest updated UltraVNC product.

For more information on this vulnerability, have a read of this link.


The Outspoken Wookie

Windows 7: Let's Confuse The Marketplace

It seems that Microsoft won't listen to anyone at all. The gaggle of versions othat Vista had, as well as its truly underdeveloped state, helped to confuse and concern the marketplace into not wanting to run Vista. Oh, and its massive increase in baseline hardware helped achieve those results, too.

Now, it seems that Microsoft has chosen to ignore the massive community input that they received about making the variations of Windows 7 limited to one home version, one business version and one Software Assurance-only version (that DOESN'T remove functionality). What would make sense was having Windows 7 Home, Windows 7 Professional and Windows 7 Enterprise. And, OK, having Windows 7 Basic for emerging markets with below-spec hardware would also be useful. But no, Microsoft seems to have released 6 different Windows 7 versions. Insanity reigns supreme under the leadership (sic) of Steve Ballmer, not technological leadership which they used to have.

Have a read of the Engadget blog for more information of the many and confusing (for consumers) versions of Windows 7 that will be made available. Again, as in the past with Vista, we'll stick with Home Premium for all home users and Professional (nee Vista Business) for all business users. Business-based media devices will run Windows 7 Ultimate. We'll ignore the rest of these options so that we can keep the confusion away from our clients who, after all, just want an OS that works - they don't care what it is called, how many versions it has or anything other than the fact that it supports their applications - after all, an OS is a layer between your hardware and your applications.

And, while I'm at it, it seems that Microsoft has chosen to shun the Windows 7 Professional user's need for security. They stupidly left BitLocker out of Vista Business and have again stupidly left it out of Windows 7 Professional. For a company claiming to be "secure by design, secure by default" they have designed the operating system that most professional people will use to not have drive encryption security - meaning we'll *still* have to sell Windows 7 Ultimate, with all the Media Center fluff in it for any business laptops. Sure, Media Center is decent, but why do we have to buy that just to get BitLocker encryption when it *SHOULD* be included in Windows 7 Professional?


The Outspoken Wookie

New Generation Certifications: SBSC

Want to know more about the changes coming to the Microsoft Partner Program that WILL affect all Partners? Questions like: Will we retire the 70-282 cert? What will it take to become an SBSC? Will we even have a Small Business Specialist Community or will it finally become the SMB competency?

Get answers to these questions and more Monday 20th April at 9 AM PST (Tuesday 21st April 2AM AEST) in the next 5W/50 Series - New Generation Certifications: Program Overview & Certification Resources Available for the SBSC Community.

Learn why Microsoft developed the New Generation of Certification, as well as what certification exams and resources are currently available for Microsoft partners, including the SBSC community. Find out more about the value of certification, including how it can benefit your business.


The Outspoken Wookie

Tuesday, February 03, 2009

Antivirus 2009

OK. I just have to say this here. If you've been infected by *any* of the malicious malware that's around - viruses, spyware, and especially Antivirus 2009, then there's one (read: One) way to eliminate this from your system and return it to a known-clean state.

Nuke and Pave.

Cleaning it won't help.

Hoping it is clean won't help.

Praying it is clean *obviously* won't help.

Do you *know* exactly what was done to your system while it had its pants arounds its ankles and its junk exposed for all to gawk at? (Gawk: verb.) Do you KNOW that there were no rootkits dropped onto it while Antivirus 2009 fondled its privates? Nope. Do you *know* what happened? Nope.

So how can you run a cleaner and proclaim it clean? You can't do this and expect to be taken seriously.

If you've been hit by malicious software because your previous practices were not adequate to protect you from this, nuke, pave AND LEARN.


The Outspoken Wookie

SSL Certs and Windows Mobile

I was just consulting on this exact topic and felt that I should post this information up here since there seems to be so many other places posting half working solutions. (Hhmmm, if I post two half-working solutions, does that make it a full solution?) OK. So here's a *working* solution!

Are you getting tired of working out how to get an SSL certificate installed on your WM devices so they can connect and download mail using ActiveSync and Exchange Push (sic)? Over trying to fight IE to get the certificate and trying to remember which format you need the cert in?

Well, there's two ways to achieve your goals. The first way needs to to go to OWA on a computer (as a user with local administrator rights), accept and install the certificate and when doing so, place it in the following store: Trusted Root Certification Authorities (Registry) which is *only* enabled if you check the "Show physical stores" box. Now this certificate is installed on this computer. Next, still as a local administrator, in IE go to Tools\Internet Options\Content\Certificates\Export and choose the binary encoded DER format. Copy the .cer file that is generated to the Windows Mobile PDA, run it, the certificate will be installed and you can now sync to your Exchange Server.

Now for the simple way. Have a read of Scott Yost's blog entry here and then download and install his SSLChainSaver utility from the Microsoft Download Center. Once installed, you'll need to run the tool from a location where you have write permissions and it will extract all of the certificates from the SSL chain into a subdirectory. You then copy the .cer file that is generated to the Windows Mobile PDA, run it, the certificate will be installed and you can now sync to your Exchange Server.


The Outspoken Wookie

Sunday, February 01, 2009

Get Maximum Mobility With Exchange

Selling Exchange Server 2007, Essential Server Solutions (SBS/EBS), and Windows Mobile® is a great opportunity for you to extend your existing solution offerings. By expanding your solutions, you can generate more sales, create end-to-end solutions, and become your customers’ trusted advisor.

Get Maximum Mobility with Exchange provides you with technical training and opportunities to win Windows Mobile phones. Complete the training to be entered into a drawing for a Windows Mobile phone. Be one of the first 1,000 to sell your first Exchange Server license, and we’ll thank you with a Windows Mobile phone!

The Get Maximum Mobility with Exchange promotion offers training and incentives to help you provide SMB customers with mobile solutions based on Exchange Server 2007, Essential Server Solutions (SBS/EBS), and Windows Mobile. As you sell Windows Server to SMB clients, attaching mobile solutions can greatly increase your revenue and the functionality of the solution for your client – it can triple your opportunity when you add Essential Server solutions and Windows Mobile to Windows Server business and quadruple it when you add Exchange Server and Windows Mobile to your Windows Server business.

To help you provide these solutions, Microsoft has put together a readiness program to give you training on Exchange, Essential Server Solutions, and Windows Mobile. Once the training is completed, you will be entered into a drawing to win a Windows Mobile phone. Additionally, the first 1,000 partners to sell their first Exchange Server license win a Windows Mobile phone.


The Outspoken Wookie