Real knowledge is to know the extent of one's ignorance. -- Confucius
February 2006 Archives
The next version of Microsoft Office (code named Office 12) will be called Microsoft Office 2007. After hearing that the next operating system will be called Microsoft Windows Vista--I was wondering if Microsoft would rename Microsoft Office. Paul Thurrott has an excellent FAQ on his website: Paul Thurrott's SuperSite for Windows.
Was catching up on some reading this evening and came across this article from Paul Thurrott on the WindowsITPro website. Microsoft has announced the different editions of Microsoft Windows Vista that will be available upon its release:
Microsoft Windows Starter 2007
Microsoft Windows Vista Home Basic (and Home Basic N)
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Business (and Business N)
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Ultimate
Below you will find links to this month's security fixes released by Microsoft for the month of February:
MS06-004 Cumulative Security Update for Internet Explorer (910620)
MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
MS06-006 Vulnerability in Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446)
MS06-008 Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
MS06-010 Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)
If builders built houses the way programmers built programs, the first woodpecker to come along would destroy civilization. -- Gerald Weinberg
IDefense Labs has announced it will pay $10,000 for submitting a vulnerability submission that results in the publication of a Microsoft Security Bulletin with a severity rating of critical. See below:
For the current quarter, iDefense Labs will pay $10,000 for each vulnerability submission that results in the publication of a Microsoft Security Bulletin with a severity rating of critical. In order to qualify, the submission must be sent during the current quarter and be received by midnight EST on March 31, 2006. The $10,000 prizes will be paid out following the publication of the Microsoft Security Bulletin and will be paid in addition to any amount paid for the vulnerability when it is initially accepted. Only the initial submission for a given vulnerability will qualify for the reward.Further details on the iDefense Vulnerability Contributor Program (VCP)
Shrinking/Truncating the log in Microsoft SQL Server 2000 is no longer a deferred operation. A shrink operation attempts to shrink the file immediately. However, in some circumstances it may be necessary to perform additional actions before the log file is shrunk to the desired size. This Microsoft Knowledge Base Article explains how to manually shrink/truncate the log file. It also should be noted that a good backup program from Veritas or CA should automatically truncate the log after a successful backup. Make sure to make a good backup before doing any operation to a Microsoft SQL Server database.
ICSA Labs (A Division of CyberTrust) announced the results of its New Desktop Anti-Spyware Certification Testing Program. The first three programs to be certified where: FortiClient Host Security from Fortinet, Inc. ; McAfee VirusScan Enterprise 8.0i + McAfee AntiSpyware Enterprise Module from McAfee, Inc. ; and Symantec AntiVirus Corporate Edition 10.0 from Symantec Corporation. I was very surprised not too see CA PestPatrol in the first round of certification testing. Also, when ICSA Labs published the press release--no statistics where posted. I would very much like to get my hands on that! Have a great weekend!
The bottom line for any company is that we have to meet customer expectations through a relentless focus on innovation. It's the soul of our company and it's what we aspire to more than anything else to contribute. -- Steve Ballmer
There are two major products that came out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. AndersonWarning: Some sites rant that this quote is untrue--I just think it's funny!!!
Ever wonder how Microsoft's IT structure is set up?
Exciting news today... I have used VMware Workstation for some time now--it let's me easily run multiple operating system platforms on my laptop. VMware was the first company to really get virtualization down to a science. For some time, they have offered the VMware Virtual ESX Server--an enterprise class virtual server product. Today, VMware announced a free server product called VMware Server. I heard about this a week or two ago and was really excited to see it released this week. This is going to open a lot of doors for IT people throughout the industry. I think where going to see a lot of IT projects move to the virtualization way of designing datacenters. The ability to run multiple servers on a single set of hardware will greatly improve designs in the server room. Most of all, this free version of VMware Server is going to give potential customers the ability to play with the product/technology before buying into it. I applaud VMware for taking this bold step forward. I promise more articles in the near future about VMware Server--my download is going as I write this! Here is the press release from VMware:
PALO ALTO, Calif., February 6, 2006 VMware, Inc., the global leader in virtual infrastructure software for industry-standard systems, today introduced VMware Server, a free new entry-level hosted virtualization product for Linux and Windows servers. The product is available as a beta download at www.vmware.com/products/server/.
"Virtualization and VMware have become mainstream in the past year, and many customers have deployed thousands of VMware server environments across their enterprises. With VMware Server, we are ensuring that every company interested in, considering or evaluating server virtualization for the first time has access to the industry-leading virtualization technology," said Diane Greene, VMware President. "VMware Server makes it easy and compelling for companies new to virtualization to take the first step toward enterprise-wide virtual infrastructure."
VMware Server, the successor to VMware GSX Server, enables users to quickly provision new server capacity by partitioning a physical server into multiple virtual machines, bringing the powerful benefits of virtualization to every server.
VMware Server is feature-packed with the following market-leading capabilities:
Support for any standard x86 hardware
Support for a wide variety of Linux and Windows host operating systems, including 64-bit operating systems
Support for a wide variety of Linux, NetWare, Solaris x86 and Windows guest operating systems, including 64-bit operating systems
Support for Virtual SMP, enabling a single virtual machine to span multiple physical processors
Quick and easy, wizard-driven installation similar to any desktop software
Quick and easy virtual machine creation with a virtual machine wizard
Virtual machine monitoring and management with an intuitive, user friendly remote console
VMware Server is the first commercially available server virtualization product with support for 64-bit virtual machines and Intel Virtualization Technology, a set of Intel hardware platform enhancements specifically designed to enhance virtualization solutions.
"Central Transport has saved hundreds of thousands of dollars with VMware virtual infrastructure," said Craig Liess, server administrator for Central Transport. "Introducing a new server virtualization product including Virtual SMP and support for 64-bit operating systems and Intel Virtualization Technology is a natural progression for VMware, furthering the company's leadership in the market. Offering VMware Server for free will bring VMware's proven virtualization technology to a wider audience, allowing companies to achieve the benefits of virtualization, such as cost reductions and flexible server provisioning."
Accelerating Mainstream Adoption of Virtualization
By making virtualization technology available broadly and freely, first in the form of VMware Player which was made generally available in December 2005 and has more than one million installs and now in the form of VMware Server, VMware is providing the opportunity for users to experience the benefits of virtualization firsthand and for companies to broaden usage of virtualization to all corners of their enterprises.
"In 2005 virtualization decidedly moved in the mainstream, with an ever-increasing number of companies using server virtualization in production," said Gordon Haff, senior analyst, Illuminata. "VMware's strategic move to offer a free entry-level server virtualization product will help keep VMware out ahead of other x86 virtualization players - and accelerate the development of the market by exposing VMware virtual infrastructure to a much wider audience."
Providing a Path to Enterprise-class Virtual Infrastructure
VMware Server is an ideal starting point for users seeking to familiarize themselves with the concept of virtualization before progressing onto the enterprise-class suite of VMware virtual infrastructure products that includes ESX Server with Virtual SMP and VirtualCenter with VMotion technology for large-scale production server consolidation, business continuity and enterprise hosted desktop solutions. The suite is used by more than 20,000 companies worldwide today with more than 90% running VMware virtual infrastructure in production server environments and 25% choosing to standardize their industry-standard systems on VMware.
Intel and VMware to Launch Global Marketing Campaign to Users on Value
With the introduction of VMware Server, Intel and VMware are launching a global marketing campaign to educate users on the value of virtualization on Intel platforms and to drive broader adoption of virtualization.
"VMware Server on Intel-based systems will allow customers from big IT to SMB to experiment with virtualization, understand its benefits and realize the value of Intel technologies such as Multi Core and Intel Virtualization Technology," said Diane Bryant vice president, general manager, Intel Server Platforms Group.
Broad Hardware OEM Partner Support
VMware's leading OEM hardware partners welcome the introduction of VMware Server.
"Virtualization is a key enabling technology for our customers as they use scale out architectures for data center deployments," said Paul Gottsegen, vice president, Dell product group. "VMware Server is a great opportunity for our customer base to easily evaluate how the benefits of virtualization can help improve their server utilization rates."
"Virtualization is a core tenet of Fujitsu Siemens Computers Dynamic Dater Center strategy," said Dieter Herzog, senior vice president, Enterprise Servers, Fujitsu Siemens Computers. "To help our customers accelerate the adoption of virtualization and make their data centers more agile, effective and flexible, we have partnered with VMware to distribute VMware Server to our global customer base."
"HP's approach to virtualization is designed to help customers maximize their IT investment while simultaneously reducing costs and increasing agility," said Paul Miller, vice president, marketing, Industry Standard Servers and BladeSystem, HP. "By adding the new VMware Server to our broad line of industry-standard ProLiant server platforms, management tools such as the ProLiant Essentials Virtualization Management Software and a wide portfolio of service offerings, customers can easily capitalize on the benefits of migrating to virtualized environments."
"IBM xSeries delivers innovative virtualization solutions by leveraging our strong partnership with VMware and our industry leading X3 Architecture and BladeCenter platforms," said Leo Suarez, vice president and Business Line Executive, xSeries at IBM. "The new VMware Server offering will enable more xSeries and BladeCenter customers to experience the benefits of virtualization and see the value that virtualization can bring to their environment."
VMware Server beta is available for immediate download at www.vmware.com/products/server/. The product is expected to be generally available later in the first half of 2006. Support and subscription services for VMware Server will be available for purchase upon general availability.
Was doing some Microsoft partner training tonight and came across this whitepaper comparing Microsoft Window vulnerabilities to some different Linux distribution vulnerabilities. Pretty interesting stuff... You can download it here... Here is a brief description of the whitepaper:
In this non-sponsored report, Forrester collected a year's worth of data and analyzed Windows and four key Linux distributors on key metrics of responsiveness to vulnerabilities, severity of vulnerabilities, and thoroughness in fixing flaws.
The saddest aspect of life right now is that science gathers knowledge faster than society gathers wisdom. -- Isaac Asimov, Isaac Asimov's Book of Science and Nature Quotations, 1988
A couple of years ago, I sat in a China Civilization course at The University of Akron trying to imagine what life would be like there across the pacific. I remember lectures on Tiananmen Square and the demonstrations that occurred and changed history in China. One of my papers for this course was a report of anything interesting that I found out about China. Being the network geek that I am--I wrote a paper on the internet and the Great China Firewall . Interestingly, China filters links from the internet--only allowing what the government approves. I was reading a blog entry by Mike Taht that revisited this topic for me and brought the disgusting news to my attention. It seems Google has decided to obey China's laws governing internet filtering. I will let the example demonstrate for itself--these are two links for a search on the word Tiananmen on the Google Images search engine:
Google China: http://images.google.cn/images?q=tiananmenAs you can see, the Great China Firewall portrays a pretty picture of Tiananmen Square and the rest of us get too see how it should be really portrayed. What was Google thinking? I believe Mike Taht said it best in his post:
Google the Rest of the World: http://images.google.com/images?q=tiananmen
I can't believe I am already writing about this... As you know from my previous post, Microsoft has release IE 7.0 Beta 2 Preview Available for Public Review. Looks like our friends over at Security-Protocols have already found a potential threat and have released an advisory. Basically, there is a string of HTML code (will need to view source to see HTML code) that basically causes Microsoft IE 7.0 Beta 2 Preview to crash. According to the advisory, Microsoft has been contacted about the bug. Now I am gong to rant just a little:
I am by no means defending Microsoft--but come on, this is clearly labeled BETA software and should not even be considered for use in a production environment. I would encourage anybody who finds a bug--to contact Microsoft and make them aware so it can be addressed. That is what the concept of BETA is all about. I just hope other blogs and websites don't start taking pop shots at Microsoft over this--let's wait till the code goes to manufacturing before we start slamming. Again, I am not defending Microsoft--I am aware of their track record for security problems. Let's just cut them a little slack on the BETA software... End Rant... I have a gut feeling this article is going to produce some comments and I probably opened a can of worms... Flame away…
The purpose of life is to live it, to taste experience to the utmost, to reach out eagerly and without fear for newer and richer experience. -- Eleanor Roosevelt
I was looking through some white papers this evening, catching up on some reading. Came across this white paper from the Novell website: Using Novell Solutions to Provide Integration with Citrix Products. At first a lot of people would overlook this white paper thinking it is only based for Novell installation only; but, in fact this document has a lot of good information that could be valuable for a Microsoft Windows 2003 Server environment. Some of the topics covered include: