Wednesday 24 March 2010

Static Analysis: Out of the closet

A friend of mine, Chris Jackson may or not be known to you few who read this blog. Touted as the Top Man in Application Compatibility he undoubtedly has more knowledge, experience and understanding on the topic of application compatibility than all other organic (non-silicon) beings on the planet.

Recently, he posted a note on his blog about static analysis for application compatibility that may be interesting.

His posting can be found here;

I think his views on the topic are interesting - however, I think he raises a few key points that I feel the need to comment upon.

Chris notes that;

"One thing you want to be very careful of with all of the tools: it’s remarkably easy to surface all kinds of “issues” which would be “better” if you fixed them, but the software still lets you get your job done if you did nothing about it. Chances are, you were given the budget for an application compatibility project, not an application quality project. Application quality projects cost more than application compatibility projects – don’t create one accidentally."

I think from what we are seeing in the Enterprise application compatibility space is that as part of a migration to Windows 7 (or App-V) getting your applications to the next platform, really is a "Quality Issue". We are finding that most clients standards have changed and/or improved over the past few years since the last migration (remember the move TO Windows XP??).

So, the point here is that there is probably a large chunk of work to be done on each package as part of the migration effort. So, here is a quick summary of the tasks you may to complete to get each application package ready for the target platform;

  1. Windows 7 Compatibility fixes
  2. App-V tuning and optimization
  3. Industry Best Practice Updates
  4. Quality Assurance Analysis and Updates

So, you may have a lot of work to do to get your application packages into shape for the new platform. When we created AOK, we saw this issue coming and created automated fixes for these issues.

So, if you are doing a Compatibility Project, you are probably expected to also deliver a Quality Project.  And, my guess is that you need an automated solution for both the analysis and the remediation. 





Tuesday 23 March 2010

We support App-V 4.6



Virtualization has been around for quite a while now and like all technology developments it can mean different things to different people. However, the benefits it can bring to an organization such as reduced costs and time, coupled with the accessibility gains are the same irrespective of area of deployment.

Application virtualization is a fundamental part of any virtualization strategy and with the recent launch of Microsoft App-V 4.6, IT Managers can now greater control over application portfolios, minimizing application degradation and reducing the time required to fix any problems which arise.

We’ve been working alongside the Microsoft App-V team in developing our own set of plug-ins for ChangeBASE AOK which further enables global organizations to embrace virtualization. By enabling instant assessment of application compatibility with virtual environments, AOK streamlines application readiness by automating the remediation of application compatibility issues for the target virtual environment. This process can save months of manual testing and ensures that applications being virtualized will work on the target platform, have access to any required dependencies, and operate alongside any other applications they are deployed with.

Virtualization is here to stay and with more organizations looking towards virtualization as a bottom line cost saver the ability to quickly virtualize applications will be crucial to the success of the project.

And, here is a little self-promoting news (a link to our website with the press release).

http://www.changebase.com/NewsPage.aspx?page=News/news_release_2010_03_23.xml&style=~/Style/PressRelease.xsl 


And for those who are interested, here are some links to the Release Notes for App-V 4.6 and the technical documentation on Microsoft's TechNet;


App-V 4.6 Technical Documentation
http://technet.microsoft.com/en-us/library/cc843848.aspx

App-V 4.6 Release Notes
http://technet.microsoft.com/en-us/library/ee958115.aspx


Friday 12 March 2010

Microsoft Patch Tuesday: March 2010

Wednesday 10 March 2010

IE6: Another serious vulnerability

Well, you had your chance.... Chances for that matter. It's really time to upgrade to IE8.... Today!

Microsoft has just released another security advisory for IE6 that allows Remote Code Execution yesterday which can be found here:


The reason I say you have had your chance (or in this case chances) Microsoft released an update in January to mitigate this issue hefty (which is now in the wild) as Jerry Bryant from Microsoft Security team highlights;

"At this time, we are aware of targeted attacks seeking to exploit this vulnerability against Internet Explorer 6. Internet Explorer Protected Mode in Internet Explorer 7 running on Windows Vista helps to mitigate the impact of this issue. "

Meaning, that this exploit is now in the wild, and if you are running IE6 or the standard configuration of IE7, you are now pretty vulnerable to  attack.

You can find the Microsoft Security update MS010-002 here:

And for a description of the issue and some of the risks associated with this latest (greatest) IE6 issue you can read the CVE details here:


And, if you need to fix the issue (by enabling and turning DEP for IE) you can choose the Microsoft "Fix IT" (sounds familiar??) option here:


Note: this Microsoft Fix-IT approach will download an MSI onto your desktop. This Microsoft Installer package (MSI file) will update your local compatibility database with SDB file that will switch on DEP for your browser. Note: Enabling DEP may cause application issues for other applications and within IE itself.

Or, you could just upgrade to IE8 then..



Tuesday 9 March 2010

2010: The year we make contact: ...with the global economy

As you can probably tell - life is doing a bit of "number" on me right. Trying to get the right priorities in the right order - work/family/me/work... yeesh. When you start-up a company there is a really nice point, where you are successful, busy and things go pretty well. Then, things get busier, and then busier... well, and just a little more busier - so, I am getting back into this blog for 2010 and this year maybe a little more focus on the marketing or business side of things. Don't want to be too, too technical now, do we?

As you can imagine building a global "marketing" footprint can be a long and hefty task. To combine this with building an effective enthused ecosystem  can make the task seem like eating an elephant. For me and ChangeBASE the first couple of months of 2010 has seen an incredible demand from channel partners in the US and Europe..

Our relationship with Microsoft has enabled us to reach out and educate a vast number of potential partners. Last Thursday was testimony to this fact. Microsoft invited us to be their guest speaker to over 50 US Microsoft ACF and MDOP partners.

During the session we reviewed the challenges facing organisations of every size when migrating to a new OS and packaging their applications for effective deployment. We walked through the ChangeBASE AOK offering and discussed the benefits for an organisation using our technology to effectively plan their application migration and most importantly for the channel community we discussed how they can differentiate themselves from the competition with AOK, increase revenue and gain new customers. The result – within 24 hours of the call we had over 5 separate partners contact us, looking to sign partnership agreements and register business opportunities.

How did we achieve this? One could argue the might of the AOK offering. I believe it was 50% our market leading technology which saves organisations hundreds of thousands of pounds/dollars in migration and application packaging costs and 50% our close working relationship with the right people in Microsoft and their belief in our technology.

Lessons learned: to eat the elephant you need to have the right instruments (technology), the appetite (an enthused proactive channel) and the right connections (relationships).

That said, I just might be making things even busier for me... 


Monday 1 March 2010

Windows HLP files: Still Bad

I often get asked about why Microsoft removed support for Windows Help (HLP) files under Windows Vista and Windows 7.  I mean how bad can some application documentation be right?

Well, it's not the content, it's the format. The WINHELP.EXE engine formats the HLP documentation files into a early form of HTML that can load some forms of executable content. This feature makes this file format particularly prone to a large number of security exploits.

To add some weight to this argument, Microsoft has added a security warning for a recent security vulnerability involving WINHLP (HLP) files which can be found here:

http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx

Specifically, the issue raised by the Microsoft security team is;
"The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system"
To find out more about these Microsoft executable file formats,  you may want to read the following Microsoft White paper found here:

Understanding Executable Content in Microsoft Products:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b7d03027-9791-443b-8bbe-0542b3aa4bfe