Tuesday 23 December 2008

Netbooks - The new cabbage patch kid

I have done the unthinkable. Or, what was at least year would have been considered profligate and a little excessive.

 

I have bought my 5-year old daughter a laptop. A pink one. And, I love it!

 

More specifically, I have bought a Netbook. I first saw one of these small black Linux based thingies about 6 months ago and was summarily un-impressed. Really, really could not care. I have a beautiful, small, powerful laptop (a Panasonic ToughBook) that delivers great performance with a full day of battery life. Why would I suffer for a smaller form factor, with cramped keyboards, reduced performance and less battery. Less, Less, Less.

 

And today, that "Less" is definitely all I need. Now, when we travel the kids can watch videos in the back of car and I don't need to bring my laptop along - just to check my email.

 

In case you are interested, I bought the Acer Aspire One. The full specs can be found here; http://www.simplyacer.com/Aspire_One_Pink_457153.html

 

I bought the XP version - really out of the fear of the unknown. I literally have no spare time - and so, my tolerance for any sort  of learning/configuration curve is absolutely ZERO right now. Linux may be cool, faster and definitely cheaper - but I still can not afford anytime to even start the journey to learning a new desktop operating system.

 

That said, others will. Many others will definitely start considering Linux for their "Netbook"  needs. This will deliver a double blow for Microsoft. No OS revenue and definitely no Office licenses either. And, perhaps even more dangerous for Microsoft this may be just the crack in the door that Cloud computing requires to really take-off (no pun intended).

 

Anyways, I did my bit for the economy, got my kid a nice gift and get to play with a new toy as soon as she goes to bed (I have been told to wait until then- to prevent any fights). 


This Netbook thing could be the start of something good.


Thursday 18 December 2008

IE - Is it now scary enough?

A few nights ago, a neighbor of mine called and sounded quite distressed. She's a mother of 3 and when she calls its usually about school runs or who is taking care of the kids after school. Before we could exchange the usual social graces, she blurted out, "How do I get rid of Internet Explorer?"

 

Tough question. And, given the person I was taking to, there was no point in answering the question with a, "You can't. It's embedded in the Operating System.". Instead, I replied, "Why?"

 

"Because those hackers in China can steal by computer", she replied.

 

Ohhh…  So, IE's security vulnerabilities have finally gone mainstream.  And by mainstream I mean the BBC;

http://news.bbc.co.uk/1/hi/technology/7788687.stm

 

No wonder she was terrified.

 

And she is not alone. Cruising some of the Patch related newsgroups, there was numerous comments from government and military organizations that have simply turned off internet access for IE. One organization has reportedly disconnected 65% of their work-force until they can test and deploy the latest IE patch (which can be found here;

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

 

I work with the Microsoft security team quite a bit and given what I know, have dumped IE years ago. My journey through the browser jungle took me through Firefox, Safari, and finally Chrome - where I am sufficiently happy/unhappy to remain.

 

For those stuck on IE - download and deploy this patch IMMEDIATELY.  Then, when you have a chance to catch your breath; consider the alternatives;

 

Monday 15 December 2008

INIFiles - Getting those legacy files into order

Handling INI files can be a little tricky these days when you have to consider new security restrictions,  virtualized environment restrictions (SoftGrid and Citrix) and legacy applications that don't install the way they should... Or, more importantly stay installed the way they were intended to.

 

INI files are configuration files used to store application, user or machine information. They have been used for the past 10 years and have been used really well (by Microsoft) and abused by some (IBM's Lotus Notes) to store information and help configure applications.

 

There is a reasonable definition of INI Files located here;

http://encyclopedia2.thefreedictionary.com/INI+file

 

The reason I making this post is that INI files are causing some considerable issues with Vista, Citrix and SoftGrid deployments. Application installations are installing and configuring INI files in semi  or secure locations and either the user or the application is not able to properly read and/or write to these text based configuration stores. For example, under SoftGrid, the application will install correctly but when a user tries to run the application, critical information is either not stored or captured during the normal application loading/running process.


There are a few solutions;


1) Employ the MoveIniToRegistry Shim

Chris Jackson has an excellent posting on this technique found here

Http://blogs.msdn.com/cjacks/archive/2008/01/03/stock-viewer-shim-demo-application.asp


2) Use INIFileMapping

Frig (i.e. Hack) your local security settings and hope for the best (hint: turn off your mobile)

  

I prefer option 2, as the INI File Mapping allows use to replace your INI Files with entries (keys, names and values) in the Registry. This is great/useful as you can neatly avoid any local security restrictions as well as benefit from roaming profiles (e.g.. Not have to copy INI files on application start-up each time a new user logs onto a machine).

 

Microsoft has a great Knowledge Note/Support article which can be found here; http://support.microsoft.com/kb/102889

 

I won't replicate what has already been said in the Microsoft article but there are a few caveats;

 

  1. INI File Mapping works great for Vista and SoftGrid - but DO NOT use for Citrix when actually installing applications. See the Microsoft support note here:  http://support.microsoft.com/kb/186504
  2. Your application needs to use the supported API's (GetPrivateProfileString and WritePrivateProfileString)
Note: you will find out really quickly if your application does not support INI File Mapping as your registry based settings will be ignored and your local INI file will be updated.



Friday 12 December 2008

December Patch Tuesday - Will we have time?

Though is this a more personal blog - I do like to post our results for Microsoft monthly security update release bonanza - Patch Tuesday. I have included the results

It would be too easy, if I just posted the Patch Impact summaries for each update. No, I have to weigh-in with an opinion.

First, I think that M$ is doing a great job here. I think that the patches included in the following summary are necessary and judging from the CVS reports were sorely needed. Secondly, I think that we may need to re-think the schedule for Patch Tuesday to accomodate holiday season.

Most organizations will implement Change Control (or, Change Freeze) sometime this week; which is a self-induced state of paralysis that precedes each Christmas and New Year. The intent of this "Change Control" restriction is to reduce the nature and number of changes over the holiday season due to the increased risk something going wrong due to;

- missing staff (potenial reasons: holiday, sickness, drunkeness)
- reduced 3rd party or contractor staff due to the above reason
- possible end-of-year focus or other business restrictions

While Microsoft has release a massive update this month, it normally requires most organizations at least 2-weeks to deploy their patches/updates. This schedule places the likely update window right in the middle of the Christmas break; which is a bad time for IT systems to break.

My suggestion is this; for December, roll-out the patches early. Let the business end of IT have some time to determine what is critical to deploy this side of the year and then have some time to deploy it.


And, as threatened, here is the testing summary;

  • MS08-070: Marginal impact with Medium numbers of applications affected
  • MS08-071: Medium impact with High numbers of applications affected
  • MS08-072: Marginal impact with Low numbers of applications affected
  • MS08-073: High impact with High numbers of applications affected
  • MS08-074: Marginal impact with Low numbers of applications affected
  • MS08-075: Marginal impact with Low numbers of applications affected
  • MS08-076: Marginal impact with Low numbers of applications affected
  • MS08-077: Marginal impact with Low numbers of applications affected


Patch NameTotal Issues% of apps
Affected
RebootRatingRAG
Microsoft Security Bulletin MS08-070<1%<13%YESCIssue
Microsoft Security Bulletin MS08-07116%<39%YESCSerious Issue
Microsoft Security Bulletin MS08-072<1%<1%YESCNo Issue
Microsoft Security Bulletin MS08-073<70%<35%YESCSerious Issue
Microsoft Security Bulletin MS08-074<1%<1%YESCNo Issue
Microsoft Security Bulletin MS08-075<1%<1%YESCNo Issue
Microsoft Security Bulletin MS08-076<1%<1%YESINo Issue
Microsoft Security Bulletin MS08-077<1%7%YESINo Issue

Legend: 
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

M = Moderate 
I = Important 
C = Critical 

c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab) 

Security Update Detailed Summary
MS08-070Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
DescriptionThis security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadComct232.msm, Comct232.ocx, Mschrt20.msm, Mschrt20.ocx, Mscomct2.msm, Mscomct2.ocx, Msflxgrd.msm, Msflxgrd.ocx, Mshflxgd.msm, Mshflxgd.ocx, Msmask32.msm, Msmask32.ocx, Mswinsck.msm, Mswinsck.ocx
ImpactRemote Code Execution

MS08-071Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
DescriptionThis security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadGdi32.dll, Mf3216.dll
ImpactRemote Code Execution

MS08-072Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
DescriptionThis security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadWinword.exe, Wwlib.dll, Msword.olb, Wrd12cnv.dll, Wordcnv.exe
ImpactRemote Code Execution

MS08-073Cumulative Security Update for Internet Explorer (958215)
DescriptionThis security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadBrowseui.dll, Danim.dll, Dxtmsft.dll, Iecustom.dll, Iepeers.dll, Inseng.dll, Jsproxy.dll, Mshtml.dll, Msrating.dll, Pngfilt.dll, Shdocvw.dll, Shlwapi.dll, Url.dll, Urlmon.dll, Wininet.dll, Iecustom.dll
ImpactRemote Code Execution

MS08-074Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
DescriptionThis security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadExcel.exe, Excel.man, Excel.pip, Xlcall32.dll
ImpactRemote Code Execution

MS08-075Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
DescriptionThis security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadExplorer-ppdlic.xrm-ms, Explorer.exe
ImpactRemote Code Execution

MS08-076Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
DescriptionThis security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload 
ImpactRemote Code Execution

MS08-077Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
DescriptionThis security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.
PayloadAdodb.dll, Bdcconn.dll, Chsbrkr.dll, Chtbrkr.dll, Danlr.dll, Dbghelp.dll, Docxpageconverter.exe, Adodb.dll, Microsoft.mshtml.dll, Microsoft.stdformat.dll, Msdatasrc.dll, Grclr.dll, Grcste.dll, Huczlr.dll, Korwbrkr.dll, Lrpolish.dll, Microsoft.office.server.dll, Microsoft.office.server.dll, Microsoft.office.server.native.dll, Microsoft.office.server.ui.dll, Microsoft.sharepoint.publishing.dll, Microsoft.mshtml.dll, Microsoft.stdformat.dll, Mir.fi.dll, Msdatasrc.dll, Msgfilt.dll, Msscntrs.dll, Mssdmn.exe, Mssearch.exe, Mssph.dll, Mssrch.dll, Natlang6.dll, Natlangnlsd0000.dll, Natlangnlsd0001.dll, Natlangnlsd0002.dll, Natlangnlsd0003.dll, Natlangnlsd0007.dll, Natlangnlsd0009.dll, Natlangnlsd000a.dll, Natlangnlsd000c.dll, Natlangnlsd000d.dll, Natlangnlsd000f.dll, Natlangnlsd0010.dll, Natlangnlsd0011.dll, Natlangnlsd0013.dll, Natlangnlsd0018.dll, Natlangnlsd0019.dll, Natlangnlsd001a.dll, Natlangnlsd001b.dll, Natlangnlsd001d.dll, Natlangnlsd0020.dll, Natlangnlsd0021.dll, Natlangnlsd0022.dll, Natlangnlsd0024.dll, Natlangnlsd0026.dll, Natlangnlsd0027.dll, Natlangnlsd002a.dll, Natlangnlsd0039.dll, Natlangnlsd003e.dll, Natlangnlsd0045.dll, Natlangnlsd0046.dll, Natlangnlsd0047.dll, Natlangnlsd0049.dll, Natlangnlsd004a.dll, Natlangnlsd004b.dll, Natlangnlsd004c.dll, Natlangnlsd004e.dll, Natlangnlsd0414.dll, Natlangnlsd0416.dll, Natlangnlsd0816.dll, Natlangnlsd081a.dll, Natlangnlsd0c1a.dll, Natlangnlsl0009.dll, Notesph.dll.oss, Offfiltx.dll, Office.odf, Osrvintl.dll, Oss.intl.dll, Pkmexsph.dll, Pkmnpw.dll, Portal.dll, Portal.dll, Query9x.dll, Searchom.dll, Searchom.dll, Sharepointpub.dll, Sharepointpub.gac.dll, Spsimpph.dll, Spsintl.dll, Srchipp.dll, Srchpml.dll, Ssocli.dll, Ssoom.dll, Ssoom.dll, Ssoperf.dll, Ssoprvad.e xe, Ssosec.dll, Ssosec.dll, Ssosrv.exe, Stdole.dll, Stdole.dll, Svrsetup.dll, Svrsetup.exe, Thawbrkr.dll, Tquery.dll, Trklr.dll, Upgrade.dll
ImpactElevation of Privilege

Thursday 4 December 2008

Vista Service Pack 2 - Looking pretty solid

I am really surprised about this - I shouldn't be and thus, I don't want to appear unduly negative. Microsoft is planning to ship its 2nd Service Pack for Vista in mid-April 2009. Already a download of the BETA 2 release is available for MSDN subscribers and the documentation looks really good.

The BETA release of Vista SP2 can be found here;
technet.microsoft.com/en-us/windows/dd262148.aspx

Why am I surprised? Well, I shouldn't be, but this release is right on schedule. It looks like the Microsoft release management team has really got it's act together. Which means, (fingers crossed) that Windows 7 may actually be delivered on time (i.e. to a previously published schedule).

You can really tell now that application compatibility is a really key issue with Service Pack 2; as the updated documentation includes the following quote;

"It is our goal that applications that run on the Windows Vista Operating System today and are written using public APIs will continue to work as designed on Windows Vista SP2. Previously released Application Compatibility updates are included in Windows Vista SP2."

For those interested in the contents of the next Vista Service Pack, Microsoft has published a document "Notable Changes in Windows Vista SP2 BETA here; http://technet.microsoft.com/en-us/library/dd335036.aspx

And, a list of the hotfixes and updates included in Vista SP2 can be found here;
http://technet.microsoft.com/en-us/library/dd335033.aspx


A brief summary of the updates and modifications includes;

•  Blue tooth 2.1 feature pack supporting the most recent specification for Blue tooth technology
• Ability to record data on Blu-Ray media,
• Adds Windows Connect Now (WCN) Wi-Fi Configuration to Windows Vista SP2,
• exFAT file system now supports UTC timestamps, which enables correct file synchronization across time zones.
• SP2 provides support for new form factors, such as ICCD/CCID.
• Support for the new VIA 64-bit CPU Security
• SP2 includes all previously released security updates, and builds on the proven security benefits of Windows Vista
• Secure Development Lifecycle process updates
• SP2 includes previously released reliability updates
• Resume performance issue resolved when Wi-Fi connection is no longer available after resume from sleep

Maintenance and Support Enhancements include;
• Inclusion of Windows Search 4
• Improvements to the RSS feeds sidebar gadget
• Spysweeper and ZoneAlarm now working with POP3 email accounts
• Single installer for both Vista & Server 2008
• Ability to detect an incompatible driver and block service pack installation or warn users of any loss of functionality
• Better error handling and providing more descriptive error messages where possible
• Better manageability through logging in system event log
• Componentization for Serviceability of the installer

Some Specific Fixes/Additions Include:

• Inclusion of Hyper-V
• Event logging support in SPC
• DNS Server now listens over ISATAP address
• Fixes DRM issues from WMP upgrades
• Windows Vista Feature Pack for Wireless
• Reduction of resources required for sidebar gadgets
• Improved power settings for WS08