Tuesday 31 May 2011

Application Compatibility Briefing: Amsterdam and Brussels

Now back in the UK - good to see the family and all, but the show must go on. And, speaking of shows, we have another one for you!

ChangeBase and PDS are teaming up to present a 1/2 day work shop on application compatibility that will cover the following topics;

  • Windows 7 and 64-bit Migrations
  • Virtualization Compatibility Challenges (App-V, Citrix and ThinApp)
  • Office 2010 Interoperability Questions
  • Internet Explorer 6 Migration Issues
You can find out more by clicking on the following link;

Though we talk a lot about the automated compatibility assessment capability about AOK, in these sessions we will have a focus on the new AOK Client Side Capture tools and the automated bulk-conversion tools for Microsoft App-V and Symantec's SVS file formats.

Meaning: you can now convert (in bulk) all of your applications automatically into your desired virtualization format. You can choose: App-V, Citrix XenApp, SVS or VMware's ThinApp. Or, from what we are seeing with our customer base right now, a hybrid mixture of the 2 or three formats.

Sounds fun, eh?

Tuesday 24 May 2011

Citrix Synergy: Come Visit Us at booth 500

On my way from Seattle to San Francisco - so, a quick post today.

Citrix Synergy 2011 should be a great show this year - so, please come join us at Booth 500.

In case you have not heard of Citrix Synergy, it's a Citrix organized technology exhibition that focuses on the different flavours of  server, desktop and application virtualization.  And, yes you will hear loads about Citrix products but, you will see some in-depth coverage of Microsoft's App-V and Server-App products. 

You can read more about the show here: http://www.citrixsynergy.com/
Or, more specifically about the SF show here: http://www.citrixsynergy.com/sanfrancisco/index.html

From what I have been working on over the past little while with the Citrix team, I will definitely have a long look at the Desktop transformation Program, found here: http://www.citrixsynergy.com/sanfrancisco/inspiration/transformation.html

In addition, We have a ChangeBase landing page that we will update with more Citrix Synergy details and information - found here: http://changebase.com/citrix_synergy.aspx

Also, I will see if I can convince Ben to take some more photos of the event/people/stand... 

Here is one of my favourite photos of the team evening;

For another look at our photos, and some "interesting" new poses have a look at; http://aokpulse.blogspot.com/


TechEd 2011 Round-up

Whew! Another year - another TechEd.

That said, we had a great time, and met some great people.  We received loads of feedback about our stand, which looked great.

Here is a quick snap of the team; (and Dan Santos from Laplink in the centre - he seemed to sneak into a number of our team photos)

If you were lucky, you got one of our cool "AOK Green" watches which I am sure will help you migrate to Windows 7 faster;

One of the people that we met at the exhibition was Lee Pender - who works for Redmond Magazine. You can read his blog here:  http://rcpmag.com/blogs/lee-pender/list/blog-list.aspx

We had a great discussion, and Lee was kind enough to publish his thoughts on the Redmond Magazine website which can read here; http://redmondmag.com/articles/2011/05/18/migration-wave-hits-vendors.aspx

Lee really gets the migration challenges faced by most organizations. Here is a quick excerpt from his posting;
If the traditional OS is going to continue to exist, then applications are going to have to move in the migration from one version to another. ChangeBASE has users covered there. 
Nice one Lee!  :)

This week is Citrix Synergy in San Francisco. I have promised the team there a daily update - so watch this space.

Friday 13 May 2011

Microsoft Not Shy to Buy Skype

In case you have been living the life of a luddite, you probably have not heard that Microsoft has just acquired Skype.

Here are some interesting links on the topic;

Also check out Lee Pender's comments on the MS/Skype love-in here:

I think that the purchase of Skype is a great way for Steve to use up some of that cash - especially some of the foreign account deposits he has been accumulating over the past very profitable year. It's a nice way to avoid some serious tax headaches.

Oh, and the technology? It will help with X-Box and is a "must-integrate" with Microsoft's Lync server.

Already some of the discussions on this have focussed on "Why couldn't the tech giant (MS) have just built a better/bigger version of Skype?" Note: Some think that MS already has - which adds greatly to the discussion.

I think the answer here is partly physical infrastructure and business ecosystem. A thought which is echoed here by Mary Jo Foley:

Now, MS just needs a payment (online transaction system) ...

Hello PayPal!

Wednesday 11 May 2011

Microsoft TechEd 2011: AOK in Atlanta

You know the years just keep flying by and I can’t believe that its TechEd  North America next week. What has surprised me even more is the amount of development that has gone on with AOK over the last few months.

Don’t know if you’re planning on attending TechEd in Atlanta but if you are why not stop by Booth 1515 and see the latest developments with AOK, specifically the release of AOK 4.1 which include the ground breaking AOK VReady-It and the latest release of Convert-It. I think with the latest release of AOK 4.1 we are really starting to put distance between ChangeBASE and the competition.

I’m also delighted to be presenting a Birds of a Feather session during TechED with Dmitry Sotnikov of Quest.  We’ll be  iscussing how the cost savings and always on benefits of cloud services are a now viable option for organisations.  It will consider the merits of putting application migration testing, reporting and fixing into the cloud, enabling organisations to maintain their lifecycle and Business As Usual management off premise.

Here’s the details:
BOF06-ITP When Is Cloud an Option?
Tuesday, May 17 | 1:30 PM - 2:45 PM | Room: B210
Session Type: Birds-of-a-Feather
Level: 300 - Advanced
Evaluate: - for a chance to win an Xbox 360
Speaker(s): Dmitry Sotnikov, Greg Lambert

As usual I’m looking forward to catching up with friends old and new and hearing about your business and what’s going on. So come and seek me out, I won’t be far from Booth 1515!

Microsoft Patch Tuesday: May 2011

With this May Microsoft Patch Tuesday update, we see a relatively small set of updates in comparison to those lists of updates released by Microsoft for the months of January and February earlier this year. In total there are two Microsoft Security Updates with the following rating; 1 Critical, and 1 rated Important. This is a small update from Microsoft and the potential impact for the updates is likely to be very small.
As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.
Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this May Patch Tuesday release cycle.

  • Sample Results 1: MS11-035 Vulnerability in WINS Could Allow Remote Code Execution
  • Sample Results 2: MS11-036 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
  • Sample Results 3: AOK Summary Report Sample from a small database

Sample Image 1: MS11-035

Sample Image 1: MS11-036

Sample Image 3: Sample Summary Report Image

Testing Summary
  • MS11-035 : Vulnerability in WINS Could Allow Remote Code Execution (2524426)
  • MS11-036 : Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)

Patch NameTotal
Microsoft Security Bulletin MS11-035<1%<1%YESGreen
Microsoft Security Bulletin MS11-036<1%<1%YESGreen

No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

Security Update Detailed Summary
MS11-035Vulnerability in WINS Could Allow Remote Code Execution (2524426)
DescriptionThis security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually installed this component are affected by this issue.
PayloadW03a3409.dll, Wins.exe, Winsevnt.dll, Ww03a3409.dll, Wwins.exe, Wwinsevnt.dll
Impact Critical - Remote Code Execution

MS11-036Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)
DescriptionThis security update resolves two privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1269 and CVE-2011-1270.
PayloadPowerpnt.exe, Pp7x32.dll
Impact Important - Remote Code Execution

*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

Tuesday 10 May 2011

Microsoft Patch Tuesday: May Preview

That time again, here we go with a light Patch Tuesday May update from Microsoft.

We are expecting 2 updates for May 2011; one rated as Critical and the other rated as Important. Interestingly, both patches relate to Remote Code Execution.

Let me tell you why...

On August 23rd, 2010 (so, a little while ago now) Microsoft published the following security advisory;

"Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries.

This issue is caused by specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks". These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location. This issue is caused by applications passing an insufficiently qualified path when loading an external library. "

You also note, that over the past few months the following Microsoft patches have been released specifically to resolve this issue;

Update released on November 9
  • Microsoft Security Bulletin MS10-087

Updates released on December 14 2010
  • Microsoft Security Bulletin MS10-093
  • Microsoft Security Bulletin MS10-094
  • Microsoft Security Bulletin MS10-095
  • Microsoft Security Bulletin MS10-096
  • Microsoft Security Bulletin MS10-097

Update released on January 11
  • Microsoft Security Bulletin MS11-001

Update released on February 8
  • Microsoft Security Bulletin MS11-003

Updates released on March 8
  • Microsoft Security Bulletin MS11-015
  • Microsoft Security Bulletin MS11-016
  • Microsoft Security Bulletin MS11-017

Updates released on April 12
  • Microsoft Security Bulletin MS11-023
  • Microsoft Security Bulletin MS11-025

All of these updates appear to relate to the same security issue: no specified path in the DLL Link routine and all have the same potential adverse security outcome: Unauthorised Remote Control. As you walk through these past Microsoft updates, most of them relate to Microsoft Office products. I find it a little hard at this point, given Microsoft 7 year long security initiative that we are still find (and having to patch) DLL's that have a well-defined security vulnerability.

Given Microsoft's track record on this issue, I bet that both patches released later tonight will relate to either IE or Microsoft Office and that the offending issue will be non-secured linking routines for dynamic link DLL's.

 You can read more about Microsoft Advance Security notification bulletin here: http://www.microsoft.com/technet/security/Bulletin/MS11-may.mspx

You can find the August Microsoft Security advisory here: http://www.microsoft.com/technet/security/advisory/2269637.mspx

Monday 9 May 2011

Microsoft Tech Days: Application Compatibility Update

As I mentioned in a blog posting a little while ago, I had the opportunity to speak at Microsoft TechDays in Amsterdam. Taking a break from these sessions, I was able to attend Aaron Margosis' session on application compatibility.

I learned a lot from the sessions and  took some notes. What I really appreciated was the pragmatic approach to application compatibility that Aaron employed. As a Microsoft consultant, he is on the "sharp-end" of getting applications to work and has probably seen more than his faire share of broken applications. This I feel reflects his broad approach to remediating applications which includes the following;

  1. Retire the app
  2. Get an updated version of the app (from vendor or your developers)
  3. Modify the installer via transforms or post-install scripts
  4. Let UAC file/Registry virtualization do its magic
  5. Apply shims
  6. Change permissions or security policies
  7. Machine virtualization

We have talked before about changing settings and application rationalization exercises (retire or upgrade the application) and so I wanted to focus on Aaron's thinking on Shims.

In this presentation, he used a slide titled, "What are shims good for?" with the following bullet points; *

  • Bad Windows version checks
  • Writing to HKCR registry keys at application runtime
  • Unnecessary application start-up checks for “am I admin?”
  • Writing to WRP-protected keys and files
  • Windows thinks your application is an installer
  • Some file/registry redirections

From my experience, I would say that shims could be used to resolve these issues but updating the application package directly probably has a more management, traceable approach. However, shims do help with the in-built hard-coded "am I admin" checks and security manifest can't really help here.

Most importantly, Aaron continues with the slide titled, "When are shims important?" and answers with the following notes;

  • Source code fix not feasible
  • Vendor support not important

I really agree! These are key factors in deciding if and how to fix an application.

Finally,  the presentation ends a pragmatic comment on Shims including;

  • Not all general purpose shims have the same … “customer love” applied in their creation
  • The (shim) tools are … “primitive”
  • Shims management not integrated into other management tools (e.g. Group Policy)
  • You can do a lot with just the Top 10 shims
  • But to becoming a shim ninja takes time and much practice

This is really the 1st time that I have heard some realistic comments about the manageability of shims from Microsoft - This is great stuff, and I would love to hear more from Aaron

*Note: I was talking hand-written notes during the session. I have tried to capture each note accurately - hopefully, there are no glaring mistakes.

Friday 6 May 2011

AOK 4.1 Now Ready with V-Ready: Automated Sequencing Support

As you can imagine, as part of this blog, we have talked alot about compatibility, suitability and quality issues tha relate to migrating your application portfolio from Windows XP to Windows 7 (32 and 64-bit) platforms with the added mix changing security standards and increasingly vital support for differing virtualization technologies.

Well, we have been pretty busy over the past few months working on some tools that really help withe compatibility and suitability challenges that need to be addresses when converting (or sequencing in MS speak) your applications to Microsoft virtualization App-V format

With the release of AOK 4.1, we can now automatically convert application packages in an MSI format automatically and in bulk to a streamable, App+V format. Did I mention that we could do this for any source application format (even SETUP.EXE applications installations that generally require user imput to complete) - Automatically, and in bulk.

Which is quite cool, given that once you have determined  which applications are suitable for virtalization through AOK, can you now at the click of a button, convert all your application packages to properly streamable App-V packages.

You can more about 4.1 at our website: http://www.changebase.com/

Or, you can read the whole press release here: http://changebase.com/NewsPage.aspx?page=News/news_release_2011_5_5.xml&style=~/Style/PressRelease.xsl

Thursday 5 May 2011

Linkbait: Industry News for AOK

My colleague has done it again. He has compiled a list of great reading and links relating to desktop migrations, application compatibility and general news on computing

Operating Systems News
Gartner 2010 OS figures show operating systems are worth $30.4 Billion
Windows 7, now 18 months old has sold 350 million licenses, passing OSX Snow Leopard in only two weeks.  ChangrBASE get mentioned in an article describing the numbers
Windows 8 Milestone 2 Workstation has been leaked, Windows 8 Milestone 3 Server has been leaked
Windows 8 will have a revamped Task Manager, an app store similar to iPhones, Cloud synchronisation & Windows Live Cloud roaming, a new touch-friendly UI, History vault, a black screen of death, fancy webcam ui and facial recognition logon, other features rounded up
Get the new look with some Windows 8 unofficial wallpapers
Windows XP End Of Support Countdown Gadget counts down the days until support ends.
Windows ThinPC with built-in virtualisation layer has moved to Release Candidate
Very pretty Windows 7 theme from Microsoft and the story behind its creation
Waterdrops theme for Windows 7 and the story behind it

Packaging News
Chris (Samuel L.) Jackson realises that stupid users are stupid
InstallAware continue to tell their turbulent story
Flexera have released mergemodules for InstallShield LE for Visual Studio 2010 Service Pack 1
A sensible replacement for the weird win32product wmi class

Browser News
IE9’s share on Windows 7 has doubled since March but IE’s overall share continues its decline
IE10 preview has rendering modes for IE5 - 10
IE10 will support Windows 7 & 8 but not Vista or lower.
Cam of a silly video about IE
What browser are you using?

Mobile News
Nokia and Microsoft sign partnership agreement
Android has 350,000 daily activations

Technology news
This doesn’t fit anywhere but I still felt it worth sharing.  Do not invest in SSD drives they fail.
A beginner’s guide to Group Policies
I love the Microsoft NT Debugging blog, mostly because it shows me how little I really know about Windows.  Here’s a great article telling the story of a missing icon in the control panel.
Learn about Dynamic Memory in Windows Server 2008 R2 SP1 Hyper-V

Office News
Office … the game: Ribbon Hero 2 is available. Play your way to learning the ribbon. 
A fix for the fix in Outlook 2007 that broke print previews
Office 2010 SP1 is due ‘in mid-summer’
Oracle let go of OpenOffice

Partner News
ConverterTechnologies’ have a Forrester report on how Advanced Planning Prevents Microsoft Office 2010 Migration Pitfalls

Cloud News
Toyota invest £7.5 million in Azure

I love the Ipad (1994) style link.

Tuesday 3 May 2011

Microsoft Tech Days: UK and the Netherlands

Back from the bank holiday madness of BBQ's, champagne receptions, royal weddings, more champagne receptions and then more BBQ's - Whew! Did anyone notice that the UK moved 20 degrees south for the weekend - our weather was amazing!

I had a great week during the holiday bonanza and actually appeared to be doing some work - at the Microsoft event Tech Days in the Netherlands. You can find the link for the Dutch event here: http://www.techdays.nl/  And the UK homepage here: http://uktechdays.cloudapp.net/home.aspx

I wanted to thank Coert Bosker from PDS for the speaking invitation and the kind hospitality. You can find the link to PDS company homepage here: www.pds-site.com

Microsoft TechDays are great (and most importantly FREE) events that are organized throughout the UK and the rest of Europe. The allow some deep dives into current technologies (web and Bing are prominent).

I will post some more details on my discussions with application compatibility luminary Aaron Margosis and some shared views on application compatibility and most importantly the nature and utility of shims.

You can read more about Aaron here: blogs.msdn.com/b/aaron_margosis/