I just came across a useful page on the HP website providing details of some of the locations where spyware hides and the different forms it takes.
Another page looks at the business cost of spyware.
Interesting reading.
The SUS/WUS name debate continues…
Today I received notification from Microsoft that the Windows Server Update Services (WSUS) release candidate (RC) is now available. Microsoft’s e-mail to participants of the WSUS open evaluation program (OEP) reads:
“We are pleased to announce that the Windows Server Update Services (WSUS) Release Candidate (RC) released today, Tuesday March 22! The Release Candidate of Windows Server Update Services (WSUS), formerly Windows Update Services (WUS), includes new features such as:
- Replica mode for WSUS server hierarchies, making them easier to manage.
- SSL connections between WSUS servers and clients, providing an even more secure end-to-end environment.
- Automatic Update policy to allow non-administrators to receive update notifications, offering greater flexibility in organizations where logged on users are commonly not administrators.”
Thomas Lee notes that “the name is still a curiosity and WSUS appears to fall a bit short of earlier promises in that no SQL or Exchange updates seem to be supported, it’s an important step on the road on the path to a better patch experience for users”.
Further details of the WSUS RC can be found on the Microsoft Update Services (MUS?) website.
Back in my student days I used MS-DOS 5.0 and WordPerfect 5.1. It worked really well. Then I moved to Windows 3.1 and Word for Windows 2.0 (Windows versions of WordPerfect just never made the grade). Obviously I was not alone because over the intervening 12 or so years WordPerfect’s fortunes have not been good until recently when the product’s current owners, Corel, persuaded OEMs to ship WordPerfect products as low-cost alternative to Microsoft Works and Office on new PCs.
Now the US Department of Justice (DoJ) is reported to have adopted WordPerfect Office 12 for its 50,000 users. The WinInfo Update reports that Corel has 20 million user worldwide, marketing WordPerfect for “its unique functionality, broad capabilities, and low price”.
According to Corel, “WordPerfect Office 12 is a full-featured office productivity suite that includes word processing, spreadsheet, presentation, and address book applications”. Because it is compatible with popular file formats, including Microsoft Office and Adobe PDF, WordPerfect Office 12 users can interoperate with users of other applications and, unlike open-source office productivity alternatives such as OpenOffice.org, Corel provides support for WordPerfect.
But the killer (from a licensing perspective) is that Corel gives WordPerfect corporate licensees home and laptop privileges so they can install the same copy of the product at home and on a laptop in addition to a desktop computer.
Microsoft Office is still a highly profitable product for Microsoft and looks unlikely to be usurped from its top spot but with new releases of Windows running late giving Linux the opportunity to build its market share, Firefox rising in popularity (IE’s share now reported to be down to 87%), and new threats in the office productivity space, Microsoft needs to work hard to remain competitive and protect its margins. Competition is back, which is no bad thing, but there could be interesting times ahead.
One of my colleagues sent me this useful link for information on how to create and edit Exchange Server 2003 unattend files.
This one made me laugh when I read it in the Windows IT Pro magazine network WinInfo Daily Update:
“The Macintosh community was agog this week at news that Linux creator Linus Torvalds has ‘switched’ to the Mac, but the truth, as is so often the case, is so much less exciting than the rumours. Torvalds is indeed using a Power Mac G5 tower, but some unnamed corporation gave it to him as a gift. And he’s running Linux on the box, not Mac OS X. ‘It obviously runs only Linux, so I don’t think you can call it a Mac any more,’ Linus noted. ‘And … I got the machine for free.’ So much for Apple’s highest-profile switcher.”
Thomas Lee recently blogged about UK government’s security awareness website which is intended to “provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack”.
The government hopes the service will help boost confidence in e-commerce, and at the same time protect national security but the trouble is, that I have only heard about it on Thomas’ blog, and in a recent article by David Neal, home users will bodge DIY security, which appeared in IT Week. As Neal points out, there has been no high profile coverage and consumers are not likely to be aware of the new initiative. He goes on to say that even “plain English… will go over the heads of most users” and that “giving someone advice on tinkering with their firewall, updating their virus definitions, rebooting in safe mode and checking their proxy settings is as dangerous as arming everyone in the country with a shotgun, just because there has been a spate of burglaries”- an interesting view, and no doubt intended to be provocative, but nevertheless an opportunity for many small IT businesses consulting to the SOHO and low-end SME marketplace.
Meanwhile, for larger businesses, the Information Security Forum (ISF) has issued updated guidelines in the form of the standard of good practice for information security v4.1 incorporating updated sections in areas that have been the subject of additional research and investigation including:
There’s been a lot of talk about radio frequency identification (RFID) in the IT press recently. For a technology that has been around in various forms since the second world war, its taken a long time to come to market (OK, that’s not strictly true it’s employed within the ID cards that many of us use to access our office buildings, and for Londoners with the strangely named Oyster Card, which is the largest smartcard payment system in the UK, excluding credit and debit cards) but now that RFID transmitters are tiny enough to embed in just about anything, some large organisations are starting to wake up to the potential uses of this technology.
Some of the uses I’ve seen for using RFID in the press over the last couple of weeks include:
RFID is a technology which has the potential to enable enterprises to know every move of every product and service. To privacy campaigners that sounds scary (yeah right, so you have a mobile phone? If so, then your location can already be tracked by the authorities) and the European Union is conducting a public consultation looking at concerns over data protection and how the technology is being used. To me, it sounds scary for another reason – the sheer volume of data that needs to be managed!
The success of RFID deployments is likely to be linked to a network’s ability to handle the data intelligently and securely, according to an IDC report (not surprisingly commissioned by Cisco), predicting that RFID will have a significant impact on enterprise networks not just because of the number of tags involved, but because of the amount of data each tag could hold and the number of times it is scanned during transit or processing.
I recently read an excellent article in Enterprise Server Magazine (now renamed Server Management), contributed by Mark Palmer and entitled “Making Meanings”. I could not find it online, but the nice people at ObjectStore were happy to send me a copy, which I can’t publish here (for copyright reasons), but which I’m sure they would send to anyone else who is interested. In the article, Palmer sets out seven principles for the effective management of RFID data:
Another area which needs to be addressed for RFID to take off is that of standards – many of the existing standards are US-based and some experts would like to see the RFID electronic product code (EPC) standards body work with the International Organization for Standardization (ISO), so that EPC can focus on product codes and ISO on frequency.
In the meantime, the Computer Technology Industry Association (CompTIA) which runs the A+ and Network+ certifications is said to be developing a certification scheme for RFID skills.
Microsoft plans to launch its RFID services platform in 2006.
In my recent post which discussed the perils of blogging I linked to Ray Ozzie’s Weblog . This week, I was interested to read that Ray Ozzie was actually the creator of Lotus Notes and that his company, Groove Networks is to be acquired by Microsoft (who have long since been investors in the firm) and integrated into Microsoft’s Information Worker unit.
The Windows IT Pro magazine network WinInfo Daily Update reports that the peer-to-peer and authentication technologies from Groove’s collaboration products will be integrated into the next generation of Windows, (codenamed Longhorn).
As for Ray Ozzie, he will become one of Microsoft’s chief technology officers, reporting directly to Bill Gates.
I’ve just read about a new message continuity service from FrontBridge, designed to provide always on e-mail in today’s environment where e-mail outage is seen as a major business continuity issue.
Complementing the other e-mail managed services offered by FrontBridge, Active Message Continuity provides:
FrontBridge is already well established in the e-mail application service provider (ASP) market, but this new product is a key differentiator allowing FrontBridge to offer message compliance, message security and message continuity at a time when competitors such as MessageLabs are concentrating on just one area – that of message security (anti-virus, anti-spam and content control).
We are all used to spam arriving in our e-mail inboxes, but now the problem is spreading to other communications methods.
Research by Wireless Services Corporation shows almost half of the mobile phone text messages received in the US are spam, compared with 18% a year ago. Another problem is the growing menace of spam over instant messaging (spim), with Meta Group reporting 28% of instant messaging users hit by spim.
Meanwhile, IT managers are turning to new methods of trapping e-mail-born spam at the network edge. According to e-mail security provider Postini, 88% of e-mail is spam and Symantec reports 70% (their Brightmail Antispam product is used by ASPs such as MessageLabs) with 80% from overseas, particularly China and Russia. Appliance servers are now available that claim to trap “dark traffic” such as unwanted inbound SMTP traffic, directory harvest and e-mail denial of service (DoS) attacks, malformed and invalid recipient addresses.
Last month, Microsoft acquired Sybari and according to IT Week, the Sybari tools are likely to be offered as a plug in for the virus-scanning API in Exchange Server 2003 service pack 1, as well as part of Microsoft’s plans to offer edge services in forthcoming Exchange Server releases, including Sender ID e-mail authentication in Exchange Server service pack 2, IP safe lists, and a requirement for senders to solve a computational puzzle for each e-mail sent, increasing overheads for spammers (and unfortunately for the rest of us too).
Some industry commentators criticise the use of filtering products, citing examples of blocked legitimate e-mail. Sadly this will always be the case (one of my wife’s potential customers once claimed that her domain name pr-co.co.uk is invalid, blocking all addresses containing hyphens) and many of my clients (wisely, if in a somewhat draconian style in some cases) block various attachment types. A few weeks back, even a reply which I sent to a request for assistance left on this blog was picked up as spam. There will always be a trade off between false positives and a small amount of spam getting through – what is needed is for a real person to double check the filtered e-mail, combined with an overall increase in the use of digitally signed e-mail.
Practical measures for combating spam (MessageLabs)