Finally entering the world of mobility…

Posted on By Mark Wilson

Today, I got my first smartphone – a Nokia 6600 connected to Orange. For a few years now, I’ve used a succession of Compaq iPAQs (as nothing more than expensive diaries and address books really) and whilst I have connected to services using my PDA with a mobile phone on occasion, I figured it was about time I made a move towards the true mobility. So far I’ve only made phone calls and sent a test e-mail (at which point I wished I’d gone for a phone with a full keyboard). I know the new Orange SPV C500 is reported to be a great smartphone, but I really like Nokia handsets and when I saw the 6600 last week I knew I “had” to have one.

I switched to Vodafone from Orange about 5 years ago (I had been with them since 1994 – pretty much as soon as they started up). To be honest I’d still be with Vodafone if they didn’t charge for itemised billing and if I could get the handset and tariff deal I wanted (the “customer loyalty” team at my previous service provider, Carphone Warehouse, failed to call me back and then told me they couldn’t do me an upgrade to the Nokia 6600 for less than £59 when I chased them), but my original reason for leaving Orange was poor customer service and it seems that not a lot has changed. My phone came with instructions to activate it using one of two numbers – the first one was only available from an Orange phone, and so was barred until I could activate the account (chicken… egg…) and the second led to an Orange salesperson who just gave me the full 11 digit version of the original number, which I rang from my old phone. Only after about 20 minutes on hold did I finally get to speak to someone who could activate my phone. A great start for a returning customer hey! Let’s just see if they can successfully port my number…

I can recommend the reseller I used (mobilesuk.net) – they were really helpful when I called them and did me a good deal: free handset (the Orange shop wanted £30); free shipping (by Royal Mail Special Delivery); 3 months free insurance; £30 cashback after 6 months; free accessory pack (leather case, car charger and personal hands free kit); plus the current Orange offer of double minutes and double SMS.

Anyway, let’s see if I actually use any of the smartphone capabilities now…

Tackling spam in Exchange with the RegEx SURBL

Posted on By Mark Wilson

Last week, I read an interesting e-mail from the Windows and .NET magazine network Exchange and Outlook update, discussing Spam URL Realtime Block Lists (SURBLs), which examine message contents to block spam. This week’s e-mail highlights a free Exchange Server SURBL – the RegEx filter.

The basic idea behind the RegEx Filter, is the ability to filter email based on any arbitrary text pattern. It is implemented as an event sink that hooks into the Exchange SMTP engine (by default, the filter works only with the first virtual server instance, but this can easily be changed) and applies regular expression tests against the message sender, recipient, or contents.

It is possible to specify any number of individual filters to run against incoming messages and the filter also includes:

  • A large filter file that tests for common patterns found in adult-oriented spam.
  • A whitelist of expressions to be allowed; by customizing this list, it is possible to easily whitelist addresses or senders.
  • A list of blocked recipients; the filter drops blocked recipients as soon as it sees the SMTP rcpt to verb, instead of waiting until the mail has been accepted for delivery.
  • A list with expressions commonly found in “Nigerian scam” messages.

Any or all of these capabilities can be used to roll in additional filtered expressions (by editing XML files, as long as there is a regular expression that will match the messages to be accepted or dropped). The XML schema for the filtering language includes the ability to specify IP address ranges, perform DNS lookups and filter according to the results, slow down the sending mail server by imposing a timeout (for punishing repetitive spammers), and a host of other features.

I haven’t tested the filter yet (I need to move my e-mail service over to Exchange first), but in Paul Robichaux’s original article (from which the information in this post is taken) he suggested that the filter didn’t add any significant performance overhead and that it also includes a set of Performance Monitor counters that can be registered to assist in assessing any performance issues as a result of filtering.

Robichaux also highlighted that RegEx isn’t perfect: its documentation is pretty opaque, and there’s no real step-by-step guide to installing the filter on an Exchange server. Also (and potentially worrying) the default filter configuration logs all accepted messages to disk, exposing all valid, accepted mail in plain text form. Apart from the obvious security implications, these logs also consume a large amount of disk space. Fortunately, the logging can be turned off.

This looks to me, to be a useful (free) tool in the battle to prevent spam.

Deploying Windows XP SP2 using Software Update Services

Posted on By Mark Wilson

Windows XP SP2 is big and administrators planning to deploy SP2 should be considering the impact on their networks. Microsoft has published an article on deploying SP2 via SUS, including throttling bandwidth usage and preventing the XP SP2 distribution from effectively killing all other network activity.

New version of MBSA for Windows XP SP2 users

Posted on By Mark Wilson

Users of Windows XP Service Pack 2 will need to update the Microsoft Baseline Security Analyser (MBSA) to version 1.2.1 for compatibility with SP2 security improvements. According to Microsoft, Windows XP SP2 users who are running MBSA 1.2 will be automatically notified of the update when they run the utility whilst connected to the Internet.

Top 10 reasons to deploy Windows XP SP2

Posted on By Mark Wilson

I’ve seen a fair amount of negative publicity about Windows XP SP2 recently and I don’t think it is fair!

Sure, it’s big; it introduces new functionality (which a service pack shouldn’t); and it will bring its fair share of headaches but then service packs shouldn’t just be rolled out without testing anyway! We should think of SP2 as a an operating system upgrade, plan it as if it was a new version of Windows, and reap the benefits of having a more secure operating system.

If you still need convincing as to why SP2 should be deployed, Microsoft have published an article on their website which may help you make up your mind.

Removing hidden data in Office documents

Posted on By Mark Wilson

A couple of months back, one of my clients came across an issue where they had a document which contained hidden information that they did not want to share publicly. In this instance, removing this information was proving problematic but now Microsoft have published a tool to do exactly this – the Remove Hidden Data add-in tool for Office XP and 2003.

The Remove Hidden Data add-in is a tool which may be used to remove personal or hidden data that might not be immediately apparent the document is viewed in a Microsoft Office application. Microsoft recommend that the following notes are observed when using the tool:

  • You should only run the tool when you are ready to publish your file(s). This is because some of the data that the tool removes is used by Office for collaboration features, such as Track Changes, Comments, and Send for Review;
  • You should always save to a new file name, rather than overwrite the original file with the new document, in order to preserve a copy of the document containing the original data;
  • The Remove Hidden Data add-in does not work with Information Rights Management-protected or digitally-signed files.

MSN Web Messenger

Posted on By Mark Wilson

I often work on client site behind a firewall which doesn’t allow instant messaging (IM) traffic through and want to chat with my mates (of course, I really mean “discuss business with colleagues elsewhere on the ‘net!”).

Now Microsoft have come up with an answer in the shape of MSN Web Messenger. There are alternatives, that have been around for longer, like eMessenger and some of my colleagues have expressed concern that Microsoft will now take over the niche that eMessenger had found, but personally I prefer the MSN Web interface, which closely matches the full client interface.