Operating System Security(the joke is on us) part 2

1 Comment

Oh boy oh boy here we go again yet another round of Microsoft patches. Why must we the small business owners have to deal with this stuff. For those business owners whom don’t have the time to research everyone of these patches, meaning what they will or will not break as in other software within the Windows system. If you are running a server this can be very daunting although there are those whom simply don’t care and just go on about their business because they don’t have any crucial software that needs to be up and running 99.9 percent of the time. But for those who do such as their office servers running either Small Business Server, Windows Server 2003 or SQL Servers this can be a total pain in the butt.

You come in to work the next morning and find that you can’t connect to your network printer or oops you can’t find that share drive you’ve always connected to and the database connection to Sharepoint server is no longer available; Not saying that these patches can cause any of this to happen although Microsoft has not confirm that they would not either.

Regardless our recommendation is to actually get a test machine running such Windows servers or Windows operating system just to make sure that everything is working correctly before you go an update all of the workstations/servers and break something.

Microsoft while trying to help patch their security holes actually go about breaking other things which you might need. So again the “joke is on us”. Why? You may ask; because we can’t get away from this even if we tried(only if you are using a windows system environment). Some of you may disagree and say that this happens on all operating system but no your wrong it does not. And I’m not bashing Microsoft here I truly think that they are doing a great job at trying to patch their software which is so insecure. But I don’t blame them I blame you the users because just like those people in bad relationships you guys keep coming back for more or stick around for yet another round of abuse.

Windows will never be secure simply because it is just a badly designed and flawed operating system. If you are going to use Windows servers for your business please get a testing machine to test all your software deployments and patches which may come from all of your software vendors including Microsoft, it is just good practice.

Here is some resources which give you some information about these patches.

Oh and just for those of you whom don’t or just won’t believe what I’m saying here is a bit of some bad news. The Windows 32sys flaw has been carried on to Windows 7 and Windows Server 2008.

http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx

Man having Windows servers is a total pain in the butt… But hey we support them too.

PHP 5 AND SQL SERVER DRIVERS

Leave a comment

While this is nothing new or big news Microsoft has managed to release PHP 5 drivers for its SQL Server platforms. We have not ran PHP on a Windows server in a very long time and so we decided to give it a shot and honestly it was a total pain in the ass but only because we are not use to the IIS 7 web server. Honestly we like IIS 6 better less complicated and more to the point. Sure IIS 7 is great for those .NET applications but not everything else. For instance we tried to install and run Coldfusion 8 on IIS 7 and again a total pain in the ass while on IIS 6 it installed like a dream.

Back to the main point, PHP runs fairly well on IIS 7 but if you don’t know your way around IIS 7 then you might have some issues with it. The simple PHP scripts we tried worked perfectly well but they were not as efficient as PHP and MySQL 5. In all honesty if your going to use PHP with a database I would stick to the LAMP stack (Linux, Apache, MySQL and PHP) it just works better and a ton faster.

But if your a Small Business Server user and want to go the PHP route instead of .NET or ASPX then sure PHP will get the job done on IIS/Windows Server. The best part about it is that the driver is

released under the Apache license.

Straight from their site:

The Microsoft Drivers for PHP for SQL Server are PHP 5 extensions that allows for the reading and writing of SQL Server data from within PHP scripts. The release contains two drivers, the SQLSRV driver and the PDO_SQLSRV driver. The SQLSRV extension provides a procedural interface while the PDO_SQLSRV extension implements PDO for accessing data in all editions of SQL Server 2005 and later (including SQL Azure). These drivers rely on the Microsoft SQL Server 2008 R2 Native Client’s ODBC driver to handle the low-level communication with SQL Server.”

Here is some more information on the driver if you guys are interested in it.

http://sqlsrvphp.codeplex.com/

Operating System Security(the joke is on us)

2 Comments

Recently with the debacle of the Gentoo Linux distribution falling prey to a Trojan due to negligence on the part of the repositories administrators(see here: http://www.theregister.co.uk/2010/06/14/linux_game_backdoor/ and here http://www.gentoo.org/security/en/glsa/glsa-201006-21.xml) . The Windows crowd has been spreading all kinds of dis-information or rather some severe FUD(Fear Uncertainty and Doubt) with regards to this event. The truth is that NO operating system is safe be a desktop computer or server running Windows, Linux, MAC OSX or Unix and its variants.

The reason why these folks are getting all crazy about it is because when it comes to Linux this rarely happens. Since Linux advocates put security as the main reason to switch from Windows to Linux now that this has happen they can point the finger back at them and say “uh huh you see I told you Linux security was nonsense”. The absolute truth is that Linux is safer than Windows by leaps and bounds due to the nature of how the Linux OS is built. The Linux OS is built with multi-user from the ground up meaning that every user runs in its own separate space within the system with its own set of processes and have no root or administrative access to critical system processes. Which means that if a particular user were to ever get an infected file (virus) or a trojan or any other malware it would only live within that particular user space and can’t affect anything else. Windows on the other hand was not built this way and no matter how many versions of it they release they are still not built that way. Yes they now have a UAC (User Account Control http://www.neowin.net/news/main/09/01/07/windows-7-whats-up-with-the-uac) but this is still not built the same as most Linux distributions are. The Windows system relies on a central registry so if something goes wrong with one part of the system it most likely affects the rest of the system. So these folks apparently either don’t or can’t comprehend this or they just turn a deaf ear to it; which is fine but then they should not get upset when their systems get compromised and its all over the news.

When using any OS one should make sure that secure practices are in place to install software and that these softwares are coming from a reputable vendor. In the case of a Windows system a Network Administrator should make sure that all the software has been signed by the vendor with a digital certificate and that Microsoft has verified such said certificate. On the Desktop side for home user this is not as easy as most home users have no clue as to what this is. So they just download everything and anything that has an .MSI or .EXE extension which is the reason why they get all kinds of malware and viruses and soon their PCs become part of Botnets (http://en.wikipedia.org/wiki/Botnet).

On the Linux side software is distributed through repositories which are verified by the company who distributes the OS such as Ubuntu and Canonical. Canonical makes sure that all their software in their repositories are verified and that they have a GPG signature(http://www.gnupg.org/). Which means that all the software distributed on the repositories are safe and can be installed. Now if a user decides to go outside of this repository then it is up to the user to make sure that the software is reputable and that it too has a digital signature and it can be verified. And the same thing can be said for MAC users as well. Although we are not 100% sure if MAC OSX users actually have repositories or even have digital signatures for their software. But Apple applies this concept to the iPhone/iTunes through their application store.

The best thing to do for Windows users is to install a good anti-virus and software that can check for rootkits within the system (What is a rootkit? See here: http://en.wikipedia.org/wiki/Rootkit). You can also set strong passwords for your user(s) accounts and try to be very careful where you download software from. In the case of web infections this is a tough one to deal with; our best advice is to use FireFox or Google Chrome instead of Internet Explorer regardless of the stupid commercials Microsoft has been displaying on TV about IE.  It is not safe no matter what they say. And keep your system up to date with the latest software. Although this can be a bit tricky as Microsoft can sometimes break your system on patch Tuesday so here you take your chances.

For Linux folks they have wrote a good article here on ZDNET (http://www.zdnet.com/blog/btl/five-tips-for-improving-linux-security/35798).

MAC OSX users pay close attention to Apple updates and install them as soon as they are available.

Remember if you are going to go outside of a trusted software vendor or repositories please make sure you can verify who they are.

Windows 7 and Network Failure

Leave a comment

Long gone are the days of simple network setups and how much we miss them. Recently we had a client whom network setup went completely kaput after a Windows update. For some unknown reason the client’s network went completely haywire. The users within their office can no longer map any specific hard drives which are shared on the network nor see any computers/workstation which are part of Active Directory.

The setup for this network is very straight forward. The client is using Windows Server 2003 64-bit Enterprise edition with Active Directory/DHCP enabled.

Until now all their workstations were running Windows XP Professional with SP3 and they had asked us to upgrade all of these workstations to Windows 7 64bit Professional. So over this past holiday(Memorial Day 2010) weekend something went extremely wrong with their network setup. When employees got back to the office on Tuesday they could no longer see anything on their network, no printers, no servers, no shared directories and no workstations within the network.

So we were totally confused as to why this would happen. While investigating this particular situation we came across two workstation one which was still running Windows XP and another running Ubuntu 10.04. For some strange reason both of these PCs were still able to see everything and everyone within the network.

In our findings we discovered that Windows 7 somehow on its own changed from a Domain to a Work Group which is usually setup to network PCs whom are not part of a Domain, but why would Windows do such a thing. There should be no specific reason why this should change on its own unless an administrator switches the PCs manually.

After manually reconfiguring all the workstations to be part of the Domain again Windows 7 still cannot see any workstations, printers, shared directories or servers within the network. But the strange part about it is that they can access(and by access we mean just that not actually seeing it on the screen) things which were already mapped such as shared directories and drives. But any attempt to actually map or do a network search for a new drive or share directory does not work yet the workstations are now clearly part of the network Domain again because when we view the full network map on each workstation is shows that it is part of the domain. It goes to show that no matter how many pretty features you have on an Windows 7 or on any OS for that matter if you have a flawed system of performing updates and not taking into account the type of environments businesses might be using these updates will always create some kind of damage and failure.

I just hope for our clients sake that Microsoft did not pull one of their age old tricks and created a mess to make existing Windows 2003 server users upgrade to Windows Server 2008. That would really hurt our clients bottom line and this new version is not cheap.

But on a lighter note the users do like the Windows 7 Task bar.

If anyone has run in to a similar issue please let us know we would like to hear your situation.

Microsoft Tags, what could this be?

Leave a comment

Finally Microsoft has done something which could put them on the map to catch up to Google in terms of bringing relevant information to users all over the world.

Microsoft Tags (http://tinyurl.com/3x3ts9g) is a service which the company has recently released and get this “it is a free service” to use. It works by placing tags in the real world such as a billboard or any landmark then people with mobile devices can access this information. This means that if for example you are in the realty business and you place these tags on some of the properties you are selling you could access more detailed information about such properties on your mobile devices.

This reminds me of the Minority Report (http://www.imdb.com/title/tt0181689/) which would scan people’s eye retinas to serve them personalized ads (I see this coming very soon to the U.S). I believe that such a technology already exists in Japan and it could make its way on to the U.S.

However this being great and all that Microsoft has finally done something innovative. I wonder if this service/technology will only be available to Windows 7 mobile phones. I really doubt folks with Android phones will be able to use it. I somehow don’t see Microsoft sharing or allowing other mobile devices accessing this information. So lets not put our hopes up on this one folks.

It would be great if they did make it available to everyone just think of the possibilities in terms of how much information people would be able to access on the spot. Think of it in terms of students conducting research studies or if your at a museum or at a historical landmark and being able to get all the information about a particular piece of art or place.

This is the kind of innovative technologies Microsoft should be focusing on instead of trying to keep its tight lock on the world with its Windows/Office products.

I would be great if they would make it open source with a GPL license.

No matter how much reorganizing gets done nothing can stop the downward spiral!

Leave a comment

Over the years Microsoft has always given us mediocre products such as Windows(yes this means all versions including 7). Yet for some reason consumers buy these products; to me this does not make much sense. Why buy a product that breaks and you constantly have to call your tech support team(this means your geeky family member or geek squad). Now don’t get me wrong most people use Windows and its family of software because they have to not because they want to.

Microsoft since its early beginnings came across a wonderful business concept(sarcasm) called vendor-lock in. Every single product this company sells has some type of vendor-lock scheme. From Windows servers and home operating systems to their office products all 100% vendor-lock. So what does this mean? That there is not a chance in the world that you can safely move to a different operating system without loosing some data or not being able to move it at all. Yes this utterly sucks I know.

So now the giant wants to reorganize its gaming and mobile divisions(http://tinyurl.com/36bpk25) to catch up with the current trends. Oh yes sure that expensive new mobile phone(http://tinyurl.com/y7ktelj) they recently launched will do the job. This new gadget will get us all on Twitter and on Facebook. But wait a minute we are all there now and we all can use our not so expensive mobile devices. So again a little too late. As far as their gaming division goes, well lets just say it bleeds money and to think that this is the best division they have within the company. So if this division is loosing money(So far billions of dollars) what does this mean for Microsoft?

It means that their old way of thinking has got to go and that as a company it has to adapt to current trends pronto. No this does not mean lets wait and see if this or that becomes a trend. Apple (no better than Microsoft) has taken chances with new products and sure they failed a bunch of times. At one point the company was on the brink of going belly up but they hung in there. Microsoft needs to take a look at Apple and apply that formula to their products.

Here at the office we had an Xbox 360 for our gaming sessions. Guess what? Yes you guessed it we got the three red lights of death after an Xbox update(sounds a lot like the Windows blue screen of death). So we got ourselves a PS3 . Now we can game on-line and not pay a single cent. So now we have a better product while saving on a monthly fee.

Oh but wait I don’t know about you but I’ve been burned so many times by Microsoft products that I don’t think I could ever go back to purchasing or using them. Just look at what happen to IBM they too had this mentality back in the early 70’s and 80’s and now although the company is still in business it does not command the type of power it once had. And all because it forgot about what got them there in the first place us consumers.

So no matter how much reorganizing Microsoft does to their divisions they will achieve nothing that will be beneficial to us consumers unless they change their way of thinking and how they treat their customers and their competition. A little more innovation and smarts would not hurt either. Bang! Bang! Let us know what you think will ultimately happen to Microsoft’s mobile and gaming divisions.