For a lot of system administrators, the reasons to stay outweigh the reasons to upgrade. Websites that break, plugins that won’t load, old software that isn’t updated anymore. Trust me, I’ve been there. However, a lot of it boils down to lazy and poor practices of system administration.

Yes, you’re lazy and you’re bad at your job. Internet Explorer 6 was released in 2001. Yes, 2001, most of us don’t even drive cars that old, let alone unleash people on the “information superhighway” with a browser that old. It was designed at a time when security was not the issue it is today. It was designed to work on operating systems like Windows 98 and Windows ME. Would you let people use Windows ME on your network? No! So why are you letting them use a browser that was built for it?!

“But it’s not our fault, we don’t write the bad software, or the non-compliant websites.”

You’re right, you don’t. But you have the responsibility and the power to keep your network, and the rest of the Internet safe.

The replacement for IE6 has been out now for just under 4 years. Actually, the replacement for it’s replacement has been out almost a year. Meaning all you lazy administrators had two chances to migrate your systems over to an updated browser. Yes, you’re lazy. If you have applications that “require” Internet Explorer 6, the decision should have been made to dump them or upgrade them long ago. A line in the sand should have been drawn that said you were not willing to support such an old and insecure piece of software.

Why is this such a big deal? Because security threats targeting users of Internet Explorer 6 continue to threaten the security of the Internet, and of your own network. Just this week, Microsoft admitted that IE6 was one of the vectors used to attack companies like Google. Why is Google still using Internet Explorer 6? Or I guess a better question is, why is Google even using Internet Explorer at all, when they develop Chrome? Either way, it’s disappointing to see that a company like Google, who tends to be on the bleeding edge of updates, is doing something stupid like running a almost decade old browser.

The most recent threat, has no effect on users of Internet Explorer 7 or 8, even on Windows XP. Actually, Jonathan Ness over at MSRC Engineering put together a nice little chart explaining what browsers and operating systems are at risk with the latest attack vector.

The short of it, if you’re still running Windows 2000 on workstations, you should be fired. If you’re running Windows XP and Internet Explorer 6, you should march into your CIO’s office on Monday and demand that you at least figure out how to migrate to Internet Explorer 7 ASAP, meanwhile worry that your network isn’t the next one to be attacked by these unpatched exploits. If you’re running Internet Explorer 7, you should turn DEP on to prevent future threats, or see if migrating to Internet Explorer 8 is possible.

But really, for the small group who has already migrated to Windows Vista or Windows 7, enjoy your weekend.

To all my fellow sysadmins out there: Stop being lazy, and start securing your networks.

In V1 SP1, MED-V continues to employ Virtual PC 2007 as the virtualization engine but unlike the consumer “Windows XP Mode” it does not require hardware-assisted virtualization like Intel VT or an AMD-V to be present in the processor. This allows even those with lower end or older processors to take advantage of enterprise desktop virtualization.

Microsoft has put together a screencast demonstrating running a MED-V workspace using a V1 SP1 client in the Windows 7 environment.

Larry Larsen over at Microsoft’s Channel 9 has a great interview with Bill Buxton, one of the Principle Researchers at MSR and the author of Sketching User Interfaces. It talks about their work with what Microsoft has dubbed “Natural User Interface” and how the multi-touch technologies in products like the Apple iPhone and Windows 7 will eventually become a regular part of computing, as well as new technologies like those in the Xbox 360 Project Natal.

After starting late due to power issues (which fried one of the Microsoft demo units on stage) the keynote got off to a rather boring start with Steve Ballmer, Microsoft CEO, giving various statistics about how well recently released products like Windows 7 and Bing are doing. For the first half hour, the audio stream for the webcast was so bad, it kept cutting out and then required constant volume adjustment. Note to Microsoft, hire a decent sound engineer next time.

If you’d like to watch the keynote for yourself, you can see the saved version on the Microsoft website.

It was all pretty much downhill from there. The much discussed “Courier” tablet that many in the tech press was excited they would announce never came, and there were no details about Windows Mobile 7… at all. Only “we’ll have more about mobile at Mobile World Congress.” So overall, the keynote failed to deliver much of anything that we didn’t know or have not seen already. But, here is a breakdown of what was covered, after the break.

• Microsoft has three goals in 2010: screens everywhere (meaning more PC and other devices), cloud services and natural UI.
• Since it’s launch, Microsoft has sold over 39 million Xbox 360s. No data was provided on how many of those are replacement units after the first one suffered from a RRoD (red ring of death) — in addition, there are currently 500 million games for the console, generating retail spending of over $20 billion.
• Xbox Live membership is now at over 20 million people.
• Project Natal, the natural motion capture interface for the Xbox 360, will be available for the holiday season of 2010.
• One interesting bit of news, is that HP and Microsoft will be teaming up to make Bing the default search engine and MSN the default homepage on their newly sold systems. Although it would seem that the agreement is something like “don’t change the Internet Explorer defaults to Google.”
• In the world of car multimedia: Ford will be rolling out updates for the next version of their Sync platform that include HD radio tuners that feature iTunes tagging. Blue&Me has now been sold in 1 million FIAT cars and KIA announced their UVO system rolling out in late 2010. Both Blue&Me and UVO are based on the same Windows Automotive embedded technologies as Ford Sync.
• While Windows Mobile 6.5 came out last year, it has generally been received with tepid enthusiasm. Ballmer refused to talk about Windows Mobile 7 last night, which is seen as the last ditch effort to save the platform. We shouldn’t have very long to wait for more information though, as MWC is February 15-18 and Ballmer promised to have more during that time.
• What Ballmer did focus a lot on was Windows 7, which he said (and I would agree) is “faster, leaner, less busy… simpler to complete common tasks” – while we learned most of this during the launch back in October, it’s still interesting that there were 3,000 engineers, 50,000 partners, 8 million beta testers for Windows 7.
• According to Ballmer, NPD says PC sales jumped 50% at the Windows 7 launch, and Black Friday was up 64% over last year. Gardner also says that in 2010 there will be a 12% PC growth over 2008. While Microsoft believes that has a lot to do with Windows 7, and they may be partially right, it should probably also be considered that the economy in late 2009 wasn’t quite as bad as the “OMG! PANIC!” economy of late 2008, and that consumer spending was stronger last year overall.

“The range of PCs with Windows 7 is virtually limitless … it has broadest ecosystem of developers in the world … over 4 million Windows applications, 800,000 of them unique to Windows 7 just since the beta was released”

After Ballmer came Ryan Asdourian, Senior Product Manager for Windows, who came out to highlight all the different devices that run Windows 7. Sort of a “hey Apple, look we have cool and sexy hardware too!” A couple of the ones I liked were the Dell Adamo XPS notebook, which isn’t new, but it always great to look at. Asdourian highlighted the fact that the notebook is thinner then a poker chip and also wakes up from sleep mode faster then you can open the lid. Another system I wouldn’t mind getting my hands on was the HP Envy 15, which features a DirectX 11 video card with 1GB of memory. Not bad for a notebook.

Watching Ballmer on stage with Asdourian was almost painful though. Seeing poor Ryan get teased and attacked by his boss in a failed attempt at humor. It was uncomfortable to watch, and makes me wonder what it’s would be like to have to deal with him on a regular basis.

One of the things that I did see some significant benefit to was the new collaboration feature of Windows Live Skydrive and Office 2010. In it, files that are stored and shared out of Skydrive can be opened by multiple users, and changes merged back into one document. The example that Asdourian used was students working on a PowerPoint presentation, in that each student could be simotaniously working on the same file, without having to share one computer. I can see this being useful at work, where all of our students already have Skydrive accounts though Live@edu.

Next Microsoft turned it’s keynote focus to uniting software with the cloud, which is an approach I tend to be a fan of. My view, and also that of Microsoft, seems to be that the best approach for software going forward is having locally installed applications that communicate back into the cloud to instantly receive data. This is in contrast to Google’s approach to the cloud which tends to be “put everything there and use a web browser to get it” … which works for some applications and users, but not all, especially when access to an Internet connection is slow or non-existent.

Microsoft also announced last night that their Mediaroom 2.0 software will be available for IPTV operators to start testing next month. Mediaroom is the world’s most deployed IPTV platform, powering such operators as AT&T U-Verse. The new version will allow providers to offer on-demand TV service to Windows 7 based PCs using Windows Media Center as well as on the Xbox 360. They can also offer on-demand programming to any web-browser on the PC or Mac, as well as compatible smartphones in the near future.

Mediaroom 2.0 will also add support for Silverlight and IIS Smooth Streaming.

Again, if you’d like to watch the entire keynote, you can do so over on the Microsoft site, but I wouldn’t suggest it. As more information comes out of CES that is Microsoft related (or if I see something interesting that comes from someone else) you can be sure to read about it here later this week.

“It’s the exact same ASLR as in Leopard, which means it’s not very good,” Miller said, “Apple didn’t change anything. I don’t understand why they didn’t. But Apple missed an opportunity with Snow Leopard.”

When OS X 10.5 (Leopard) was released, Miller and others were critical of Apple not fully implementing ASLR. While there is ASLR present in both Leopard and Snow Leopard, they fail to the heap, the stack and the dynamic linker, the parts of the operating system that are most open to attack. Linux also has what many consider a weak implementation of ASLR since kernel version 2.6.12, although some distributions include better ASLR then the stock kernel based on third party code.

Miller did say that there are elements of Snow Leopard that show Apple did do some things to improve security, most notably the inclusion of data execution prevention or DEP, which utilizes both processor-hardware and software based security programming to help prevent buffer overflow attacks by blocking code from running in memory spaces that’s supposed to contain only data.

However, Apple may be late to the game with implementation of DEP, as it has been present in Windows operating systems since Windows XP Service Pack 2, with further refinements made in Windows Vista and Windows 7.

By incorporating both technologies, Miller says it becomes extremely difficult to craft memory attack exploits. “If you don’t have either, or just one of the two [ASLR or DEP], you can still exploit bugs, but with both, it’s much, much harder. Snow Leopard’s more secure than Leopard, but it’s not as secure as Vista or Windows 7.”

There are 25 events across the country so I am sure there is one near you. Sorry international folks, Microsoft will not be holding similar events abroad.

For more information or to register for an event, visit the Microsoft event home page.