Why lazy sysadmins and IE 6 make the net unsafe

January 16th, 2010 at 11:14 AM  3 Comments

The number of businesses still using Internet Explorer 6 is painful to see. Coupled with the fact that all of them are on Windows XP or Windows 2000, it turns from pain into terror, especially when it comes to security.

For a lot of system administrators, the reasons to stay outweigh the reasons to upgrade. Websites that break, plugins that won’t load, old software that isn’t updated anymore. Trust me, I’ve been there. However, a lot of it boils down to lazy and poor practices of system administration.

Yes, you’re lazy and you’re bad at your job. Internet Explorer 6 was released in 2001. Yes, 2001, most of us don’t even drive cars that old, let alone unleash people on the “information superhighway” with a browser that old. It was designed at a time when security was not the issue it is today. It was designed to work on operating systems like Windows 98 and Windows ME. Would you let people use Windows ME on your network? No! So why are you letting them use a browser that was built for it?! (more…)

January 'Patch Tuesday' to be very light on security

January 7th, 2010 at 7:21 PM  2 Comments

This patch Tuesday will be one of the lightest ones for security in recent memory. According to the Security Bulletin Advance Notification for this month, Microsoft will only be releasing one patch for Windows, and none for Internet Explorer or Office. The patch will be issued on Tuesday, January 12, and will be followed on January 13 by a 90 minute webcast at 11:00 AM Pacific. In addition to the one patch for Windows, Microsoft will also release an updated version of the Malicious Software Removal Tool.

The patch is considered critical for Windows 2000 users, and low for all other versions, and relates to a remote code execution venerability. Effected operating system versions include every currently supported edition both on the client and server side:

  • Windows 2000 Service Pack 4 [Critical]
  • Windows XP Service Pack 2 & Service Pack 3
  • Windows XP x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2 (32-bit, 64-bit & Itanium)
  • Windows Vista Service Pack 1 & Service Pack 2 (32-bit & 64-bit)
  • Windows Server 2008 Service Pack 2 (32-bit, 64-bit & Itanium – except Server Core installs)
  • Windows 7 (32-bit & 64-bit)
  • Windows Server 2008 R2 (64-bit & Itanium – except Server Core installs)

Microsoft will still be releasing one or more non-security but high-priority update through Windows Update and Windows Server Update Services, but has not yet disclosed details.

Microsoft highlights MED-V features for Windows 7

January 7th, 2010 at 1:33 PM  No Comments

Microsoft Enterprise Desktop Virtualization (MED-V), is a component of the Microsoft Desktop Optimization Pack (MDOP) for Software Assurance customers. It allows administrators to provide a virtualized desktop image to users and manage them from a central console. The upcoming Service Pack 1 for MED-V will expand support for Windows 7 (both 32 and 64-bit) as a host platform. Considering most large companies held off on upgrading to Windows Vista and opted to wait for Windows 7, this technology will help boost the migration since they can do so and run older programs that may no longer be supported or have not been certified for Windows 7.

In V1 SP1, MED-V continues to employ Virtual PC 2007 as the virtualization engine but unlike the consumer “Windows XP Mode” it does not require hardware-assisted virtualization like Intel VT or an AMD-V to be present in the processor. This allows even those with lower end or older processors to take advantage of enterprise desktop virtualization.

Microsoft has put together a screencast demonstrating running a MED-V workspace using a V1 SP1 client in the Windows 7 environment.

Get Microsoft Silverlight