All posts in Uncategorized

Windows Vista shipped to business customers on the last day of November 2006, so the end of November 2007 marks the one year anniversary for supported production use of the product. This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products. The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor. Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor, Windows XP.

Note that this report is an update to the previously published Windows Vista 90-Day Vulnerability Report and Windows Vista 6-Month Vulnerability Report. However, since one year is a more informative time frame, this report contains the results of a deeper level of analysis.

Included in this document

• Executive Summary
• About the Author
• Overview
• Interpreting the Analysis
• The Security Researcher Ecosystem
• Windows Vista vs Windows XP
• Windows Vista – Year One
• Windows XP – Year One
• Side-by-Side Comparison
• Windows Vista vs Other Operating Systems
• Red Hat Enterprise Linux
• Ubuntu 6.06 LTS
• Apple Mac OS X v10.4
• Side-by-Side Comparison
• Final Observations
• APPENDIX A: FREQUENTLY ASKED QUESTIONS
• Appendix B: Sources and Methodology
• Discovering Unfixed Vulnerabilities

Download Link – http://www.microsoft.com/windowsserver/compare/ReportsDetails.mspx?recid=54&tapm=A80S05B05

The possible release dates for XP SP3 are;

• April 14, 2008: Support is available for the release version of Service Pack 3 for Windows XP
• April 21, 2008: Original Equipment Manufacturers, Volume License, Connect, and MSDN and TechNet subscribers
• April 29, 2008: Microsoft Update, Windows Update, Download Center
• June 10, 2008: Automatic Updates

Zune Marketplace is no iTunes killer. But maybe Zune VideoX will (at least attempt to) be.

After recently hearing about Microsoft’s grand entertainment-marketplace/service (codenamed eLive), now I’m getting word of yet another Microsoft entertainment marketplace, known currently as “Zune Video X” (for Video Experience).

One of the main movers and shakers behind the initiative is said to be Joe Belfiore. Corporate vice president of the Entertainment and Devices eHome Division. Belfiore was responsible for “development, business management and marketing of Microsoft Windows XP Media Center Edition and related devices, including Media Center Extender and the Media Center DVR,” last anyone heard of him. As Seattle Post-Intelligencer reporter Todd Bishop noted today, Belfiore is rumored to be working on something Zune-related now.)

Full Article – http://blogs.zdnet.com/microsoft/?p=1341

Zune Marketplace is no iTunes killer. But maybe Zune VideoX will (at least attempt to) be.

After recently hearing about Microsoft’s grand entertainment-marketplace/service (codenamed eLive), now I’m getting word of yet another Microsoft entertainment marketplace, known currently as “Zune Video X” (for Video Experience).

One of the main movers and shakers behind the initiative is said to be Joe Belfiore. Corporate vice president of the Entertainment and Devices eHome Division. Belfiore was responsible for “development, business management and marketing of Microsoft Windows XP Media Center Edition and related devices, including Media Center Extender and the Media Center DVR,” last anyone heard of him. As Seattle Post-Intelligencer reporter Todd Bishop noted today, Belfiore is rumored to be working on something Zune-related now.)

Full Article – http://blogs.zdnet.com/microsoft/?p=1341

Virtualization Nation,

Last week, I blogged about the importance of HA for unplanned host downtime. By the number of responses, this is clearly a hot topic. Today, I was going to discuss planned downtime, specifically, the differences between Quick Migration and Live Migration; however, after sifting through all that feedback last week I realized that we need to dispel some myths first…

After my last blog I received almost two dozen email telling me that VMotion was far superior for unplanned host downtime and that it was a much better HA solution because it could live migrate virtual machines. I’ve heard this fallacy espoused for many years and, folks, this simply isn’t the case.

In the case of unplanned downtime, VMotion can’t live migrate because there is no warning. Instead you must have VMware HA configured and the best it can do is restart the affected virtual machines on other nodes which is the same as what is provided with Windows Server 2008 Hyper-V and Failover Clustering.

Full Article – http://blogs.technet.com/virtualization/archive/2008/04/14/hyper-v-quick-migration-vmware-live-migration-part-2.aspx

Virtualization Nation,

Last week, I blogged about the importance of HA for unplanned host downtime. By the number of responses, this is clearly a hot topic. Today, I was going to discuss planned downtime, specifically, the differences between Quick Migration and Live Migration; however, after sifting through all that feedback last week I realized that we need to dispel some myths first…

After my last blog I received almost two dozen email telling me that VMotion was far superior for unplanned host downtime and that it was a much better HA solution because it could live migrate virtual machines. I’ve heard this fallacy espoused for many years and, folks, this simply isn’t the case.

In the case of unplanned downtime, VMotion can’t live migrate because there is no warning. Instead you must have VMware HA configured and the best it can do is restart the affected virtual machines on other nodes which is the same as what is provided with Windows Server 2008 Hyper-V and Failover Clustering.

Full Article – http://blogs.technet.com/virtualization/archive/2008/04/14/hyper-v-quick-migration-vmware-live-migration-part-2.aspx

Microsoft (NSDQ:MSFT) on Tuesday confirmed that it plans to release a third service pack for SQL Server 2005 by the end of the year.

In a Tuesday blog post, Francois Ajenstat, Microsoft ‘s director of SQL Server marketing, announced that Microsoft will deliver SQL Server 2005 SP3 after the release to manufacturing of SQL Server 2008, which is currently slated for Q3.

“Our goal is to get SP3 released in the market in [calendar year] 2008,” wrote Ajenstat.

Ajenstat said the decision was made “in the spirit of transparency” and to give customers as much advance notice as possible for testing and planning deployments. This statement is somewhat ironic in light of the cone of silence Microsoft has traditionally maintained around service pack release dates.

SQL Server 2005 was one of many obstacles that Microsoft VARs faced in getting their customers’ systems in line with the myriad requirements of Windows Vista.

Full Article – http://www.crn.com/software/207200912

Finally, IIS 7.0 has a PowerShell Provider!

The IIS7 PowerShell Provider allows you to

• Create Web-Sites, Web Applications, Virtual Directories and Application Pools
• Change Simple Configuration Properties on Web-Sites, Application Pools, Web Applications and Virtual Directories
• Add and Change Complex Configuration Settings
• Query Run-time Data (Web-Site State, Application Pool State, Currently Executing Requests)
• Execute Advanced Configuration Tasks, Scripting, Integration with other PowerShell Snap-Ins and features
• Search and Discover Configuration Settings

Tech Preview 1 of the IIS 7.0 PowerShell Provider can be found here:
x86: http://www.iis.net/downloads/1664/ItemPermaLink.ashx
x64: http://www.iis.net/downloads/1665/ItemPermaLink.ashx

Within hours of Microsoft redirecting its UK users from Live Search Maps to Multimap last week, user dissatisfaction spread like wildfire.

On Monday, April 14, Microsoft responded and restored full Live Search Maps access to disgruntled users.

Microsoft bought Multimap in December 2007 and made it a subsidiary of its Virtual Earth and Search teams.

Full article – http://blogs.zdnet.com/microsoft/?p=1335

One of the big topics of discussion on my recent visit to Citrix’s Advanced Products Group office in Sydney was their “portICA” technology. PortICA is the name of the technology that “ports” the ICA protocol stack from Presentation Server / Terminal Server to a workstation OS. In other words, portICA lets you use the ICA protocol to connect to a Windows XP or Vista host acting as the server (for a VDI or blade PC scenario). Citrix is using PortICA instead of the built-in RDP-based remote desktop option in their upcoming XenDesktop product. (Note: All of the portICA technology described in this article is part of Citrix XenDesktop 2, currently in beta, scheduled for a May release.)

Full Article – http://www.brianmadden.com/blog/BrianMadden/Accessing-Windows-XP-and-Vista-via-Citrix-XenDesktop-ICA-portICA-How-does-this-really-work

If you do, you should definitely email the guys who are looking after the betas’.

If you are interested, drop an email to [email protected], with the name of the beta you want to go onto in the subject line:

• Small Business Server 2008 Beta Program
• Essentials Business Server 2008 Beta Program

And simply ask for the information, and they’ll send it to you as soon as its available!

In the mean time, you can read all about Small Business Server 2008 and Essentials Business Server 2008!

Exchange 2007 Server Roles – Exchange 2007 has expanded the concept in Exchange 2007 Server of server roles, which further extends the old 2 role front end back end topology, with a new 5 role model.

Breaking down the Exchange 2007 server roles has a lot of advantages, allowing your exchange topology to be more flexible, highly scalable, allowing better hardware utilization, this together with the advantages of 64bit allow more mailboxes to be hosted on a single server.

The five Exchange 2007 Server Roles are as follows and shown in figure 1 below:

· Mailbox Server Role

· Client Access Server (CAS) role

· Hub Transport Server (HTS) role

· Edge Transport role

· Unified Messaging

Full article – http://exchangeis.com/blogs/exchangeis/archive/2008/04/15/exchange-2007-roles-an-introduction-to-exchange-2007-server-roles.aspx

Exchange 2007 Server Roles – Exchange 2007 has expanded the concept in Exchange 2007 Server of server roles, which further extends the old 2 role front end back end topology, with a new 5 role model.

Breaking down the Exchange 2007 server roles has a lot of advantages, allowing your exchange topology to be more flexible, highly scalable, allowing better hardware utilization, this together with the advantages of 64bit allow more mailboxes to be hosted on a single server.

The five Exchange 2007 Server Roles are as follows and shown in figure 1 below:

· Mailbox Server Role

· Client Access Server (CAS) role

· Hub Transport Server (HTS) role

· Edge Transport role

· Unified Messaging

Full article – http://exchangeis.com/blogs/exchangeis/archive/2008/04/15/exchange-2007-roles-an-introduction-to-exchange-2007-server-roles.aspx

With some estimates predicting that as much as 60 percent of companies’ data resides outside their corporate data centers, how can solution providers go about managing such an onslaught of information across distributed environments? Companies cannot survive without some form of data protection, so backup and storage management is an essential part of every data center.

Part of putting together a solution lies in Windows Server 2008’s new data management features. By probing under the surface, the CRN Test Center found some new and exciting features, techniques and tools that can help solution providers build robust data management solutions with the new Windows Server 2008.

Full Article – http://www.crn.com/software/207001513?cid=CRNFeed

If Silverlight 2 is Microsoft’s shining new addition to the family (and deservingly so) then gadgets, both Windows Vista Sidebar and web gadgets are the all but forgotten middle children. In this article I pose the question: Has Microsoft all but given up on it’s gadget platforms?

Consider the following:

1. Many groups within Microsoft have blogs where they talk about what’s going on in the group, give advise on programming, etc, but some groups are more involved with their readers that others. The last post to the Windows Vista Sidebar Blog is dated July 31, 2007 and the Windows Live Gadget Blog is dated June 27, 2006.
2. Most of the top players in Microsoft’s Live.com group (the innovators of web gadgets) have either left the company or moved on to other groups within Microsoft.
3. At Microsoft’s MIX08 conference in Las Vegas, I did not hear the word “gadget” uttered once by any panel member or during the keynote.

Full Article – http://www.liveside.net/blogs/developer/archive/2008/04/11/is-microsoft-serious-about-gadgets.aspx