Vol. 21, #42 - October 17, 2016 - Issue #1102
In this week's newsletter we're asking our readers for advice about how online businesses can protect themselves against the latest threat: distributed denial of service (DDoS) attacks by botnets of Internet of Things (IoT) devices like Internet-connected refrigerators, television sets, washing machines, and so on. Share your thoughts with on this subject and help other IT pros struggling to safeguard themselves against such attacks. Plus we also have tips, tools, and other stuff of interest for busy IT pros.
Yes, even the lowly refrigerator can be dangerous if you're not careful as Ratbert illustrates in this Dilbert comic strip:
Two weeks ago a reader named Michael sent us the following question which he's been unable to dig up an answer for anywhere else:
Maybe I just don't get it, maybe it's a non-issue, maybe I'm just too old and cynical, but I don't understand why "The World, et-al" is declaring HTML5 video to be the savior of the internet and the death of flash as a video format, when all it is, is a container. One still has to stick a video, of some format, inside the HTML5 video container, and I am noticing that people are sticking flash videos inside it. I don't understand how this improves anything, and the one thing I have also noticed is how much harder my computer has to work since it is dealing with 2 things now, the container and the video stream, whereas before, my computer could deal with just the video stream much more efficiently. I tried asking this a couple of places, and I am greeted with blank stares and links to pamphlets like, Everything one needs to know about the new HTML5 standards... yea! Guess I'll just buy myself a tin foil hat with the slogan - The sky is falling.
Two of our readers commented on this topic:
Your reader Michael posed a question about video in HTML5 and the use of Flash. One of the many promises of the HTML5 standard is that a compliant browser could playback video assets without the need for third-party plugins such as Flash. Previous versions of HTML had no built-in video decoding capability and were dependent upon external decoders. Of course one can reference all manner of media types from an HTML5 coded web page but if a video asset is encoded with MP4, WebM or Ogg then a HTML5 compliant browser should be able to play it without help from any outside code. Hard to say what you might experience in playback efficiency as it greatly depends upon the specific decoder implementation each browser uses and whether or not it can take advantage of GPU rendering, which can vary from system to system. For mobile devices that have mostly completely abandoned Flash, HTML5 is the way to go. --a reader named Mark.
I agree with your correspondent that it really doesn't make sense. In this case you can lay the blame firmly at the feet of Steve Jobs, who seemed to hate Flash with a vengeance and therefore wouldn't allow it on to iPhones and iPads. It's true that there was a lot wrong with Flash at the time but I think, in the end it all came down to money and control. If your app is written using Flash then it could bypass the Apple App Store, meaning that Steve didn't get his 30%. That may be cynical but it's quite clear that, while Steve Jobs was a visionary in many ways, he was also an utter control freak and this definitely wouldn't have sat well with him. Since Apple controlled such a large share of the market web developers were forced to follow suit. Anyone can see that HTML5 was never going to be a complete replacement for what Flash could do but it provided just enough that Steve could claim it would replace Flash, so the gradual demise of Flash started. Sadly, other similar products such as Microsoft's excellent Silverlight have also had to follow suit. --John, a Senior Analyst from the UK
If any other readers have comments or suggestions on this topic you can email us at firstname.lastname@example.org
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at email@example.com
The jury is still out concerning the best way of dealing with problems getting Windows 7 machines to update in a timely fashion. We covered this subject in Issue #1098 Windows 7 updating pain and later in Issue #1100 Reader Feedback: Windows 7 updating pain but the reader feedback keeps on trickling in. Let's hear what a few more of our newsletter readers have to say about this problem:
We had a number of Windows 7 machines that for various reasons had not been updated in a few months. Some would fail with an error code during windows update. Others would spin forever "downloading updates". I wasted a lot of time trying various KB patches, cache clearing, registry fixes, etc and had a low percentage of success. But one thing did work for me 100% of the time: Install the latest windows update agent, reboot, and run windows update again:
After installing the agent, the windows updates might not be quick (some machines take a few hours to update), but they have always succeeded without error. --a reader named Paul
We use WSUS offline to process donated computers we give away and have done hundreds of XP, VISTA and 7 computers using it. After we install a fresh copy of the OS on the computers the updateinstaller of WSUS is run from a USB (or over a network or the directory is copied and run from the computer itself). It brings the OS up to date, or at least as up to date as the most recent run of the updategenerator can make it. WSUS is actually 'donationware' rather than freeware I think. With older versions of Windows it could also save Internet bandwidth downloading Microsoft updates since you could set all your computers to manual updates, update the WSUSoffline database (it can store updates for all versions of Windows at once if your device has the room!) and run the updateinstaller locally via USB or over the network. --a reader named John
As a system builder and one who still sells new Windows 7 Pro PCs, I too have been plagued by the Windows Update procedure. Even on a brand new build, the update takes HOURS. The WSUS Offline tool has been my redemption. I use it on all my brand new Windows 7 builds, or any time I have to do a factory reload. I do not monkey with any settings and since it is a brand new machine, I do not have to worry about what updates are already installed. The best procedure I have come up with is to run the program for the appropriate operating system (support is included for Windows 8 and 10), download to a folder, copy the folder to a DVD and run it on the PC. I did find the latest update, 10.8, seems to have a bug. It stopped when trying to compile a list of missing updates, and just sat there for the rest of the night. A quick return to the previous version 10.7.4 ran as expected. No issues. Hope this helps. --name withheld by request
Regarding the issue of updating Win7 computers I like many others have the same issue. The first solution seems to have worked for me on a factory restored laptop which is currently installing 252 updates. I have others which have a last update of 12 July 2016 which just hang checking for updates so will try the solution on them as well. Am I being cynical in suggesting MS have broken the updating process so we all get so frustrated we upgrade to Win10 or replace the computer? Especially as the July date is suspiciously close to the end of Win10 free update. Surely not!! --Colin from the UK
Thank you for your coverage of the "Windows 7 updating pain"… Based on the response, something is obviously screwed up over at Microsoft. Just since the last couple weeks, I've seen a *new* Windows 7 update problem: systems which are otherwise up-to-date, are now listing 265 critical updates.. and SVCHOST process at 100% on 1 core. --Ted, the founder of System Administrator Appreciation Day
Interesting feedback from the readers. I share their pain, however I have an eight year old laptop (long service gift) locked into Windows Vista due to a lack of compatible Win-7 drivers and which is also suffering from Windows Update problems. Solutions to this appear to be much harder to find. Personally, and this is just my opinion, I suspect that Microsoft has taken a Machiavellian approach (if you wish to promote a new system then you must first destabilize the existing system) and deliberately broken Windows Update for older Windows versions. --John from South Africa
And in Issue #1099 Malware and cloud backup: a bedtime story we shared how one of our readers helped a client recover data from their mission-critical PSQL database which had been rendered useless by a Cryptolocker-style, data-encrypting malware attack. Felix, a Microsoft Small Business Specialist from Australia, wrote us with the following suggestion:
An interesting story from Bill Bach. I wonder if the end user had a VSS aware version of PSQL. We use and recommend backup solutions like the one Bill describes, but you must make sure that all software used is VSS aware and has a VSS writer, so that a proper backup is taken. It appears that in Bill's client's case this was not happening. Checking the PSQL site, I note that PSQL has only supported VSS with V11 SP2:
Of course best practice is to always do a test restore of your backup once implemented and do these tests every few months to make sure your backups are actually usable.
And now on to our main topic for this week's issue...
Online businesses have had to contend with fending off DDoS attacks for years now. And with more and more businesses moving into the cloud, dealing with these attacks is more important than ever. I wouldn't be surprised if DDoS has birthed a whole industry of security companies specializing in helping cloud hosting providers maintain the availability of their services in the face of DDoS attacks.
In the past however, such attacks were typically launched by collections of compromised desktop PCs running unpatched or older Windows operating systems. These "botnets" of "zombies" are infected with malware that allows a centralized attacker to control them for launching sustained DDoS attacks against designated targets.
Now however it looks like the danger of DDoS is even greater as we now have examples of such attacks being initiated from botnets of IoT devices. It turns out that IoT devices are often easier to hack than PCs, and with the number of IoT devices expected to explode exponentially over the next few years, the DDOS threat level is rapidly becoming dire.
Or is it? Are such worries blown out of proportion by click-hungry tech media outlets?
And if IoT DDoS is in danger of becoming a real threat to cloud-based businesses, there must be steps businesses can take to mitigate the danger post by such threats--right?
Which of course raises a second question: What specific steps can an online business take to protect themselves against IoT DDoS attacks? And if your business does experience such an attack, what can you do to get yourself out from under it so customers can continue accessing your online services?
We'd appreciate it if our readers would weigh in on these questions and send us your comments and suggestions. We're especially looking for feedback from those of you who run or host online businesses and from readers who work or have expertise in the IT security field, but we'd also happily consider suggestions from any of you who have thought deeply about this matter. Email us at firstname.lastname@example.org and we'll share the best comments with our readers.
Got feedback about anything in this issue of WServerNews? Email us at email@example.com
VIDEO: Why IoT is Important to Small Business (Channel 9)
Getting Started with the Internet of Things (IoT)
In this in-depth course, learn to use your existing developer skills to solve business problems in new and exciting ways, using free versions of Visual Studio and Windows, along with a Raspberry Pi 2 or 3. Explore Windows 10 IoT Core, see how to develop for Windows and non-Windows IoT devices, and find out how to use Azure IoT Hub and Stream Analytics to establish two-way communication between IoT devices and the cloud. Plus, integrate Arduino device capabilities with Windows 10 device capabilities in a single code project.
"There is no right and wrong. There's only fun and boring." --from the movie "Hackers" (1995)
Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at firstname.lastname@example.org and we'll try to troubleshoot things from our end.
Until next week,
GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at email@example.com
Watch an online recap of Microsoft Ignite with Clint Wyckoff, Evangelist at Veeam Software. Revisit key announcements and most interesting sessions.
Balabolka is a Text-To-Speech (TTS) program:
Glint monitor shows system activity by making visible system performance counters in local or remote Windows PC:
Beyond Compare is a utility for comparing text files, folders, zip archives, and FTP sites:
GOT TIPS you'd like to share with other readers? Email us at firstname.lastname@example.org
Ben Armstrong shares a PowerShell script you can use to gather info about which guest operating system is running in virtual machines on your Hyper-V host:
Ever had difficulty deciding which Office 365 online forum you should ping to get help on some issue beplaguing you? This thread from the Microsoft Answers Community can help you sort through the options for online help:
Confused about the different display modes available in Citrix environments? This blog post by Sacha Thomet can help you find your way through the jungle:
Microsoft Ignite Australia on February 14-17, 2017 at the Gold Coast Convention & Exhibition Centre, Broadbeach, QLD
Microsoft Worldwide Partner Conference (WPC) on July 9-13. 2017 in Washington, D.C.
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact email@example.com
This week we feature some of the Windows 10 articles on our new site TechGenix.com.
Low Latency: 4 contributors to your network's most important asset
Low latency is the networks most important asset. Packets need to be quickly processed, queued, serialized and propagated across the network to get this.
CryLocker ransomware: double nightmare
CryLocker ransomware is causing a whole host of headaches for security researchers.
Is Hybrid Cloud Dead?
This article examines whether hybrid cloud computing is still a viable model for enterprises to pursue or whether they should just jump to the public cloud.
Easy on the eyes: What IT professionals can do about eyestrain
Eyestrain is a growing problem for IT professionals, who spend many hours staring at various screens. Here are some solutions that can help.
Microsoft retires Azure RemoteApp, Citrix will deliver the successor
Microsoft's Azure RemoteApp will be retired, to be replaced by a new platform delivered by Citrix. What does this mean for users?
Analyzing Exchange Logs with Azure Log Analytics (Part 4) (MSExchange.org)
Publishing and authenticating access to Exchange using AD FS and WAP (Part 2) (MSExchange.org)
WSUS and Powershell – Maintenance Script to decline updates with certain keyword (timmyit)
Taking Control of VM Sprawl (Part 18) (VirtualizationAdmin.com)
Application security redux: It's All about the Apps (Part 8) (WindowsSecurity.com)
How to Install Vulnerability Assessment Configuration Pack (myITforum)
Dashboards for ConfigMgr (myITforum)
Lookout ConfigMgr Admins, Windows Monthly Updates are Gonna Get Huge (myITforum)
Provisioning packages for Windows 10 (Windows IT Center)
Edgy about Windows 10 Edge! (myITforum)
Strike a balance when working with IT interns
While they can't replace seasoned administrators, IT interns can be an excellent addition to any team, provided they're equipped with the proper training. Here are some tips to keep in mind when it comes to IT interns:
Control the costs of cloud storage with these five steps
With cloud storage investments on the rise, IT teams are looking for ways to maximize their returns. Here are five ways to more tightly control, or reduce, the costs of cloud storage. Follow these five steps to identify and eliminate any unnecessary cloud storage fees.
Create a DevOps infrastructure with code -- it's easier than you think
Infrastructure as code allows DevOps teams to control their infrastructure like devs do application development while maintaining robust virtual server and networks in the cloud. Click the link below to learn more:
There's more than meets the eye with vRealize Log Insight
Setting alerts and sharing dashboards are just two of many features admins don't always take advantage of in vRealize Log Insight. Find out some of the others in this complimentary tip from our editors:
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at firstname.lastname@example.org
While "bots" and "botnets" are certainly interesting, robots have a lot going for them as well as these videos illustrate...
In 1963, Jim Henson created this informational film for Bell System (now AT&T), introducing this new thing called 'data communication':
The BristleBot is a simple and tiny robot. Very few robots that you can build so easily are so rewarding:
Atai Omurzakov from Kyrgyzstan blurs the line between man and machine on "Ukraine's Got Talent":
A band of five robots jamming on their futuristic instruments as their musical starship cruises through outer space:
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7www.mtit.com.Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.