1. EDITORS CORNER
   • OK, Pirated, Not Cracked
2. TECH BRIEFING
   • Microsoft: Not So! Against DDoS claims
3. NT/2000 RELATED NEWS
   • Windows XP Icon Wars & Smart Tags
   • The Positive Side Of The New MS-Licensing
4. NT/2000 THIRD PARTY NEWS
   • We Have A New Techie Bookstore!
   • New Tool Eases Win 2000 rollouts
5. W2Knews 'FAVE' LINKS
   • This Week's Links We Like. Tips, Hints And Fun Stuff
6. PRODUCT OF THE WEEK
   • Windows NT Security Guide

OK, Pirated, Not Cracked

Hi NT/W2K-ers,

Why am I talking about OfficeXP the last few issues? It's what shows us how the future will look. For the moment, it seems that the protection of OXP is still intact, and that the keys were pirated. I predict that it's a matter of time before some one actually cracks it too. Same with the copy protection of WXP, it is my estimation this will be cracked a week after it comes out.

Windows XP will likely at some point run as the client on all your user's workstations, and there is quite a bit of change on that end. WXP is the NT kernel, with the Windows 2000 add-ons, a new interface and more recent other goodies. It allows us finally to trash the old unreliable W95/98/ME code, but the hardware it really needs is again a whole other story. Prepare to buy a whole slew of new workstations for your users, or go through a significant upgrade in memory at the very least.

Warm regards,

Microsoft: Not So! Against DDoS claims

You may have missed it, but Steve Gibson claimed last week that the new WXP threatens the stability of the Internet. One would ask why, and the answer is that MS has included Unix sockets in WXP. These are nicknamed "raw sockets" as they allow hackers to send data packets with spoofed IP addresses and launch virtually unstoppable distributed denial-of-service attacks using WXP boxes as zombie machines against Web sites the hackers do not like.

And as WXP will be used by millions of people, this might give hackers access to tens of thousands of zombie machines at once. Pretty scary scenario, Gibson claims. Microsoft claims "Not So!" In the link below to the TechNet site, they say that it's not the sockets but hostile code that is the threat. What they mean by "hostile code" is programs like Trojan horses that take over a machine and make it a zombie that can be used for hack attacks.

Windows XP Icon Wars & Smart Tags

The new WXP interface is causing quite a bit of controversy. Why? There is a battle for real estate going on. Companies like AOL that used to have a prime spot on the desktop with an icon that everybody knew, are being moved to a space on the new task-menu that now has two columns instead of one.

So they are screaming that they are relegated to being second class citizens and that no one will find them. More over, they fear that MS will make the MSN icons easier to find, so that they will get more ISP customers at the cost of AOL. That might be true too. Nobody but AOL understands the importance of having and keeping desktop real estate. What does that mean for us?

In companies, the thing now is that you need to decide for the old or the new interface. You can default to the existing W2K interface if you want. And I think that might be the right way to go in company environments. You have to standardize to be able to support your users.

Another point are the smart tags I talked about in the last issue. They are really XML links. I just read an article in the Wall Street Journal that MS is also going to include these tags in the new IE that comes with WXP. It's currently in a beta version of WXP. What that will do? Well, you browse over to your fave home site, using the new IE. Suddenly a bunch of squiggely lines appear under some words on the pages of that site. You had not spotted those before! Well, MS has now functionality that allows them to highlight words on pages of other people's sites and point them to sites that MS either owns or favors. The upshot? They are able to pull eyeballs away from sites. That's not going to sit well, I can tell you right now. It would be a very good idea to have that feature turned off by default, and have the on-switch buried deep into the IE menus, or take it out of the final version all together.

The Positive Side Of The New MS-Licensing

You all know that I have been beating up on MS re the new licensing, but some users see some positive things as well. It's not all doom and gloom at all. ENT Mag that has stopped its dead-trees version and now only has a website and a newsletter posted an article that is worth reading. If you are one of the diehard, front-line NT/W2K system admins and subscribe to the Sunbelt sponsored NTSYSADMIN List, you will recognize the names below. I have provided a link to the ENTMag website (which is worth checking out) and a link where to subscribe to the NTSYSADMIN List as well. Thousands of your colleagues discussing topics like the one below!

"From what I've seen, it will actually result in a lower software cost if upgrades take place every 18-24 months, but now the onus will be on Microsoft to make it much easier -- and more beneficial -- to upgrade Windows and Office on such a tight schedule," comments Andrew Baker, an IT manager with insurance company and financial services organization American Int'l Group Inc. (AIG, New York, N.Y.). A long-time administrator of Windows NT and Windows 2000 systems, Baker acknowledges that he has "mixed" feelings about Microsoft's proposed changes.

Under the provisions of the new plan, the software giant will heavily promote a subscription-based licensing model that provides for, among other things, so-called "Software Assurance" contracts that require customers to pay operating system and application software subscription fees on an annual basis. In addition, Microsoft will eliminate all "Version," "Product" and "Competitive" upgrades and also will begin selling software directly to enterprise customers, rather than through intermediary vendors such as resellers, services firms or systems integrators.

For his part, AIG's Baker says that subscription-based licensing plans - especially those such as Software Assurance which encourage frequent upgrade cycles - aren't necessarily crafted in the best interests of enterprise IT organizations. "Companies want to get some return on their investment, and not spend all their IT resources in constant upgrades and constant training on the same basic software," he observes.

Microsoft has also said that it will continue to sell software the old-fashioned way - i.e., for a one-time, non-recurring fee (dubbed a "Perpetual" license). At the same time, however, the software giant confirmed that it will eliminate its enormously popular "Select Agreements," under the terms of which enterprise customers can purchase Microsoft software through maintenance contracts or by means of the now-discontinued "Version" upgrade plans. Microsoft's new Software Assurance contracts will take the place of Select Agreements.

Bonnie Miller, a network server analyst with an educational cooperative based in Everett, Wash., confirms that the school district for which she currently works is an existing Microsoft "Select" customer. Ironically enough, Miller says that her school district evaluated a similar subscription-based Microsoft program - dubbed "Microsoft Schools" - but ultimately rejected it because of cost concerns.

"[We] came to two conclusions at the time, [the first of which was that] this program would end up costing more after three or four years," Miller explains, noting that schools in her district commonly use computers until well past their normal life-cycles of three-to-five years. "It's much more difficult for the school district to write in a yearly software budget that may change each year [as computers are added] than to have chunks of money spent at once for software as it was needed and as money is available."

Unfortunately for Miller's school district and for other current Microsoft Select shops, Software Assurance will probably constitute the only cost-effective alternative to the hefty prices that Microsoft is expected to charge even enterprise customers to purchase its software outright. Some IT managers are bracing for the worst.

"I'm certain they will initially make it much more expensive to retain a perpetual license, and this will only fuel the belief that they're lining their pockets at the expense of, and without regard for, their customers," avers AIG's Baker. "I suspect that their larger customers will still wield enough clout to get better deals, however, and that the folks who will be hurt the most will be the smaller shops."

At the same time, argues William Lefkovics, a systems administrator with the AscentrA Group of Companies, a Las Vegas, Nev.-based health care provider, the provisions of Microsoft's new subscription-based licensing plan could be a boon to some companies, large and small alike - including his own.

"In cases where the upfront cost of moving forward to new software or operating systems is prohibitive, the new subscription-based licensing might provide some relief," he speculates. "We can't afford to migrate to Windows 2000 across the board, but we might be able to enter into a subscription."

Kevin Jones, an administrator with Manufacturers Alliance/MAPI Inc., an Arlington, Va., policy research organization, says that he views Software Assurance as a kind of double-edged sword. "The bottom line is that if you plan to maintain your operating systems current at all times, then the Software Assurance program will save you considerably on costs," he explains. "However, if you do not plan to keep up with the leading edge operating systems then Software Assurance loses its value."

Jones also speculates that IT organizations which haven't yet upgraded from older versions of Windows - such as Windows 9x or Windows NT - could exploit Software Assurance to do so at very little initial cost. Unfortunately, Microsoft actually requires that IT shops that subscribe to Software Assurance must first upgrade to current versions of its operating system (Windows 2000, Windows Me) or application (Office 2000) software. This means that customers that are still running Windows 9x or Windows NT - or which have standardized on older versions of Office - must separately purchase upgrades for their software.

Software Assurance could ultimately provide some unanticipated benefits for most of Microsoft's customers - even as it turns up the heat on the software giant itself, says Roger Seielstad, a senior network administrator with Peregrine Systems Inc., an Atlanta-based consulting and software firm that specializes in infrastructure resource management.

"If the trade off for a higher cost of software acquisition and support is a corresponding increase in the level of support from Microsoft, it's a trade off I think will be worth making," he comments. In Seielstad's account, a maintenance and support licensing scheme like Software Assurance could force Microsoft to adopt a more "regimented schedule for releasing service packs and upgrades." As an example, Seielstad points to the software giant's spotty record on delivering Windows NT 4.0 service packs in a timely fashion - the intervals between service pack releases varied from two months (SP2) to almost a year-and-a-half (SP4). He contends that such practices won't wash with Software Assurance customers.

"Companies won't tolerate paying for a full year of support for a few hotfixes, most of which aren't applicable to their environments. They will expect a return on their investments," he comments. "The current licensing model doesn't offer Microsoft the incentive to drive for high quality in existing products, as their revenue model currently is driven by sales alone, and new products drive sales." (grateful acknowledgements to ENT Magazine for use of their copyrighted article. See their site below)

ENTMag website:
http://www.w2knews.com/rd/rd.cfm?id=061101-PositiveSide

We Have A New Techie Bookstore!

The Sunbelt/W2Knews bookstore has been an area where we tried to get you the books you need to get your job done and get certified. But it was a bit limited. We have dramatically expanded the amount of books and the site itself. And, more importantly we have been able to get lower prices for W2Knews readers that are often just as much as for instance the Amazon.com discounts. You are invited to come on in and browse around. Tell me what you think of the new interface, and better yet as it's still early days, let me know which books you'd like to see there? Here is the link:
http://www.w2knews.com/rd/rd.cfm?id=061101-W2KnewsBookClub

New Tool Eases Win 2000 rollouts

You may all know Dave Kearns, the word wrangler for Network World's e-zine. He wrote the following bit about a new tool from one of Sunbelt's vendors. We will carry this tool in the near future, so you can see this as an early peek at what it will do for you:

"Surveys, case studies and analysts' comments continue to reinforce the notion that the toughest part of Windows 2000 networking is Active Directory. Here at "Focus on Windows Networking", we've been telling you for what seems like years that planning your Active Directory deployment is quite possibly the most important part of planning an upgrade to your Windows NT (or NetWare) network. From time to time, we've pointed out what we feel are the best tools for planning, migrating, installing, maintaining and modifying Active Directory.

Now there is another. NetPro, which has been writing directory management software for almost 10 years, has released DirectoryInsight, which aids in the planning, managing and reporting on deployment, growth, and ongoing maintenance of Active Directory. This is the second Active Directory based product from NetPro. The first, DirectoryAnalyzer is a troubleshooter's tool, and a good one. The new product, DirectoryInsight, is a manager's tool. Among the things it can do for you are:

• Automatically record all Active Directory infrastructure and configuration changes, enterprisewide through a browser.
• Track how directory objects populate over time
• Log configuration and infrastructure modifications.
• Eliminate the need to log changes manually by automating the change log and data collection process.
• Enable you to create both current and historical records of Active Directory changes, including all modifications to everything from the directory schema to Domain Controller servers.

This Week's Links We Like. Tips, Hints And Fun Stuff

Windows NT Security Guide

Steve Sutton is the founder of Trusted Systems Services, Inc., a computer-security consulting- and training company formed in 1986. He has been a prominent designer and teacher of secure operating systems and standards for almost two decades. He wrote Windows NT Security Guide and it helps you to:

• Spot and protect against common threats, such as data snooping and tampering, password misuse, and viruses
• Configure Windows NT against Internet and intranet security risks
• Build your Security Policy for user accounts and groups, domains, Access Control Lists, and the security log
• Understand the basics of cryptography that play large roles in today's global Internet environment
• Use some of NT's lesser-known secure installation practices and cope with its inherent security soft spots
• Answer the basic question: Is Windows NT secure enough for me?