Protests Against New MS-Licensing
I received the following from the NGN in Holland. Read and be warned.
"The Dutch Network User Association (NGN, http://www.ngn.nl - 4000 members together managing 700.000 desktops) is looking for similar groups or corporations who agree that the new licensing policy of Microsoft is too much, too soon. The NGN thinks the new licensing is harmful for customers, and will continue their protest against MS.
"Please look at what Microsoft plans to do and make an estimate what this will mean for your company. The NGN thinks that most companies will have to pay up to more than 100% more for their upgrades in the future. And this goes beyond MS Office, all MS-software is involved!
"The NGN tries to create a worldwide effort to force Microsoft to change its licensing policy to something more customer-friendly. The NGN doesn't ask for reactions from individuals, but from big user groups or corporations, who want to participate in this effort.
Cooperating organizations could benefit, because the NGN is developing a spreadsheet which you can use to see what will be the consequences for your company of the new license-policy. You can get in touch via email at [email protected], or read more at:
Microsoft Security Rollup Q299444 Has Problems
Microsoft just released what they promised a while ago. Instead of a Service Pack 7, they shipped a Post-SP6a Security Rollup Package (SRP). This relatively small (just 14.3MB) bundle gets you all the security updates released for NT 4.0 since the release of NT 4.0 SP6a. So far, so good. But there are several people on the NTSYSADMIN newsgroup that already reported problems with this roll-up.
One system admin had a test server blow up with BSOD STOP 0x0000000a in NTOSKRNL.EXE after installing the roll-up and the machine is not booting anymore. After checking, more admins are fighting this same problem. It looks like machines (both WS and SV) with older firmware are potentially causing the problem, that affects both single and multi-CPU boxes.
So, I'm not saying this thing is full of bugs, but I'm simply repeating what I have said over and over these last 5 years. Test it out first, do NOT run this on a production machine without knowing it will work OK. Here is where you can get the rollup:
Code Red Turns Out To Be Dud
First of all, well done to all of you for patching that IIS hole. Tuesday, everybody and their brother in the mass media including CNN were warning everybody that "the Internet was going to crash" at 8pm. Hah! Clueless. These guys are only good at making the environment look more dangerous than it really is. Sure, there still are 100K servers infected but that's a minor mop-up job.
Anyway, the lesson we learn from this particular exercise is that one needs to protect one's machines with many different layers of security. SecureIIS is an interesting Application Firewall, and is something that would have prevented your servers from getting infected with Code Red in the first place, but it is -one- piece of the puzzle as it is limited to IIS. You have to have what they
call "Defense in Depth".
So, you also need to prevent your webservers to make contact with the Net in general. It's a matter of properly configuring your firewalls. (for instance, I have BlackICE running on my W2K Pro WS to prevent baddies to get in, and ZoneAlarm to prevent stuff from getting out).
Web servers essentially should only service incoming requests from the web. That means your firewalls should stop those machines from reaching out to other servers which is exactly what Code Red was doing. So, obviously you need to grab that patch from MS and fix this hole in your web servers. But also, make your firewalls deny any connections to the Net your web server tries to make. It's time to review your firewall logic now. (If you need help, we have
consultants that can come on-site and do this with you). Check:
WinXP Release Candidate 2 Is Here
Last Saturday, WXP RC2 was pushed out and this is supposed to be the last public release of the OS. Build 2526 was promoted to be the RC2, and pretty much immediately beta testers got access to it. Sunbelt is an MSDN subscriber and we got access on Sunday.
If you signed up for the Windows XP Preview Program, you should be able to download it over the coming days. MS will let you know when you can get it. One of the things I have to admit I do like about WXP, is that it has a built-in Internet Connection Firewall (ICF). This is turned ON by default on any XP machine that you hook up to the Internet. It is a great first line of defense.
RC2 does not add new features, it's mainly bug fixes and an at this point completely useless option to remove Internet Explorer. For more on WXP RC2, check this link to the Wininformant site: