Latest news on new version of SBS

Here’s some more information about what is coming down the pipeline with SBS Cougar. Seems like the Premium edition will allow the installation of 2 server to split applications like SQL and terminal services.

On that score David Mackie raises some interesting questions and issues with the Premium installation in his blog, especially given the new virtualization technology that will be available in Windows Server 2008.

I’m sure that we’ll hear more about all this as the product near launch (June 2008 time frame) and I’m sure things will change and I wouldn’t be surprised if some MAJOR things change! Time will tell.

When a blue screen of death can be helpful

Got a call from a client who was having regular BSOD (the dreaded Windows Blue Screen of Death), basically meaning they had no option but to reboot their system. Did a quick Windows Update and virus scan remotely but the problem persisted, so an onsite visit was the next option.
The next step was to do some analysis of the actual memory.dmp file that is created when Windows crashes. So I copy this file onto my laptop and run The Windows debugger that you can download from Microsoft to analyse these files. The results did produce something interesting :

Now the lines that I’ve highlighted are errors with files kallenylab4-4db6.sys, kirkjtkkd174f-3545.sys and ortyeras37cd.sys. The final line of the debugger says that the crash was probably cause by kallenylab4-4db6.sys.
Now I don’t know about you but when I see files likes these I sorta know that it is a virus/trojan/malware. So I went searching for the files but couldn’t find them using a normal file search (and yes I had display the hidden and system files options turned on). I know the files are there so I did a bit of googling and found some information that indeed confirmed the files were trojans and had to be removed in safe mode. Even better, this trojan had implemented some cloaking or root kit technology so the files weren’t displayed under normal Windows, but the good old crash dump told me they were there.
Seems like this trojan comes from an “greeting card” email that asks the user to download a file happynewyear2008.exe from a web site. Once the user has downloaded the file the trojan installs. Now I go back to the user and query them about downloading this file from a web site and they confirm they did that because it looked like something fun. Ah, ok, that little bit of fun has just cost you a few hours of my time.
When will users realise that they SHOULDN’T download something they don’t know about? You have the most sophisticated security software in the world installed but if the user overrides this then it is all to no avail. The people who write these trojans know that and that’s why this sorta stuff is always going to be a problem. It is a human problem, not a technology problem.
However, the moral of the story is that sometimes a Windows Blue Screen of Death can be of benefit, especially when it indicates you have a trojan on your system!

Russian Roulette

Seems that everywhere I go these days I hear users saying that they are going to convert to a Mac because Windows is such a pain. Even scarier is that they believe that with a Mac they won’t need anti-virus or patching! Ah, hello, who told you that? Ah those Apple ads is their reply.

Firstly, those Apples ads are exactly that, advertisements to get you to buy the product. They are paid for by the people supplying the stuff not some independent third party. Of course they are going to tell you want you want to hear. They want you to buy the product. So even before we start credibility from these ads = 0! (but they are funny – see the latest ones here. Especially check out the one called Podium in light of my previous post on Vista)

Next, all hardware and software is developed by human beings. Yes, they are generally smart than the average human being but they are still humans. They can’t foresee every ramification and variation that their product will be exposed to. So no matter what is that is developed by humans, it is subject to flaws and these flaws need to be addressed with updates and patches (Mac included).

Next, the bigger the market share the bigger the target. If you only have 10% of the market why, as a bad guy, would I bother writing something to attack you? I get much greater chances of return if I attack the other 90% of the market. However, as that market share increases then I begin to reevaluate my strategy. This is even truer if you propose that the more uninitiated users are moving towards something like the Mac. As a bad guy if more uninitiated users are there then my potential return is even greater so I am going to devote more time to attacking that segment.

I could go on and on. I also acknowledge that in many ways Macs are better for users BUT don’t believe for a second that they are not vulnerable and shouldn’t be protected in a way a PC is protected. If you don’t believe that then you are playing Russian roulette, because it is only a matter of time before you get hit.

For a good article on the overall issues of Mac security click here.

One little check box

So having recently installed Windows Server Service Pack 2 on a client’s SBS 2003 R2 box over the Christmas/New Year break (yes, I know but they were too busy to allow it any other time) it was only upon their return did I strike the following strange problem.

A shared HP printer on the server was showing offline. Strange, all the other HP printers off the server were fine. When I attempted to print a page to the offline printer the job just sat in the queue. I killed all the print jobs and restarted the Print Spooler service and then a test print worked. However, when I asked a user to try and print again the printer was offline again. Did a quick Google and couldn’t find anything so rather than muck about I thought that I’d call HP since surely they had seen this before.

After being accidentally hung up on by the first technician I told the next technician in great detail what I had done and that I suspected the issue to be something related to Windows Server Service Pack 2. He suspected a corrupt driver. Ok, that is possible I suppose. So I deleted and recreated the shared printer on the server (resetting all the page sizes to A4! Why oh why doesn’t this happen immediately??). Guess what? same problem. Next he got me to create a new printer on a workstation to see if I had the same problem. Ah yes, same problem. Next he wanted to delete the printer, restart the server and start hacking the registry.

At this point I had to put my foot down and say that there were users on the system and I believed the real issue was linked to Service Pack 2. He told me to wait on hold while he checked something. Fine, while you’re doing that I’ll Google some more. Guess what? I found the issue! Guess what? It is related to Windows Service Pack 2. Here’s the solution :

Apparently Windows Server 2003 SP2 has some changes in the way SNMP is handling printer queues. It now does multiple SNMP threads for the printer queues instead of 1 round robin.

To resolve this, check if your printer’s SNMP is working properly.

To workaround, in the Printers and Faxes folder,

File > Server Properties
Goto Ports Tab > Click the offline Port > Configure Port
Uncheck “SNMP Status Enable”
OK
This will turn off SNMP querying and set the printer to always Online.

Anyway, after making the changes and checking that the printers work from the clients workstation my HP friend comes back from hold and I tell him that I’ve solved it. Oh, he says, yes Windows Server Service Pack 2 can cause those issues. Arrrggh… If you knew that why didn’t you tell me up front?

Support is never easy is it?

Another great FREE utility

Well no so much a utility as a setting I suppose. What is it? It is OpenDNS. What does it do? It allows you to point your DNS to much bigger, faster, better featured, highly reliable, etc service for retrieving the domains you type into your web browser. Why is it better? Well apart from being all the things I just mentioned it allows you to monitor all your DNS requests, for all your networks from a web console (cool). Also, it can be configured to prevent requests to phising and “adult content” web sites. This means that if a user inadvertently clicked on an email that contained a link to a phising site (to obtain their banking details for example without them knowing) then the request would be automatically dropped and the user would get a nice warning page.

By using OpenDNS on your network you’ll ensure that not only will your users get a faster response to their request for web sites but they’ll also be better protected. Even better you can access all you DNS statistics from a web console and lots more features. To cap it all off OpenDNS is TOTALLY FREE! So there is no reason not to use it.

Take a look at OpenDNS and I think you’ll find that it has plenty of really cool benefits for a price that is hard to match.

Don’t believe Windows Vista ain’t selling?

Heard recently that last year PC (excluding Macs) manufacturers shipped 260 million PC’s. Microsoft also announced that in the same time frame it sold 88 million copies of Windows Vista.

Say what??? 260 million PC’s and only 88 million shipments of Vista. But wait it get’s worse for Microsoft. It is my understanding that the 88 million shipments of Vista include upgrades (ie not destined for new hardware anyway).

Now Vista does have some excellent features that do make it a worthwhile purchase BUT for the average consumer it means they are going to HAVE TO buy new MORE POWERFUL hardware to run Vista on. Strangely, most consumers ask WHY? To them apart from the flashy Aero interface (which is a resource hog anyway) what benefit makes it worthwhile now? NOTHING! They’ll just wait until they upgrade their PC in 3-4 years and get it then. If we go into recession then this may blow out to 4-5 years.

In my books another mistake from Microsoft not looking at what customers ACTUALLY WANT rather than telling them WHAT THEY SHOULD HAVE. The market has spoken Microsoft and I certainly hope you are listening. But ….

2 worthwhile utilities

Ok, let’s start off the New Year with 2 interesting and helpful utilities.

Firstly IEPassview – This utility will allow you to display all the passwords stored by Internet Explorer. Yes, that’s right boys and girls, all those passwords for login to protected sites and things like ADLS routers.

IE PassView utility can recover 3 types of passwords:

AutoComplete Passwords: When you enter a Web page that contains a form with user/password fields and a login button, Internet Explorer may ask you if you want to save the password, after pressing the login button. If you choose to save the password, the password is saved as AutoComplete password.
Be aware that some Web sites (like Yahoo login page) deliberately disable the AutoComplete feature, in order to avoid password stealing by other users.
HTTP Authentication Passwords: Some Web sites allow the user to enter only after typing user and password in a separated dialog-box. If you choose to save the password in this login dialog-box, the password is saved as HTTP authentication password.
FTP Passwords: Simply the passwords of FTP addresses (ftp://…)

Next WindirStat – will calculate and display disk usage.

WinDirStat reads the whole directory tree once and then presents it in three useful views:

The directory list, which resembles the tree view of the Windows Explorer but is sorted by file/subtree size,
The treemap, which shows the whole contents of the directory tree straight away,
The extension list, which serves as a legend and shows statistics about the file types.

This is a great tool for determining what is chewing up all your disk space and then actually going in and cleaning it up.

Best of all both utilities are free for download. How’s that for a New Year’s present?

Tell me why the HELL I need this patch on my server???

KB934238 reads :

On non-English versions of Windows Server 2003 and Windows XP, some text …..

Oh sorry, I now see, that’s right, Australia is non-English, D’oh, how silly of me not to notice that.

Geeze Microsoft give me a break. Why do I need this update?