Mailbag: Interop Future

After it was announced that Microsoft's OOXML has been approved as an official standard, Doug asked readers about their thoughts on interoperability and Microsoft's standards play. The outlook isn't very optimistic:

Redmond's history with standards development and interoperability has ranged from a high of poor, to a low of deliberate sabotage. While I find it amusing that everyone sees this as a move to a more open, competitive, software environment, it is still inconsistent with Microsoft's business model. In the history of man, there has never been an altruistic monopoly. No reason to expect one now.
-Anonymous

I have old 16-bit Windows Write files that NO later MS editor displays right. Not WordPad, not WinPad, not Word for Win 95 or Word 97 or Word 2000, nor the Win 95 Write stub -- only old Win 31's original Write.exe seems able to display or print those critters the way they were originally designed to look and print. It'd be really refreshing if Windows 7 could offer some means of displaying and printing these correctly again -- and maybe even editing them.

On another tack, it would be nice if whatever IE MS includes in Windows 7 would let itself be closed even when (indeed, especially when) not all tabs have finished loading. Currently, the only way I can close IE 6 (in XP) or IE 7 (in [ugh!] Vista) before everything has finished loading is to kill its process with Process Explorer. I'm not holding my breath, though, on either count.
-Fred

And readers share their thoughts on George Ledin, a professor who teaches his students hacking techniques -- and apparently gets a lot of grief for it.

I also read this Newsweek article and I think he is right on the money. If I were hiring someone to help with our security, I would place high value on someone that had a clear understanding of hacker methodologies.

I sat in on a Microsoft Tech-Ed session on security once. It was conducted by a Microsoft security professional who obviously knew how hackers operate. I think this knowledge would be essential to a competent security professional.
-Anonymous

Keep your friends close and your enemies closer. Yes, teach hacking.
-Milton

Is it wrong to teach hacking techniques? If it is, then every police officer is a criminal. Every computer science student needs to learn how to attack a system. Otherwise they will not know how to defend against it or recognize such attacks.

And for a very bad reference, look at Bruce Wayne in "Batman Begins." He could not understand the criminal mind until he became one.
-Brian

How about looking at this question from a slightly different point of view? How many good security analysts out there do not understand how the attacks are committed? Zero. There aren't any. It is their business to know how the attacks happen, and thus how to protect from those attacks.

Anybody can follow a list of best practices, but it takes people who understand the attacks to be able to write and change those best practices, and to understand how and under what circumstances you can deviate from those practices.
-Dan

Like you, I believe the only way to fight hacking is to know hacking. I believe learning hacking techniques is vital to anyone wishing to have a career in computer security. Look at it this way: Wouldn't everyone like to have some inside knowledge of their competition? Sports teams spend huge amounts of time studying their competition. Companies are in a constant struggle to not only find out what the competition is up to but to figure out how to be one step ahead of them, as well. Why shouldn't we as computer security professionals use the same techniques against our competition?

Learning hacking techniques has drastically changed my role as a network administrator. When I prepare to publish a new application on my Web site, it is no longer enough to simply make sure it looks good and functions properly. The first thing that comes to mind is whether the application is vulnerable to cross-site scripting attacks or buffer overflow attempts, and whether all user input is properly validated and sanitized. Thanks to my knowledge of hacking, I now look at everything I do from the perspective of my competition. If you think that is a bad thing, then be prepared. Because your competition is going to walk all over you -- and your network.
-Steven

I think you are absolutely on track. The outrage being expressed against Ledin seems to fall into two camps. There's the Atomic Bomb Theory, which says that making this information available to the student base greatly increases the dissemination of knowledge that could otherwise be contained. Sort of a Malware Non-Proliferation Treaty. However, the vast amount of malware out there from disparate sources refutes this supposition. The people out there that we need to worry about already have ample access to this information.

Then, there's the Secret Algorithm Theory. This is hinted at in the article, where the state of malware protection is compared to that of cryptography some decades ago. It was discovered that "secret" algorithms seldom stay secret for long, and the real strength is known algorithms that are tested on many fronts and still survive. In short, true security consists of finding the risks and applying a disciplined approach to destroy them without mercy (my true feeling on malware leaking through a bit). I would hazard a guess that the major security players have internal training very similar to what Dr. Ledin is offering at Sonoma State University. If there is any justice, he will years from now be remembered as a leader in the emergence of computer security engineering.
-David

Share your thoughts! Leave a comment below or send an e-mail to [email protected].

Posted by Doug Barney on 08/20/2008 at 1:15 PM0 comments


Teach Your Hackers Well

I don't usually read Newsweek, but it had an interesting profile of George Ledin, a Sonoma State University professor who teaches his students to write viruses and keystroker recorders, and cause all sorts of digital mischief.

Of course, many people are appalled, likening Ledin's teachings to a subversive training camp. (Digression: I hate the term "terrorist" because it gives these punks too much power; by calling them terrorists we imply that they've already succeeded in creating fear.)

I believe the only way to fight hacking is to know hacking. Is it wrong to teach hacking techniques? Send your thoughts to [email protected].

Posted by Doug Barney on 08/19/2008 at 1:15 PM0 comments


24-Hour Support

Playtex may offer 18-hour support, but Microsoft goes six further -- for a full 24 hours! For shops that need to be up 24x7, Microsoft has a new support plan, Premier Ultimate.

This high-end enterprise support offering has tech folks standing by all day and all night to solve your most vexing Microsoft problems. More interesting is the proactive part, where Microsoft looks for problems before they actually bite you in the hiney. This may cost a pretty penny, but could save a lot of headaches and downtime.

Do you trust Microsoft to solve your support issues? Yes and no answers more than welcome at [email protected].

Posted by Doug Barney on 08/19/2008 at 1:15 PM0 comments


Mailbag: A Winning Windows 7

Doug asked readers yesterday what Microsoft should do to make Windows 7 your OS of choice. Here are some of your suggestions:

If Microsoft really wanted to do it right, all it has to do is make Windows 7 look and feel just like XP. Just make it better behind the interface. Have it use the same third-party drivers, only use them better. If nothing else, Microsoft should do as it did when it changed the Control Panel -- that is, give us a one-click option to revert back to an interface which we are familiar and comfortable with. Rather than obsolescing hardware, it should be able to create more efficient coding to do more with less. After all, we've not really added any major capabilities that we couldn't do with Windows NT and that first Pentium CPU. We can just do everything faster.

When a brand-new PC with a brand-new OS is slower than my seven-year-old one, then there is a major problem somewhere. I for one am not likely to trust my livelihood to a company that doesn't understand that very simple point.
-T.W.

I hate to say it, because I know it won't happen, but above all else Microsoft needs to KEEP IT SIMPLE!
-John

I believe that in order to make Windows 7 shine, Microsoft must do the following: One, optimize the OS to make it as stable and fast as possible. Two, make sure that the UI isn't a performance killer. Three, replace the command prompt with Powershell. Four, drop User Account Control and replace it with a confirmation prompt for elevated permissions for installation. Five, remove the need for Internet Explorer to be installed on the machine at all. Six, provide recovery options that don't require floppy disks be used for disaster recovery. Seven, provide real multi-user capability, like what's found in Windows Server 2003, where multiple users can make use of a single machine at the same time. And eight, provide two versions only: Home Edition and Business Edition.
-Jerald

Build it on BSD like Apple did with OSX.
-Bill

Windows 7 looks like window (excuse the pun) dressing on Vista. Are we actually going to get a new file system?
-T.

A nice thing that I am very surprised has not been done in any of the Windows OSes yet would be the ability to move the position of your open windows on the Task Bar, instead of just grouping similar ones beside each other.
-Anonymous

It may be too late, but I'd like to see Windows 7 be secure from the outset, small enough to fit on a single CD, and faster.
-Ray

Check out tomorrow's edition for more reader letters. And to share your own thoughts, e-mail [email protected], or fill out the form below.

Posted by Doug Barney on 08/19/2008 at 1:15 PM0 comments


Virtual Firewalls for Virtual Servers

Virtual servers are proliferating, but the security for them isn't always keeping pace. Check Point hopes to catch up with its new VPN-1 Virtual Edition, a firewall specifically built for virtual environments.

There's a good chance you already have virtual servers. There's just as good a chance you already have a Check Point firewall or two laying around your shop. With the new firewall, you can protect virtual machines as if they were physically discrete servers.

Right now, Virtual Edition only secures VMware systems. But if I were a betting man, I'd lay down some serious change on it embracing Hyper-V in the near future.

How do you secure virtual servers? Tactics welcome at [email protected].

Posted by Doug Barney on 08/19/2008 at 1:15 PM0 comments


Windows 7 Details To Leak Steadily

Microsoft is better at priming the pump than an old Oklahoma farmer. In this case, the company wants you to think of Microsoft when you think of next-generation operating systems -- and that means getting you excited about Windows 7, the follow-on to Vista.

To keep you all amped, Microsoft has a new Windows 7 blog. So far, there's only one post, this one explaining what the blog is all about.

Microsoft is very clear that it wants to control the message, rather than having us journalists do that job. It also promises to make it a two-way street, allowing IT to tell Microsoft what to put (and not put) in the new OS.

What should Microsoft do to make Windows 7 shine? Send your advice to [email protected].

Posted by Doug Barney on 08/18/2008 at 1:15 PM0 comments


Microsoft File Format Approved

The Microsoft OOXML (Open Office XML) file format is now an official standard.

As I recall, Microsoft proposed this format in response to the movement to make the Open Office file format the main way to share documents. While I was fine with the Open Office approach, any common file format is a step in the right direction.

What about you -- which format would you rather see as a standard? And is file interoperability already moving in the right direction? Answers welcome in any format at [email protected].

Posted by Doug Barney on 08/18/2008 at 1:15 PM0 comments


Iraq 'Three Kings' Scam

If you have a spam filter that's as full of holes as mine (in its defense, I put my e-mail address out there every day so folks like you can write me at [email protected]), you get lots of scams from Nigeria and other places who all need your help in moving millions of dollars out of whatever country they come from.

The last one I got had my blood boiling for two reasons: First, it lacked originality. Second, it besmirched the reputation of our fine men and women stationed in Iraq. The e-mail was from an Army private. He and his buddy came across $18 million that just happened to be laying around in Tikrit.

Now they need my help getting it out.

Last week, I watched the movie Three Kings with my son, and I'm wondering if Pvt. Taylor and his co-conspirator Sgt. Buff saw the same flick. The scam sounds like it was lifted directly from the plot of the movie, only the gold that George Clooney, Marky Mark and Ice Cube found is replaced by cold, hard cash.

One of these Iraq scams was traced back to Australia, and this little trick has been circulating for several months.

Posted by Doug Barney on 08/18/2008 at 1:15 PM0 comments


Big VMware Bug Action

Some VMware ESX 3.5 users got a scary surprise recently: Virtual machines that were shut down wouldn't power back up. The culprit? A flaw in VMware's licensing module where the licensing code is under the assumption that you no longer have the right to run the software. These licenses expired this Tuesday, Aug. 12, whether you were paid up or not.

New CEO Paul Maritz personally apologized to customers in a letter released this week. VMware has some "express patches" for the flaw, and advises shops that downloaded the ESX 3.5 Update 2 patch -- but haven't installed it yet -- to hold off.

Posted by Doug Barney on 08/14/2008 at 1:15 PM0 comments


Mailbag: Browser Market Share

A recent survey on browser market share gave 23 percent of the pie to browsers other than IE, Firefox and Safari. Doug asked readers for their guesses as to what browsers make up that remaining 23 percent:

Mobile browsers perhaps. In these busy times, probably 70 percent of my browsing is done on my mobile device these days.
-Anonymous

Not sure whether it has "serious share," but Opera 9.5 is the browser I'm using just now to read Redmond Report and to write you. I find that its innate capability to render .WML files (used for conveying WAP content to cell-phones) and to submit .HTML files to the w3.org for validation are unmatched by any other browser I've ever used.

And, on a Java-capable cell phone, even one as primitive as the five-year-old Nokia 6610, Opera Mini is just fantastic! Beats the pants off the Nokia's own little WAP browser.
-Fred

Opera? Avant?
-Anonymous

I'm not sure where Janco gets the 58 percent either. At apartmentguide.com, here's the current breakdown of our traffic: Internet Explorer (77.2%), Firefox (15.6%), Safari (4.2%). Of course, there's a smattering of oddball stuff including spiders, but none of those individually go over 2.3 percent of our traffic. Concerning browsers on the Mac, our numbers show twice as much traffic from Safari as opposed to Firefox -- 3.6 vs 1.6 percent.

Given the nature of our Web site, I would think our numbers are relatively representative of overall browser usage in the U.S.
-Rick

And would you use Linux-only PCs in your shop? Here are some more of your responses:

Maybe in the near future, when more apps become server-based and merely require a standards-compliant browser. Open Office is cheaper, faster and a suitable alternative for everyone except hardcore Visio users. Requires no more support than Office 2007, perhaps even less. As WINE gets better at handling old DOS apps, it's a good bet.
-L

Absolutely, in a New York minute! I have been around the business since 1960 and consider IBM to be the benchmark for product reliability and usability. I use Win 2K SP4 on my local machines and have only dabbled with Linux personally.

If IBM has desktops built to its specs and designed to optimize for Linux, they will also have a sound OS release with the non-admin user in mind, along with more and accurate documentation than anyone could want. With the alternatives to MS Office suite available, small footprint utilities and the cloud along with a solid, reliable lightweight (overhead) and from a 'safe' provider like IBM, this is a no-brainer.
-Joe

I do use a Linux PC, Windows XP/Fedora 7 dual-boot. Fedora is a great desktop version of Linux. It communicates well with our CentOS 4 and 5 servers. I would never buy a Linux PC, I would just build one. Most Linux people I know would do the same.

Too bad for IBM; it is a big contributor to Red Hat. But with Microsoft becoming suicidal, who knows? Stranger things have happened.
-Ken

IBM makes the same mistakes almost predictably. I think Wall Street should beat it into submission with a clear message to give up. IBM blew it in the '80s and then again in the '90s on a lesser-known venture to make in-roads into the desktop with thin client technologies. IBM was great at building hardware and BIG software, but it could not be satisfied with that and was extremely paranoid that MS would eat it alive if it partnered with them.

As far as Linux goes, I use Ubuntu 8.04 and I think desktop Linux has come a long way. However, I believe the rules of human nature trump all else. It's easy now to get very good free help with Linux issues, but not as much on Windows. Some of my friends and I make our livings on Microsoft, and if Linux were to become a serious contender in the enterprise, I believe much of the "free" advice would disappear. Linux also bears the mark of "technology" and datacenter managers really don't like technology that much.

-Russ

Share your thoughts with us! Leave a comment below or send an e-mail to [email protected].

Posted by Doug Barney on 08/14/2008 at 1:15 PM0 comments


Ozzie Dreams Rather than Thinks

Bill Gates was known for his "ThinkWeeks" where he would go off, usually with a ton of books and documents from top company techs, and read and think and think and read. He would often come back with new missions, such as the time he turned the entire company around to focus on the Internet.

Ray Ozzie is a different animal. Like Bill, he likes to go off on his own, but Ozzie prefers to dream -- to avoid all outside stimuli, clear his mind and dream about the future.

Posted by Doug Barney on 08/14/2008 at 1:15 PM0 comments


When Your Update Doesn't Update

Windows Server Update Service (WSUS to those that live and breathe acronyms) is supposed to help IT pros download patches. But for some running Office 2003, WSUS has been known to block these critical patches.

Fortunately, there's a fix in the form of an update (and yes, there's a way to install the update despite the blocking).

The good news, besides the fix, is that WSUS was blocking only Office patches, not all patches.

Posted by Doug Barney on 08/14/2008 at 1:15 PM0 comments


Subscribe on YouTube

Upcoming Training Events

0 AM
TechMentor @ Microsoft HQ
August 11-15, 2025