Conficker Worm Slimy and Sticky
The Conficker worm, an RPC attack that's been in the wild since last October, is taking a squishing but it keeps on wriggling. And the fact that the worm is still very much alive has been the source of much finger-pointing
CERT, for instance, claims that it's Windows' Autorun that makes it so easy for the worm to slink from machine to machine. CERT advices that Autorun be disabled and criticizes Microsoft for what it calls "ineffective" guidelines. Microsoft's answer? Poppycock!
Microsoft Security Chief Transferred
Until recently, Andrew Cushman was the director of the Microsoft Security Response Center. We visited the center once and came away impressed with how the group discovers flaws and hacks, and works around the clock to fix the flaws and attack the hacks.
Cushman has now been replaced by Mike Reavey, who has been closely involved with the Patch Tuesday plan, of which I'm also a fan. Cushman isn't being bounced out on his butt, but is instead getting broader responsibilities for overall security initiatives.
Microsoft Suffers While Big Blue Blows It Out!
Last week, Microsoft announced that its profits fell and that the ax will therefore fall on 5,000 workers.
So, were rivals hit by the economic tsunami, as well? Not all. IBM had a terrific quarter with profits up 12 percent to a tidy $4.4 billion. (While Redmond's profits were down, it still raked in an impressive $4.1 billion, and did so on far less revenue than Big Blue).
IE 8: Your Turn
IE 8 is currently in beta and will be a key part of Windows 7. Are you using IE 8? What do you love, hate or just mildly adore? Shoot me an e-mail at email@example.com. I'll send you back a bunch of questions and build a feature story based entirely on your feedback!
Mailbag: Lotus vs. Microsoft, Live Mesh, More
Doug asked readers last week what, if anything, makes Lotus products better than Microsoft Exchange or Outlook. Here are just some of your replies:
I have worked in Notes and Outlook shops. I currently work in a company with Notes applications and Outlook e-mail. Overall, I find that Outlook hangs at various times much more than Notes, such as editing contacts or launching attachments. But there are some Outlook features (such as dragging e-mail to calendar) that I find really helpful and like.
Overall, I find applications built with Lotus very helpful. The interface can be horrible, especially applications built five or more years ago, but those applications keep running with each new upgrade. My concern with cloud computing continues to be there are times when I don't have connectivity and I would like to be productive. Lotus lets me do that. Salesforce and others do not.
After recently being involved, during user assessment, in a project to determine which of several messaging/collaboration products suited our needs best, I can categorically say that I found Notes to be awful. Before anyone thinks that is because I'm used to Exchange and SharePoint, I'd like to point out that my organisation is Unix and IMAP currently and there is a Notes deployment in another business unit. The decision was to go down the Exchange route after a very broad consultation in an organisation that has no history of adopting Microsoft technologies on any strategic scale.
You asked, "Why are Notes and related products better than Exchange and Outlook?" From a corporate perspective, it isn't. So that begs the question, 'Why are we still using Notes, then?' I think that answer is not so simple but boils down to several factors. The first is resistance to change. Notes is good enough, so why change it and risk the ire of the end user whom we alienate so often already? Second is skill set. We already have several fully trained Notes admins. Why should we (as a company) pay to retrain the admins then go through the growing pains of learning new idiosyncracies; not to mention the costs of conversion?
Then there are other considerations such as cost benefits of upgrades vs. crossgrades; discounts on other product lines; OS support for OSes other than Windows; etc. Lastly, at our company, there seems to be a significant emphasis on not making employees more marketable to other companies. If this is the case, then teaching them Notes instead of Exchange is a good way to mitigate the chances of someone jumping to another job.
Christopher shares his take on Live Mesh:
Mesh has come in quite handy for me. I'm using it on two desktops, a laptop, my phone (AT&T Tilt) and my wife's phone (AT&T Blackjack, version 1). My biggest use for it has been to sync my music. No more sitting at the computer moving songs over and waiting for them to transfer over USB or Bluetooth. Now I can just copy the songs I want to a folder on the laptop or desktop and walk away, and they go to any other device I have told it to sync to. I've used it for a few other things also -- made a folder to keep track of CAB files for the phones, one for copying around installation files that I wanted to remember at work, etc. And the built-in remote desktop feature is just a little bonus.
So far, about the only complaint I have about it is the phone client is a little big in the memory area (just checked: 4.5MB while running ATM -- not much for a desktop app, but quite a bit on a phone), and it doesn't auto-start when the phone comes on (I'm sure I could rig that, but I'm not going to yet).
Readers share their misgivings about the next versions of Windows and Internet Explorer:
While Windows 7 seems to run under Microsoft Virtual PC on Vista, finding an anti-virus solution was not as easy. OneCare will not be offered and Symantec's Norton does not run in a virtual environment, leaving AVG and Kaspersky as possible candidates. I opted for AVG, and so far it appears to be functioning correctly on Windows 7 beta, under Microsoft Virtual PC, under Windows Vista Ultimate.
For some of us that prefer the 'one neck to choke' approach and thus use mostly Microsoft configurations, the demise of OneCare is going to be problematic.
I haven't even looked at the IE 8 beta. I am a teacher and we are currently using Windows XP, IE 7 and Office 2007 -- they work so well that I am afraid to let the hounds loose. Until I know that all the "bugs"
are out, I will not change OSes or Internet Explorers. I have enough problems just trying to keep the classroom teacher's computers running, the lab going, the servers up and running, the e-mail working, etc., etc., etc. Why change things until you know they will work without a lot of hassle and grief?
On the topic of how to save the economy, a couple of readers think shrinking the government is not the best idea, while one reader points the finger at foreign workers:
I've got the feeling that I'm not going to be liked too much by this, but the role of the government in an economic meltdown is to spend money, hire people and run on debt. That is the only way to keep from a complete meltdown, and the reason is simple: When there are a lot of unemployed people, problems grow and get worse. The only way around it is for the government to increase services and employment. The government is able to run on debt, whereas the people are not.
The other thing that the government must do is invest in research and development. This will allow for new products which companies can then sell. This is how our economy works. The worse thing to do right now would be to shrink the government and demand it to operate like the average person.
I've worked for three government agencies. When I started in 1993, there were four of us in my department plus a secretary. Now it is me and an assistant. While some tasks have been moved to another department, many more have been added. I am now up to 14 years behind on work that needs attention. There is just not enough time to do it.
When I tell people what I do, they are amazed at the low salary. Government has been reduced to the point where it is barely functioning in some areas. So don't compare government to the private sector. Just get government to spend money wisely.
H-1B visas mean cheap slave labor. People who commit immigration fraud should be put in jail, and Microsoft is a great place to start.
And Earl gives his answer to the timeless question of whether Apple is, in fact, cool:
One of my clients is a high-end interior designer. He displays pictures of his work on his laptop. He asked my advice about a new laptop computer and I recommended that he go to the Apple store. Image is everything in his business. If he can adjust to the Mac, it will impress his clients more than a PC. (But most of my clients who use both Macs and PCs find the PCs easier to use.)
So if we are talking about style, Apple is cool. If we are talking about social responsibility and openness, Apple is not cool.
More letters coming your way on Wednesday! In the meantime, share your own thoughts by writing to firstname.lastname@example.org or fill out the form below.