Software | Silicon Shecky

And the pain of Automagical Updates

June 18, 2009 By Michael Kavka 1 Comment

Before I get started let me say this, I believe in patching, and updating systems and software. It is essential to security fo a system.

That being said, there is something to be said about forcing updated software by calling it a high priority update. Yep, I’m talking about IE8 yet again. Don’t get me wrong, I’ve used it, and for general web browsing, it is ok, although a lot of sites still seem broken when using it.Some of it is because of the higher security settings built into IE8 the rest because a lot of sites are not optimized for IE8 yet.

The problem is that it is listed as a high priority update, and if you have a machine set to automatically install critical updates, it gets automatically installed on your machine. This is totally against the statement from Microsoft that IE8 is optional. The non-tech person does not know to check, nor is expected to know how to decline the installation of something like IE8. All of a sudden this is costing my clients money, due to the fact that they have to pay me to remove IE8 and then reinstall IE7 on their machine.

Yeah, its nice for my revenu, but it makes the IT world look bad overall. Clients jsut want things to work, and I can’t blame them on that. I just want things to work also. Microsoft doesn’t seem to care about anything except market share and money, and with more and more viable options coming out, they better start learning that reputation means everything, and properly working software is the way to get more market share and money.

Goodbye One Care, Hello Microsoft Morro

June 11, 2009 By Michael Kavka Leave a Comment

Back in March, Microsoft announced that Live One Care, a suite of security products, was going the way of the dinosaurs. Vendors such as Symantec and McAffe rejoiced that they didn’t have to go up against the 900 pound gorilla, and everything seemed to be fine with the world. Everything was back in its proper place.

That’s what you thought at least. In reality it has been leaked that Microsoft has been working on an AntiVirus program that will be free, and will be officially announced soon. Morro, as it is being called, is supposed to offer protection from viruses, spyware, trojans, and rootkits. It is also going to be free. Now it will supposedly only compete with software such as the low end offerings from the Major AV vendors, plus items such as the AVG free software out there. The real question is, how will this affect the AV companies, and is this going to be bundled with Windows 7.

Why bundle it with Windows 7? Well, the rumor is that it will be out of beta and on the market near the end of 2009. This puts it in the same time frame as the release of Windows 7 (Oct. 22, 2009). I figure it will come out as a High Priority Update a month after Windows 7 is launched, to try and circumvent the antitrust issues bundling Morro with Windows 7 would cause.

Try as the might though, if Microsoft ties Morro in anyway into Windows there will be antitrust allegations. Honestly, we have seen this sort of behaviour from Microsoft in the past, when it went head to head with Netscape back in the 90’s. Just look at all the lawsuits from that. The difference is that the AV/Security companies do have a lot more resources available to fight Microsoft in the courts.

My big question is this, why must a company such as Microsoft try to be everything? Can’t they learn to focus on the OS and other current offerings without getting into another software area? Add on that you can bet Morro will be heavily targeted by the underworld on the Internet, just because it is Microsoft.

This is something to keep your eyes on.

Black (Patch) Tuesday…

June 10, 2009 By Michael Kavka Leave a Comment

Ahh yes, the second Tuesday of the month and Microsoft releases patches. This month is a big month for it again with 10 patches, 6 of them marked as critical. So what do we have patched this time?

1) Active Directory. It seems that there are holes in Active Directory’s security that can allow remote code execution. Definitely do some testing on this patch, but try to roll it out as quickly as possible. This does affect 2000, 2003, and XP

2) Print Spooler. A patch that closes up 3 vulnerabilities that could allow remote code execution. Another one that should be rolled out as quickly as possible. I have not heard of code in the wild on this, but you know how quickly people will jump on such a critical system hole.

3) Internet Explorer. Big surprise here as IE seems to get a patch at least every other month. Considering that Microsoft was able to compromise Firefox’s security with a .Net add on for it, the holes in IE need to get patched up as quickly as possible.

4) Word, Excell, Works. I hope you aren’t using Works, but with Word and Excel, test these and then deploy, even though they are marked as critical.

Those are the Critical’s as decided by Microsoft. Interestingly the Direct X vulnerability, which does have code exploiting it in the wild, has no patch whatsoever, and no sign that Microsoft is going to patch that hole anytime soon. Again a concern where Microsoft is concerned, but not surprising considering the amount of resources working on Windows 7, and the amount of reported vulnerabilities Microsoft must receive every month. More information on the Microsoft patches can be found here.

Also, Adobe released a patch to address a number of vulnerabilities that have been found in its Acrobat Reader. Information on that can be found here.

Yep, a busy Patch Tuesday, so go get them, test em, and deploy em. And if you find a problem with any of the patches, or caused by them, let me know.