Thursday, October 11, 2007

Top 10 Overlooked Features of Windows Server 2008

Windows Server 2008 is on its way. With the first release candidate in the pipeline, it shouldn't be long before release to manufacturing and general availability.

With such a long development time (it's the first new Windows Server OS since 2003,) the showstopping new features have been well publicized: Most IT pros are familiar with at least some of the details of Server Core, PowerShell and Windows Server Virtualization (codenamed Viridian). But Windows 2008 includes a lot more than those headliners.

To that end, we're presenting the Top 10 overlooked features of Windows 2008. We spoke with Ward Ralston, senior technical product manager for Windows Server, to help us build our list. These items haven't garnered the same kind of press attention, hype and word-of-mouth as the others, but they're nonetheless important - maybe very important - to your network.

Microsoft Tries To Rope In Unlicensed XP

Filling a gap in its strategy to make sure its business customers are paying for each installed copy of Windows XP, Microsoft yesterday announced the Get Genuine Windows Agreement (GGWA).

GGWA is aimed at increasing Windows XP licensing compliance among businesses. Microsoft apparently believes that some customers misunderstood their agreements, and were installing full copies of Windows XP on corporate computers, which is illegal, rather than upgrading the OS, which the license allows.

E-Mail Attackers Target Corporate Execs

During a two-hour period on June 24, something unusual and a bit worrying turned up in e-mail security firm MessageLabs Inc.'s filters: 514 messages tailored to senior executives of corporate clients that contained malicious programs designed to steal sensitive company data.

On Sept. 12 and 13 it happened again, but this time the firm captured 1,100 messages in a 16-hour wave. The messages, which included executives' names and titles, were from a purported employment service and offered attachments supposedly containing information on potential job candidates.

The attachments were Microsoft Word documents -- a common file type erroneously believed to be safe by most computer users -- that if not intercepted would have deposited Trojan horses, or malicious programs disguised as benign ones, onto targeted computers.

The two e-mail bursts point to a new and sophisticated take on an old-style attack with troubling implications for corporations, MessageLabs says.

In the past, most e-mail attacks of this kind have been comparably simple "phishing" scams sent to masses of consumers with the goal of inducing them to part with their financial-account information. A small number of targeted attacks have been seen by security firms, but they typically targeted individuals in government or the military.

These new attacks, however, suggested a fairly low-tech e-mail scheme could begin to create a high-class problem for significant numbers companies, one in which valuable data are at risk and foolproof technical defenses are challenging.

MessageLabs says that it has been intercepting targeted e-mail attacks on corporate clients for at least three years but that the numbers began to track up significantly only over the last year. The firm was catching one message a day as of the end of 2006. That number rose to about 10 a day by May and then jumped dramatically with the June and September attacks. Both of those incidents targeted executives in a wide range of industries.

"All of a sudden somebody new hit the scene," said Mark Sunner, MessageLabs' chief security analyst. Who that was isn't clear because technical tricks disguised the e-mails' origin, he said. But it's likely the person or group responsible came from the digital underground centered in Eastern Europe, where malicious-program writers and organized crime have long worked hand-in-hand online to steal and sell data for use in fraud schemes.

The newcomers appear to be after corporate secrets, he said. They have sought, specifically, to infiltrate the computers of chief executives, chief financial officers, chief technology officers and other senior managers -- and on occasion their assistants. And the Trojan horses were primarily designed to help the attacker gather Microsoft Office files from the "My Documents" directory of infiltrated PCs.

The people targeted "are the custodians of the company's secrets," Sunner said, and have computers full of juicy spreadsheets, financial reports, merger details and trade secrets.

"Why would somebody be targeting a CEO?" asks Scott O'Neal, chief of the Federal Bureau of Investigation's cyber-intrusion section. "It may be to steal intellectual property, it may be corporate espionage, it may be to get into the database."

Attacks of this kind have become much simpler, O'Neal said. "The how-to tutorials out there are getting better and better. And people need less and less technical skills." But unfortunately, few are reported to law enforcement because companies fear an investigation will disrupt their businesses and result in unwanted publicity. Such fears are unfounded, he said. The agency is careful not to be disruptive and maintains strict confidentiality.

In the recent attacks seen by MessageLabs, the attackers tried to improve the chances executives would open the Trojan-laced attachments by referencing bogus business matters and including personal details, such as name and title, which suggests the attackers spent time researching their targets.

Friday, October 05, 2007

70-623: Exam Review

Exam 70-623 PRO: stands alone as a Microsoft certification. The exam targets IT professionals who work within the consumer market supporting end users. Familiar with The Geek Squad? Well, that's the target audience. Exam 70-623 gives this group a way to prove their knowledge supporting users with installation, configuration and troubleshooting retail versions of Windows Vista installed on consumers' machines.

70-623: Exam Review