UK Customs & Excise Scanning Laptops

The BBC has reported an interesting story.  It appears that the UK’s Customs & Excise department is scanning the laptops of suspected offendors for illicit materials, namely offensive pornography.  Wanting to prevent the import of offensive materials is an appladable desire.  However, given that certain nations, including some in the EU, have a history of using government agencies to perform industrial espionage to aid their native companies, I do have a problem with this action.

Interestingly, the person who reported this story said their laptop could not be scanned by the agents on hand because it was an Apple.  The agents had no idea what encryption was either.

So, if you do not want company secrets to be stolen by a governement agency of some nation, make sure you encrypt your laptops hard disk.

Microsoft Catches Up With RIM Blackberry

The Register has published a whitepaper that describes how Microsoft has caught up with RIM in the marketing of push email technology.  Until Service Pack 2 for Exchange 2003, no one was able to match up with RIM.  Sure, there were alternatives but RIM had the name: Balckberry.  Every director and senior manager wanted a Blackberry.  This all sounds great but hold one a second… there’s some problems:

  • You have to pay money to subscribe to the RIM network for pushing your mails out.
  • If you use RIM then your mails are travelling across their network and their servers.

That last one is a real stickler.  You may have been able to offer alternative solutions but they still had license costs and you still had to beat the name "Blackberry".  Plus, let’s face it, non-Blackberry devices were a dog to use until recently.  You were probably talking about having to use a brick of a PDA and who really wants to revisit the 1980’s … I prefer to forget that decade happened.

With Service Pack 2 for Microsoft Exchange 2003, Microsoft included a new feature for pushing email out to Windows enabled smartphonnes and PDA’s.  Secure push email from within Exchange was now possible.  You didn’t need to use another companies service or network.  You also could reduce your licensing costs.  Simultaneously, phone manufacturers worked with Microsoft to develop better devices that would be more appealing to the target market.  Now a director can use a feature rich smart phone that is no bigger than a normal mobile/cell/handy phone.

MS Push Email offers other features too.  A PIN policy can be enforced on the devices.  This offers basic security to lenghten the time it takes to access data on a device without the owners permission (real security requires encryption).  Furthermore, if a device is lost or stolen it can eb reported to IT or the security officer.  With this notification, Exchange administrators can send a signal to the device to wipe itself, thus preventing unauthorised access of data.

The message was very slow to get out to the typical sys admin or CIO.  It appears that it’s finally getting out there but the uptake does appear to be slow in Ireland.  That’s a pity because it would be a shame not to use the free and secure solution that Microsoft have provided.

There’s loads of information on the net on how MS push email works and how to deploy it.  Here are some links:

Finally, Nathan Winters (in the UK) has set up the Microsoft Messaging & Mobility User Group UK.  The intention of this group is to share information and to inform people on how to make the best use of the technologies that Microsoft has provided in making the information worker a mobile worker.

Technet Magazine: September 2006

Are you using MOM 2005 or SMS 2003?  Do you want to learn more about how these products can be used to do more while you do less?  If so, I highly recommend that you read the free online edition of TechNet Magazine.  This month’s edition feature articles on SMS 2003 and MOM 2005.

Articles include:

  • Using WMI with MOM
  • Zero Touch Installations
  • Getting to know Windows PE
  • Using MOM for SOX compliant security auditing
  • System Center Operations Manager 2007 (aka MOM 2007)

When correctly deployed and used, MOM and SMS in conjunction with Windows 2003/2003 R2 can really make life simpler for the systems administrator.  I’m speaking from experience here.  In a past job, my team (3 of us) ran a global network of 170 servers.  Most of our time was spent on engineering for new projects/systems instead of firefighting or sneakernet deployments.  This would have been impossible without the solutions we had deployed.

Windows 2003 Service Pack 2 Beta Technical Refresh

Microsoft has released a Technical Refresh of the Service Pack 2 beta for Windows 2003/2003 R2.  The following was posted on Connect.

"Windows Serviceability is pleased to announce the release of Beta Refresh 1 (build 2786) of Windows Server 2003 Service Pack 2 for Windows Server 2003 and Windows XP Professional x64 Edition customers.

This build contains:

  • Roll up of hotfixes released to date
  • Roll up of security updates released to date
  • Fixes for bugs reported by Beta customers and other known issues on previous Service Pack 2 builds

This build should be used for full deployment purposes, including pre-production testing or general compatibility testing. We will review all reported issues in the Release Candidate build. In order to have a stable test environment we strongly recommend un-installation of any previous SP2 builds from your machines before installing build 2786. If you previously installed an integrated build of SP2, you cannot upgrade your system to build 2786 with this refresh; you will need to re-install a released version (RTM, SP1, or R2) of Windows Server 2003 before upgrading to build 2786. Go to https://connect.microsoft.com/content/content.aspx?SiteID=98&ContentID=1799 to find an evaluation copy of Windows Server 2003 Service Pack 1.

Release notes for this build can be found at https://connect.microsoft.com/content/content.aspx?ContentID=3342&SiteID=98.

Here is the list of releases; note that there are no integrated releases with this build:

32-bit x86 standalone update: English, German and Japanese
x64 standalone update: English and Japanese
Itanium standalone update: English, German and Japanese
Checked update for English only (debug version)
We encourage you to continue WS03 SP2 Beta testing with this build and provide feedback".

The feature in this Serivce Pack I’m most interested is Windows Deployment Services.  An image based system, WDS is a replacement for RIS and will be one of the deployment mechanisms for Windows Vista.  Any organisation facing a potential deployment of Vista should review this new solution.

Microsoft Forefront Client Security

Back in 2003, Microsoft unoffically notified the world of their intention to venture into the world of anti-virus and anti-malware solutions by buying out Romania-based antivirus firm GeCad.  The world waited but nothing happened.  Then Microsoft bough Giant, an anti-spyware provider.  We waited and then got a limited functionality product called Defender that has been in a never ending beta.  More recently, Microsoft bought out Sybari, the famed e-mail anti-malware solutions provider.  This past July, Microsoft Antigen 9.0 made its debut.  Antigen for Exchange featured a new anti-virus engine that had not ben seen before, one from Microsoft!

Details of what Microsoft was doing on the server and desktop anti-malware world slipped out here and there.  They were definitely developing a solution.  It was rumoured that Windows Update and/or WSUS could be a deployment mechanism, something that many would like as it would simplify deployment systems.

Microsoft recently announced the start of the public beta of Microsoft Forefront Client Security saying that it would provide:

"Unified malware protection for business desktops, laptops, and server operating systems that is easier to manage and control. Built on the same highly successful Microsoft protection technology already used by millions of people worldwide, Forefront Client Security helps guard against emerging threats, such as spyware and rootkits, as well as against traditional threats, such as viruses, worms, and Trojan horses. By delivering simplified administration through central management and providing critical visibility into threats and vulnerabilities, Forefront Client Security helps you protect your business with greater confidence and efficiency. Forefront Client Security integrates with your existing infrastructure software, such as Active Directory, and complements other Microsoft security technologies for better protection and greater control.

Forefront Client Security is currently in development. Microsoft plans to make a public beta of the product available to customers in the fourth quarter of 2006. Pricing and licensing will be announced at a later date.

The benefits offered by Microsoft Forefront Client Security include:

  • Unified Protection: Forefront Client Security delivers unified protection from current and emerging malware, so you can feel confident that your business systems are better protected against a broad range of threats.
  • Simplified Administration: Forefront Client Security provides simplified administration through central management, so you can protect your business with greater efficiency.
  • Critical Visibility and Control: Forefront Client Security produces insightful, prioritized security reports and a summary dashboard view, so you have visibility and control over malware threats".

The solution includes anti-virus and anti-spam prevention mechanisms and mangement.  Based purely on description, this looks like Microsoft will jump straight into competition with Spohos, a leader in this field.  It will be interesting to monitor how things develop.

Best of MMS TechNet Roadshow – Dublin

Microsoft TechNet Ireland has just started advertising a free day of briefings on some of the new System Center products including those available now and those that are coming next year.  It will basically consist of some of a main sessions from the MMS conference that was held earlier this year in the U.S.

This TechNet event will be a very technical covering the following topics:

  • Optimising your infrastructure with Microsoft System Centre
  • MOM 2005 and System Centre Operations Manager 2007 technical drilldown
  • SMS 2003 R2 and System Centre Configuration Manager 2007 technical drilldown
  • Operations Management with System Centre Products
  • Protecting your data with Systems Centre Data Protection Manager

Sessions will cover one or more of the following scopes on a specific topic:

  • Deep drill technical drilldown into current or future of the products and technologies
  • Best practices for common real-world scenarios covering the lifecycle of solutions
  • Comparisons between different solutions available – such as SMS and WSUS patch management
  • Real-world experience (‘Tips and Tricks’) from Microsoft and non-Microsoft consultants and customers

WinRE – Windows Recovery Environment

A new team blog has been launched by Microsoft.  WinRE is a derivative of WinPE and is intended as a replacement for the Recovery Console.  We’ll see it "live" for the first time with Windows Vista.  MS says:

"WinRE provides two main functionalities:

  1. Automatic diagnosis and repair of boot problems using a tool called Startup Repair.
  2. A centralized platform for advanced recovery tools".

WinRE is included on the Windows Vista RC1 DVD image.

Virgin Bans “Exploding” Laptops

ENN is reporting that  Virgin Airlines is taking steps to ban the inflight use of most Dell and Apple laptops after the recent spate of exploding batteries that was followed by a recall.  Quantas and Korean Air have already done this.  Virgin is allowing up to 2 individually wrapped batteries to be carried but they cannot be put to use.

Given how rare these "explosions" have been, this seems like overkill.  Next they’ll be banning water on flights … oh!