Technology Commentary for the Enterprise & Everyone Else

Windows 7 finds its way to Beta

January 13, 2009 · Leave a Comment

and may find its way to shelves as early as the fall according to some reports.  The Beta has only been out since January 9th so I don’t know if there is a consensus yet, but from what I see so far things look good. 

My first impression was that it looks very similar to Vista.  However after working with Windows 7 for the last few days I can honestly say……… it is Vista.  I was fooled at first because of the new task bar and the Windows 7 branding, but I get the joke now, come on where are the cameras?  Am I on TV?  I bet this is that Mojave experiment thing again right?  Is Seinfeld going to walk in the room and proclaim his is a PC? 

 I’m not going to lie I like Windows 7, really for the same reasons I like Vista most of which has to do with security.  I can even say from a performance perspective Windows 7 boots faster than any previous Microsoft OS and in my opinion that feature alone would be worth the upgrade especially for a mobile customer. 

Still though I can’t decide what my favorite new feature is yet.  I’m kind of leaning toward “Aero Shake” where I can minimize all of my open windows by shaking the active window.  I liked this feature the first time Apple showed it to me on TV.  Zing!  Just kidding.

 I think the best new feature is somewhat under the hood, the average consumer may never even see it, now I want to quote this perfectly because it is so good; the default UAC control behavior for administrator level users is to:

“Prompt for consent for non-Windows binaries”

I have to admit it takes a pair to not only make that statement in GPO double talk, but to make that a default behavior for an OS.  For those you that are scratching your head let me translate.  Anything that is signed by Microsoft and integrated into Windows can elevate its security token at will, no prompting from UAC.  You all remember UAC don’t you? That annoying little popup that keeps viruses and malware for wreaking havoc by requiring you to approve system level changes.  This sort of reminds me of congressional legislation to help farmers in Iowa, but somehow includes an embedded addendum to legalize gambling and hookers.

I can’t wait to see what qualifies as a Windows binary in the future.  Please will the Governor from Illinois sit down, we have no intention of selling what is a Windows binary to the highest bidder, that’s ridiculous.

Here is the good news America I think you are going to like Windows 7.  The new OS looks more streamlined, no gadgets on the desktop by default, and guess what you can decide how security conscious you want to be depending on your mood.  Windows 7 now includes a slider bar that lets you adjust your level of security with UAC.  You can now turn it off on a whim solidifying job security for the IT industry for years and years to come.   I know I sound smug about the whole thing, but UAC is at the root of why Windows Vista never gained acceptance, and I think Microsoft could have solved that problem with a feature upgrade and a clever commercial, rather than a new OS version.

The silver lining in all of this is that Vista, now called Windows 7, is a good Operating System and that was the whole point all along.  Look everybody, sometimes when you pick on the dorky geeky kid (Microsoft) he doesn’t know how to act and he just slinks away to his room and builds a new OS.  Maybe the lesson learned here is that if we can all stop being jerks for a little bit maybe Dork Boy will give us some upgrade credits. –Tony

→ Leave a CommentCategories: Microsoft Windows · Windows 7 · Windows Vista
Tagged: ,

Oh! Christmas Eee. Oh! Christmas Eee I want my ASUS Eee PC.

December 8, 2008 · Leave a Comment

If the ASUS Eee PC isn’t on your holiday wish list this year than you may be left with coal in your stocking. This very special holiday season promises record low profits, increased global and domestic market uncertainty, and CEO’s left to think about how they can cut costs while maintaining productivity and sales. Computer companies like Apple, HP, Dell and Acer are finding a new consumer market with mini-laptops. While Microsoft continues changing fonts in Windows Vista and calling it Windows 7. Computer companies are betting that easier to use systems like Windows XP, OS X, and Linux on ultra portable hardware are going to be just the thing to get consumers excited about computers again. The latest company to make a dent into this new frontier is ASUS with their line of 8.9” mini-laptops. ASUS laptops come pre-installed with everything a business user needs to create documents, presentations, surf the web, and email. There is nothing additional to buy, the Windows XP version comes with Microsoft Works and the Linux version comes with Open Office. These are no toy laptops, they with come with a standard Ethernet port, WiFi, USB 2.0, SD drive, VGA port, and Solid-State Memory and amazingly start at under $300?

I have had my ASUS 900 with Linux for about 4 weeks and it is already my primary PC when away from the office. Yes, I said Linux not Windows. Let’s be brutally honest many of us make our livings working with Microsoft Windows, but the fact remains they are vulnerable to a slew of viruses and quite frankly I don’t want to get blindsided by having to buy additional licenses for the full version of Microsoft Office or be forced to register the OS over the phone every time I need to reinstall a licensed application. Why would I want to subject myself to all of that worry and headache if all I want to do is write documents, give a few presentations, and send email? And yes Open Office is compatible with the Microsoft Office suite, and so far I have been able to work back and forth between Open Office and MS Office without any issue.

Now let me be perfectly clear I am not suggesting that mini-laptops will replace Enterprise workstations, no way, they are just not robust enough to run my most intense applications and I’m not going to run Oracle or SQL on my ASUS anytime soon. I can tell you though my ASUS boots fully and is on the Internet in about 30 seconds, and it only runs on Solid-State Memory with SSD drives as small as 4 GB all the way up to 20 GB as of this writing. I can conduct business with a laptop this size. I cannot conduct business on a Blackberry or iPhone they are too small and I feel like a teenager every time I text reply to a co-worker. I’m a big boy now and I would like a professional quality keyboard and the ability to run big boy applications not just play MP3s or download ring-tones.

For those of us not looking for an office solution consider the ASUS for any of the little darlings you have at home that do nothing more than a little home work and download music all day long. Maybe consider a mini-laptop for your more computer challenged family members. Hey grandma! have I got a computer for you, there’s no start button and if you want to go to the web you click on the button that says “Web”, what could be easier? The ASUS interface, called “Easy Mode”, presents like a cell phone so that even the most novice computer user can navigate easily. The ASUS has a tough exterior and is very durable, and with no spinning disk you’re less likely to lose data if you do have an accident. And with a recovery image already stored on its own internal partition you can easily recover to your factory install in just a few simple steps. I’ve actually done the recovery install and it worked in about 15 seconds.

America it is time to rise up and tell computer companies that Windows and Macs are not the only game in town and we won’t be pushed around into being told how we do our computing. I don’t need a start button, or a piece of fruit on the front of my computer to launch an application or surf the web and I’m tired of having my intelligence insulted every time someone suggests I can do work on my phone. Well I can’t, it’s a phone, I can barely see the damn thing much less write an email or do anything remotely useful. I want to spend my money on something that can help me to do my job better than I’m doing it now, not just impress my kids or let me play the latest version of Grand Theft Auto.

And just to set the record straight “I’m not a PC”….. I’m a person with a job and I have work to do.—Tony

For more information on the ASUS EEE PC go to www.asus.com .

 

→ Leave a CommentCategories: Uncategorized
Tagged:

Failover can be as easy as TZO

November 4, 2008 · 1 Comment

This month’s article will review TZO’s High Availability service. TZO provides Global Load Balancing as a service through DNS delegation, lowering site failover scenarios down to seconds rather than hours or in some cases days.

I remember a time when a person’s business phone and email system was something that was at the office, not in the car or corner cafe. Today in an ever expanding global workplace we expect to be able to communicate anytime, anywhere, from any device, and under any circumstance, suffice to say the rules have changed. Large companies need to consider how they can provide email and a slew of other web services to their employees and customers 24 x 7.

The problem is how does a company load balance or failover critical Enterprise web services across two or more different physical locations? Some companies deploy very complex, not to mention expensive, globally load balanced architectures using numerous appliances at multiple sites, expending lots of resources and time. Others try to leverage DNS by round-robin, using multiple DNS records to distribute customers across sites. The issue with a round-robin design is many websites, like OWA (Outlook Web Access)make multiple DNS queries during a session and customers could be randomly connecting to all of your sites during a singular session, throw in authentication issues and you will quickly finding yourself needing a more mature solution. Another approach some companies use is to advertise DNS records with very short TTLs (Time To Live), this allows the DNS record in a client’s cache to expire very quickly so that clients and recursive DNS servers, are always making authoritative requests for new records. This is a great plan up until the moment your primary DNS server goes up in a mushroom cloud and you are now reliant on working with the ISP to redirect authoritative requests to another primary DNS server.

So what’s the solution? In a word……Outsource.

(Insert Mad Loyal Reader) OK Tony now you’ve gone too far and used the “O” word. People lose jobs over that word, are you crazy? I can think of half a dozen appliances that do load balancing without having to give up authoritative control of our DNS zones. What makes TZO so special?

Alright everybody calm down I’m not suggesting outsource you jobs, just DNS. While I understand we have been snowballing IT management for years about the great mysteries and complexities of DNS we all need to come clean and explain that DNS, (insert admission gulp), is just a text file that get’s copied from server to server. Would anyone really care if that text file, which (come on admit it) has maybe 20 entries, was outsourced? I personally doubt it, in fact by outsourcing your DNS you have the potential to gain much more from increased flexibility to update records anywhere at any time, like in a disaster, and provide your customers with global redundancy.

If the word “outsource” is not allowed in your organization please consider the following: “Software as a Service”, or its popular acronym “SAAS”, or maybe the recently coined “Cloud Computing”. Trust me everyone I get it, I’m in the same boat, I’m going with “Cloud Computing” it has that mysterious quality that Senior Executives love and chicks dig.

I recently had a chance to talk to TZO Director of Sales & Marketing Christopher Cook about their Global Failover and Load Balance offering and asked if he could describe some of the key benefits to delegating DNS to TZO.

Chris explained that by delegating authority of your DNS zones to TZO you immediately become part of a global DNS infrastructure that extends through “North America, Western Europe, and soon the Pacific rim”. The benefit of this design is that company’s can decrease DNS propagation delays down to seconds and minutes. This is critical in a DR scenario where traditional DNS architectures can have propagation delays that are upwards of half a day or more.

OK, so to be fair I asked Chris why outsource, couldn’t companies install their own Global load balanced solution?

Chris’ answer was easy, TZO is about “25% of the cost of hardware solutions” and you don’t have to setup or configure anything and “if your business needs change your not [stuck] with unwanted hardware”. The other benefit according to Chris is that “when a company is ready all they have to do is change their [DNS delegation] to our servers”, it is that easy.

I told Chris many companies just won’t feel comfortable delegating their entire authoritative DNS zone to TZO, is it possible to only delegate a sub-zone?

Chris explained that if all a company wanted to do was load balance one website they could just delegate a sub-zone for that website. For example, WWW.company.com would just need to delegate the sub-zone “WWW”. The beauty of this design is that the company remains in full control of their “company.com” authoritative space except for the “WWW” subzone. When customers make an authoritative request for WWW.company.com TZO will answer. And if you are load balancing across two different physical sites customers could be redirected to any “A” record in that zone, such as SITE1.www.company.com and SITE2.www.company.com.

How does TZO monitor site availability?

TZO monitors site availability using a Multi-Point Monitoring architecture. They monitor each site from two different geographic locations within their architecture and both locations have to agree a site is down before automatically redirecting traffic to the alternate site, reducing false positives. Wow! Imagine the cost of trying to configure that kind of reliability on your own?

If a customer connects to my website at Site1 and during the session they make another DNS request are they redirected to Site2?

No, the answer is that TZO can be configured to make sessions persistent so that customers are not crossing the Internet to another physical site every time a DNS request is made during a session.

How flexible is the TZO HA service?

TZO allows customers to manage their DNS zones using a very user friendly web interface. Customers can customize the percentage of DNS requests that resolve a particular site. An Enterprise could answer 70% of WWW.company.com to SITE1 and 30% to SITE2. If you wanted to you could make one site 100% and the other 0%, might come in handy during scheduled maintenance. For companies that have secondary Co-Locations this service could be the cornerstone of their redundant architecture.

The final point to all of this is to remind Enterprises that even though DNS is easy, redundancy can be complex. Companies need to evaluate their core competencies and decide what fundamental services need to be highly available in an organization. To successfully load balance multiple physical sites, most organizations are going to need a little more than a DNS round-robin design or short TTLs. If your plan is to white wash management with the idea that your ISP is going to be a part of your failover design, good luck. Experinece has shown that if by some miracle you can get a person on the phone that can actually spell DNS I wouldn’t bank on propagation times under a day. So please consider your load balance and DNS propagation plans carefully, the last thing anyone wants is a short TTL on their “J-O-B” record.

–Tony

To find out more information about TZO please visit http://www.autofailover.com

→ 1 CommentCategories: Commentary · Exchange 2007
Tagged: , , , , ,

Jerry Seinfeld debuts in Microsoft commercials…about Nothing!

September 15, 2008 · 4 Comments

I wish I were joking, these commercials appear to me to actually be about nothing. I’ve watched both commercials with colleagues, my wife, my kids, complete strangers, and nobody can tell me what these commercials are about. It appears that back in May when I suggested that Microsoft fire their head of advertising they instead hired George Costanza.

If you haven’t seen the commercials they are all over YouTube or you can go

To www.microsoft.com/windows.

In the first commercial Jerry Seinfeld and Bill Gates manage to insult anyone that has to buy shoes at a discount store why we are uncomfortably forced to believe this is where Bill buys his shoes. He then adds insult to injury by pulling out his discount shoe store bonus card further insulting middle class America by laughing at the fact that Americans need to shop smartly to make ends meet.

In the second commercial Bill and Jerry adeptly showcased common middle class issues, like neglecting grandma, ignoring our children and serving leftovers. I especially liked the part where Jerry is cornered in a dark hallway by Mom just trying to gain a little insight into how she can invest $1800.

Nice job Microsoft I walked away from both commercials feeling financially inadequate. It is also nice to know that after Bill finishes his experiment with American commoners he can go back to his “moon house hovering over Seattle”. Yeah……somehow I’m no longer in the mood to buy expensive closed source buggy software.

I think for 10 million dollars Microsoft could have hired an actor that resonates more with their core customers, you know all of those balding middle aged men-geeks that actually make the recommendations to fortune 500 CEOs. Believe me when I say that a bikini-clad Paris Hilton would have been a far better choice even if all she did was stand there and demo Vista’s Aero Glass feature and say “now that’s hot”.

Why is it that Apple can rally customers to literally sleep in tents for days just to have a chance to buy the latest iCrap ?

Please, let me answer this for you. It is because they tell their customers why! I’ve seen Apple commercials with no dialogue, nothing more than some iGadget in someone’s palm while they go through all of the features. They don’t even tell you the price, you just know at the end of the commercial you need have one. Even the infinitely successful Mac and PC commercials where Apple has literally hired an actor in a T-shirt to list Mac features while a guy in a business suite, presumably Microsoft, self-destructs at every turn.

Seriously, do you guys at Microsoft even know what advertising is all about? What genius decided to put Bill Gates in these commercials? There are companies that have been successful with putting their figure head in commercials, like Dave Thomas founder of Wendy’s. The difference is that Dave had an on screen charisma that made customers feel good, while they watched the man eat a juicy hamburger or spicy chicken sandwich. All I feel that Bill Gates brings to these new commercials is a patronizing cynicism, coupled with Seinfeld’s sarcasm, I feel like a jerk for even watching.

Microsoft you’ve had successful campaigns before, are you familiar with the success of your Xbox? I can’t even walk into an electronics store without seen hoards of kids and parents clawing for a chance to demo and buy the latest Xbox release. Let me tell you something about kids, because I have two little darlings, they watch toy commercials and then beg , half the time they can’t even tell me the name of the toy, but they can tell me what it looks like and what it does. I guess I’m saying it would be nice to see what you’re trying to sell me, and what it does. I’m sorry for being so sarcastic and patronizing, but your new commercials have the same tone, and in the end we both just walk away insulted and mad.

Microsoft is the most powerful and influential software company in the world and not only does nobody get your commercials, but it appears that you have also managed to patronize, insult, and offend your audience in the process. And if I can close by quoting Jerry Seinfeld in commercial 2, “I’ve got so many cars I get stuck in my own traffic”. Well Jerry and Bill, I have about $1500 and I think I’m going to buy a Mac.—tonyFSMO

→ 4 CommentsCategories: Commentary
Tagged: , , , ,

Discover the Exchange 2007 Autodiscover Service.

July 28, 2008 · Leave a Comment

This new service allows customers to easily configure their own client-side connections to Exchange related services, including: Outlook Anywhere (formerly RPC/HTTP), Offline Address Book (OAB), Unified Messaging, Exchange Web Services, and the ever popular ActiveSync for a new generation of mobile devices. If you are a large company and still teetering on whether or not to deploy Exchange 2007 this feature alone makes the business justification.

Using my best movie preview voice…..

“Imagine a world where your customers can configure their own Outlook clients without need of complex instructions or Helpdesk calls. A world where customers just enter their email address and password, seemlessly connecting securely to their Exchange environment from any mobile device.”

Well pass the popcorn because that day is now here! That is the whole point of the Exchange 2007 Autodiscover Service. Interested yet? Good, the bad news is that I have no intention of walking you through how to setup this service. Truthfully, Autodiscovery is a bit complex to setup and has a multitude of scenarios that you need to research to fit your organization. The good news is there has already been a great deal written on the details of setting up Autodiscovery and I have consolidated many of those links at the end of this article. Feel better now?

What I would like to discuss is that a new scenario recently became supported that allows Outlook 2007 to take advantage of DNS SRV records to locate the autodiscover URL that clients must request to connect to Exchange’s Edge or ISA firewall. The beauty of this scenario is your organization can have just one SSL certificate and use it for all of its web based connections, whether it is OWA, Unified Messaging, Active Sync, etc.

Outlook clients by default when attempting to make an autodiscover connection will try

https://autodiscover.<smtp-address-domain>/autodiscover/autodiscover.xmlhttps://autodiscover.<smtp-address-domain>/autodiscover/autodiscover.xml

While this creates simplicity out of the box, only requiring a new “A” record called “autodiscover” in your domain’s public DNS zone, it commits your organization to have a second SSL certificate or a certificate that supports Subject-Alternatives. Subject-Alternatives allow a single certificate to respond to multiple host names. This adds additional cost and headache because not everything supports Subject-Alternatives, including some versions of ISA. Plus in my opinion it is just plain ugly.

Microsoft recommends using a Single-Name Certificate to support not only auto configuration, but the entire public side of your organization. This way your customers only need to resolve one DNS name across the Internet regardless of what Exchange service they are trying to connect. The latest version of Outlook 2007 http://support.microsoft.com/?kbid=939184 supports SRV lookups so that your Outlook client can just query your Exchange domain’s SRV records to discover the correct URL for autodiscovery. Customers simply enter their email address and their Outlook client will automatically find the correct URL to connect your customer to your Exchange Organization’s web services and prompt them to authenticate.

I’m always thinking about DR (Disaster Recovery) and there are a lot of benefits in being able to tell customers that the only thing they ever need in a disaster to conduct business, is an email address and password. The more complex an organization the more important this becomes. Many organizations not only leverage OWA, and Outlook Anywhere, but other mobile devices like Blackberry, iphones, and just about everything else you can snag at Best Buy. Customers should not have a flow chart about what to do in a disaster to communicate with their organization, it should just be one URL and it should be the same URL they use for all of the Exchange Web Based services.

For more information on how to setup the Autodiscovery Service in Exchange 2007 check out the following links.

Microsoft’s White Paper on Autodiscovery. I would start here it gives you all the scenarios you will encounter and the Powershell commands to get the job done. I recently setup a client just by using this document.

http://technet.microsoft.com/en-us/library/bb332063.aspx#HowtoConfigureExchangeServices

The Msexchangeteam guys always do a good job with their articles. Review this article and the helpful links at the end for more information on autodiscovery.

http://msexchangeteam.com/archive/2007/04/30/438249.aspx

Everything your DNS admin needs to know to create an SRV record for Exchange in the public domain.

http://support.microsoft.com/?kbid=940881

→ Leave a CommentCategories: Exchange 2007
Tagged: , ,

Don’t Scrap It. Feature Pack It!

June 6, 2008 · Leave a Comment

May 27, 2008–Bill Gates and Steve Ballmer demo Windows 7 during the Wall Street Journal’s annual D6 conference in Carlsbad, California.

What in the world were they thinking? I really applaud the fact they are finally giving the consumer reasons to buy their new OS, showcasing the type of new media features that made Windows XP so popular. Unfortunately, they were not showing Vista, but rather an early version of Windows 7 slated to be released in late 2009. (Link to conference interview and demo below)

I find it so hard to believe that Microsoft is running away from Vista so quickly. Does this mean that the new security features that were introduced in Vista have been abandon, features like: User Access Control (UAC), split security tokens, BitLocker, and IE Protected Mode. Since I’m guessing no, than why-O-why don’t you just make the new media features in Windows 7 an “R2″ like upgrade for Vista? I feel like I need to give Microsoft a pep talk (visualize a caring Dad’s arm around Microsoft’s shoulder).

Son? (long dramatic pause)…… Deploying a new platform is like a first date, take it slow, and expect to make a few mistakes. This doesn’t mean at the first sign of trouble head for the door and start working on Windows 7. Maybe show that demo (see link above for demo) of all the touch screen picture stuff, that was pretty cool, something I think consumers could really get excited about. Throw a few punches at that little fruit company causing a stir with their T.V. commercials. Don’t be too aggressive, nobody likes someone that puts out a new platform every 3 years, you’ll just end up looking nerdy with no direction. Maybe the more prudent approach would be to take a few of those really cool media applications in Windows 7 and feature pack them into Vista, get consumers excited again. Remember, the reason jocks get all the girls is because they are the only ones brave enough to ask. It is time for Microsoft to start strutting its stuff by showing what it has to offer. Now get out there and go cut down some apple trees. Feel better? Good. Call your mother.

This is the best I can do; I can only emphasize to Microsoft how important it is to get this right. Your customers do not want to wait another 15 months just to get a media upgrade when they could have been benefiting from the Enterprise features already in Vista. Please don’t ask me to go back to management and tell them that we have to wait a year and a half because an XBox and an IPOD had an affair and produced Windows 7. I think Vista has a lot to offer small and large businesses and it is time to let your customers know what path they should follow. Please don’t send us down the path of Windows 7 unless you really plan to abandon Vista, because if we have to go through this type of indecision again in another year you will lose a portion of your customer base, and it won’t be because of your competition’s funny commercials.

—tonyFSMO.

→ Leave a CommentCategories: Windows Vista
Tagged: , , ,

Making The Argument For Vista

May 20, 2008 · 1 Comment

It has been one year and nearly five months since Vista was launched in late January 2007. I hope everyone now agrees that this is the right time to fire the person in charge of marketing at Microsoft. I’m not sure who this person is, but I do know they haven’t given the public one reason to buy Vista. I remember when Windows XP came out we got some great commercials with kids flying all over the place to a Madonna track, while showcasing all of the new cool media upgrades Windows XP had to offer. This was at a time when people were just starting to get into digital media, this was a real reason to upgrade. When Server 2003 came out there was a really great commercial with a guy telling everyone in the office he had saved a nickel on every transaction, and they were doing a million transactions a day. Now saving $50,000 a day is a real reason to upgrade. Where did the great Microsoft commercials go? All I see on TV now is a guy pretending to be a PC while he makes a fool of himself in front of a guy named “MAC”. While I will concede these commercials are very funny, they don’t exactly instill confidence in the consumer that upgrading to Vista will be a positive experience. Where is Microsoft’s voice? Why aren’t they trying to create their own buzz about Vista? In fact recently all I have heard from Microsoft is that Windows 7 may be released in 2009. Wow! Talk about killing confidence in your consumer base. The good news is that Microsoft can turn this whole thing around by just telling the consumer why they should upgrade to Vista.

Many of us have heard that Vista does improve security, but is that a real reason to upgrade? Absolutely! Malware is only getting smarter and the security architecture of Windows XP has proved itself inadequate against the biggest outbreaks of the last several years. Windows Vista on the other hand will provide users a new security architecture designed to defend against more mature attacks as viruses and malware become more non-deterministic and metamorphic in nature. This is reason number one why Microsoft developed User Account Control (UAC). UAC prompts users to elevate their security token only when elevated privilege is required. This is a big departure to how security was handled in previous versions of Windows where an administrator had all of their privilege available to them regardless of what they were running. The OS had decided to give you permission to do literally anything in advance without you even asking. I wont even let my kids watch TV without asking. In Vista your privileges are split, you only run a process with elevated privileges when you need them, and even then UAC requires that you at least approve the elevation request. The clear benefit of UAC is that it becomes much more difficult to install and run software that you are not aware is running. If I am a large enterprise and I can improve my security posture just by deploying Vista in its default configuration, to me that would be a reason to upgrade.

Another feature that isn’t getting a lot of press is Internet Explorer’s Protected Mode. Where did the buzz go for this great feature? Internet Explorer’s protected mode will force anything originating from the Internet that is trying to run on your system into an Integrity Level that has less authority than that of a Standard user. Windows Integrity Control, also called “WIC”, allows Vista to assign a mandatory value that indicates how trusted you are on the system, values ranging from: Untrusted, Low, Medium, High, and System. These values do not replace permissions, but rather act as another layer of protection. If a user has administrative rights and all of a sudden becomes compromised by a process originating on the Internet, that process will be automatically be forced into an IL of “Low” and be restricted to only tasks which also have and IL of “Low”. Just about everything in Vista requires at least an IL of “Medium”; a rogue process would be virtually rendered useless. If I am a home user with teenage kids, I want this feature and I want it now.

There is so much more that can be mentioned like the new two way Firewall that is turned on by default? For parents there a new parental controls that let you create white lists defining what your children can and cannot view on the Internet. There is the new Vista kernel which takes giant leaps to all but eliminating Blue Screens of Death (BSOD) because of how Vista limits application kernel hooking. Finally, how about Bitlocker? More and more companies are feeling the heat to protect themselves from data theft. Bitlocker works with the TPM technology that is built into most new laptops and encrypts the system volume to prevent any data theft if a stolen disk is planted into another system. Bitlocker can even leverage companies existing investment in Active Directory to assist with key management.

This article has been all about security and I haven’t even mentioned some of the great other new features that alone could justify the cost of upgrading. Vista enables the Volume Shadow Copy service by default now allowing users to restore files from their desktop with just a right click. How about Complete PC Backup, a bare metal restore technology that that could literally replace expensive 3rd party imaging products. Not to mention the fact if companies want to get the most out of the highly anticipated, and so far well received, Windows 2008 server has to offer.

Maybe the problem is that Microsoft just doesn’t feel security is “Sexy” enough to sell. This may be true, but if Microsoft doesn’t start giving consumers real reasons to upgrade they risk yet another year of letting companies figure out how they can live without Vista.

→ 1 CommentCategories: Windows Vista
Tagged: , , , ,