This is a very large price tag…
Consumers paid as much $7.8 billion over two years to repair or replace computers that got infected with viruses and spyware, a Consumer Reports survey found.
I know each time I’ve got back east for vacation and visit a friends house, I end up spending a couple of hours trying to get their machine running better. If I charged them for the service, they would ave ended up paying a few hundred dollars or more by now.
It seemed to me like there had been a lot of patches this year, but I had’t really thought about it to much. Then I came across this story….
So far this year, the software giant has already addressed more critical vulnerabilities than in 2004 and 2005 combined, according to security specialist McAfee.
While that makes every IT job that much more exciting, woo-hoo!
The story also mentions a term that I hadn’t heard yet ‘Exploit Wednesday’…
‘Between the backlog of unpatched issues, and the chances of new
vulnerabilities being discovered in adjacent areas, PatchLink sees a
clear trend towards exploits coming out before patches are available -
and ‘Exploit Wednesday‘ is likely to become a reality sooner rather
than later.’
Since My Space is one of the most popular sites on the ‘net, I would have to assume at least one or two people in your organization might visit the site on occasion. If they did so recently and your machines are not patched, you might have a problem…
An online banner advertisement that ran on MySpace.com and other sites
over the past week used a Windows security flaw to infect more than a
million users with spyware when people merely browsed the sites with
unpatched versions of Windows
From The Register…
The attack exploited a Windows Metafile (WMF) exploit, fixed by
Microsoft in January, to infect vulnerable Windows machines with
malware from PurityScan/ClickSpring family of adware. The malware
surreptitiously tracks internet usage while bombarding infected users
with pop-up ads.
Microsoft has changed how the WGA program works in XP. Instead of checking in with Microsft everytime a machine starts up, it will now only check in every 90 days.
Instead, the tool reports back over longer periods: every 90 days for
installations with Microsoft’s Volume License keys. The company
justifies this, saying that its blacklist of counterfeit keys is
constantly being updated.
I know you can search the internet and find warez sites who have pirated Windows XP keys, then install XP on as many machines as I wanted to at home – so I can understand why Microsoft is running the WGA program.
The question is how many corporations are doing this? I am sure there are some companies that are doing this, but how wide spread is it? I honestly didn’t think this was a big issue.
But now, I have to wonder what Microsoft is seeing with the data being collected since they are talking going to make WGA a feature of Vista and require Volume License Keys to be activated.
They must be mining this data to see which keys are being used, where they are being used, and how many of them are being used.
While this should make life fun for some of the corporate IT guys…
Starting with the release of Vista and “Longhorn” Windows server next year, customers will be required to register their volume license keys (VLK) with Microsoft within 30 days of
acquisition and report their license usage on a monthly basis,
executives said.
So much for the good faith plan that Microsoft has used in the past. Just another reason for a company to implement a software asset management plan now.
I didn’t know that Microsoft was going to stop supporting Windows XP SP1 in October…
Microsoft reminded solution providers and end users Wednesday that support for Windows XPService Pack 1 (SP1) will end Oct. 10.
Don’t worry if you are still running SP1 right now though, Microsoft has an upgrade path for you…
company recommended that Windows XP SP1 customers consider migrating directly to Windows Vista when it becomes widely available in January 2007.
There are so many things you can say about this, my first thought would be – is your current Windows XP SP1 machine able to run Vista or are you going to have to just buy a new machine?
While this isn't the same as E.T phoning home it does make for a good story. It was my understanding that WGA was a one time only check that Microsoft did against your machine to see if the installation of Windows XP was legal or not.
Now it sounds like this is not the case, it looks like it checks in every time you machine boots up. So now the question is being asked – "is this spyware?"
Microsoft says it is not collecting any information, but they also told us this was a one time check.
Now I want to know how this is going to be the same way the Office Activation works in Office 2007 when it is added? Is Vista going to have this "feature" in it too?
Here we go again, another story about how bad the Business Software Alliance (BSA) is and how they use unscrupulous tactics to go after companies for software piracy. Now I don't think everything the BSA is doing could exactly be called “fair”, but we all know life isn't fair.
One of the first things that is always said about the BSA…“The BSA has always relied most heavily on tips from "disgruntled former employees" as the stereotype goes.”
So just because they are disgruntled former employees they should be listed to? I think this is good and bad.
Unfortunately you are pretty much guilty until you prove you are innocent, so the disgruntled employee can cause a major hassle for a company. I guess the moral of the story here is to keep all of your employees happy (since we all know that is so easy).
Once an audit is set in motion, you basically have to stop everything you are working on, conduct an inventory of your machines, collect your software purchase data, and reconciling the data to figure out if you are over or under licensed. Plus you get the added pleasure of working closely with your legal department 
The next argument you hear is… “the tipsters could be the same employees that are responsible for a companies software compliance program. They can destroy the evidence and then call the BSA to collect a reward.”
This may be true, but does that mean you are not responsible for proving you are compliant? I don't think so.
If the company accountant embezzled a bunch of money and ran off to a secluded tropical island, would you tell the employees “sorry we can't pay you this week” or would you tell the government “sorry we can't pay our taxes because we don't have the required records anymore?"
For some strange reason I don't think either of those lines would work, so why should it work for a software audit.
I’ve seen several stories about “ransom-ware” type software, but these applications were asking for $9.95 or some thing like that. The guys that wrote this software are greedy and what $50…
Panda Software said that it has detected a new spyware program that
promises free access to pornographic websites, but installs malware -
which only is removed in exchange of a $50 payment.
This short posting takes a different look at Microsoft and how they try to lock customers into their platform. I usually see it from the desktop and database side, the author says that battle is over and Microsoft is going after the 'network of files in an organization'.
He says the newest way for Microsoft to get a hold of you and not let go, is to get SharePoint installed in your organization. Its cheap, fast to install and once people start using it you can't get them off it. Since everyone becomes so addicted to the service, you can't take it away from them or change how it works.
That is exactly what Microsoft wants.
