Twelve Microsoft patches to include fixes for OneCare, ForeFront
Patches are being readied to plug security holes in Windows, Office, Visual Studio, Windows Live OneCare, Defender and ForeFront. Per usual, Microsoft will release the mega-fix Tuesday. [SearchSecurity.com]
Sun x86 servers turn heads: Too bad you can’t get one
Users are impressed with Sun’s foray into low-end hardware. But analysts and bloggers say the engineering-centric firm needs to improve logistics. [SearchDataCenter.com]
IBM aims to lower cost of using Linux, Apple PCs
IBM said on Sunday it will offer an open desktop software system for businesses that puts the cost of managing Apple or Linux computers on a more equal footing with Microsoft’s Windows software, improving the economics of Windows alternatives. [Reuters]
The countdown clock is officially ticking: Windows 7 due in 2009
The countdown clock officially is ticking. The goal is Windows 7 in 2009. [All About Microsoft]
NetApp CEO to vars: Sell more software or risk ‘being left behind’
Network Appliance opened its kimono a bit to solution partners at its annual partner summit, held this week in San Francisco, to talk about some upcoming product and program changes. Dan Warmenhoven, CEO of NetApp, used his keynote address to push solution providers to look beyond NetApp hardware sales to make storage and services a bigger part of their sales. [ChannelWeb]
In a conversation Yuval Shavit and I were having with Rado Nikolov, director of strategy and emerging business, ISV & Developer Relations at IBM (try saying that title twice in one breath), something I had intuited finally got a number attached to it. Nikolov said that about 30% of the independent software vendors in IBM’s partner program are <i>also</i> systems integrators.
Software as a service, SOA-based integration of software packages, and the increasingly consultative nature of most software sales are all at least partially responsible for this phenomenon. Nikolov says that few ISVs would have considered themselves to be SIs a few years ago, and few SIs would have added the ISV label to themselves either. But the definition between packaged and “bespoke” software has been eroding for years, and now it’s becoming increasingly difficult to easily divide the roles of ISV and SI.
For its part, IBM is turning to ISVs to do for open-source applications what it had done with VARs for Linux–creating a channel for selling support services, hardware, and potential upgrades to end users. IBM’s latest initiative for business partners using open source gives ISVs and systems integrators access to IBM’s experts for support of its WebSphere Community Edition and DB2 Express-C software, integration testing in IBM’s “innovation centers,” sales assistance, telemarketing for lead generation and other marketing resources to create and sell on top of open-source software. The upside, according to Nikolav, is potential support contract sales for IBM and up-sales to full commercial versions of WebSphere and DB2.
Maybe you should wait for a joint Harvard/MIT study to come out on a security measure you’re considering before using it or recommending it to a customer.
According to a recent study on the use of site-authentication images to prevent fraud cited in the New York Times, users didn’t notice when their summary image had disappeared. The idea behind image-based authentication is that a user will refuse to provide their password if their personalized login page has changed. But Stuart Schechter, a computer scientist at the M.I.T. Lincoln Laboratory said “the premise is right less than 10 percent of the time.”
The debate is raging. While Mr. Gupta of Bank of America insists that the security measure makes the site more secure as part of a larger security posture, Rachna Dhamija, the Harvard researcher who conducted the study, argues that site-authentication images “detract from security by giving users a false sense of confidence.”
So is the appearance of security more important than security itself? The moral of the story might be that channel professionals in particular have an obligation to time-test any recommendations they make or security measures they implement.
Tech giant IBM and Lawson Software have announced their intention to take their partnership in a new direction. The new aim is selling their business applications to small businesses in “specific industries,” according to CNet’s Martin LaMonica.
The union between IBM and Lawson dates back to early 2005 when Lawson agreed to “optimize and standardize” its business applications on IBM’s software and hardware.
According to Lawson’s Website, this new development targets SMBs in “key vertical markets.” These markets include banking, insurance, fashion and food industries.
This development can be turned to the advantage of VARs looking to work with these industries. Partnering with Big Blue can provide fantastic opportunities to corner those markets with service agreements, hardware updates and more.
NPR has been talking a lot about viruses lately. Why? Because it has now been 20 years since the first major virus, Brain, showed up on the scene and marked the beginning of a long history of malicious viruses. Sure, Rich Skrenta wrote Elk Cloner to share pirated computer games with friends as early as 1982, but his program wasn’t malicious enough to make a big splash.
Still, the heyday of computer viruses was five or six years ago. Computer prodigies are focusing on other, equally harmful ventures these days. Weekend Edition’s Scott Simon interviewed senior editor of Wired magazine Nicholas Thompson, who had some interesting things to say. He theorizes there are so many ways to spend time on the Internet these days, from using Bit Torrent to downloading movies to blogging, that the people who were once attracted to writing viruses are now otherwise occupied.
So what do we have to watch out for? According to Thompson, cell phone viruses are gaining momentum now that we’re doing so much more than talking on our mobile phones. He also explained that the types of people who wrote viruses back then are now working to write programs that give spam companies access to computers instead. Mike Rothman has some valuable insight on spamming on his Security Insight blog, and SearchSecurityChannel.com expert Russ Vines has just come out with a resource list for the Wall Street Journal – keep it in mind if you’re tasked with protecting customers from security threats.
What do you think the next big threat will be? Post a comment and let us know.
It was inevitable. After all the hype. After all the talking heads had spoken, Microsoft’s new OS, Vista, will finally hit the shelves tonight at midnight.
Bill Gates was so excited that he couldn’t contain himself.
It still remains to be seen how large an affect this will have on the Channel, but the smart money says it will — eventually. While it does make a lot of sense for VARs and systems integrators to stay on the cutting edge of available technology, deploying Vista with a company you support on Tuesday morning might just result in toilet paper all over your face.
The Reseller News is already talking about the problems they’ve had with the installation. From backing up all your files to getting anything to display on the monitor, there are likely to be some bumps along the way.
Just imagine what would happen to all of you, my friends, if you installed Vista at a company Tuesday night and none of the monitors worked properly on Wednesday morning. Put on a pot of coffee, it’s going to be a long day of support.
But it is just a matter of time until the early adopters have blazed the trail deep enough that more companies are going to want to start taking part. Patch Tuesday will become part of the vernacular again (if it ever went away) andVARs and systems integrators will need to be ready to take advantage of the business opportunities it presents. Bundling the software with new hardware can lead to support roles which could be renewed on a regular basis.
And if you’re thinking of playing with Vista at home to get a feel for it, take a look at The Cult of Mac. While Vista is assuredly designed for your personal computer, running it on your personal Mac might be more satisfying.
No business is safe from email security issues. As a consultant or VAR, you have to deal with customers’ spam, phishing and denial-of-service attacks, and you’ve probably tried to solve these problems with encryption, digital certificates and rerouting traffic, among other tactics. But despite your best efforts, the employees themselves are often to blame for security threats.
In a recent New York Times article, prominent security professionals discussed the growing trend where employees forward company email to personal Web accounts — like Google and Yahoo — for easy access. No matter how strong your customer’s office email security may be (see our Email Security Project Guide), once the information leaves the office, there’s almost no way to control it. So what’s the answer?
Some companies block access to external email accounts through Internet policies, and others monitor all outbound mail to Web accounts searching for perpetrators who forward private company information to insecure sites, but employees complain about the lack of trust these solutions suggest. In Email threats: Educating your SMB Customer, Larry Loeb says: “Email is not just text transmissions any more. It is the flow of information that supports and makes a business possible. A VAR or consultant has to appreciate this reality, and make sure their customers do, too.”
Take those words to heart in today’s scary email security environment. If you can help your customers understand that many real threats come from employees clicking on bogus links and forwarding sensitive information to their personal accounts, you’ll become an invaluable resource. You might also consider solutions that allow employees to access company email just as quickly and easily as personal email, but with office security policies in place. That way they won’t even be tempted to hit the forward button.
Do you have an email security breach horror story? Post it here or pose a question to Russell Dean Vines, our information security threat expert.
SearchSecurityChannel’s sister site SearchSMB compiled their top 10 tips for 2006 — seven of which are security related. It seems SMBs can’t get enough security, and the topics run the gamut. Here they are, in no particular order:
- Email encryption
- VoIP security
- Mobile device security
- Linux security
- Security buying
- Endpoint security
- Disaster recovery
Do these topics match your SMB customers’ concerns? As we plan our editorial calendar for 2007, we’d like to hear what SMB security issues you’re repeatedly addressing. Drop me a line at firstname.lastname@example.org, and in the meantime, visit SearchSMB to read those top 10 tips.
It’s clear that Microsoft’s strategy on dealing with open source has a split-personality problem. Without dropping a beat after the company’s announced Linux partnership with Novell, Microsoft CEO Steve Ballmer reasserted Microsoft’s legal challenges to Linux, and claimed that Novell’s agreement conceded that Microsoft’s intellectual property is infringed by parts of the open-source operating system.
Steve Ballmer and Co. have long been hostile to the Linux community, while at the same time trying to capture more developers to the Windows camp by using a variety of community licenses and pushing some components of the Windows and .NET development architecture as “open” standards through ECMA and other standards bodies.
The recent announcement of a strategic partnership with Novell and its SuSE Linux unit, which appears to be focused on improving compatibility between Windows and Linux networking, isn’t really a deviation from that path. Both Novell and Microsoft are seeking to make enterprise server virtualization customers happy, while Microsoft is still trying to find a way to snuff Linux as a competitor.
The same sort of customer-driven concerns were at the heart of Microsoft’s deal last year with Sun, which ended Sun’s Java lawsuit against Microsoft — Scott McNealy and Steve Ballmer both said enterprise customer demands for things like better compatibility between Sun’s LDAP-based enterprise directory services and Microsoft’s ActiveDirectory helped push them to the table.
Novell needs a competitive edge over Red Hat with big customers, and this agreement might help. In the long run, Novell gets better support for Windows virtual sessions running on SuSE servers, and Microsoft perhaps gets better support for Linux sessions running on its own Windows-based virtualization platform. But the real question is whether there is a long run for Novell, and whether there’s any real value for customers and the channel in the deal. Most of the reaction thus far has been lukewarm at best– and the propaganda value to Microsoft in its FUD war on Linux as a whole has gotten more of a boost than anything else.
Various constituencies have been nagging Sun Microsystems to open-source the Java platform since almost the day it was launched. Former CEO and current chairman Scott McNealy had resisted for a long time, challenging IBM to open-source DB2 when IBM execs chided Sun on the open source issue. Then Sun created its own open-source license — CDDL (Common Development and Distribution License)–and used it for the Solaris OS and for Glassfish, an implementation of Java Enterprise Edition. and Jonathan Schwartz promised Java would follow Solaris into the open world.
And now, Sun has delivered–the entire Java family has been open-sourced under the GNU Public License version 2.0. That means that Java can now live peacefully with other software distributions that fall under the GPL, such as Linux, without barriers to free redistribution.
The first thing this means to the channel is that resellers, integrators and ISVs can now build fully-blessed Java applications and integration software without royalties. Sun is still providing for a commercial license of Java that provides indemnification for customers, but having the entire code base in GPL open source means that people can develop new mobile, desktop and server applications and distribute them–and that open-source projects based on the GPL can incorporate Java into their code without legal fears.