For several months now, I’ve been interacting with the folks at Zinstall about their various products, most notably Zinstall XP7. This tool works with any version of Windows 7 (including Starter, Home Basic, and Home Premium) to migrate an existing, standalone Windows XP runtime environment into a Windows 7 based virtual machine that matches the original version in every respect.
As the proud and sometimes impatient owner of an Asus 1000HE Netbook (which I’ve upgraded to 2 GB of RAM, and in which I use a Samsung SSD instead of the original 5400 RPM hard disk, impatient user that I am) I had an “interesting” XP target machine that I needed to update to the RTM version of Windows 7 anyway. So I prepped my machine for a Windows 7 install, which included some interesting misadventures in switching from the unit’s convention HD to the Samsung SSD, as I relate in a companion blog, and after installing and updating the 1000HE for Windows 7, then bringing all the drivers up to the latest and greatest versions (thanks to my personal fave Web- and subscription-based driver management tool, DriverAgent.com), I tackled Zinstall XP7 next.
The total time for the install was pretty lengthy — longer than installing Windows 7 itself, in fact, but not longer than applying the 45-odd updates to the base image, nor longer than downloading and updating all the drivers — at around 63 minutes give or take a few seconds (see the time log that follows later in this blog for more details). But the program worked like a charm, and delivered on its promise to return my former standalone XP desktop environment in the form of a VM running under Windows 7. But it turns out that the poor little Atom N280 in this machine just isn’t up to the task of running an XP VM inside Windows 7. Everything worked for me, to be sure (aside from a few brief hiccups with display resolution, quickly fixed once I figured out how to regain control over the mouse and my virtual desktop), but it was so painfully slow that I found it intolerable for any kind of real work. That said, it’s incredibly convenient to be able to return to that runtime environment as and when I need to grab files and information from my prior installation to copy or otherwise import them into the new Windows 7 desktop environment.
Here’s the timetable for my install activities, which also explain the various stages of the Zinstall XP7 installation and conversion process. Here’s a screenshot of the pre-final program display, that names all of the steps in the process.
The list of steps and my timetable ran as follows (times are in mm:ss format):
1. Initializing 15:23
2. Analyzing Source <C:\> 09:30
3. Preparing Source <C:\> 00:05
4. Copying Source <C:\> 04:35
5. Applying hard disk layout 00:02
6. Adjusting old Windows 01:28
7. Configuring Zinstall machine 03:55
8. Fine tuning Zinstall machine 26:05
9. Embedding Zinstall machine 02:05
There were some times during the fine-tuning stage when I despaired of successful completion, because the progress bar for this sub-task seemed to hang at the 95% point nearly forever, but the program did eventually complete successfully and deliver me a copy of my previous XP runtime environment inside a working (but painfully slow, on this underpowered netbook) virtual machine. It was also easy to switch back and forth between the Windows 7 desktop and the XP desktop by using the notification area icons that Zinstall provides both for XP and Windows 7 for that purpose.
When I loaded Zinstall and had it convert my XP environment to a VM, I elected the “convert in place option.” Zinstall can also migrate the XP image from one machine to another across the network, or from one drive (the old system drive, presumably) to another (the new system drive) on the same machine. Everything I saw about the program, as constrained as my netbook was for memory and CPU resources shows me that the program is well-built, very stable, and quite capable. In fact, things should go much, much faster on more powerful hardware, and it’s a real testament to the program’s capabilities that it worked without a hitch on a machine with 1 GB less memory than the recommended configuration for such an in-place install, and on such a puny processor as well. At $89 this program is an excellent value for the money (SMBs and enterprises facing volume migrations should look to the company’s volume purchase offerings, which add a migration server with centralized automated control into the mix).
I had the great pleasure of speaking with Alec Milton, Managing Director of Product Marketing for Oasys Limited last Friday, to talk about the company’s excellent Mail Manager product. Before I tell you a little about the software — which is unbelievably cool and capable — let me tell you a little about the company. It’s the kind of story guaranteed to warm at least my nerdish heart, if not yours as well. As a product, Mail Manager is the result of an internal development project to organize and manage email messages for a world-class large-scale engineering company (the ARUP group, to be precise) gone so very, very well that it has actually given birth to a subsidiary company to sell technology developed to help manage the message and file traffic routinely associated with engineering projects (which not only involve text communications, but huge volumes of supporting files for engineering plans, CAD drawings, complex workflows and schedules, and yada yada yada, along with serious retention and accountability requirements to assume liability and be ready to deal with potential litigation as and whenever it may happen, as it sometimes does).
I’m learning the program and plan to write a lengthy review in 4-6 weeks after I can say something meaninful about its capabilities and benefits based on personal experience. But in a very small nutshell, what Mr. Milton showed me about Mail Manager tells me that its capabilities are pretty darn amazing:
1. It sidesteps all of the standard PST vs. Exchange based message store issues by maintaining its own XML-based message store, which is compact, highly searchable, and supports user tagging and association mechanisms uniquely suited to project-oriented information storage and retrieval.
2. It works equally well for small, SOHO class business where anywhere from one to a handful of people must collaborate and organize documents along with email to keep communications, work product, timesheets, and reports together on a per-project basis, and for ginormous project-oriented mega-engineering outfits like the company what built it — namely, the ARUP Group (for which Alec showed me a message store with thousands of projects and a complex semantic Web uniting project messages, documents, and other elements together so that fast searches and easy access are available on a truly global scale). The biggest users operate the software for a community of about 50,000 users, so I’d have to say that scalability is pretty much proven.
3. From a day-to-day “get things done” perspective, Mr. Milton’s half-hour demo showed me that Mail Manager makes it easy for people to file information as and when they need to, and then to find it later on when they must refer to their stored information for all kinds of reasons. The product even allows offline work, so that pending filing or retrieval activities can be queued up until an Internet connection once again becomes available, without hampering local work or effort in the meantime. The use of a well-indexed, highly searchable centralized and distributed repository also means that duplicate messages and files need not be stored, and that organizations can save on storage and network traffic. The coolest thing I saw was an ad-hoc organization of different kinds of data called “Collections” that is best understood by the Windows-7-savvy as “Libraries for a message store” where items from all over the place (literally) can be composed and organized inside a single logical and hierarchical framework.
I’ve worked with Exchange-based Outlook and SharePoint applications, and with extensive, extended Lotus Notes environments at many and various points in my checkered career. I can’t wait to see how Mail Manager stacks up against these other mega-messaging alternatives as I get to know the product better. Count on me to keep you informed about what’s going on, and to tell you more about what I observe and learn about Mail Manager along the way. In the meantime, to learn more about Mail Manager on your own, check out the Oasys Mail Manager product page at your leisure.
First, a clarification, EOS stands for “End Of Support” and refers to the official cut-off dates for support from Microsoft for these various operating systems. Next, kudos to Ed Bott for totally nailing this topic in his Microsoft Report for ZDNet Monday, entitled “How long will Microsoft support XP, Vista, and Windows 7?”
What makes things interesting here is that MS has extended the normal life of XP in response, one imagines, to the crashing failure of Vista to enlist much market uptake, especially on the corporate side of the street. Ed also explains in his report that “The official date of retirement for support is the second Tuesday in the first month of the quarter following that anniversary [5 years from the General Availability or GA date for general public support, plus another 5 years of “extended support” for business users] …” Microsoft refers to general public support as “mainstream support” and that’s how you’ll see it named in the screencap that follows later in this blog.
Here’s how this works out, for the calendrically challenged:
- The GA date for Windows 7 fell on October 22, 2009. Add five years to get 10/22/2014, after which the next quarter starts on 1/1/2015, and in which the second Tuesday falls on 1/13/2015. That’s when mainstream support ends for Windows 7, so extended support ends 5 years later on 1/13/2020.
- The GA date for Windows Vista fell on January 30, 2007. Add five years to get 1/30/2012, after which the next quarter starts on 4/1/2012, and in which the second Tuesday falls on 4/10/2012. That’s when mainstream support ends for Windows Vista, so extended support ends five years after that, on 4/10/2017.
- The preceding calculations don’t apply to Windows XP because MS has extended its life well beyond those dates already. This is where the Microsoft Product Lifecyle Search page comes into play, into which I plugged Windows XP Professional (as the most likely business/enterprise XP version in use) to produce these results, which peg the end date for extended support at 4/8/2014, with mainstream support already having expired on 4/14/2009.
OK, so now you know. What are you going to do about it? It will be interesting to see how availability of Windows 8 in 2012, before extended support ends for Windows XP, will play out for Windows 7 sales into the enterprise. I personally think this is going to be less of an issue than some believe. That’s because the impending exhaustion of IPv4 addresses and the concomitant wholesale migration to IPv6, plus less-than-stellar support for IPv6 in Windows XP, is going to make Windows 7 a whole lot more attractive and compelling than a lot of enterprises may find it at the moment.
Poking through the Windows blog this weekend, I stumbled across an August 5 posting by Michael Kopcsak entitled “A behind-the-scenes look at designing the new Hotmail: part two.” Part 1 of this series ain’t bad, but Part Two gets into some useful nitty-gritty details. There’s some great suff on message filtering and cleaning up inbox (or folder) clutter using button controls, and a great explanation as to how the filtering mechanisms were designed (and work) to be simple, straightforward, and easy to access.
You’ll also find some peachy explanations of Hotmail navigation and UI behavior, including search, IM controls, and message threading tools. You’ll get an improved understanding of how message history works, and how overall threaded conversations fit and work together inside the Hotmail interface. You’ll get some geat survey results on how the Hotmail default view was designed, and what kinds of user input over time helped to drive design decisions (and a good explanation of why you can organize emails by conversations but why that wasn’t chosen as the default view).
It may not signify much for those who use a different email package (Windows Live Mail, Outlook, Gmail, or whathaveyou) but for those in the Hotmail embrace, it’s really great stuff!
Check out the Microsoft Security Bulletin Advance Notification for August 2010: according to Ars Technica (and my own imperfect memory) this coming Patch Tuesday (8/10/2010) will be the biggest ever. There are 14 security updates involved, 8 of which are critical, 6 of which are important. Seven will require a restart, and seven more “may require restart” according to Microsoft. Ten will address remote code execution, and four elevation of privilege. 10 updates affect XP, 7 Windows Server 2003, 13 Windows Vista, 11 Windows Server 2008, 12 Windows 7, and 11 Windows Server 2008 R2. Only two of the updates relate to MS Office implementations, and one (critical) item affects Microsoft Silverlight 2 and 3. Any way you slice it, this is going to be a whopper of an update collection!
If history is any guide, these updates will go live around mid-day (10 AM to noon, PDT/UCT -08:00) and then there’s going to be a furious spate of downloads. When more details become available, I’ll follow up with a profile of what’s going on. For those not already in the know, however, the Windows Shell Vulnerability has already been addressed by an out-of-band update released last week, so it will not be among the items that go live on Tuesday.
In a couple of recent blogs, I’ve been reporting about a particularly nasty strain of malware based on a Windows Shell Vulnerability that affects all desktop versions of Windows from 2000 through 7, and all Server versions from 2000 to 2008 R2:
- 7/29/2010: Vulnerability in Windows Shell could allow remote code execution
- 8/2/2010: Windows Shell Vulnerability to Get Emergency Update Today
Turns out that this is a particularly nasty strain of malware that served, for example, as the underlying attack vector for the StuxNet worm that has been successfully used to penetrate numerous Siemens-designed power plants using Windows-based SCADA systems. Even more troubling, this original implementation (which featured rootlet functionality and ran as signed code, indicating a sophisticated attacker at work), has been imitated successfully by less sophisticated malefactors and “…is likely to become a mainstay of malware distribution techniques…” according to Eset researcher Pierre-Marc Bureau of ESET (quoted in Sherman Hand’s prescient 7/23/2010 story entitled “Unpatched Shortcut Vulnerability Exploited by Malware“).
Interestingly, Eset antivirus is one of a number of packages that attempt to block the installation of KB2286198 (the emergency update released on 8/2/2010 by Microsoft) which is designed to counter this very threat. Reports from the field indicate that several AV or malware protection packages may block or mangle application of this update. Current recommendations are to download the patch, disconnect the PC to be patched from the network, disable the AV or other security software in use, apply the patch, then reverse the process to restore the machine to normal operation.
Some users have also reported that they cannot access their most recent restore points as they seek to undo the damage that can result from failed or incomplete application of the KB2286198 patch. In those cases, booting from a system repair disk, a bootable Windows 7 install UFD, or the original Windows 7 DVD provides access to that restore point, after which the system can be returned to its presumably pristine (or at least working) state prior to initial attempts to apply the update.
Then by following the recommended steps (disconnect from network, disable security software, apply update, re-enable security software, reattach to network) the patch can be applied successfully.
The shortcut vulnerability I reported on in my blog last week “Vulnerability in Windows Shell could allow remote code execution” — namely by enabling malefactors to include malicious code as part of a Windows shortcut definition, so that said code executes whenever the shortcut is used — has apparently been judged serious and scary enough to warrant what Microsoft calls an “out-of-band update” that precedes the August Patch Tuesday update release (8/10/2010). I guess that means it really does pose a serious threat, as I had guessed that it might from its technical description.
According to InfoWorld “Microsoft … said it will isse an emergency patch for the critical Windows shortcut bug on Monday, August 2.” Upon seeing increased attempts to exploit this vulnerability in the field, MS decided to speed up release of the update to provide much-needed protection as soon as possible. According to the Infoworld report, the patch should become available at or around 1 PM EDT (GMT -05:00) today. Because you never know what kind of software users are likely to install on their PCs, this is one upate that should be pushed into deployment as soon as vetting and authorization processes allow. It probably also warrants an email to users exhort them to apply this patch to personal or home machines ASAP as well.
Last week (I’m still playing catch-up from my vacation from 7/18 to 7/28, sorry) Microsoft announced the availability of a new beta version of its Microsoft Security Essentials package. Described as a “low-cost light weigh anti-malware service” this package offers reasonable but not top-of-the-line security protection for free to anybody with a genuine Windows license on his or her PC. Independent reviews of the previous version give the package so-so marks (as ably demonstrated in Neil J. Rubenking’s March 2010 review of the program for PC Magazine) where the net-net takeway is something like this “adequate for handling viruses and spyware, not so great with rootkits and scareware/scamware.”
As of June 20, 2010, Microsoft is trying to clean up its act, and is giving users the chance to try out and comment on the upcoming vesion of Security Essentials. To do this, users must log into the MS Microsoft Connect Website (and register, if they aren’t already signed up there), after which they’ll get the chance to sign up for and download the beta vesion of Security Essentials.
Here’s what’s new in this latest edition, straight from that MS Web page:
What’s New in the Microsoft Security Essentials beta?
This Beta version of Microsoft Security Essentials includes these new features and enhancements to better help protect your computer from threats:
1. Windows Firewall integration: Microsoft Security Essentials setup allows you to turn on Windows Firewall.
2. Enhanced protection from web-based threats: Microsoft Security Essentials has enhanced integration with Internet Explorer which helps prevent malicious scripts from running and provides improved protection against web based attacks.
3. New and improved protection engine: The updated engine offers enhanced detection and cleanup capabilities and better performance.
As with my previous discussions of and recommendations for Security Essentials, IT pros will probably be able to server their users best by recommending this package as one of a number of free alternatives for home or personal machines where budgets are tight and free software is thus either highly desirable or the only tolerable option.
Thanks to Paul Thurrot’s SuperSite for turning me on to a serious Windows vulnerability related to the same shell shared by “… all modern Windows versions from Windows XP through7, including all Server versions…” There’s also a July 21, 2010 Microsoft Security Advisory (2286198) that explains this issue available, that’s probably worth reading, too.
Here’s the 10,000 foot view: a Belarussian security firm named VirusBlokAda reported its discovery on June 17 that Windows passes shortcuts in such as way as to enable malicious code to be executed when the icon for a specially-crafted shortcut gets displayed (the code is attached to the icon image, so that processing the image for display also causes the attached code to run). Microsoft plans to issue a fix on the August Patch Tuesday (8/9/2010) but the Security Advisory includes a workaround that may be applied in the iterim. Basically it strips all shortcuts of their icons (no display, no possibility of running malicious code: get it?) so that users enjoy security from this vulnerability at the cost of little white boxes for shortcuts instead of pretty icons.
In testing the workaround on my Windows 7 x64 test machine I also encountered the new Microsoft Fix It facility, which applied the patch (and gave me access to a reverse the fix tool as well). Pretty interesting stuff, and I expect to see it used more often as Microsoft steps up its proactivity in dealing with security glitches in advance of published updates, as in this case. Kewl!
As an aside, I personally hate shortcuts and always opt to keep them off my desktop in 99 out of 100 cases. Who knew that what I thought was an esthetic foible could turn out to be a best security practice?
“One step forward and three steps back” must’ve been the guiding force for my first day back from vacation yesterday, where I struggled both mightily and frantically to get my working life back on the rails after a blissful 6 days of vacation bracketed by a full day of travel to and from the lovely and cool mid-coast region of Maine. Before my departure, I’d been seeking diagnosis and cure of an ongoing series of network failures on my home LAN which currently includes 10 computers: 6 running some form of Windows 7, one each XP and Vista, one running a Fedora-based Linux image (an OLPC that I supposedly bought for my son), and one running whatever GNU/Linux version the Nintendo Wii uses, plus my D-Link DIR 655 router/switch/WAP and my D-Link 2100AWL 802.11 g wireless hub.
By the time I left town to hit the Maine beaches and attractions, I’d determined by trial and error that my network failures would cease when I removed the cable coming from the network interface on the Asus P5E3 Pro motherboard in one of my machines named A900Test. To fix the problem, I purchased a D-Link DGE-530T 10/100/1000 PCI network adapter at my local Fry’s before leaving town. Upon my return to work, after I got through e-mail, and met all of yesterday’s immediate deadlines, I decided to disable the NIC on the Asus motherboard in A900Test, and to install the D-Link NIC in its place.
After installing the 530T in that machine, I found myself in the rare position of rebooting to have Windows 7 tell me it couldn’t find a driver for the NIC by itself. This is the first time Windows 7 has come up short in this regard in the year-and-a-half-plus that I’ve used this OS, starting with Build 7000 way back in January 2009. “No problem,” I thought, “I’ll just use the drivers on the CD that comes with the NIC.” But there, I found my only option was to use x64 Windows Vista drivers, since the card itself is old enough that it apparently predates the official Windows 7 release date in late October, 2009.
Again my thought was “No problem, I’ll just download the newer Windows 7-friendly drivers to a UFD on another machine, then install them on this one.” But when I did so, I got an error message from the D-Link installer informing me that another network control program was present on my machine that had to be removed before the D-Link installer (and its drivers) would install on my machine. “No problem” I said to myself “I’ll use Universal Extractor to suck the necessary driver files out of the setup.exe program and then install the drivers via Driver Update in Device Manager.” No dice: Device Manager politely informed me it could find no suitable drivers in the $INSTDIR that Universal Extractor created for me with all of the .sys, .cat, .dll, and .inf files that supply drivers to Windows 7 (and other OSes) these days.
“Aargh!” I thought to myself “Time for a call to D-Link tech support.” I shouldn’t have bothered. After a nice but fairly ignorant support tech named Seetha ran me through everything I’d already tried myself (with regular pauses for her to consult with some more knowledgeable third party, she had me uninstall the unidentified Ethernet NIC in Other Devices in Device Manager, then re-run the installer several times), she informed me I would have to return the card for a replacement to Fry’s and try again. I *KNEW* this to be bogus advice, because my problem was that the installer wouldn’t run, not that the hardware wouldn’t work (you can’t really tell the hardware isn’t working properly, in fact, until you have a working driver installed and running).
Upon trolling through Programs and Features in Control Panel, and reading through various items in the aforementioned $INSTDIR directory that Universal Extractor created for me, I saw numerous entries named yk*.*. Subsequent inspection of the readme file also unpacked in this directory informed me the NIC includes a Marvell Yukon GbE chipset. At this point, I finally realized that the D-Link card incorporates the same chipset that my on-board Asus NIC also uses.
Mystery solved: I had to uninstall the Marvell Control Program in Programs and Features before the D-Link installer program could do its job, after which everything went as smooth as silk. My question to D-Link is “Why doesn’t your standard 530T script for first-level Tech Support people include a question like ‘What kind of NIC chipset does your motherboard use?'” If that were the case, Seetha could have told me to uninstall the Marvell Control Program, and informed me that installation would proceed without further trouble. I’m just glad I know enough about how networking operates in the Windows environment to be able to figure this kind of thing out for myself.
Sigh. And so it goes… At least the network is working properly, and I’ve experienced no further LAN failures since I successfully installed the 530T on my primary test machine. I’m crossing my fingers that this will fix my network glitches going forward, but only time will tell. FYI, I’m forwarding this blog to a couple of D-Link PR people and requesting a response, which I’ll add to this posting should any such reply make its way into my inbox.
[Note added 7/29/2010: I did get a “looking into it” reply from one of the D-Link PR people to whom I sent a link to this blog, but nothing more substantial in reply just yet. Stay tuned! -E-]