Windows Enterprise Desktop

May 24, 2010  10:49 PM

Holding Up the Third Leg of the Tripod: Physical Security

Ed Tittel Ed Tittel Profile: Ed Tittel

Information security experts like to talk about a metaphorical three-legged security model called the security tripod, or more simply, the tripod. In this model, one leg comes from perimeter security, which addresses the barrier and safeguards used to protect the boundary between internal and external networks, or between individual systems and the Internet. Another leg comes from software security, which addresses the needs to maintain confidentiality, integrity, and accountability for data and services that software and systems provide. The final, and too often overlooked leg hinges on physical security, or controlling physical access to systems and machines.

As I spoke to Rob Humphrey, the Director of Security Products at the Kensington Computer Products Group by phone last week, I was forcibly reminded of the vital importance of this third leg in maintaining security for systems and networks alike. It’s a truism that if a bad guy can take possession of, or gain access to, just about any kind of system, that he (or she) can usually compromise the other two kinds of security quickly and convincingly in most cases, provided that the person who takes possession of or gains access to a system knows what they’re doing.

Case in point: when my colleague James Michael Stewart and I used to teach Windows security courses for Interop in the late 1990s and early 2000s, we would ask a volunteer to let us borrow one of their notebook PCs in the class. In 9 cases out of 10, we could break into that system in under 5 minutes live in the classroom using readily available administrative hacking tools for Windows PCs. The notion that somebody who takes possession of a system can soon also take possession of its contents is one worth pondering, and reacting to, especially for companies or organizations that permit employees to work off-site, or take sensitive information with them off the premises as they travel for business or pleasure.

Simple thought it seems, the Kensington cable locks that the majority of notebook and laptop PCs support (around 99% of all notebooks, according to Mr. Humphrey, come with built-in Kensington Security Slots that accommodate such locks) can provide a powerful deterrent against theft and loss of systems and the information they contain. By making it more difficult and time-consuming to take possession of a notebook PC, Kensington decreases the likelihood that an unauthorized and possibly malefic third party will take it into his possession, and gain access to the information it contains.

Humphrey also shared some scary and wonderful statistics about the impact of theft and loss on companies and organizations. Right now, an average of 20,000 PCs are lost or stolen every week in the US. Estimates of the value of the information on those machines hovers near $75,000 per computer. This is not a huge number, but the product of the number of systems and the value of the information they contain comes up to a whopping $1.5B in losses in the US every week! That’s $78B per year in losses, for machines that get lost or stolen. This might seem highly unlikely, until you remember the tens of thousands of veteran’s identity data lost owing to the theft of a notebook belonging to a VA employee in 2006 (26.5 million records), or large scale losses of credit card information at various card processing operations in the past few years (over 40 million records in the aggregate).

The best combination of physical protections for a modern-day notebook looks something like this:

1. A physical lock-and-key-plus cable to keep the notebook where it’s left

2. Whole drive encryption that requires a password to access a hard disk, and any of the data it contains

3. Use of the boot/hardware password protection that the hardware-based trusted platform module (TPM) provides to suitably-equipped notebooks and laptop PCs. Without the right login/boot-up password, the computer simply won’t boot, and this low-level protective circuitry cannot be sidestepped or worked around

4. Built-in tracking software like LoJack that causes a system to report its IP address and other information whenever it’s started up, so that legitimate owners and service operators can track down and recover lost or stolen machines.

Today, Kensington has a relationship with Absolute Software that lets buyers of their security cables, purchase a bundle or obtain a discount on that company’s LoJack for Laptops. I suggested to Humphries that he look into similar synergies with makers of whole-drive encryption tools and TPM technologies. Seems like an appropriate collection of countermeasures to ensure that notebooks and the data they contain remain safe from unauthorized access or use.

May 20, 2010  5:00 PM

Check Out Dual Boot Pro to Manage Win7 BCD Stuff

Ed Tittel Ed Tittel Profile: Ed Tittel

It’s been well over a year now since I started grabbing various Windows 7 release candidates, and most of  my machines got their initial RTM installs in August, 2009, when MSDN made the RTM available two full months before the official release of Windows 7 in late October. I’ve recently noticed with increasing irritation that my Windows 7 boot screen still includes references to various RC (Release Candidate) versions even on PCs that have long since had those entries removed from the hard disks present in those machines.

For Windows Vista, I turned to a freeware product called EasyBCD that made it much easier to rework the Boot Configuration Data (which is what BCD stands for in modern Windows OSes). But alas, that product is no longer available, and besides it’s not warranted to work with Windows 7. And if there’s anything you DON’T want to muck around with on a Windows Vista, 7, or Server 2008 machine it’s the boot configuration data. This led me on a search for a replacement tool, and what I came up with is called Dual Boot Pro a capable, usable, and cheap ($9.95) tool that works like a champ on PCs that include BCD based Windows OSes among their OS lineups.

Let’s take a guided tour of installing and using Dual Boot Pro, because it will show you everything you need to know as I demonstrate how to remove offending items from the boot menu and manage various boot settings as well.

Installing Dual Boot Pro

After you pay for then download the software from the Web pages, you will obtain a Windows installer (.msi) file that you must double-click to launch the installer process. Installation takes you through a total of two basic screens, and took under a minute on my test PC.

The initial install screen shows a progress bar as installation proceeds

The initial install screen shows a progress bar as installation proceeds

When the (brief) install process completes, click a button to finish things up.

When the (brief) install process completes, click a button to finish things up.

Running/Using Dual Boot Pro

The first time you run the program, you will be warned that it detects no backup of the BCD data for your system, and guided to create such a backup. On subsequent uses of the program, it’s up to you to remember that backing up BCD data before making any changes is a really, really good idea, and to use the Care Center tab to create (or restore) such backups as needed.

When no BCD backup is detected, you are warned to create one.

When no BCD backup is detected, you are asked to create one.

This throws you into the Care Center tab in the program where you can browse to a directory of your choosing in which to keep BCD backups. I keep mine in the Documents folder, and use the ANSI/ISO date at the end of the filename, as shown here:

When the backup is saved, the program tells you if the save is valid or otherwise.

When the backup is saved, the program tells you if the save is valid or otherwise.

Viewing Current BCD Info & Listings

Click on the Boot Information tab to view the current BCD information and name information (it’s what shows up on the Windows 7 boot screen as the OS is starting up). Notice that in the next screen cap, Windows 7 x64 RC still shows up (even though it’s no longer resident on this PC).

There are two entries in the BCD, even though one is now MIA!

There are two entries in the BCD, even though one is now MIA!

Removing the Old/Obsolete RC BCD Entry

To edit BCD data, click the Operating Systems tab in Dual Boot Pro. Then, you can select any individual entry and either alter its data (through the controls below the listing pane), or click the Red X (Delete) control to the right of the listing pane. That’s what I’ll do to get rid of the obsolete RC entry.

highlight the entry you wish to delete, then click the Red X.

Before: highlight the entry you wish to delete, then click the Red X.

As you might hope, Dual Boot Pro asks you to confirm any entry deletions.

As you might hope, Dual Boot Pro asks you to confirm any entry deletions.

Edit BCD Entry Name Info

On this same screen you can also edit existing entries to provide a different, more descriptive name. I like to know what version and word-length attaches to the Windows Versions I have running on my machines, so I usually add that info to the name to help me remember (hint: you must always highlight an entry in the entries pane at top center before you can add or apply data related to that entry in the controls and buttons below).

Highlight an entry, make your changes, then click "Apply Updates"

Highlight an entry, make your changes, then click

Once the change is applied, the new name data shows up in the entry pane.

Once the change is applied, the new name data shows up in the entry pane.

Concluding Thoughts and Admonitions

There’s a lot to like about this useful little program. If you spend some time getting to know the software, you’ll come to appreciate its capabilities. Business licenses are available, and cost $24.99 per license (which may be used on up to five computers). Commercial and Corporate licenses start at $4.99 per seat and go down in price as the number of licenses go up ($3.95 for 101-500 licenses, $2.95 for 501 licenses and up).

May 17, 2010  2:46 PM

MS Office 2010 Ships June 15, Beta Still Available

Ed Tittel Ed Tittel Profile: Ed Tittel

Look around the technology news landscape these days, and you’ll see much of it in the clouds — or rather, making much of the importance, dominance, or < insert your own superlative here > for cloud computing of some kind. Even the mainstay of individual work in the enterprise, the productivity suite, is touted as a cloud-compatible toolset, as Google and others tout their cloud-based offerings in this arena. Don’t believe it: Microsoft Office still rules this niche in the workplace, and has maintained a staggering 94 percent market share in office productivity software (and seats) for the past three years.

That’s what makes the immanent release of a new Office suite, Microsoft Office 2010, big news. As of last week (May 15) Microsoft indicated that the latest version of MS Office will be available for retail purchase online and in stores on June 15. Various 32- and 64-bit RTM versions of Office 2010 have been available on MSDN for a while now, with the latest batch uploaded on May 10, 2010.

But with the official release date of Office 2010 still almost a month in the offing, interested IT professionals may want to hop over to the Microsoft Office 2010 pages, where they can still grab a 60-day trial copy of the beta version of the Professional Plus edition. Note that you must remove prior Office versions before you can install the RTM version on a test machine, and that MS recommends against installing this beta package “on a PC that will require an activated copy of Office after the 60-day trial period is over.” Nevertheless, it’s a great way to prep for the coming onslaught, and to get familiar with what is bound to become a fixture in many enterprise IT operations over the next year or two.

May 14, 2010  4:45 PM

When Win7 SP1 Comes, XP Downgrade Goes Bye-Bye…For Some

Ed Tittel Ed Tittel Profile: Ed Tittel

Sources that include TechARP and InfoWorld have been among the sites that continue to cover news on the forthcoming Service Pack 1 (SP1) for Windows 7, but it’s still not clear when it will be released for public consumption. That said, beta code for SP1 has been floating around since March, so it’s pretty likely that the final version will be released some time in 2010, perhaps even before the fourth quarter of this year.

But there’s one “very interesting” implication to SP1 release that may interest OEMs and customers alike. That is, so-called downgrade rights to Windows XP for Windows 7 end either 18 months after the introduction of Windows 7 (April 2011) or when SP1 goes public, whichever comes first. Only big-time enterprise customers are exempt from this — namely, those companies that subscribe to Microsoft Software Assurance or that purchase Windows through volume licensing agreements (those buyers retain rights to run versions of Windows all the way back to Windows 95!)

Now that SP1 is at least rumored if not actually poised for release up to 8 months prior to April, 2011, this is something that system vendors and enterprise users must consider carefully. Even though an official release date (or even month) stil remains to be determined and announced, organizations that remain committed to Windows XP may find themselves forced to re-think that relationship in the light of coming events and software releases.

Once SP1 does ship, the only way that organizations can keep using XP-specific applications is to use Windows XP Mode inside Windows 7. And that, in turn, requires adoption of Windows 7 Professional, Ultimate, or Enterprise because only these three editions support that capability (which also requires grabbing the necessary code and licensing information from the Microsoft Website). Put that in your pipe and smoke it, as you plan your next client platform refresh cycles!

May 13, 2010  2:45 PM

PC Tools Anti-Malware Products Continue to Excel

Ed Tittel Ed Tittel Profile: Ed Tittel

Over the past 5 years. since the publication of my 2005 book The PC Magazine Guide to Fighting Spyware, Viruses, and Malware, I’ve been following the rise and fall of numerous anti-virus and anti-spyware software packages with great interest and attention. In that period I’ve worked with numerous suites and anti-virus/-spyware packages from a great many vendors, including (in alphabetical order) AVG, Avira, BitDefender, Frisk, F-Secure, Kaspersky, Norton/Symantec, PC Tools, Sunbelt Software, and Webroot.

Out of that collection of tools, I’ve consistently stuck with this subset of offerings for use on my own or family member’s machines:

  • AVG Anti-Virus Free Edition: I have *LOTS* of test machines, and a free product is pretty helpful for the many that so often come and go in my lab
  • Norton Internet Security: I abandoned this product in the mid 2000’s as its resource requirements mushroomed and it turned into a bona fide system hog. But the newer, leaner and meaner 2009 and 2010 versions have earned their way back onto numerous desktops in my house.
  • Webroot: Spy Sweeper was the first hot-dog antispyware product that I got to know while writing my book, and it has remained a popular and effective tool ever since
  • PC Tools: Spyware Doctor is another hot-dog antispyware product that continues to earn accolades and special status as a leading antispyware package. The company’s combo offering (with PC Tools AntiVirus) and Internet Security suite also work very well.

Though I’ve occasionally strugged with components of the PC Tools environment — see my September 2008 blog for “Best-of-Breed Apps Aren’t Always Best for Vista” — by and large their products have done me and my desktop and notebook PCs more right than wrong. This is born out in recent results from the latest round of VB100 testing from Virus Bulletin in April, 2010. Though products from a surprising group of vendors that include eEye, Frisk, Norman, and even Microsoft (Security Essentials) failed to earn the once-coveted but now obligatory VB100 rating for Windows XP SP3 platforms in this latest round of testing, the PC Tools products (and those from the other vendors I mention in my preceding favorites lists) continued their ongoing streak of VB100 status.

In talking with members of the PC Tools development team to understand how they’ve kept up, especially in light of recent changes to the Virus Bulletin wild list and other testing changes and shake-ups I learned that the company maintains a dedicated team of researchers and testers to keep up with (and help to guide) the composition and execution of its testing operations. And of course, as is customary for most major anti-malware operations these days, this group also monitors reports from its own customers and various shared security and vulnerability reporting resources (like the Mitre database of common vulnerabilities and exposures known as the CVE), so that it knows when to begin work on the various signatures, heuristics, and other detection, avoidance and repair tools that drive daily efforts in such organizations. In fact, heuristics- and behavior-based detection and avoidance is an area where the PC Tools products really shine, thanks in large part to the development efforts behind its ThreatFire module, which observes and blocks suspect system behavior and potentially dangerous file system access and activity.

If you’re looking for a solid and reliable anti-malware solution for Windows PCs, any of the items on the list at the head of this blog will do the job, but I recommend the PC Tools products as a particularly good value for the money you’ll have to shell out to install most of them on one or more PCs. The PC Tools Internet Security suite, in fact, offers comprehensive and capable all-around security coverage and protection for up to 3 Windows 7 PCs for about US$50 per year (or less, if you search for discount codes online, such as this 25% off offer available from

May 12, 2010  3:16 PM

Beware the TDSS Rootkit Removal Tool!!!

Ed Tittel Ed Tittel Profile: Ed Tittel

In the latest (May 2010) issue of Virus Bulletin, I read Alisa Shevchencko’s story “TDSS Infections – Quarterly Report” with some interest and a lively appreciation of the TDSS rootkit malware and infections over the past year. Upon learning that a detection and repair tool for this rootkit (which is extraordinarily difficult to detect, even for rootkit-specific tools) was available from Shevchenko’s employers Website (eSage Lab) I decided to give it a shot. This program, simply called remover.exe scans systems to look for hidden driver files so that its users can remove them if and when they’re found. This tool comes with an undocumented catch, however, as I learned by electing to remove two hidden items that the program discovered on my system.

If you’re lucky, when you run this tool on your system, you’ll get a display that looks like this:

The best outcome is when no hidden driver files are detected

The best outcome is when no hidden driver files are detected

Alas, it turned out that the two hidden items that this program found on my system were hidden by Microsoft, not by any rootkit. When I removed them, I was removing my Windows 7 license key and activation data, so that when I rebooted my machine after the fix, I got the “black screen” background and a warning that my copy of Windows was not genuine. This was easy to fix, simply by re-entering my (valid) license key, and then re-activating Windows, but it did come as something of a surprise.

The two items that the progam discovered were:

  • C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  • C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

Should you decide to run this program and it discovers exactly two hidden drivers, but no other signs of infection, you may want to check to make sure they don’t match this information. On the other hand, the fix is pretty easy if you do trash them and lose your license status and info, so you can go either way in deciding whether or not to allow the program to delete these questionable but benign items.

May 11, 2010  1:51 PM

BitDefender Detects Trojan In Fake Win7 Upgrade Advisor

Ed Tittel Ed Tittel Profile: Ed Tittel

An imposter version of the Windows 7 Upgrade Advisor is being offered in e-mail messages on the Internet, says security software vendor BitDefender, which has detected installation rates in the US of around 3 or 4 copies per hour on its security monitoring network. The proffer comes in the form of a supposed “help message” that recommends users download and install Windows 7 Upgrade Advisor setup, and supplies a link for same. Of course, that link does not go to Microsoft, and the ZIP file that gets downloaded contains a malware program named Trojan.Generic.3782603 that can install itself and other malicious and  unwanted software on machines where the ZIP file gets unpacked. Among the typical payloads that this Trojan installs is a backdoor program that enables remote and unauthorized access to infected machines. In turn, this software lets the bad guys install other software or access files on infected systems, any or all of which can lead to financial losses, identity theft, and access to sensitive data or information.

BitDefender opines that “…infection rates reflected by the BitDefender Real-Time Virus Reporting System indicate the beginning of a massive spreading of the Trojan.Generic.378603….” and that “…it’s just a matter of time before the cybercriminals control a huge number of systems…” Of course, the e-mail message that serves as the pointer to the infection vector run contrary to Microsoft practice, which is never to e-mail software or links to software to customers or potential users. Savvy computer users will know this, and are unlikely to fall prey to this attack, but less sophisticated users interested in Windows 7 and the Upgrade Advisor (legimitately available through the Microsoft Download Center at the Windows 7 Upgrade Advisor page) are stil falling prey to this attack, as the BitDefender report clearly indicates.

The real Win7 Upgrade Advisor Download page

The real Win7 Upgrade Advisor Download page

May 4, 2010  1:50 PM

Blogging Gets Back to Normal

Ed Tittel Ed Tittel Profile: Ed Tittel

Those of you who notice such things will recognize that my blogging frequency decreased dramatically over the past 5 months, culminating with my lightest month ever in April. It’s for the best reasons: I’ve been insanely busy with a big consulting project and also appeared as an expert witness in a trial that took place in Tyler, TX, at the US Fifth Circuit Court last week. The case is now over, and my consulting project is winding down (and ends on May 21) so I’m announcing that as of today, I’m back on my usual schedule of three times a week from here on out (and back up to 12 blogs monthly).

To those of you who missed me: “Thanks!” To those of you who didn’t, “Thanks, anyway!” And to those of you who could possibly care less: “Please keep up the good work!” I’ll be returning to my normal coverage of Windows enterprise desktop topics, including platform developments, news, and trends plus Windows 7 advice, information, and resources. If anybody’s got any burning questions, post them here, or look up my email on my Website at and drop me a line.

In my plans for the next few weeks:

  • Interesting alternatives to Windows XP Mode are becoming commercially available for Windows 7. I’ll take a look at several such products over the next month.
  • More information on Windows certifications and learning opportunities is in the offing, and I’ll cover those topics and programs as they go public.
  • Looks at some recent Windows 7 migration and deployment trends in various enterprises around the globe.

To one and all: “Thanks! It’s great to be back to a more normal (and I hope less hectic) schedule.”


April 19, 2010  3:01 PM

Windows 7 Boosts Demand for Desktop Support Staff

Ed Tittel Ed Tittel Profile: Ed Tittel

Given that the IT sector is lagging the overall rebound in employment across all industries, both inside and outside the US, I’m always glad to see the occasional ray of sunshine where IT is concerned. That’s why I read this April 17 story from the UK edition of Network World with greater than usual interest: “Windows 7 fuels demand for desktop support.” I don’t want to make a mountain out of a mole hill, but this phenomenon dovetails pretty nicely — and predictably — with another Windows 7 phenomenon: an ongoing business technology and desktop refresh stimulated by the combination of an aging XP hardware base and enough improvement in economic conditions to get businesses thinking about investing in their desktop and notebook fleets.

Along with capital expenditures for new equipment comes a brand-new OS on those machines, plus opportunities to migrate or upgrade systems less than three years old (if purchased for potential Vista use, a desktop or notebook will run at least a little better using the same hardware for Windows 7, if not more so). All this adds up to a growing appetite for Windows 7 deployment in businesses of all sizes, and thus also, an appetite for Windows 7 qualified help desk, support desk, and technical IT staff.

That probably adds credence to Chris Pirie’s claim (see my IT Jump Start interview with Chris Pirie of MS Learning from last Friday) that Windows 7 training and certification is also fueling a considerable jump in Microsoft Learning’s activity and revenue levels. It’s also possible that the study Pirie cites in that blog, which reports that Windows 7 is going to add considerably to IT budgets and activity levels as well, is not too far off the mark. I can only hope this ray of sunshine portends a break in the otherwise cloudy IT employment outlook — hopefully, sooner rather than later.

April 7, 2010  5:58 PM

Troubleshooting: Sherlock Holmes to the Rescue!

Ed Tittel Ed Tittel Profile: Ed Tittel

One of my favorite quotes from the 19th century master sleuth himself goes like this: “It is an old axiom of mine that when you have excluded the impossible, whatever remains, however improbable, must be the truth” (The Adventure of the Beryl Coronet, pg. 315). Would that I had recalled his words earlier when working my way through a recent troubleshooting adventure (read all about it in my latest ViztaView blog entitled “Test System Woes Finally Solved, But Not Without a Final Fillup of Loathing and Despair“).

To compress this epic troubleshooting adventure into as few words as possible, when trying to figure out why Windows 7 Professional x64 wouldn’t install on a particular test machine, my reluctance to consider the CPU as the possible culprit caused me to waste ungodly amounts of time trying to fix (and even replace) other stuff that wasn’t broken or misbehaving. It turns out my engineering sample of the Intel QX9650 processor (which samples, by the way, are neither supported nor warranted to be defect-free by Intel: they give ’em way for reviews and analyses and you gets what you pays for them) simply won’t complete the “Expanding files…” phase of the Windows 7 install process, which follows immediately after “Copying files…” right at the very beginning of the install process.

I’m actually writing a story about this for, as a combination advanced troubleshooting tutorial plus a meditation on the nature and essence of systematic troubleshooting. So naturally, my editor at the site asked me to get a comment from Intel to make sure this leading silicon foundry didn’t get blindsided by my report. First and only official response I got was “Intel modern processors work on both 32 and 64-bit versions of Windows 7.” I’d have to agree with this statement and furthermore I believe that my particular borked QX9650 is an anomaly and not in any way representative of Intel’s architectures, products, and capabilities.

In off the record discussions after that, however, things got really interesting. Basically, the Intel rep refused to believe that I was reporting a genuine phenomenon and that my troubleshooting methods must be flawed or incomplete for this to occur at all. Nevertheless, I can repeat this anomalous behavior at will, and the only single factor that either causes this behavior to occur, or that makes it vanish, is the presence (problem occurs) or absence (problem disappears) of this particular QX9650 CPU. If everything else either stays the same or is different, and the only element that controls whether or not the problem manifests is the CPU, logic and reason (thanks, Sherlock!) tell us that no matter how much we may not *WANT* to believe the cause, it is indeed the truth.

It’s stuff like this that makes my working life so much fun, and such a treat to keep whaling away at. Sometimes I feel like the luckiest guy in the world, but only after I recover from feeling occasionally accursed that things don’t always work the way they should!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: