Windows Enterprise Desktop

July 29, 2010  4:10 PM

Vulnerability in Windows Shell could allow remote code execution

Ed Tittel Ed Tittel Profile: Ed Tittel

Thanks to Paul Thurrot’s SuperSite for turning me on to a serious Windows vulnerability related to the same shell shared by “… all modern Windows versions from Windows XP through7, including all Server versions…” There’s also a July 21, 2010 Microsoft Security Advisory (2286198) that explains this issue available, that’s probably worth reading, too.

Here’s the 10,000 foot view: a Belarussian security firm named VirusBlokAda reported its discovery on June 17 that Windows passes shortcuts in such as way as to enable malicious code to be executed when the icon for a specially-crafted shortcut gets displayed (the code is attached to the icon image, so that processing the image for display also causes the attached code to run). Microsoft plans to issue a fix on the August Patch Tuesday (8/9/2010) but the Security Advisory includes a workaround that may be applied in the iterim. Basically it strips all shortcuts of their icons (no display, no possibility of running malicious code: get it?) so that users enjoy security from this vulnerability at the cost of little white boxes for shortcuts instead of pretty icons.

In testing the workaround on my Windows 7 x64 test machine I also encountered the new Microsoft Fix It facility, which applied the patch (and gave me access to a reverse the fix tool as well). Pretty interesting stuff, and I expect to see it used more often as Microsoft steps up its proactivity in dealing with security glitches in advance of published updates, as in this case. Kewl!

As an aside, I personally hate shortcuts and always opt to keep them off my desktop in 99 out of 100 cases. Who knew that what I thought was an esthetic foible could turn out to be a best security practice?

July 28, 2010  2:04 PM

Jabbering Onboard NIC Leads to D-Link Tech Support Issues

Ed Tittel Ed Tittel Profile: Ed Tittel

“One step forward and three steps back” must’ve been the guiding force for my first day back from vacation yesterday, where I struggled both mightily and frantically to get my working life back on the rails after a blissful 6 days of vacation bracketed by a full day of travel to and from the lovely and cool mid-coast region of Maine. Before my departure, I’d been seeking diagnosis and cure of an ongoing series of network failures on my home LAN which currently includes 10 computers: 6 running some form of Windows 7, one each XP and Vista, one running a Fedora-based Linux image (an OLPC that I supposedly bought for my son), and one running whatever GNU/Linux version the Nintendo Wii uses, plus my D-Link DIR 655 router/switch/WAP and my D-Link 2100AWL 802.11 g wireless hub.

By the time I left town to hit the Maine beaches and attractions, I’d determined by trial and error that my network failures would cease when I removed the cable coming from the network interface on the Asus P5E3 Pro motherboard in one of my machines named A900Test. To fix the problem, I purchased a D-Link DGE-530T 10/100/1000 PCI network adapter at my local Fry’s before leaving town. Upon my return to work, after I got through e-mail, and met all of yesterday’s immediate deadlines, I decided to disable the NIC on the Asus motherboard in A900Test, and to install the D-Link NIC in its place.

After installing the 530T in that machine, I found myself in the rare position of rebooting to have Windows 7 tell me it couldn’t find a driver for the NIC by itself. This is the first time Windows 7 has come up short in this regard in the year-and-a-half-plus that I’ve used this OS, starting with Build 7000 way back in January 2009. “No problem,” I thought, “I’ll just use the drivers on the CD that comes with the NIC.” But there, I found my only option was to use x64 Windows Vista drivers, since the card itself is old enough that it apparently predates the official Windows 7 release date in late October, 2009.

Again my thought was “No problem, I’ll just download the newer Windows 7-friendly drivers to a UFD on another machine, then install them on this one.” But when I did so, I got an error message from the D-Link installer informing me that another network control program was present on my machine that had to be removed before the D-Link installer (and its drivers) would install on my machine. “No problem” I said to myself “I’ll use Universal Extractor to suck the necessary driver files out of the setup.exe program and then install the drivers via Driver Update in Device Manager.” No dice: Device Manager politely informed me it could find no suitable drivers in the $INSTDIR that Universal Extractor created for me with all of the .sys, .cat, .dll, and .inf files that supply drivers to Windows 7 (and other OSes) these days.

“Aargh!” I thought to myself “Time for a call to D-Link tech support.” I shouldn’t have bothered. After a nice but fairly ignorant support tech named Seetha ran me through everything I’d already tried myself (with regular pauses for her to consult with some more knowledgeable third party, she had me uninstall the unidentified Ethernet NIC in Other Devices in Device Manager, then re-run the installer several times), she informed me I would have to return the card for a replacement to Fry’s and try again. I *KNEW* this to be bogus advice, because my problem was that the installer wouldn’t run, not that the hardware wouldn’t work (you can’t really tell the hardware isn’t working properly, in fact, until you have a working driver installed and running).

Upon trolling through Programs and Features in Control Panel, and reading through various items in the aforementioned $INSTDIR directory that Universal Extractor created for me, I saw numerous entries named yk*.*. Subsequent inspection of the readme file also unpacked in this directory informed me the NIC includes a Marvell Yukon GbE chipset. At this point, I finally realized that the D-Link card incorporates the same chipset that my on-board Asus NIC also uses.

Mystery solved: I had to uninstall the Marvell Control Program in Programs and Features before the D-Link installer program could do its job, after which everything went as smooth as silk. My question to D-Link is “Why doesn’t your standard 530T script for first-level Tech Support people include a question like ‘What kind of NIC chipset does your motherboard use?'” If that were the case, Seetha could have told me to uninstall the Marvell Control Program, and informed me that installation would proceed without further trouble. I’m just glad I know enough about how networking operates in the Windows environment to be able to figure this kind of thing out for myself.

Sigh. And so it goes… At least the network is working properly, and I’ve experienced no further LAN failures since I successfully installed the 530T on my primary test machine. I’m crossing my fingers that this will fix my network glitches going forward, but only time will tell. FYI, I’m forwarding this blog to a couple of D-Link PR people and requesting a response, which I’ll add to this posting should any such reply make its way into my inbox.

[Note added 7/29/2010: I did get a “looking into it” reply from one of the D-Link PR people to whom I sent a link to this blog, but nothing more substantial in reply just yet. Stay tuned! -E-]

July 27, 2010  2:51 PM

64-bit approaches parity with 32-bit versions for Windows 7

Ed Tittel Ed Tittel Profile: Ed Tittel

Here’s an interesting table from CNET that reports on the 64-bit installed Windows base vis-v-vis 32-bit versions by OS for Windows 7, Vista, and XP:

CNET summarizes 64-bit OS usage from the MS Windows Update report for June 2010

CNET summarizes 64-bit OS usage from the MS Windows Update report for June 2010

It certainly looks like the ability to access and use RAM sizes in excess of 3.1-3.2 GB or so (about the best you can do with Windows 7 32-bit versions, even with 4 GB of RAM installed) has to be contributing to this change in the makeup of the Windows OS distribution when it comes to relative numbers of 32- and 64-bit versions for recent Windows OSes. With memory getting cheaper, increasing use of virtual machines, and a growing number of applications designed to take advantage of 64-bit data structures, file sizes, and so forth, there are also lots more reasons why it makes sense to buy a PC with 64-bit Windows pre-installed, or to switch from 32-bit Windows XP or Vista when upgrading to Windows 7.

As I look at my own PC population in-house, I see that except where 64-bit versions aren’t possible (as on Atom-based netbooks) or don’t make sense (as on older hardware with 4 GB or less of RAM installed), my own preference has been to upgrade to 64-bit Windows 7 on existing hardware. All of the systems I’ve purchased recently (except for an HP MediaSmart Server, for which 64-bit Windows is not available) in fact, have come with Windows 7 pre-installed as well.

July 27, 2010  2:35 PM

Windows 7 Sales Spike Higher to 10 Copies Per Second

Ed Tittel Ed Tittel Profile: Ed Tittel

Just over a month ago, I cited reports that Microsoft’s run rates for Windows 7 sales worked out to 7 copies per second in my blog “Windows 7 Posts 150M LIcenses Sold…” In the 29-day period from June 23 to July 21, that run rate jumped to 10 copies per second, given cumulative sales of 25 million licenses over that interval, according to a story posted at Computerworld last Friday. My later posting discussed speculations that Microsoft might not be able to maintain this momentum in light of its relatively low (25%) conversion rate among enterprise-class buyers, most of whom continue to use Windows XP. Looks like that has not dampened momentum for Windows 7 uptake, in light of this recent uptick.

That raises the very interesting question of whether or not surveying blog or article readers to assess market intentions or status is valid. My best guess is that those who read articles about Windows 7 are already showing tangible signs of interest in the OS, and that they probably represent a different population than the entire enterprise IT sector. What makes the question — or rather the characteristics of those who would choose to read and respond to such surveys — interesting, is that the composition of such readership isn’t clear, nor can it be demonstrated to consist solely (or even mostly) of enterprise IT professionals.

My gut feeling is that those who are interested in Windows 7 come from all walks of life, including some enterprise IT professionals but also SMB IT professionals as well as plenty of people who probably work outside the IT umbrella entirely. Surveying this population to determine enterprise interest or intent is probably a risky proposition at best, if not downright meaningless. The close correlation between the survey results and the declared intentions of enterprise-class outfits might be accidental or uninformative as well.

I have to believe that the combination of an aging PC fleet, impending cutoffs for XP support and updates, and genuine performance and security improvements in Windows 7 as compared to XP will help, not hinder, enterprise migrations from the older Windows platform to the newer one. When the balance will tip and enterprise adoptions and migrations start speeding up, however, remains anybody’s guess. Just in case the conventional wisdom that enterprises will indeed wait for SP1 to be released before migrating proves true, MS would be well-advised to push that date forward rather than allowing it to occur later rather than sooner.

July 22, 2010  1:45 PM

Take a challenge, take the family

Ed Tittel Ed Tittel Profile: Ed Tittel

OK, so I’m on vacation this week and I’m learning how not to be at work most of the time, and how to be relaxing and enjoying my family and my freedom instead. To some extent, this is a challenge all by itself because I’m so used to hunkering down by myself in my office, immersed in a world that’s more virtual than real, chasing interesting phantoms of thought and technology.

This week, my challenge is of a completely different order. I’m out of the customary routine, now responsible for finding things to do, places to visit, and sights to see not just for my own family, but also for my sister’s family (herself, her husband, and their 11-year-old son and 14-year-old daughter). Of course, I’m not in this alone — there are three other adults around to provide input, exert leadership, and guide choices, and the kids are never shy about making their wants and wishes known, either.

But so far we’ve managed nicely to enjoy ourselves and our surroundings. We’ve hit the local beaches four times, have visited a nifty museum or two, and have taken several lengthy hiking excursions into nearby local attractions. It’s always interesting getting a bunch of people moving, and keeping them moving at enough of the same pace to make satisfactory progress between points A and B (or as Tolkien put it as the subtitle for The Hobbit:  “There, and Back Again.”

In the meantime, I’m observing that many of the same skills I’ve developed in setting up, configuring, and troubleshooting technology have some small value in helping to manage family affairs and activities. More humorously, my tendency to make assumptions about causes and solutions can also lead me away from the truth just as well in this sphere as it can in my more customary haunts. But gosh, it sure it fun to turn my hand (or more appropriately, to lend that hand) toward steering “rough consensus” about what we should do today, and helping to foster a situation where everybody gets to have fun, and enjoy themselves.

Now, if only I could figure out how to bring this spirit and attitude to work, too!

July 20, 2010  2:42 PM

The Benefits of an Occasional Recharge

Ed Tittel Ed Tittel Profile: Ed Tittel

Work. Work. Work. Go all day, deal with the rest of life as busy schedules permit, catch a few Zs, then get up and do it all over again. That’s the typical rhythm of life for most of us working stiffs, most of the time. Every now and then, though, it’s a good idea to make a break from the dull routine and go do something else.

That’s why I’ve found myself singing “I’m on vacation. I’m on vacation. I’m on vacation.” over and over again during the past few days. The family and I have broken with the usual routine and are spending our days together right now, exploring places and activities we’d never normally undertake during the week. And though the new routine has its own rhythm and I still fall into bed exhausted (or at least, pleasantly tired) each night, it’s different enough for me not just to recharge my batteries, but also to get some perspective on working life as well.

Summer is a traditional time for vacations. And although it’s hot and sometimes difficult to be outside wandering around, it’s a terrific break and a positive and pleasant change. I’m off for the next week, which I hope will be long enough for me to regain my balance, refresh myself, and to feel good about jumping back into the workaday routine by the time I officially return to my desk next Tuesday (June 27). In the meantime, I’ll be sharing some idle but hopefully also productive thoughts about working life and plans from the “different place” that is the vacation mindset. Please stay tuned for more, and I hope you too get the chance to change your venue and perspective in the same way soon, if you have recently done so already!

Best wishes,


July 15, 2010  3:23 PM

Windows 7 SP1 Beta Released Yesterday

Ed Tittel Ed Tittel Profile: Ed Tittel

The TechNet Evaluation Center released the combined Windows 7 and Windows Server 2008 R2 SP1 beta package yesterday. Check out this warning that advises end users to steer clear:

Here's the blurb from the top of the MS download page

Here is the blurb from the TechNet download page

Anybody who wants to grab the beta can do so, however, but the usual restrictions apply. To me the most onerous typical restriction is that the machine upon which such a beta gets installed usually has to be wiped and a clean base OS installed against which to apply the final version of the service pack when it becomes available. Thus, this isn’t for production machines by any stretch of the imagination, and I can readily understand why MS wants to discourage home or casual users frm attempting giddy experimentation with this code without fully appreciating what kind of work will be involved when it’s time to replace the beta with the final release.

That said, enterprise and other Windows 7 admins looking to evaluate the impact of SP1 — who usually have test machines at their disposal — will probably want to grab this update and get going on installation and impact analysis. SoftPedia has a pretty nice summary of SP1 available, including a useful overview of the changes that SP1 will bring to both Windows 7 and Windows Server 2008 R2. It’s worth checking out, if you want to understand better what’s under the hood here.

July 14, 2010  9:57 PM

Microsoft July Security Bulletins/Updates and Zero-Day Exploit Collide

Ed Tittel Ed Tittel Profile: Ed Tittel

Yesterday was the second Tuesday in July aka “Patch Tuesday” so it also witnessed the release of the scheduled updates for the month and an accompanying Security Bulletin. Today, the Help and Support remote code execution vulnerability described in MS10-042 is reported as the focus of a “zero-day exploit” (an exploit that occurs the same day that a vulnerability is acknowledged) that is reported in this ZDNet blog “25,000 PCs attacked with latest Windows zero day [exploit]” as what can only be summarized as an extremely active infection or infestion on the Internet. Patch your systems quickly, folks!

Other items updated in the latest round include the following:

  • MS10-043 Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (Critical, but affects only x64 versions of Windows 7 and Windows Server 2008 R2).
  • MS10-044 Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (Critical, but affects only MS Office 2003 SP3 and 2007 SP1 and SP2 versions)
  • MS10-045 Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (Important, and affects Office XP SP3, 2003 SP3, and 2007 SP1 and SP2 versions)

The usual monthly elements (Windows Malicious Software Removal Tool, Outlook Junk Email Filter, and so forth) were also distributed as well. My x86 (32-bit) systems didn’t require a reboot after installing these updates, but my x64 (64-bit) systems did. Enjoy!

July 13, 2010  5:40 PM

Windows 7 Momentum Called Into Question

Ed Tittel Ed Tittel Profile: Ed Tittel

Hey! I just read a fascinating ditty in Jason Hiner’s recent Between the Lines blog for ZDNet; it’s entitled “74% of work PCs still run XP, and they’re 4.4 years old.” This item does a short, scary, and convincing job of calling the big wins into question that Microsoft has been reporting for sales of Windows (150 million copies sold as of the end of May, or 7 copies per second since the official release in October 2009) — at least, as far as enterprise sales and adoptions are concerned.

Let me explain. Hiner reports that Microsoft shared what can only be call “very interesting numbers” at its Worldwide Partner Conference 2010. At that summit, MS Windows Corporate VP Tammi Reller revealed that 74 percent of business computers still run Windows XP, and also indicated that the average age for corporate PCs is 4.4 years. These are surprising numbers, especially in light of other surveys on enterprise/business OS pilot, adoption, and use plans. They could also spell disappointment for Steve Ballmer’s prediction last Monday (July 12, 2010) that Microsoft would sell 350 million copies of Windows 7 by the end of this year.

Given the low current adoption rate Microsoft is convinced that it’s a golden opportunity that will result in huge sales for the foreseeable future. And certainly, a PC fleet that’s averaging around four-and-a-half years old is past due for a hardware refresh as well — especially if you put any credence into studies about the IT hardare lifecycle, which indicates that machines over three years old become increasingly difficult and expensive to support, and that five years is about as much productive life as any organization should try to squeeze of its PCs (and for notebooks, the cycle is more like 3-4 years, given increased wear and tear to which mobile machines are subject).

On the other hand, Hiners observes that with 74 percent of corporate machines still running XP, and with Windows 8 now under discussion, it’s possible that some portion (maybe even a substantial one) of this population may decide to stay put, and wait even longer to upgrade. Just for grins, I took the survey on his blog page to see how previous readers have reacted to a couple of questions, and those results firmly underscore the notion that what MS spins as an opportunity could also result in fewer sales than projected:

Here is the instant read on the first poll question

Here is the instant read on the first poll question

Here's what readers say about the age of their PCs

Here is a breakdown of PCs by age

Although there’s no information available about the size (or quality) of the population being surveyed here, the results certainly provide a rough-and-ready affirmation of what’s reported regarding adoption plans and PC age. Now, it remains to be seen whether the need to avoid unpleasant increases in support and maintenance costs trumps an apparently strong desire to stand pat with XP, or vice-versa!

July 7, 2010  4:58 PM

Can Windows 8 Steal Windows 7’s Momentum? Naaaah…

Ed Tittel Ed Tittel Profile: Ed Tittel

In the over-reported and -analyzed business and IT technology world in which we live, yesterday’s grist for news — such as my preceding blog “Windows 8 Slide Leaks the Shape of Things to Come” — can itself become fodder for today’s news. At least, that’s what I thought when I saw Tony Bradley’s thought-provoking piece for PCWorld this morning, entitled “Leaked Windows 8 Details Could Slow Success of Windows 7.”

Mr. Bradley’s basic premises go something like this: Windows 8 mentions interesting and possibly significant new hardware requirements (for example, a Web cam used for facial recognition, among numerous other jazzy and snazzy planned features and functions). Windows 8 will probably be out in two to three years. Some companies and organizations may elect to delay their OS upgrade and hardware refresh still further to wait for Windows 8 to get finished, so they can buy hardware on which it will run.

I find it interesting, but I don’t buy it. Lots of studies show that as desktops and notebooks age, especially over three years for notebooks, and four to five years for desktops, the costs of supporting and maintaining older hardware rise impressively. With many companies and organizations having already pushed the envelope past its normal tearing point (many notebooks are 4-5 years old, and desktops 5-6 years old in a large number of enterprises, companies, government offices, schools, and so forth), there’s little chance that enough elasticity resides in those poor old things to permit them to eke out another 2-3 years of productive use.

My personal belief, well-supported by reports from major PC manufacturers and Microsoft itself, is that the “big refresh” is already underway, and that it will be accelerating over the next 12-24 months. I don’t think it matters that Windows 8 is around a corner not too far away: it’s the distance from the last corner (Windows XP) and the corner that got skipped (Windows Vista) that really makes the difference right now.

Perhaps Mr. Bradley is right to the extent that the pace of Windows 7 purchases (7 per second, according to recent MS press releases) may drop off a bit. But I think the old desktop and netbook fleet is too old to hold out for another 2-3 years for the next, bigger, and better Windows to come along.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: