Tuesday, March 10, was the second Tuesday of the month, the day colloquially known to MS system administrators and security mavens as “Patch Tuesday.” Here’s a smorgasbord of the items that showed up in the list of 3/10/2009 items with relevance for Windows Vista:
- MS09-006 Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (KB958690). This is first kernel vulnerability to come along for a while and as such affects all supported versions of Windows back to Windows 2000. Most fixes go the the Win32k.sys file, which ranks right up there with ntoskrnl.exe at the heart of Windows OSes everywhere. Update this one quick!
- MS09-007 Vulnerability in SChannel Could Allow Spoofing (KB960225). This privately reported item, if exploited, could allow an attacker who gains access to end-user certificates to successfully impersonate (spoof) those users, but only when the public key component of an authentication certificate has also been obtained as well. This affects all supported versions of Windows as well. If you use end-user certificates as part of your authentication mechanisms, you’ll want to apply this update quickly as well.
Another bulletin (MS09-008) was also released with fixes for vulnerabilities in DNS and WINS Server code that could permit address spoofing for potential man-in-the-middle or site impersonation attacks. But you can leave these fixes for the server gang, unless you happen to take care of your organization’s servers as well.
For the record, only MS09-006 is rated Critical, while both MS09-007 and MS09-008 are rated Important. Given the nature of the related vulnerabilities, anyone who’s affected by either Important item should probably expedite pushing this update out as quickly as possible anyway. And of course any Critical item needs to make its way onto Vista (and other Windows) machines as soon as circumstances and testing/deployment requirements permit.
If the care and feeding of your Vista systems is anything like mine, from time to time there’s just no getting away from messing with disk partitions. For me, that means one of several activities gets underway:
- Migrating a notebook or desktop user from a smaller drive to a larger one, sometimes with additional logical volumes to add into the mix, sometimes without.
- Setting up desktop machines to use VM technology of some kind (I’ve learned it’s safer to set up and run a separate logical and/or physical volume in which to run VMs to keep system or data partitions from filling up completely).
- Setting up sandboxes of one kind or another for testing, specific applications, or whathaveyou.
I’ve used the Disk Management utility in Administrative Tools (Start, Control Panel, Administrative Tools, Computer Management, Storage, Disk Management) since the NT 4.0 days, but though this tool has gained in capability and flexibility considerably since then, it still can’t compare to a commercial disk partition management tool. And as such tools go, I’ve learned to like Paragon’s Partition Manager 9.0 Professional Edition better than most of the others I’ve used (Partition Magic, EASEUS Partition Master, Acronis Disk Partition Manager, and so forth, though those with no budget for software left may have to opt for the Open Source gparted instead).
Strictly as a partition management tool, Paragon Partition Manager is worth the $65 or so this program will typically cost you. As the following screenshots amply illustrate, it not only allows you to manage partitions quite nicely (create, format, resize/redistribute space, merge, and even undelete) it will also let you copy partitions or entire drives (either logically or physically), perform various types of partition- and disk-level backups and restores, and even install a boot manager (great for multi-boot to older Windows versions and/or Linux), and even a file transfer wizard to grab files from inside a working partition, or a backup snapshot the program has made of any partition you’ve saved. There’s even a byte-level disk editor available to those knowledgeable and intrepid enough to use such a powerful but dangerous tool.
When you actually start to use the program, you see a multi-pane interface that looks much like many other disk utilities, with similar silos at the left (a control panel, as it were), controls and displays at the right (for specific items or tasks related to the chosen activity), and icons along the top to provide instant access to the most common tasks. Here’s a look at the wizard driven elements for Backup, Copy, and Tools on the left, with disk views at the right (notice how physical disks act as containers for logical volumes).
All in all, Paragon Partition Manager 9.0 makes a pretty good addition to any Vista admin’s toolbox. The partition tools are the best and most worthwhile components of the tool, but the backup, copy, and boot management capabilities can be handy when migrating users from one disk to another. The recovery tools are adequate, but only from a very basic perspective (I’ll stick to a well-crafted VistaPE recovery UFD any day). I also found the lack of user-driven search a bit frustrating when the time came to search the help files (you can only plough through an index that they create, and pick the terms inserted therein). Minor nits to be sure, and no reasons not to try this program out for yourself, or even to buy a copy of your very own.
Gosh, I love writing headlines because they can say so much and so little at the same time. Today’s blog makes a terrific case in point. It refers to the recent Fiasco award for 2009, chosen by an anonymous Fiasco Awards Team, which was in turn sponsored by the Catalan Association of Telecommunications Engineers (apparently this is a one-time thing, so it’s neither fair nor accurate to link the Fiascos only with the Catalan Association of so-on-and-so-forth). At least one other source describes the Fiasco as a kind of “worst IT product” designation in its reporting, but closer examination of the Association’s own description of the Fiascos reveals there’s a bit more at work here than simply recognizing “worst in show” performance or capability.
What a Fiasco represents is a product, service, or idea from any sector in information and communication technologies that winds up as a complete and total flop. Here’s a quote from the afore-cited Web page that bears the title “The Spirit of the Fiasco Awards.”
Technological advance is not a straight path. Despite the economic investment, intellectual efforts and hopes invested on it, it often happens that instead of achieving a successful product, a profitable company, a new useful service or an interesting development through it, we just end up with a real Fiasco in our hands. But both success and fiasco are a part of the same process of leaping forward, head and tail of the same coin. The first, we celebrate, from the latter, when the initial shock is overcome, we learn, and in addition, they tend to be very funny.
To me this award is more synonymous with “good ideas gone spectacularly bad” or perhaps even “it seemed like a good idea at the time” than it is with a “worst in class” designation. Though there are plenty of others who will tar and feather Vista with bad reviews, bad marks, and even bad cess, I think it’s fantastic that an IT organization would seek to find humor in making such awards. Lord knows there have been days when I’ve chased Vista’s tail all over the landscape when a little humor would have been more than welcome. And so I can appreciate and embrace the idea of the Fiasco much more than something more curmudgeonly in outlook and intent. After all the kvetching about Vista I’ve slogged through in writing this blog, it’s great to find something that’s more on the tongue-in-cheek side of the street rather than the vitriolic rant side instead.
Here’s how Vista acquired the 2009 Fiasco award. In response to a survey, 6400 individuals registered on the Fiasco site, and completed a ranking poll to choose the winner. With 5222 (or 81.6%) of respondents choosing Windows Vista, it swamped the other competitors for this award. These included OLPC (One Laptop Per Child, the second place finisher), Second Life (third), Google Lively (4th), and Mobuzz (5th), though numerical breakdowns for these other contestants aren’t readily available.
Tonight at dinner, I’m going to raise my glass and propose a toast to my favorite Fiasco–namely Windows Vista. I urge you to do likewise, at your first opportunity.
Visit the Microsoft Download Center today (March 4, 2009) and you’ll see numerous Windows Server 2008/Windows Vista SP2 downloads available there, all of which posted on 3/3/2009. When I visited the page in the morning, here’s what shows up under the New Downloads heading there:
Careful inspection of these listings, however, reveals that all of them still include the word “Beta,” even though all are indeed new files that posted yesterday. Only the DVD ISO includes a filename that specifically mentions RC2–namely, 6002.16670.090130-1715_iso_update_sp_wave0-RCSP2.0_DVD.iso.
Other downloads simply reference their associated KB articles by number, as with the IA64-based offering that appears at the top of the listing shown in the preceding screenshot–namely, Windows6.0-KB948465-IA64.exe. Here again, these articles specifically reference the SP2 beta releases, and make no mention of the Release Candidate itself.
This leads me to a couple of contemplative musings:
- If you want to see what’s in RC2, you’ll want to download and inspect the DVD ISO download
- Microsoft will probably either be issuing a clarification soon, or will replace those other downloads with RC2-labeled materials and KB articles
We’re all going to have to stay tuned to see what happens next. Very interesting! As for myself, I’m downloading the ISO image right now, and will use Daemon Tools to see what’s inside as soon as the download finishes (in 28 more minutes according to the download manager).
Now that I’ve been running Secunia Personal Software Inspector (PSI) on my Vista machines for about three months I’m starting to learn a little about this program’s behavior. Last Friday, Secunia notified users about an important update to Adobe Flash, part of which involved replacing an older version of its ActiveX control for Explorer with a newer version. This involved installing a package that included a file named Flash10b.ocx, which replaces Flash10a.ocx.
Apparently the installer is not only supposed to add Flash10b.ocx to the %windir%\System32\Macromed\Flash directory, it’s also supposed to delete the previous version, Flash10a.ocx as well. The problem is, deleting ActiveX components you use requires that they be unregistered first. To do this for the aforementioned file, enter this string at the command line:
regsvr32 “C:\Windows\SYSTEM32\Macromed\Flash\Flash10a.ocx” /u
On the other hand, you could use your handy-dandy WinPE boot UFD to reboot the machine and delete this file without having to unregister, because you’re then running inside a different Vista runtime that isn’t using that ActiveX control. However, a double reboot takes at least 5 minutes on my Vista machines: once to boot into WinPE, and again to return to a normal Vista runtime environment after deleting the file. On the other hand, unregistering this ActiveX control takes less than ten seconds. Thus, it’s easier and faster to unregister the file first, then delete it without resorting to the UFD. You can even write a short batch file to automate the entire process, and deploy it around your network to Vista desktops.One more thing: before you attempt to delete this file, please close Secunia PSI as well. If you leave it open, it will hang onto a handle to this file. And of course, that too will prevent you from deleting it.
Those readers who’ve followed my advice and have installed PSI or CSI (the newly-renamed “Corporate Software Inspector” or CSI, that replaces the older NSI for Network Software Inspector) may benefit from this tidbit of information, if they haven’t figured it out already for themselves. As foibles go, however, this one’s pretty minor, and would only require Secunia to add a short note to this effect in their clean-up instructions. I’m still glad to have Secunia in my corner, though, and since I’ve started using their software inspectors my machines have kept up with patches, fixes, and updates on a more-or-less a same-day basis, except for occasional weekends or holidays when I choose not to check on my growing collection of PCs.
On Wednesday, February 25, Brandon LeBlanc, Windows Communications Manager for the Windows Client Communications Team, posted information to The Windows Blog to announce the Release Candidate (RC) for “Service Pack 2 for Windows Vista and Windows Server 2008.” Otherwise known as SP2 for Windows Vista and Windows Server 2008, this update is still in beta, but is now available to TechNet and MSDN subscribers for broad access and testing.
Important details of the RC version’s contents (and those planned for release when SP2 goes live later this year, probably in April) are spelled out in LeBlanc’s same-day posting entitled “Notable Changes in SP2 RC for Windows Vista and Windows Server 2008.” There’s also a TEchNet (dated 2/26/2009) document on SP2 available entitled “Hotfixes and Security Updates in Windows Server SP2 and Windows Vista SP2” as well. It’s probably worth a taking a look at these documents, but here’s my take on some highlights:
- As I mentioned in my previous blog, SP1 remains a mandatory pre-requisite for the install of SP2
- Users who wish to update to SP2 using Windows Update or Windows Software/Server Update Services (WSUS) have to patch the servicing stack to automate the SP2 install (see KB 955430 for details; the typical URL http://support.microsoft.com/kb/955430 is not yet working as I write this, however).
- Download sizes run fom 300 to 622 MB for standalone packages, and from 41-90 MB for Windows Update users (DVD info not yet available).
- Lots of interesting changes to setup and deployment, including a single installer for both Vista and Windows Server 2008, incompatible driver checks, improved error handling and messages, better logging, more secure installation, and post-release installer serviceability. As with SP1, there will also be an SP2 cleanup tool (Compcln.exe) to remove pre-SP2 files from machines, or to reduce the size of slipstream images used to install Vista and/or Windows Server 2008.
Anybody who’s interested who also has a TechNet or MSDN subscription can now sally forth and grab this beta. Because most enterprise admins have one or the other, if not both, this means you!
One of my best sources for leaked info from Microsoft continues to be Malaysian-based site TechARP. Today’s blog is based on some recent reportage from them about the upcoming Internet Explorer 8 release. The latest date for release to manufacturing (RTM) is March, 2009, most likely sometime in the latter half of that month (details are expected on March 5, though it’s not yet clear if those details will be available only for internal consumption at Microsoft, or in the form of a more public announcement; interestingly TechARP promises to keep us posted either way).
Here’s what IE8 is supposed to deliver, as compared to previous versions:
- Improved performance and reliability that TechARP reports as “extensive”
- Enhanced and expanded visual search suggestions that not only govern general search, but also searches related to shopping, social networking, news and portal sites, sports, and other information categories.
- “Enhanced user experience, greater user privacy, and security enhancements.” This sound like straight-from-MS verbiage that could mean a lot and deliver very little. I guess we’ll have to wait and see.
When MS does release IE8 to manufacturing, OEMs can then use it as a supplement at their option for subsequent Vista and XP installs. Thus, it could start showing up as a pre-installed Windows feature shortly thereafter. So far, no dates for public release via Windows Update are available, but that will be just a matter of time once RTM is set. For most major Windows components, this usually occurs within 60-90 days of RTM so we should expect widespread availability of IE8 in May or June of this year.
Interested admins should probably be even more interested in downloading the latest beta (2) version after reading this news. That download is still available on the Windows Internet Explorer 8 Home page. It’s still necessary to uninstall IE 7 on any test machines before installing IE8 on those machines; presumably this stricture will also apply to production machines once IE8 goes into public release. Time to get ready!
Last week, Microsoft an RC (Release Candidate) build for Windows Vista/Server 2008 SP2 through the Microsoft Connect program to a select group of pre-qualified beta testers. According to Mary Jo Foley’s ZDNet coverage on this topic, the latest build number is 6002.16670.091030 (she got this from Ars Technica, who also indicate the opportunity to grab this item ended on Saturday, February 21, and who also provide a list of all 600-plus hot fixes integrated into this upcoming release). Those interested in testing this beta should pay special attention ot the “known issues” list for this RC update that falls into general headings for application compatibility, IIS, SQL and Server 2008, with information on details and workarounds where applicable.
For most of us, this event provides confirmation that Microsoft’s planned release date in April, 2009, for Vista and Server 2008 SP2 is holding firm. System administrators in companies and organizations that have already migrated to Vista or Server 2008, or whose plans indicate sizable deployments by mid-2009, are urged to keep an eye out for the public beta of SP2 (which should occur some time in March) so they can start testing for compatibility issues, deployment considerations, and configuration necessities prior to rollout.
Just FYI, SP1 will remain a pre-requisite to SP2 (the installation process checks to make sure SP1 has been installed, and for incompatible drivers). If SP1 is missing, it must first be applied before SP2 can be installed: that’s to keep the size of the download/install files down which otherwise would have to include all 600-plus hotfixes and so forth.
If you’ve ever messed with the Windows Vista Recovery Environment you know it’s helpful, but it can take quite a while for it to appear on-screen on a machine in need of repair or recovery. In fact, the functionality behind this display is a WinPE-based facility that’s bundled with the Windows Install Media, and invoked from a Windows Image file (.wim) when you select the “Repair an existing Vista system” from the install menu.
This low-res screen cap of the Recovery Environment describes your Vista Repair options:
here, you want to pick Windows Complete PC Restore.
On most of my Vista machines, it takes in excess of three minutes to get from the Vista install DVD to the System Recovery Options menu shown in the preceding screen capture, and it can sometimes take more than 10 minutes to pop up (as when finding and fixing boot-up issues, as it sometimes must). If you follow the instructions I provide in a recent story for Tom’s Guide “How to Make and Use a Bootable WinPE Drive” you will learn how to use the install media and the Windows Automated Instllation Kit (WAIK) to create a bootable UFD with the Vista Recovery Environment at your disposal. Unlike its DVD-based counterpart, however, this little gem usually presents itself on-screen in under two minutes, which lets you get to work far faster (on the notebook in question, the screen popped up in 1:07).
I was forcibly reminded of this yesterday, when I installed a new driver on one of my test notebook PCs, only to discover that the device went missing upon reboot, and that System Restore was also unable to roll back to the preceding restore point (I later learned this comes from a side effect of Norton security products, as documented in this Symantec page on the “Restoration Incomplete” error also produced during this process). What to do when restore points won’t work (and you don’t yet know how to fix that problem): use the Recovery Environment and a recent backup to restore your system to a pristine state. Luckily for me, I had just backed up my system the night before so I was back up and running in under 15 minutes, restore and all. This time, I skipped the IDT HD Audio driver update that started all my problems, and then went off to research exactly what happened, and why. In a roundabout way, all this led to today’s blog post.
Nevertheless, I was glad to have had this handy little tool at my disposal, which I’ve already used to repair Vista on a couple of machines since building the WinRE UFD in late January. You might want to add one of these to your toolkit. Any old UFD larger than 256MB will do: my WinRE UFD weighs in at 330 MB in all. Thus, a freebie or cheapie 1 GB UFD will work just fine for this purpose.
The latest Vista flap originates from a lawsuit filed against Microsoft Corporation stemming from fees assessed to Los Angeles computer user Emma Alvarado for downgrading a Lenovo notebook PC from Windows Vista to Windows XP. She had to pay an extra $59.25 to get Lenovo to make the switch, and is now claiming that “Microsoft has abused its market position to try to cash in on the popularity of Windows XP.” Microsoft’s rejoinder is pretty straightforward: they don’t get any of the money from the charge she was assessed so therefore there’s no basis for a complaint against them.
Closer investigation reveals a somewhat more murky situation, however. The most popular version of Windows Vista for notebook PCs these days is Windows Vista Home Premium Edition. But only Windows Vista Business Edition and Windows Vista Ultimate Edition (and presumably also Windows Vista Enterprise Edition, though it’s not available in a retail SKU) are eligible for downgrade to Windows XP, and only to the Professional version of that older operating system. In fact, most downgrade charges can be assigned to two cost categories:
- Fees from the vendor for actually performing the downgrade operation–or rather, for performing a clean install of Windows XP Professional on the notebook being purchased.
- Fees for upgrading Windows Vista from the default version included with a notebook PC at no extra charge–presumably Windows Vista Home Premium edition in most cases–to either Windows Vista Business Edition or Windows Vista Ultimate Edition. In fact, Microsoft does profit from any such charges (which not all notebook vendors assess) that may be included in a downgraded notebook’s purchase price.
The real question then becomes: is requiring purchase of a “downgradable” version of an OS an abuse of monopoly power? I’m no lawyer (and to legal professionals, that means that anything I say next means exactly nothing), but this is a situation that appears to cut both ways. Consumers are free to choose any options they like when they purchase a notebook PC. But likewise, Microsoft is under no obligation to make older versions of its OS available to buyers at the same prices as current versions.
Personally, I believe it’s fair to charge for downgrading a system because it requires a different build process from one that goes default all the way. It’s the difference that sparks the charge, not the fact that one build is inherently more expensive or difficult than the other (both involve imaging a disk, but the XP downgrade requires a different image from the Vista Home Premium default image; likewise, buyers who simply upgrade Vista to Business or Ultimate must also pay for that privilege).
I guess the suit will have to go to court so a judge can decide if it has enough merit to go to trial. That said, it will be interesting to see if Microsoft can be compelled to make downgrades purely a matter of preference and paying operational costs, or if they can indeed require buyers to upgrade an OS merely to make it eligible for downgrade. For companies and organizations that still standardize on XP, this is more than a matter of simple curiousity: it will have a tangible effect on the cost of purchase for XP-equipped notebook and desktop PCs. What do you think?