Microsoft BEEFS
UP Exchange Server
Microsoft has moved to plug one of the holes in Microsoft Exchange
Server, by purchasing LinkAge software, a Toronto-based company that specializes
in directory synchronization and messaging interoperability. LinkAge builds
products that connect different mail systems such as Lotus Notes, Lotus cc:Mail,
Microsoft Mail, and mainframe systems such as IBM PROFS.
Synchronizing directories with other Exchange sites within an organization, or with Microsoft Mail's or Lotus cc:Mail's post offices, is easy. But synchronizing Exchange with other messaging systems, especially those in the mainframe or minicomputer world, requires a great amount of work, sweat, and tears.
Directory synchronization typically has required bespoke code to extract, compare, and import directory entries into the many sources of email directory information in large companies. LinkAge's Directory Exchange can synchronize directory information from different messaging systems, and it should provide the same functionality for Exchange.
LinkAge's products overlap with some of Exchange's features. Both can communicate, for example, with MS Mail and Lotus cc:Mail.
The connections between Exchange and Lotus Notes, and Exchange and PROFS, provide the real advantages to this acquisition. These connections will let Exchange smoothly integrate with corporate systems, and this integration should please many Fortune 500 companies that run both Notes and Exchange.
Live from Memphis
Windows 95's successor, code-named Memphis, includes a new feature
employing broadcast technology, according to a release to 10,000 beta testers.
Microsoft plans to give Memphis its official debut sometime in 1998 as Windows
98.
Employing broadcast technology, Microsoft attempts to turn the operating system into a television tuner capable of receiving broadcasts from satellites, cable, and regular television transmissions. Memphis' TV Screen is a browser window with an ActiveX video control inserted. Users will be able to browse sites, download data, play games, and participate in online chat sessions relating to a particular television show they are watching. Windows NT users can expect this new tuner technology in NT 5.0.
Other new features of Memphis include a Help Desk that lets users update software, scan for viruses, and clean out cache directories. Upgrades will be easier with Memphis because the software will maintain a small database of system-related information on the user's hard disk. When a user connects to the Upgrade Manager Web site, the database will make comparisons that determine what new files or features the system will require.
Memphis will include new networking options, such as letting LAN users simultaneously dial in to an Internet connection, supporting virtual private networks, and handling data packets better--an improvement for high-bandwidth users. On the downside, Memphis users won't see an NT and Memphis merged driver collection. A common-driver database for both platforms is still out of reach this time around, Microsoft says. The company will spend at least another year working on this database.
IIS 4.0 Beta 2 Released
Beta 2 of Internet Information Server (IIS 4.0) offers several new
features, including crash protection that keeps a faulty Web program from
crashing the entire IIS system. Microsoft shipped Beta 2 (formerly code named
K2) in July.
IIS 4.0 uses one IP address to host numerous Web sites on one IIS server. Until now, Apache Web Server was the only product to offer this capability. Capturing 44 percent market share, Apache currently reigns as the most-used Web server software on the Internet. Because Microsoft plans to position Windows NT 5.0 head-to-head against high-end UNIX solutions, the company says it has no plans to offer IIS on UNIX platforms.
A new IIS feature, Transaction Server, will let developers build scalable server-based Web applications offering rollback capabilities. Rollback ensures the integrity of a transaction, such as a funds transfer. IIS also offers an integrated Certificate Server that lets companies issue certificates (unique digital IDs) to end users. The certificates boost security by proving the identity of a given user. This version of IIS comes with Microsoft Management Console which provides site managers with a single interface for administering IIS and other Microsoft Internet Servers, such as Proxy Server.
Gateway Acquires ALR
A long-standing giant in the consumer and small-office markets,
Gateway 2000 recently entered the business-PC market with its E-Series of
network-ready PCs. Gateway announced it is acquiring Advanced Logic Research
(ALR), maker of high-end servers, for $195 million. Gateway plans to continue
marketing servers under the ALR brand name, and it will offer servers as part of
its Gateway 2000 line.
Coming on the heels of Micron's recent acquisition of high-end server manufacturer NetFRAME Systems, the ALR purchase is a major coup in the server market. With Compaq hot on their heels, Micron, Gateway 2000, and Dell Computer now will compete head-to-head in the direct-marketing and sales arena for servers.
Compaq Cuts Prices
Compaq revealed a new build-to-order strategy that reduces costs for
the company and prices for consumers. The company will cut costs by reducing its
inventory of computer components, and then pass these savings along to
customers. Compaq implemented this strategy to help it compete with
direct-marketing rivals, such as Dell Computers and Gateway 2000.
With this announcement, Compaq unveiled 13 new Deskpro 2000 and Deskpro 4000 system models, and it reduced prices from 2 percent to 22 percent across-the-board on all of its current Deskpro 2000, 4000, and 6000 models.
Earlier this year, Compaq attempted to buy or merge with Gateway 2000 to secure a foothold in the direct-marketing arena. The deal fell through, and Gateway exercised its own plans to buy Advanced Logic Research, maker of high-end servers.
Dell's Managed PCs
Dell Computer recognizes that not everyone wants a NetPC and says
that its new Managed PC will let you remotely conFigure, diagnose, and
troubleshoot systems. "In situations where customers must have flexibility
in addition to power and manageability, Managed PCs will be the best choice,"
said Michael Dell, chairman and CEO. "In situations where the majority of
applications are task or data-entry driven, NetPCs will be the best choice for
manageability."
Managed PCs will reduce onsite maintenance by using the latest remote management technologies to conFigure, manage, and maintain software more efficiently. Dell will offer Managed PC technologies on future corporate desktop and notebook systems. For details about such strategies, see Mark Smith, "Thin Is In".
Compaq and Intergraph Cross Paths
Compaq and Intergraph are moving into each other's markets. Compaq,
known primarily for its server systems, announced a new division to enter the
Windows NT technical workstation market--Intergraph's primary turf. And
Intergraph, known for its 3D graphics and workstation products, is making a run
at the high-end server market, a key component of Compaq's sales.
Intergraph's new InterServe system will compete head-to-head with Compaq's servers, analysts say. Server clusters designed around Microsoft's Wolfpack technology will use the InterServe system. Compaq will aim its new workstation product, Professional Workstations, at Web developers.
Corel Subsidiary Offers Desktop Solution
Corel announced that it is spinning off a wholly-owned subsidiary to
offer a complete hardware and software solution for the corporate environment.
Corel Computer will build products based on Corel's strengths in multimedia. The
company will offer products based on CorelVIDEO, the CorelVIDEO Compression CAM,
and its upcoming Corel Video Network Computer, the cornerstone in the company's
strategy to integrate desktop communications and computing. Approximately 80
Corel employees will move to the new company.
Giants Merge
In a deal as big as the 3COM and U.S. Robotics merger last March,
Compaq recently announced it is acquiring Tandem, makers of high-end, nonstop
computing equipment. Tandem will become a wholly-owned subsidiary of Compaq,
which will issue approximately 29 million shares of common stock valued at $3
billion.
Through this acquisition, Compaq is now in a position to offer any kind of computing platform, from handhelds to massive, parallel commercial systems. This acquisition signals Compaq's attempt to become the industry leader in reliable, scalable Windows NT solutions. In particular, Compaq has access to Tandem's key enterprise technologies such as the Himalaya server systems, NonStop Software, and ServerNet technologies. Compaq already bases its strategy for future clustering systems on Tandem's ServerNet rather than IP as its network protocol.
Cisco Breaks into NT Security
Cisco Systems recently announced a definitive $40 million agreement
to acquire Global Internet Software Group, manufacturers of Windows NT network
security products. Global Internet Software, a wholly-owned subsidiary of Global
Internet.Com, makes the popular Centri Firewall system for Windows NT.
With this acquisition, Cisco can deliver an NT network firewall suite capable of examining credentials including names, applications, IP addresses, and other inquiry characteristics against access rules that the systems administrator specifies. Cisco users will have access to Global Internet.Com's expertise in network integration, design, security, consulting, and management services.
Price Wars Heat Up
As a direct response to Compaq's and Dell Computer's new desktop
PCs, HP cut prices 15 percent to 25 percent on its Vectra PCs, including Pentium
systems and high-end Pentium II systems. Industry watchers now expect HP to
announce build-to-order systems, to compete with Compaq's new strategy.
Exporting 128-Bit Encryption
The U.S. Department of Commerce (DOC) approved Microsoft's and
Netscape's request to export products containing 128-bit encryption techniques.
Previously, the DOC let companies export only 56-bit encryption (for details see
Mark Smith, "The Key to the Kingdom," June 1997). Netscape and
Microsoft plan to export products to financial institutions.
Netscape will export Netscape Communicator and SuiteSpot with 128-bit encryption. VeriSign, a third-party firm that issues, manages, and authenticates digital certificates, will serve as the certificate authority for Netscape's products.
Microsoft will enable 128-bit encryption security for banks and bank customers in products that support the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Microsoft will incorporate the encryption technology in all domestic and export products dealing with the Internet, beginning with Internet Explorer 4.0, Microsoft Money 98, and Internet Information Server.
Adios Windows 3.11
Although PC makers haven't written an obituary for Windows 3.11, the
operating system will soon follow the path of its predecessors. Most PC makers
are winding down sales of Windows 3.11, one of the hottest selling operating
systems of all time. Many manufacturers plan to make 1997 the last year they
will offer it. Digital Equipment stopped offering it as of this year's first
quarter.
Most PCs sold today come with Windows 95 or Windows NT, yet 200 million systems still run Windows 3.11. Microsoft isn't mandating the Windows 3.11 phase-out, but admits plans to eventually draw the line on new Windows 3.11 sales.
New PC98 Specs
Microsoft, Intel, and Compaq are almost finished with new PC98
specifications, which will define PCs in 1998 and 1999. New features in the PC98
specifications include modified bus architectures, new hard disk types, and
performance and management features.
PC98 calls for 3D graphics support using faster dedicated 64-bit PCI or Intel's Accelerated Graphics Port (AGP) technology. A new, separate graphics bus is necessary to serve the memory and bandwidth hunger of 3D graphics, according to an Intel spokesperson. The older ISA bus type will remain intact in PC98, but will not be included after 1999. Microsoft says it will not grant a Windows logo to PC makers that include ISA slots in their systems after January 1999.
The PC98 specification requires that manufacturers incorporate a bus-mastering hard disk on entry-level PCs and SCSI drives on workstations. The PC98 guide recommends but does not require RAID storage systems (traditionally used on servers) for workstations. Additionally, motherboards will include support components that let enterprise management software more closely monitor the motherboards.
The companies plan to complete PC98 specification 1.0 next month. Microsoft requires vendors to comply by July 1998 to maintain Designed for Microsoft Windows logo privileges.
MS Proxy Improves Security
Microsoft states that Microsoft Proxy Server (MPS) 2.0, which the
company released to wide-area beta testing, has improved security capabilities.
Other new features include better packet-filtering technology and automated
attack reporting (i.e., the software informs a person of a perceived attack in
progress). Additionally, MPS 2.0 will work with the Routing and Remote Access
Service (RRAS--formerly Steelhead) technology for Windows NT. Microsoft says the
new MPS enhancements will offer enough security to let users eliminate
additional firewall software.
Squashing CPU Bugs
Intel will unveil a new technology, Encrypted Microcode, to fix
buggy CPUs without physically replacing them. However, industry analysts warn
users and IS managers not to underestimate the complexity of managing this new
technology.
Encrypted Microcode will interact with a system's BIOS to let the BIOS handle error conditions. Instead of replacing the CPU, you address the bugs by upgrading a system's BIOS. But PC BIOSs vary from system to system, making an upgrade difficult to manage. To make matters more complicated, PC manufacturers typically match BIOSs to particular CPU styles.
Analysts expect that OEMs will provide Encrypted Microcode patching. The OEMs will know the CPU and BIOS version, and they will provide a downloadable patch or upgrade that updates the 2KB BIOS flash memory. This technology will correct only microcode errors; it will not correct a CPU's wiring problem.
UNIX and NT Unite
The US Air Force's (USAF's) approval of Softway Systems' OPENNT and
Windows NT paves the road for soaring sales of both products. OPENNT is an NT
subsystem add-on that lets users run UNIX and NT applications on the same
desktop.
Softway's five-year USAF contract will let the firm partner with Hughes Data Systems to supply as many as 37,000 new workstations, a Figure that could multiply if other government agencies jump on board. Hughes expects this move to give the company a big edge over Sun Microsystems, which has a contract to supply the USAF with UNIX workstations. In a similar deal in June, Softway and Compaq won a contract with NASA.
OPENNT installs directly on top of NT as a subsystem. Therefore, OPENNT does not run as an interpreter or emulator--it's a full, realtime UNIX environment complete with development tools. This tool could finally motivate UNIX diehards to coexist peacefully with NT. Softway expects its sales to at least double over the next year.
IE 4.0 Adds Channeling
Microsoft's Internet Explorer upgrade, IE 4.0, promises many new
advances, including the high-profile channel functionality, and a controversial
feature that integrates the browser into desktops. Channels (i.e., push
technology) connect users' desktops to a given Web site. Users don't have to
visit the Web site to get new information; instead the Web delivers the
information immediately on release.
The new IE 4.0 feature integrates the browser directly into the desktop. Some industry watchers say that this direct integration gives Microsoft an unfair advantage because it also owns the operating system.
Microsoft says that competing firms, namely Netscape, can access the necessary code to give their browsers the same type of operating system integration. But no competing companies have asked for access to this code, Microsoft claims. Netscape has a new browser out, Communicator 4.0, which mirrors most of Microsoft's IE 4.0.
Ping-of-Death 2
Like the earlier Ping-of-Death problem, Ping-of-Death 2 completely
freezes Windows 95 and Windows NT operating systems. An attacker sends a barrage
of Internet Control Message Protocol (ICMP) packets to a Windows system. The
ICMP packets confuse Windows on receipt and cause the system to lock up.
The problem affects NT Server and NT Workstation, versions 3.51 and 4.0, and Win95 systems. Microsoft's FTP site offers a patch at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes.
GetAdmin Gets Access
A Russian programmer discovered how to add any user to the
Administrators group by running a simple program called GetAdmin from the
command line. Microsoft became aware of this problem on June 30, but did not
release a fix until about eight days later. When Microsoft released the hotfix,
the patch didn't completely work.
A sharp programmer from Romania, Constin Raiu, easily found another way to make the same attack work, and he promptly released his findings on a popular Windows NT security Web site (http://www.ntsecurity.net). He also reported the problem to Microsoft.
Security experts analyzing GetAdmin's operation think that the program might let hackers access low-level kernel functions or overwrite the internal system stack. Apparently both NT Workstation and NT Server 4.0 (with Service Pack 3--SP3) are vulnerable to the attack. Because the attack worked well under Internet Information Server (IIS), consider it a local attack with the potential for a network trojan attack. As of this writing, no further hotfix was available, but watch Microsoft's Web site for an update.
Privacy Bug Affects Netscape Users
Christian Orellana, a programmer at Denmark-based CaboComm,
discovered a problem in Netscape Communicator where a malicious Web developer
can download a document from a user's system without the user's knowledge. The
problem affects Netscape Communicator 4.0, and Netscape Navigator 2.0 and 3.0 on
all platforms (Windows, Macintosh, and UNIX).
Netscape typically offers a $1000 bug-finder award, but Orellana asked for more than $1000 before revealing the bug's nature. Netscape chose to hunt down the bug with help from PC Magazine, which obtained information about the bug from CNNfn. However, Orellana says he had a verbal agreement with CNNfn that it would not disclose the information to Netscape.
Orellana recently relinquished his information, and his findings match what Netscape determined independently. A patch is available for Communicator 4.0, and the new 4.01 already contains the fix. A fix for Navigator 3.0 was in the works at press time.
Crashing IIS
An intruder to Microsoft's Internet Information Server (IIS) can
cause a service attack denial, and crash the server by sending an abnormally
large universal resource locator (URL) to IIS. Classified as a typical buffer
overflow exploit, the problem routinely affects UNIX systems. Microsoft has
posted a hotfix on its FTP site at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes.
Bug Exploits Files
A bug in Microsoft Index Server (formerly code-named Tripoli) lets
users access files usually not available for access. Index Server is Microsoft's
search engine for Internet Information Server.
A feature in the software is meant to let users view searched documents with key words highlighted. But the feature, known as Hit Counter (Webhits.exe), lets the Web server read files it shouldn't read. The problem is similar to the Active Server Pages (ASP) bug that lets users read Active Server Script files by placing a period at the end of the URL. In many cases, an Active Server Script contains a username and password to a network resource, usually a SQL server.
MS Index Server shipped with Service Pack 2 for Windows NT and is available on most Microsoft NT Internet Information Web servers. Protect yourself from this attack by moving Webhits.exe to a protected directory. Review the associated Web pages that work with Webhits.exe and make certain they permit only content searching of what you want revealed.
Out of the Band and Off the Net
The WinNuke bug causes service denial to any Microsoft networking
client with listening port 139. Internet circles have known of WinNuke for more
than a year, but details weren't released until recently. WinNuke attacks a
Microsoft client by sending Out of Band (OOB) data to the client on port 139.
The bug mostly affects NetBIOS, which listens on port 139 among others. But the attack may work against Microsoft's Domain Name System (DNS) running on port 53, causing massive Event Log entries related to "select() errors." Apparently, the operating system doesn't know how to handle OOB data properly, so strange events can happen. Windows NT displays the Blue Screen of Death identifying Tcpip.sys as the culprit, and requires a reboot after being attacked. Windows 95 may or may not crash completely, but it always presents a blue exception Screen, identifying MS TCP and network driver interface specification (NDIS) as the culprits. Win95 always stops talking on the network after the attack. Microsoft released a fix for this problem for both Win95 and NT. You'll find each fix on Microsoft's FTP site at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes.
Add the Osmium Element
Osmium, the beta release of Microsoft's Exchange Server 5.0,
promises several interesting new features while lifting some key architectural
restrictions. One key upgrade is the lifting of the 16GB restriction on the
information store. The amount of physical disk space attached to a server
currently limits Exchange. Osmium changes the internal structure of the
information store, according to release notes. But you do not need to convert
the existing stores, as was required in the upgrade from Exchange 4.0 to
Exchange 5.0.
Jet continues to be the database engine, and Osmium supports Wolfpack phase 1 clustering. However, phase 1 clustering provides only active/standby protection, and more work is necessary before multiple Exchange servers can concurrently access a shared information store. You can expect to see this capability in 1998.
Microsoft will use the unrestricted store size as a competitive advantage against other vendors such as Lotus Notes, which still has a database maximum of 4GB. At the Microsoft Scalability Day in May, an Osmium build demonstrated a single Alpha-based server supporting a simulated load of 50,000 POP3 clients. A other server held more than 50GB of newsfeed information in its store. Both demonstrations prove that building large Exchange servers is technically feasible, but the challenge of managing large servers remains. Backing up a 50GB database, for example, is not a small task.
Exchange Server is on an aggressive development path. If Osmium makes its expected release date, we'll have seen three major versions of a high-end messaging server in 21 months.
