Windows IT Pro UPDATE--US Government Gets Early Patch Access; VB 6.0 Users Up In Arms--March 15, 2005

Make sure your copy of Windows IT Pro UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertiser's Web sites and show your support for Windows IT Pro UPDATE.

Raxco's PerfectDisk– The World's #1 Defragmenter http://www.raxco.com/itpro

Group Policy Software Deployment greatly enhanced http://www.specopssoft.com/products/specopsdeploy/WinITPro_20050315_default.asp

1. Commentary
- US Government Gets Early Patch Access; VB 6.0 Users Up In Arms

2. Hot Off the Press
- Analysis: Enthusiast Web Sites Forced to Reveal Sources to Apple

3. Networking Perspectives
- Installing Servers at a Remote Location

4. Peer to Peer
- Featured Thread: Got NT? Better Have Extended Support or a Good Firewall Too!
- Tip: Are any tools available to help configure performance monitoring on Windows 2000 and later computers?

5. New and Improved
- Get Rid of Spam

==== Sponsor: Raxco's PerfectDisk– The World's #1 Defragmenter ====
One of Microsoft's four original developers of the NTFS file system has published a white paper on the importance of free space consolidation on file system performance. Read it here for free, and also receive a free evaluation copy of PerfectDisk v7.0. PerfectDisk is certified by Microsoft(r) and provides an exclusive peer-to-peer architecture and full integration with Active Directory(r) for easy enterprise management, a patented optimization strategy, single-pass defragging, single-pass free space consolidation for reduced rates of refragmentation, and much more. Nine out of ten enterprises choose PerfectDisk over 1990s multi-pass defragging technology. Join Microsoft, Intel, EDS, IBM, Gibson Guitar, SUBWAY, the FBI, and thousands of others in improving performance and productivity with PerfectDisk. Trust PerfectDisk. Proven. Tested. Microsoft Certified.
Free white paper, evaluation, ROI tools and more at http://www.raxco.com/itpro

==== 1. Commentary: US Government Gets Early Patch Access; VB 6.0 Users Up In Arms ====
by Paul Thurrott, News Editor, [email protected]

This week, I tackle two Microsoft controversies: a new Microsoft policy to provide the US government with advance security patch notification and the end of support for Visual Basic (VB) 6.0, which is causing much fretting and angst in certain quarters. Let's dive in.

Microsoft Grants Early Patch Access to US Government
Microsoft has revealed that it will provide the US Department of Homeland Security (DHS), the US Air Force (USAF), and similar organizations early access to software security patches that it will later release publicly. Security experts immediately assailed the move out of fears that information about the patches--and thus, the flaws--could find its way into the hands of malicious hackers.

Here's the problem: If Microsoft provides detailed information about a Windows security flaw far enough in advance of the public fix, malicious hackers could use that information to construct malicious software (malware) that exploits the vulnerability. But Microsoft is providing only the actual patches, not detailed information. But hackers are already reverse engineering patches the day the patches are released to discover which software processes the patches change, and thus, in many cases, gather information about the flaw they fix. However, that's generally difficult and time-intensive work.

Although the company acknowledges there is some risk, Microsoft tries to counter these fears by noting that it will disseminate patches only to trusted government agencies. However, reports last week noted that the DHS would provide other government agencies with access to the Microsoft patches as needed, heightening fears that the patches could be used for illicit purposes: The patches will likely be provided to a wide range of people, any one of whom could spread the code to hackers.

Is it a risk worth worrying about? According to the USAF, it has successfully tested early access to Microsoft security patches for a year and is officially rolling out the program after much success. Because of the classified nature of much of that agency's work, the USAF believes that it's imperative that it has early access to patches for security reasons. And the USAF acts as one of Microsoft's external testing test beds. Patches provided to the organization later show up publicly through Microsoft's scheduled monthly security patch release. The program has been so successful that other government agencies want to be involved. In some ways, this desire speaks highly of the quality of Microsoft patches, which were once the source of distrust and even ridicule in certain quarters. You know who you are.

VB 6.0 Users Decry End of Support
A group of VB developers, many of whom were elected into Microsoft's Most Valuable Professional (MVP) program, have signed a petition asking the software giant to continue support for VB 6.0. This software development environment predates the Microsoft .NET initiative, which moved the company's developer tools to object-oriented managed code, significantly changing the VB language syntax. For many users of earlier VB versions, the change was too dramatic, and they've stuck with VB 6.0 even as Microsoft gets ready to ship the third Visual Basic .NET release later this year.

Here's the problem: The 7-year-old VB 6.0 release is comparatively ancient technology that's set to enter extended support on April 1, 2005, effectively ending free incident support and critical updates for the product. VB 6.0 supporters want to see Microsoft continue to support VB 6.0 (though it has already extended the standard support period for the product once) and, incredibly, to release new VB versions that use the old COM-based code that VB 6.0 uses--not the .NET managed code style that Visual Basic .NET uses.

Yikes. The curious continued existence of Microsoft Visual FoxPro notwithstanding, Microsoft doesn't have a history of keeping ancient products on life support like that, especially when the company has, in fact, continually updated the programs with new versions. For comparison, imagine if a group of Windows 9x supporters rallied together and asked Microsoft to release a new version of that product now, despite the fact that the company had already migrated to the Windows NT code base years earlier. We're basically talking about the same thing. Except for one thing: VB 6.0 is 2 years older than the last Windows version based on DOS/Win9x. It's time to move on, people.

Full disclosure: I'm a VB guy from way back (in fact, I wrote books about VB 3.0, VB 4.0, and VB 6.0, but not, notably, about any of the .NET versions), so I feel the pain. But these VB 6.0 supporters need to understand that VB 6.0 is too limited to be relevant today and in the future. Maybe this is an opportunity for a third party to pick up the "Classic BASIC" syntax of VB (REAL Software's REALbasic--see the link below--is one inexpensive possibility). But asking Microsoft to fork product development years after the fact is a bit much, sorry.

REALbasic
http://www.realsoftware.com/realbasic

==== Sponsor: Group Policy Software Deployment greatly enhanced ====
Group Policy has historically lacked a lot of functionality to make Group Policy a natural alternative for deploying and managing software professionally in all sizes of organizations. Get this feature set with Group Policy and Specops Deploy from Special Operations Software: Real time feedback/statistics of all ongoing Software Deployment operations; Deployment of Windows Installer and legacy packages; Scheduling; End-user notifications; Support for weak network links; BITS; Deployments to users or desktops/servers during logon, boot or even during runtime without reboots; EASY and FAST to setup/use. Download a 20-day trial version:
http://www.specopssoft.com/products/specopsdeploy/WinITPro_20050315_default.asp

==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

Analysis: Enthusiast Web Sites Forced to Reveal Sources to Apple
A California judge in the County of Santa Clara has ruled that representatives of three Macintosh enthusiast Web sites must reveal insider sources that provided them with plans about upcoming Apple Computer products. Apple, a darling of the media and its users, is risking its untarnished reputation by taking on its most ardent fans, who trade secrets and rumors about the company's upcoming products regularly. However, it may come as a surprise to some that Judge James P. Kleinberg, who is overseeing this case, has issued a well-reasoned ruling in defense of Apple's claims, albeit one that is sure to ignite free speech debates for months to come. To read the rest of the article, visit the following URL:
http://www.windowsitpro.com/articles/index.cfm?articleid=45709

==== 3. Networking Perspectives ====
by Alan Sugano, [email protected]

Installing Servers at a Remote Location
I recently went out of town to upgrade a client's server. In my consulting business, I always feel under pressure to accomplish a certain amount of work before leaving for home. I installed a new Windows Server 2003 and Microsoft Exchange Server 2003 server and had to migrate the data from the existing Windows 2000 server to the new server. When I've performed similar remote upgrades, I've prepped the server at my office and completed the installation on site. This sounds like a good idea, but in reality it doesn't save much time. If you decide to prep a server before transporting it to the site, don't make it a domain controller (DC); simply prep the hardware and install the OS. You can miss too many details during the onsite installation that can cause problems in the future. Read the rest of this article at the following URL:
http://www.winnetmag.com/articles/index.cfm?articleid=45716

==== Events and Resources ====
(from Windows IT Pro and its partners)

Plan For or Prevent Exchange Messaging Disasters
In this free Web seminar, join Exchange MVP Paul Robichaux as he describes some operational scenarios in which "disaster recovery" takes a back seat to "business continuance." Learn how to be prepared for events that might otherwise wipe out your messaging capability and how you can survive them with your messaging and job intact.
http://www.windowsitpro.com/seminars/exchangedisasterrecovery/index.cfm?code=0316emailanns

Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!
http://www.windowsitpro.com/roadshows/sqlserverusa/index.cfm?code=0314emailanncs

FOSE, April 5 – 7, 2005
FOSE - the most comprehensive technology event serving the government marketplace. FOSE provides more value through expanded educational programs; more exhibits; more solutions via best practices and demonstrations; informative keynotes speeches; and networking opportunities. FOSE is *FREE* for government & military personnel. For details, visit:
http://www.fose.com

Empower Users and Produce Substantial ROI
Join industry expert David Chernicoff in this free Web seminar to learn how to integrate and automate fax from messaging systems such as Microsoft Exchange Server and Outlook and other various applications. And learn how to improve document handling and delivery by streamlining the integration of fax services into everyday business processes.
http://www.windowsitpro.com/seminars/faxservers/index.cfm?code=0316emailannc

Achieve High Availability and Disaster Recovery for Microsoft Servers
Attend this free Web seminar for your chance to win a $1000 American Express Gift Check! In this Web seminar, discover what it takes to minimize the likelihood of downtime through reliability and resilience in your Microsoft server environment, including Exchange, SQL Server, File Server, IIS, and SharePoint. Sign up today!
http://www.windowsitpro.com/seminars/microsofthighavailability/index.cfm?code=0316emailannc

~~~~ Hot Release: (Advertisement) Netopia ~~~~
The Competitive Advantages of Multi-Platform Remote Control: A Pathway to Increased Productivity
Discover how you can outperform the competition by controlling costs and boosting productivity and download this free white paper now!
http://www.windowsitpro.com/whitepapers/netopia/remotecontrol/index.cfm?code=winhs

==== Instant Poll ====

Results of Previous Poll:
The voting has closed in Windows IT Pro's nonscientific Instant Poll for the question, "If you subscribe to Windows IT Pro magazine, how long do you keep your back issues for reference?" Here are the results from the 146 votes:
- 18% One month or less
- 16% More than 1 month, but less than 1 year
- 30% More than 1 year, but less than 5 years
- 2% More than 5 years
- 34% I never throw them away

New Instant Poll:
The next Instant Poll question is, "Do you think Microsoft's policy to grant certain government agencies early access to patch information poses a security threat?" Go to the Windows IT Pro home page and submit your vote for a) Yes, b) No, or c) I don't know.
http://www.windowsitpro.com/magazine

==== 4. Peer to Peer ====

Featured Thread: Got NT? Better Have Extended Support or a Good Firewall Too!
Visit the following URL to read the latest post on the Security Matters blog:
http://www.windowsitpro.com/article/articleid/45694/45694.html

Tip: Are any tools available to help configure performance monitoring on Windows 2000 and later computers?
by John Savill, http://www.windows2000faq.com

Find the answer at the following URL:
http://www.winnetmag.com/articles/index.cfm?articleid=45704

==== Announcements ====
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )

Get Windows IT Pro at 44% Off!
Windows & .NET Magazine is now Windows IT Pro! Act now to get an entire year for just $39.95--that's 44% off the cover price! Our March issue shows you what you need to know about Windows Server 2003 SP1, how to get the best out of your IT staff, and how to fight spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0. This is a limited-time, risk-free offer, so click here now:
http://www.windowsitpro.com/rd.cfm?code=theu2052up

Get SQL Server Magazine and Get Answers
Subscribe to SQL Server Magazine today and get the latest "Top SQL Server Tips" handbook (includes over 60 helpful SQL Server tips) and free online access to every article ever published in the magazine--that's thousands of problem-solving solutions, expert tips, tricks, and the latest insider notes to help you get the most out of SQL Server. Sign up today:
http://www.sqlmag.com/rd.cfm?code=tgeu2153ts

Chat About Event Logs
Randy Franklin Smith is one of the foremost authorities on the Windows Security Event Log and a respected trainer who teaches Monterey Technology Group's "Security Log Secrets" course. In his article in the March issue of Windows IT Pro, Randy shines a light on this dark and mysterious corner of cryptic event IDs and codes and inaccurate Microsoft documentation. Here's your chance to ask Randy your questions about the Event Log and get answers Microsoft doesn't provide. Join the chat on March 16 at 4:00 p.m. EST. Visit
http://www.microsoft.com/communities/chats/default.mspx#050316_TN_SecEv for details.

==== 5. New and Improved ====
by Angie Brew, [email protected]

Get Rid of Spam
Styopkin Software released Antispam Scanner, a proactive antispam agent for Windows that connects to user mailboxes and gets rid of obvious spam directly on the server. The program's interface looks like a traffic light and contains three zones: the red zone, which includes spam messages; the yellow zone, which includes messages such as HTML newsletters; and the green zone, which includes messages from known recipients or that contain whitelist triggers, such as press releases. You can modify Antispam Scanner to include specific triggers to exclude or download messages. Antispam Scanner costs $25 for a single-user copy. Contact Styopkin Software at [email protected].
http://www.styopkin.com

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:[email protected].

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]