Saturday, March 21, 2009

Small Business: The New Black In Cybercrime Targets

Enticed by poor defenses of mom-and-pop shops, hackers turn away from hardened defenses of banks and large enterprises
Mar 19, 2009 05:53 PM
By Tim Wilson

"As the security becomes better at large companies, the small business begins to
look more and more enticing to computer criminals," said Charles Matthews,
president of the International Council for Small Business, in a panel
presentation here. "It's the path of least resistance."

Matthews quoted industry research that states small businesses are far less
prepared to defend themselves against cyberattack. "Nearly one-fifth of small
businesses don't even use antivirus software," he said. "Sixty percent don't use
any encryption on their wireless links. Two-thirds of small businesses don't
have a security plan in place. These numbers are both surprising and

I'd encourage you to have a read of the full article and think about how this applies to your clients, your own business and small businesses in general. Quark IT is fairly security conscious and encourages this in our clients which is a good reason why we see very, very few of our clients suffering from security-related incidents. We do come across new clients occasionally who are secured to a level we find acceptable, but really, not that often. This isn't bad for the SBSC partners who should really understand this, but it means that those who are not SBSCs don't really have a good understanding of security (nor networking, from what we've seen on way too many occasions).

The article talks a lot about PCI Compliance which is related to Credit Card processing, and this is a good target for cybercriminals, but there are also other things for them to target - sporting associations often have lists of children's names, phones, addresses and sporting teams and this is absolute paedophile gold, a business will have a list of their clients on their computers which an unscrupulous competitor may be after, larger businesses with multiple locations will often have staffers who are unfamiliar with management and IT staff, and therefore can more easily fall foul of social engineering and even small businesses can let almost anyone into their server if you pick the right time. So, it is not just about PCI Compliance, but securing the whole business.

The more mobile the workforce becomes and the more remote workers we have, the further out the network perimeter extends and the bigger it becomes. Big and wide is harder to protect against then small and tight - we need to ensure that allowing users to have remote access to the company network is not introducing unacceptable and/or uncalculated risks.


The Outspoken Wookie

Friday, March 20, 2009

SBS/EBS Vouchers

OK, I've just been informed that the first 300 people who registered for and attended the Licensing Road Show were given SBS/EBS Exam vouchers, not all who attended.

So, if you received one of these 300 vouchers, as I blogged here you now have until 30 June 2009 to sit the exam. If you didn't receive a voucher this time, well, that should be enough incentive to sign up for the next Microsoft Road Show early in case they feel charitable again! :)


The Outspoken Wookie

SBS/EBS 2008 Exam Voucher Extension

I asked Microsoft to see if they really meant to give us a whole 8 days to sit the SBS and/or EBS 2008 Exam using the Voucher that was sent yesterday to all of those who attended the recent Licensing Road Show and have just heard back that the date has been extended from 31 March 2009 until 30 June 2009.

So that's great news - the 70-653 (SBS 2008) or 70-654 (EBS 2008) Exam is a pre-requisite for attaining your Small Business Specialist Community membership and needs to be taken by those SBS 2003 SBSCs before 31 October 2010 to remain an SBSC past this point.

So, thanks to Robbie for the RC0 code that he was handing out to anyone within reach during August and September 2008 and also to the copy that he arranged for attendees of the WESS Pre Day for Tech Ed 2008 and also to the copy that is available through MAPS, MSDN and/or TechNet, not to mention the Evaluation Version that can be downloaded or ordered from Microsoft TechNet (SBS 2008 and EBS 2008), we've really got no excuse not to be able to make time to get experience with, study for and now sit this exam.


The Outspoken Wookie

Microsoft Internet Explorer 8 Released

MSIE 8.0 has been released for the following operating systems:

Windows XP
XP x64
Windows Vista
Windows Vista 64-bit
Windows Server 2003
Windows Server 2003 64-bit
Windows Server 2008
Windows Server 2008 64-bit

Microsoft US offering free support of MSIE 8.0 installation, setup and usage for consumers running Windows XP or Windows Vista in a non-domain environment by calling 1-866-876-4926 (US and Canada only).

Please note that MSIE 8.0 has not been released as RTM for Windows 7 due to the fact that Windows 7 has not been released to manufacturing yet. Windows 7 users need to struggle through with their Beta release until a Release Candidate is made available which should (can't really not) be more stable than the Windows 7 Beta (Build 7000) release of MSIE 8 .0.


The Outspoken Wookie

Adobe Reader Updates

For those who are running Adobe Reader 7.x or 8.x (for example, as 9.x doesnt support roaming profiles, so you need to run 8.x to have this functionality), then they have released updates for these Reader versions to address the recently fixed vulnerability.


The Outspoken Wookie

Thursday, March 12, 2009

Foxit Reader Update

Just when we thought it was safe to go back into the water...

Foxit Software has released a security update for Foxit Reader to address 3 vulnerabilities. If you're running Foxit Reader, I strongly advise you get the updates.

Still, a 3.5 MB PDF reader versus a 41 MB PDF reader. I know which I'd prefer...


The Outspoken Wookie

Adobe Reader Update for Critical Security Vulnerability

On 11 March, Adobe finally released Adobe Reader 9.1 to fix the vulnerability that was discovered on 20 Feb, 2009. Adobe Reader 9.1 still doesn't support Roaming Profiles on Windows systems, so you need to either stay with Adobe Reader 8.x (which contains this vulnerability and is as yet unfixed) or move to a better option - something like Foxit Reader at 3.5 MB versus Adobe Reader 9.1 at 41 MB!


The Outspoken Wookie

Wednesday, March 11, 2009

SBSC PAL March 2009

Well, the Nick King events have been and gone and unfortunately were not well attended. I think the attendance at these events has a close correlation to the general SMB IT Pro community’s feelings about Microsoft’s ability to be able to deliver appropriate technical training to its Channel Partners. We’ve given Microsoft the benefit of the doubt too many times without any improvement in their performance and we’re now non-believers. Nick is a nice guy and honestly interested in helping us out here. I hope he sees the lacklustre attendance as the cry for help that it truly is!

This is not a good situation to be in for Microsoft nor its Channel. I certainly don’t like having a major partner who seems not to know how to train us adequately on their products and seems to not have a lot of depth of knowledge about those products (as evidenced by people stating that PSS are asking them to disable IPv6 in SBS 2008 as a troubleshooting measure). That’s quite a concern for us all and should also be quite embarrassing for Microsoft.

Nick did explain to me that the process that was followed and the team that developed the recent EBS Hot Lab that was such a total failure had been restructured to ensure that such a problem never happened again. So that’s something very positive, however it is only one small step in the long walk Microsoft needs to make to get their Channel Partners back on side with training.

And right now, as business slows somewhat for a number of SBSCs, this is the perfect time to get some training in to perk up our technical abilities and be able to deliver better service to our existing and future clients both now and when life again returns to normal. The problem is that we cannot trust Microsoft to deliver this technical training. So, what do we do?

There’s a great deal of technical information “out there” for SBS 2008. It isn’t collected in any one place. I know Nick and The Wayne were asked about this training material at the Brisbane event and The Wayne said he’d be making a blog post outlining the training material, books, courses and so on that were appropriate for learning more about SBS 2008. That’s definitely going to be something worth looking forward to.

One thing that was totally missed at the recent Licensing Roadshows was the Licensewise site that Microsoft has. This is apparently a rather nice site that gives you all of your Microsoft Licensing product options when you choose the products you’re after. It is a pity, however, that it has so many issues in IE8 (at least under Windows 7). :(

Apparently, after listening to the Microsoft Financing talk at the recent SBSC PAL conference call, we’re no longer going to be financially liable if a client that Microsoft Financing has approved goes under. This is an excellent change, bringing them into line with all other financing companies, and means that we’ve now got a great financing option in Microsoft Financing. In these tougher economic times, this is an option that will help you grow your business and look more like a business advisor to your clients than just the guys who sell them their computers. What’s even better is that you can bundle hardware, software, licensing installation labour and MSP/maintenance agreements into the monthly price – something rather nice, considering you get paid up front for an approved client!

The April shipment of the SBSC Toolkit will include System Center Virtual Machine Manager 2008 Workgroup Edition, which is licensed for 5 users. The version (workgroup or Enterprise) is still to be determined, but getting at least Workgroup will mean managing our physical host servers will be a lot easier, and we get to see how this will be an advantage on some of our larger client sites.

Also, remember that the new Microsoft Partner Program requirements will be changing, meaning that we have until October 2010 to sit the new exams to retain our SBSC status (and more importantly, knowledge). These new exams are SBS 2008 (70-653), EBS 2008 (70-654), the original OEM (74-134) and Windows Sharepoint Services (70-631) as well as the new Exchange Server 2007 (70-236), the new OEM (70-655) and additionally the Web Solutions Competency (70-562) and MBS (SQL) Competency (70-432). Passing any one of these active exams is required and with some experience under your belt, you should be able to complete one of these exams before the end of this FY, giving us ample time to complete by the cut off date of October, 2010.


The Outspoken Wookie