Private vs Public Cloud Computing

Larger companies and government departments are likely to consider going to the Cloud but in a more controlled and secure fashion via a Private Cloud.  A Private Cloud has all the benefits of the Public Clouds but it is hosted inside the firewall of the company or department it is supporting.  Full control of who has access to data is maintained while all the benefits of the Cloud are realized. End-users simply buy their Cloud services from the Private Cloud and the Private Cloud treats the end-users in the same way a Cloud vendor treats its customers. An institution would need to be fairly large to get benefits from this model, however, and smaller groups that do not want to or cannot have their data leave their network can host virtualized environments that have many of the features of the Cloud without the benefits of sharing the expertise and access to scalable resources that a Cloud provider has.

This article features a great example of a hotel group that wants to receive the benefits of cloud computing but is not yet ready to commit to public cloud computing:

http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1364027,00.html

Here is a link around private clounds and AWS, a likely trend.

Four Microsoft Re-releases Today

Microsoft re-released four items today.

 

MS09-044

This bulletin has been revised many times since the August 11, 2009 release.  Let’s hope this is the last major revision needed.  Microsoft updated the security bulletin to fix a download URL issue for RDP Version 5.2 for Windows XP SP2.  We had already discovered this issue late last week.  The URL that we used on patch Tuesday had started downloading the wrong version of the patch.  If you are using latest version of the Shavlik XML, there are no changes needed.

 

MS09-029

Microsoft updated this security bulletin to communicate the re-release of the Japanese language update for Windows XP SP2, SP3 and Windows XP x64 SP2.  Again, the latest version of the Shavlik XML already covers this re-release because the detection logic has not changed for the patch.

 

Security Advisory 967940

“V1.1 (August 25, 2009): Summary revised to notify users of an update to Autorun that restricts AutoPlay functionality to CD-ROM and DVD-ROM media, available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 from Microsoft Knowledge Base Article 971029.”

Reading into Microsoft’s revision notes can be a bit tricky.  We are currently researching the patch associated for this Advisory update.  If there is a required patch update for this advisory, we will add support in our XML.

 

Security Advisory 973882

This security advisory is associated to the ATL vulnerability.  Microsoft has added another affected product to this Advisory:  Windows Live Messenger.  If you are using Windows Live Messenger 8.1, 8.5 or 14.0, this product could be affected by this vulnerability.  Upon launching Windows Live Messenger, it will check into the Windows Live Messenger service to see if there is an update.  If an update is required, the product will prompt you to patch it to version 14.0.8089.  The ATL software vulnerability is contained in the “Attach Photo” feature.  The patch will remove this functionality for a short-term fix.  Microsoft has stated they will fully resolve this issue, and return this functionality, when they launch another feature.

We are currently investigating this advisory and associated patch.

New Version Of Thunderbird Now Available

Mozilla has released a new version of Thunderbird.

Thunderbird 2.0.0.23:  addresses 1 critical security vulnerability.  The release notes can be found here.

The software vulnerability that was addressed by this product update allowed man-in-the-middle attacks via spoofed SSL servers.  If you using Thunderbird in your organization, I highly suggest patching this in your next patch cycle.

Shavlik has released data files (XML version 1.1.3.5062) containing this patch.

This vulnerability also existed in version of Firefox 3.5 and Firefox 3.0.  Mozilla issued product updates addressing this software vulnerability prior to this Thunderbird release in Firefox 3.5 and Firefox 3.0.13.

Did my product just update?

Depending on the frequency of security patches released, Shavlik can release new data files up to four times a week. Two common questions we commonly receive are: “When were data updates posted?” and “What is contained in the update?”

There are a few different ways you can stay informed on data updates for the Shavlik product lines.

  • On the Shavlik Website, you can subscribe to an email list that contains detailed information about data updates for the Shavlik Product lines. When Shavlik publishes new data file updates, we will send an email out to the list informing of the recent update and its contents. The Shavlik support web page contains a form that can be filled out to join this list.  Or, you can send a blank email to subscribe-shavlik-xml-AT-listserv.shavlik.com (replace -AT- with @) to sign up for the email list.

Please note: When subscribing to the email list, you will be sent an email confirmation. You will need to follow the instructions contained in the email to approve the subscription request to receive notifications.

  • Another method of receiving updates is on the Shavlik Support Forums, under the section “XML Announcements”. The Shavlik support team will place the contents of the email notification in the in this section of the Shavlik Support Forums. You do not need to be a registered user to view these postings.

 

  • Lastly, the Shavlik NetChk Protect 7.0 product has a built in RSS feed on the home screen. The information displayed is the same information you would receive via the email list. The product will refresh new update announcements as they become available. This notification only contains patch information as NetChk 7.0 does not include Spyware or Configure in the console. You can also view this information on the Shavlik NetChk Protect 7 update blog.

 

NetChk 7.0 Data Updates Example

NetChk 7.0 Data Updates Example

Our updates can be either Patch, Configure or Spyware updates. In the title of the email, you will see a designation on the type of update that occurred. There can be combinations of the following:

  • [Patch] – These notifications include only Patch data update information.
  • [Spatch] – These notifications contain both Patch and Spyware update information.
  • [Configure] – These notifications include Configure data update information.
  • [Spyware] – These notifications include Spyware data update information.

The Cloud Equalizes New Product Development

Another example of how the Cloud creates greater efficiency is a software development group that wants to create a new software application for either internal or external customers.  By leveraging a Cloud provider they immediately have access to a complete server development environment with no need for IT and with modern cloud database technologies the data is stored in efficient, redundant locations. Servers are tuned and kept up to date by the Cloud provider so no further resources need to be allocated.  During the load testing phase the group can use the Cloud to run hundreds of clients, and after  the testing is completed these servers are freed up to be used in other capacities. This model is financially efficient as servers are set up instantly without the need for the business to provide space, cooling and capital equipment.  Small start ups get all the benefits of the large software providers in an instant and for a low cost, creating a game changing equalizer.

As the newly developed software application is rolled out to end users the Cloud provider automatically scales out the backend databases, web servers, reporting and analysis tools based on customer demand.  Without access to a cloud based environment, the development team would have to work with IT to estimate and purchase the equipment needed to scale for demand increases whereas in a Cloud model the initial backend can remain small and grow automatically when demand creates a need.  Therefore the business only spends on what is needed at any given time and does not have to foot a bill up front for equipment in anticipation of how customer demand will scale.

Whether you are a Human Resources team or a software development group, after the product has been in its market for a while low use periods have automated server count reductions and during peak load server demand is increased, providing simplified cost saving optimizations in which costs scale only with demand.  In this way the Cloud reduces the total cost of IT expenses needed to get a product in the hands of an end-user. Also, if the business decides to move to a new cloud vendor or partner offering lower costs and better support levels, migration is simple with low initiation costs.

These are big changes and they are creating new oppurtunities at a time when technology sales are slow.

Virtualization In The Cloud Provides Significant Advantages

Virtualization provides the foundation for servers on demand by implementing an on-line operating system that is required for all other operating systems to run on the Cloud. Virtualization also enables the Cloud to rapidly create server space based on end-user demand by simply running a new instance of an operating system on an existing server. Virtualization through the Cloud creates a model by which servers become services and the underlying operation system is no longer a factor in how quickly or easily a new server can be provisioned. Looking at the rapid growth of smart phones you see devices where the applications are not tied to the browser but instead are tied to the underlying operating system.  Netbooks will run a phone operating system or Windows® and virtualization is the key to managing all these mobile devices practically.  This would indicate in the future that there will be more operating systems not less, but they will allow the end-user to do more, increasing efficiency, productivity, and cost effectiveness via a virtual desktop.  All in need of management.

As organizations look to further GreenIT initiatives, another advantage of virtualization in the cloud is the fact that a virtual server can be running Microsoft®, Linux®, or another operating system on the same physical hardware enabling low utilization servers to be paired with high utilization servers allowing significant savings in energy costs.

Another benefit to virtualization in the Cloud is the ability to constantly rebalance servers as their usage spikes and drops and to do quick disaster recovery by moving images from one data center to another and quickly restoring the images on new hardware when current hardware fails.

The Cloud is designed to support IT customers with a simple, flexible and scalable value proposition.  Virtualization provides additional benefits that allow IT organizations to truly leverage the level of optimization that Cloud computing promises.

here is a related link.

Post Patch Day Cleanup

After a busy overnight the August version of Patch Day, we are still working on new XML.

Later this afternoon, we will be releasing new XML with the following changes:

  • Re-release of MS09-029
  • MS09-043 – Microsoft Office 2000 Web Components Service Pack 3 (new product detection)
  • MS09-043 – Microsoft Office XP Web Components Service Pack 3 (new product detection)
  • MS09-043 – Microsoft Office 2003 Web Components Service Pack 3 (new product detection)
  • MS09-043 – Microsoft Office 2003 Web Components Service Pack 1 for the 2007 Microsoft Office System (new product detection)
  • MS09-043 – Microsoft Office Small Business Accounting 2006 (new product detection)

On Friday, we are planning on releasing the following:

  • Safari 4.0.3
  • Security Advisory 973811 (Non-security patch)
  • Outlook Junk Email Filter for 2003
  • Outlook Junk Email Filter for 2007
  • Re-release of MS09-035

New Microsoft Security Advisory Published

Microsoft also released a new Security Advisory in this month’s version of “Patch Tuesday”.

Microsoft Security Advisory (973811)
Extended Protection for Authentication

This security advisory includes a new feature that adds additional security measures.  Microsoft noted that this is an optional configuration.  You should visit the security advisory page and research whether this new feature applies to your network.  It is important to note that the security advisory was not released to address a known vulnerability.

Security advisories are not new to the patching industry.  Microsoft has released advisories as a temporary protection measure for users while the patch is being programmed and ultimately released to the public.  In the past, Microsoft described manual workarounds for temporary protection against known vulnerabilities.  These work arounds primary dealt with program settings and registry tweaks.  Deploying registry tweaks in mass to large corporate network can cause quite a bit of pain for administrators.  In response a couple of months ago, Microsoft started releasing “FixIt” tool patches.  These patches allowed patch management vendors the ability to aid administrators in the security advisory deployments.

But with this advisory, Microsoft released the patch as a non-security patch.  You can find the patch(es) here:

Windows Server 2003; Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
Download Location

Windows Server 2003 x64; Windows Server 2003 Service Pack 2 x64
Download Location

Windows Server 2003 Service Pack 2 x64; Windows XP Professional x64
Download Location

Windows Server 2008 x64
Download Location

Windows XP Service Pack 2; Windows XP Service Pack 3
Download Location

Windows Vista x64 Service Pack 1; Windows Vista x64 Service Pack 2
Download Location

Windows Server 2008
Download Location

Windows Vista; Windows Vista Service Pack 1; Windows Vista Service Pack 2
Download Location

If you are running Windows 7 or Windows 2008 R2, this new technology has already been implemented and no action is required.

After deploying this patch, manual intervention is need on each machine.  In order to enable this technology, registry tweaks are required.  More details on this process can be found on the Security Advisory page under “How do I enable this feature?”.

We will be looking at adding support for this non-security patch later this week.

August "Patch Tuesday"

After a busy month of patching with the out-of-band patch day, the fun continues as Microsoft has released 9 new bulletins for the August version of Patch Tuesday.

Microsoft also re-released two security bulletins:

Apple is getting in on the Patch Tuesday cycle for this August.

It is not uncommon for Microsoft to release this many bulletins. We have seen this number before. What is important to note is the volume of patches associated with some of these bulletins. MS09-044 affects five different versions of RDP that can be affected/installed on 16 different versions of Windows. As we have not seen this product patched in the past, we will be writing new product support detection for each of these. MS09-037 is another bulletin that has a lot of patches and affected products associated to it. Windows ATL Component, Outlook Express, DHTML Editing Component, MSWebDVD, Windows Media Player.

We are currently working on these bulletins and will continue working through the overnight hours. This updated XML post will be later than normal, and you should expect this to be released in the early hours of Wednesday morning.

Shavlik Cash For Clunkers

Douglas thanks for the nice note about our $4500 rebate program which we called Shavlik Cash For Clunkers for obvious reasons and it was too much fun to resist the name.  But the rebate is real, up to $4500 back until Sept 15th or the $1M we set aside in rebates is gone, so for smaller customers the product is in effect free if you turn in your clunker for destruction.  Given the value of this deal we will need to make sure its a trade-in, just like the Fed Gov is doing.

We do ask people pay for the maintenance as it covers our very frequent updates to our anti-virus, spyware and patch data as well as phone support.  And thanks to Sunbelt software for working with us to make this happen.  Since we license our software in a perpetual model the maintenance pricing is not full subscription pricing, make this a true high value deal.  Click here for details etc.