Blog Home  Home Feed your aggregator (RSS 2.0)  
Dave's MCT Stuff
Stuff from Microsoft Certified Trainers
 
# Saturday, March 22, 2014

The XP operating system is based on the Windows NT 5.0 kernel that was developed in the late 1990’s. In fact, if you do a VER command on Windows XP it lists the version as 5.1. That is NT 5.1.

While NT 4.0 was the last of that name, originally, Windows 2000, the immediate predecessor of Windows XP, was to be called Windows NT 5.0, but Bill Gates had the name changed to better sell the Y2K fixes in Windows 2000.

 

The bottom line is that the 5 kernel is VERY old in the Tech world scheme of things, and every exploit that has gotten a patch over the years makes the kernel unwieldy and extremely difficult to patch any longer. From a security standpoint, it really has reached the end of its life. Every exploit from this point onward costs a great deal to remedy, and the codes is very difficult to maintain, and Microsoft has reached the cost of diminishing returns on the ability to patch XP. That’s it. End of life.

 

Don’t blame Microsoft. Blame the attackers for continuing a war and they are always on the lookout for new exploits. Nothing made by man is unbreakable by man. You wouldn’t expect a cavalry charge with soldiers on horseback to defeat a tank army, would you? How can you expect a 14 year old operating system to be able to survive 14 years of learning the code and exploiting it that the hacker community has now had? When do you decide that that system is no longer reasonably defendable? Microsoft as a sue-able corporate entity has to take into consideration that if an exploit can destroy or compromise someone’s data or financial information they could wind up in court being sued for allowing XP to continue. And believe me, Microsoft sees frivolous and BS lawsuits all the time from greedy lawyers hoping to scavenge some ready cash form tech ignorant juries and judges. Microsoft realized this when they set about creating the 6 Kernel (Vista/Windows Server 2008/Windows 7/Windows 8/Windows Server 2012) and they actually are hard at work on the series 7 kernel.

 

I expect some folks to be pissed at Microsoft when THAT is released, but it is required in this ending war.

Saturday, March 22, 2014 7:30:22 AM (Central Standard Time, UTC-06:00)  #    Comments [0]    | 
# Tuesday, December 03, 2013

As a part time Microsoft contractor, I can tell you there are a lot of good reasons to get off of XP.

 

First of all, the kernel is based on 15 year-old technology. It is version 5, as in NT 5.0, the planned successor to Windows NT 4.0, released in 1996. The then new kernel 5 was developed in 1998/99, but Bill Gates had the release name changed from Windows NT 5.0 to Windows 2000 in mid/late 1999. The name was changed as a gimmick to lead people to believe Windows 2000 had the Y2K problem fixed. If you type “ver” into a Command Prompt on Windows 2000, it shows as Version 5.0. Ver on Windows XP is Version 5.1, and Ver on Windows Server 2003 shows as Version 5.2.

The kernel was completely redesigned in 2006 as Longhorn, and released as Windows Vista in 2007 and Windows Server 2008 in early 2008. A ver on these machines show the kernel Version of 6000, which is 6 (why the zeros? I think they wanted to emphasis the big changes, but it is kind of ridiculous).

 

So why is this important? Well, we reached the point, sometime ago actually, where the V5 kernel cannot be patched to remedy sophisticated attacks that have had 15 years of legacy and development. Continuing to use XP makes you VERY vulnerable to these types of attacks, and puts your infrastructure and data at great risk. Why assume the risk?

The V6 kernel has removed the code that allows all kinds of unauthorized take-overs of system processes and services. No doubt as years go on there will be future exploits that may get around these changes but that does not change the high vulnerability of the V5 kernel.

 

Change is change. The tricks and loops that the V5 kernel had to do in order to run on the limited 1999/2000 era hardware doesn’t have to be done any longer—hardware has turned over several generations since then. The V6 kernel, in my opinion, is getting long in the tooth, and needs a complete redesign into V7, which will come soon. I imagined everyone will hate that, too, LOL!

It’s one thing to assume a risk on your home computing environment because you do not care for the new UI, but quite another to do so in the business world. It would be, in my opinion, close to malpractice for a business IT department to want to continue running a V5 kernel. I know it is a well known practice in the business world to replace desktops every 5-7 years and servers are kept not much longer (although I’ve seen some old boxes survive due to budget cuts). Why would you want to keep 15 year-old software around? There has been so many advances since, both in hardware and software!

 

Finally, the bottom line is that Microsoft will no longer support or provide updates, security or otherwise, for Windows XP after this coming June. For them, it is not so much as business decision based on new profits but rather on liability. Lawyers of companies that may lose a lot of money from a well-known attack being successful against them, try to blame the vendor of that software for their loss, and Microsoft will not continue to be in that position.

 

Get out of XP and upgrade to the V6 kernel!

Tuesday, December 03, 2013 12:30:38 PM (Central Standard Time, UTC-06:00)  #    Comments [0]    | 
# Tuesday, October 22, 2013

I have a Sony Vaio Tap20, one of the largest tablets in the world!  Sony_TAB_20_35477655_11_620x443SONY-TAP-20

Of course, I don’t use it like those guys; it’s too big and too heavy!  I use it like this:Sony_TAB_20_35477655_01_620x433  Which makes it just another desktop.

Well, it’s more than just another desktop, really.  It come with an i7 processor, 8 GB of RAM,a 1TB hard drive, a 20-inch touch screen, Bluetooth, wired and wireless LAN, USB 3.0; a pretty nice computer, and it is portable.  The battery is heavy and only last 1-2 hours, but technically, I can unplug it and lug it around or sit it in my lap while watching TV, like the gentlemen pictured above (except it’s so heavy it leaves a red skin mark where it rested on my belly or shoulder).

So, the Tap 20 came with Windows 8 shortly after Windows 8 was released.  I bought the computer as soon as it came out in November of 2012.  I really, really like it and it has been a wonderful work-horse for me.  Given the hardware specifications above, I even use it to run the Client Hyper-V that is available with Windows 8, and while it’s barely enough RAM to run a virtual machine or two, it works well.  I would use more RAM if it could fit in, but it doesn’t.  That is truly the only thing I dislike about it.

Now Windows 8 on this machine has been an experience.  The first thing I did on the machine was upgrade to Windows 8 Pro.  I mean, really, I need all the bells and whistles, not some substandard of an operating system.  Honestly, I hate some of the default Windows 8 apps, like Mail, but still use it all the time.  I also have Office 2013 Professional, and use Outlook 2013 for my more important mail activity.  The Calendar app was showing me birthdays and other events for people I simply didn’t care enough about to be reminded, and it took me a lot of time to fix that (calendar events are coming from the Windows account, Facebook, LinkedIn, etc.).

So on Friday, 18 October 2013, I went to the Windows Store and lo and behold! There was the Windows 8.1 Pro upgrade, which I ran.post-455563-0-55698000-1367437666

It took some time, but went perfectly.

It has new functionality in the Start icon—it is still not a Start button—which suits me fine. 

windows_blue_start_button_menu

I like the concept of the Start screen, which is a Start button and menu all in one.

Several important differences after the upgrade:

1.  The screen is much, much brighter.  Too bright, almost.  The screen sits kitty-corner to me at my desk, and when I’m using the KVM’ed monitor on my servers, the glare from the right-side of the Sony Tap 20 screen causes reflections in my eyeglasses, making it hard to read my KVM’ed monitor.  I tried to turn it down, but the Tap 20 was actually on the lowest brightness setting.  In fact, turning it UP seemed to make no difference, it was just as bright.  I found that If I leave it in a white backgrounded app it is too bright, so I usually leave it in the start screen, which, with its default dark blue background, is better.  But even so, the dark blue of Windows 8.1’s start screen is several shades lighter than the dark blue background of Windows 8! So I’m thinking that the driver was updated by Sony for the 8.1 release and needs some more tweaking.  Come on, Sony, you can do it!

2.  Annoyingly, because I have my university email in the Mail app, it is now requiring me to have the screen password locked.  This shouldn’t be a problem but it happens after only 15 minutes of inactivity.  I went into the local group policy and set all the settings* to an hour and a half, but it STILL locks after 15 minutes.  Since I often spend several hours at my desk (I work mostly at home now, writing & videoing mostly) this is getting to be a real PITA.

3.  The Mail app has been slightly improved.  Not enough for me, but a few of the more nasty “features'” are gone.  I’m not sure I want the Favorite (People) folder in the tree… 

4.  My Wireless network often loses it’s connectivity on the Tap 20.  This happened before the upgrade, too, so I’m not putting this in the Windows 8.1 column, but I did hope that this would be fixed.  I think it’s part of the overall inactivity settings I can’t seem to change, but maybe not.  I have to do more research on it.

 

All in all, the upgrade went very smoothly, and I am very pleased with Windows 8.1 so far!

 

Dave

 

* clip_image001

Tuesday, October 22, 2013 8:48:21 AM (Central Standard Time, UTC-06:00)  #    Comments [0]    | 
# Thursday, June 06, 2013

I often make virtual machines running Windows 8 Evaluation software for demonstrations and video lessons.  As a widely presenting MVP and MCT, it’s necessary for me to do so.

 

A few times I’ve had the 30-day evaluation period end on me in the middle of testing.  You can only rearm with slmgr  once.  The SkipRearm in the Registry gives you 7 more rearm attempts.

 

Note that this does NOT give you a production level operating system for free.  For that, buy a licensed copy!  However, if you do have a demo version you need extend, do the following:

1.  Open Regedit.exe as administrator.  Navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform

2.  Change the SkipRearm value to 1 (it should be 0).  Close Regedit.

3.  Open a command prompt as administrator.  Type:  slmgr –rearm

4.  Click OK in the popup that says the system rearmed successfully.

5.  In the command prompt window, type:  Shutdown –r –t 0

6.  After the reboot, sign in and open a command prompt as administrator.  Type:  slmgr –xpr  You should see you have 1 rearm remaining.

Thursday, June 06, 2013 2:46:11 PM (Central Standard Time, UTC-06:00)  #    Comments [0]    | 
# Saturday, June 01, 2013

Microsoft’s financial year runs from July 1 – June 30.  So in the month of June they are wrapping many things up: contracts, projects, and sometimes inventory.

The Microsoft Stores usually have lot’s of bargains this time of year.  Check them out here: http://www.microsoftstore.com/store/msusa/en_US/DisplayHomePage

Dave

Saturday, June 01, 2013 2:16:21 PM (Central Standard Time, UTC-06:00)  #    Comments [0]    | 
# Friday, May 31, 2013

WintellectNOW is an on demand training solution that delivers real-world ready-to-use knowledge, tools and techniques so individuals and businesses can expertly develop software, programs, apps and more. WintellectNOW was developed for the novice to advanced technical expert with topics focused on all current technologies. WintellectNOW content is written and produced by the instructors who train Microsoft’s worldwide development teams. WintellectNOW is powered by Wintellect , Microsoft’s largest developer training vendor and outside trainer of choice for more than 12 years, which means WintellectNOW subscribers learn from the very best, on their own schedule, anytime, anywhere.

 

Right now, I have two videos up, but will be adding many, many more.  To watch each video we offer—not just mine--costs $29 each month!  Right now, we have 76 mostly 50-75 minutes long on a variety of training.  We are working on many, many more, which will appear steadily over the next weeks and months.

 

Why choose WintellectNOW, vice some free site like YouTube?  Well our videos are made for your training, by real trainers.  This is far cheaper than any in person or online formal class!

Friday, May 31, 2013 9:49:38 AM (Central Standard Time, UTC-06:00)  #    Comments [0]    | 
# Wednesday, January 30, 2013

Thanks to Randy Muller, my good friend over at Global Knowledge, for his company’s excellent annual salary survey.

Read the article at the source; you’ll be glad you did!

Dave

15 Top Paying Certifications for 2013

Wednesday, January 30, 2013 1:23:31 PM (Central Standard Time, UTC-06:00)  #    Comments [0]    | 
# Thursday, January 10, 2013

Secure boot, also known as Trusted boot, is a new feature available to users of Windows 8 computers. It uses a special chipset available on Unified Extensible Firmware Interface (UEFI) motherboards. UEFI is a graphical environment that has replaced, on most systems, the standard Basic Input/Output System (BIOS) firmware interface that one sees when booting a computer. The UEFI firmware can access a list of digitally signed software and uses this list to allow or disallow any software to run. The list is stored in a protected location on a Trusted Platform Module (TPM) 1.2 chipset on the motherboard.

This provides a significant enhancement in antimalware protection. There is a certain class of malware, sometimes called a rootkit, which attempts to load itself before the boot loader starts the actual operating system. If the rootkit is successful, the operating system’s antimalware protection software will not sense the rootkit as it loaded into its own allocated memory space before actual system startup. Secure/Trusted boot will ensure such antimalware cannot load as it will not have a digital signature that is stored in the trusted location, and the UEFI only allows loading of software with these signatures.

Careful consideration should be given, however, to users who may need to dual boot certain operating systems, such as Windows 8 and a Linux variant. The motherboard vendor might not have a digital signature of a Linux operating system or boot loader, and without such a signature in the trusted location and with Secure/Trusted boot turned on, that operating system will not load. Microsoft has asked that all independent software vendors, including distributors of various Linux systems, to submit their software for approval for a digital signature.  This has naturally created a great deal of controversy.

Another antimalware enhancement to Windows 8 and Windows Server 2012 is the Measured boot feature. Measured boot logs all boot components that are started before the operating system loads and all system components before the antimalware software starts. The logs are kept in a trusted location resistant to spoofing and tampering on a TPM chipset. These logs are forwarded by the local antimalware software to a remote antimalware server that verifies the loaded operating system and components.

For more information about these features, consult the Microsoft white paper, Secured Boot and Measured Boot: Hardening Early Boot Components against Malware, which can be downloaded here: http://msdn.microsoft.com/en-us/library/windows/hardware/br259097.aspx

Thursday, January 10, 2013 4:53:25 PM (Central Standard Time, UTC-06:00)  #    Comments [0]    | 
Copyright © 2014 2008. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: