Microsoft Windows Vista is not as secure as what Microsoft claims. According to a report in New York Times on Christmas day, a number of flaws have been discovered on the brand new OS.
On Dec. 15, a Russian programmer posted a description (in Russian) of a flaw that makes it possible to increase a user’s privileges on all of the company’s recent operating systems, including Vista. The flaw affects csrss.exe, which is the main executable for the Microsoft Client/Server Runtime Server.
Furthermore, computer security company Determina notified Microsoft on Dec. 20 of five more vulnerabilities it had identified — four affecting Vista and earlier versions of Windows, and one affecting Microsoft’s Exchange e-mail server.
Best Practices on Software Requirements Elicitation
0 Comments Published November 16th, 2006 in Technology.
Karl E. Wiegers is a two times Software Development Productivity Award winner, a guru in software requirements. His new book titled More About Software Requirements - Thorny Issues and Practical Advice is published by Microsoft Press after his popular Software Requirements, Second Edition in 2003.
On chapter two of the book, he outlines some universally applicable advices on software requirements which he puts them as “cosmic truths”.
- #1 If you don’t get the requirements right, it doesn’t matter how well you execute the rest of the project.
- #2 Requirements development is a discovery and invention process, not just collection process.
- #3 Change happens.
- #4 The interests of all the project stakeholders intersect in the requirements process.
- #5 Customer involvement is the most critical contributor to software quality.
Continue reading ‘Best Practices on Software Requirements Elicitation’
Update: In an interview with the IDG News Service, Bill Hilf, general manager for platform strategy at Microsoft, spoke about both Sun and Novell deals and about how the company regards open-source software.
Microsoft CEO, Steve Ballmer signified the collaboration agreements between Microsoft and Novell as a clever deal to bridge Microsoft community and open source community. He said “we don’t license our intellectual property to Linux because of the way the Linux licensing, GPL framework works, that’s not really a possibility”.
As in the case of national politics, there is always going to be about 20% hard supporter for Microsoft and Linux respectively. There are 5% or so not buying in any of them and the rest or 55% a bit “opportunistic” because they believe the cost is the same no matter which one they choose - the difference is only in the cost component.
These 55% demand interoperability between Microsoft products and the open source products. However, Microsoft wants to be paid so badly for its intellectual property (IP) which takes years and millions of dollars to build that it avoids the issue for years.
Microsoft has acquired Colloquis for its customer support initiatives to create computer-based interactive customer services. The terms of the acquisition were not disclosed. You can try out the ASA to get a feel of how intelligent the bot is.
Current online support mechanisms - FAQ and Search - have fallen short of meeting customers expectations of acceptable service, causing routine queries to be handled by support staff. Customers now expect and demand much more responsive customer service. To retain its customers, a company like Microsoft must be able and willing to answer questions and resolve issues with the same prompt attention it gives to closing sales.
Providing high-availability, high-quality customer service is neither easy nor inexpensive. For example, a live phone support will cost you in between $7.00 - $33.00 per session. Even with email support, the traditional cheap alternative will also cost around $1.50 - $7.80 per session.
The latest Windows Vista RC2 has improved tremendously but you may want to keep using Windows XP until it has gone through a few cycles of security & bug fixes after its official release. Are you aware of the features that are missing if you continue to use Windows XP? Or even worse what limitations Microsoft has imposed on the so-called Windows XP “down-level” features to discourage you from using the older Windows?
Internet Explorer 7
Internet Explorer 7 running on Windows XP will not run in Protected Mode or support Parental Controls.
Remember the catchy slogan “Where do you want to go today?” that Microsoft had over the years? A powerful slogan that gives an impression that wherever you as a customer want to go, Microsoft has a solution.
Ironically it is the turn of the software giant which is not sure about where to go because the company has been outmatched in too many areas. Microsoft is so deeply wounded by the web revolution Search Giant Google has brought about that Bill Gates had to step down.
Ray Ozzie, the new “courtly, soft-spoken, as approachable as your favorite college prof” Chief Software Architect, has started to make a change in the 70,000 employees business. His primary objective is to push his company to adapt to Web 2.0 and beyond for survival. The key is to move from a “one man decides all” product development style to a more open ended collaborative effort.
Ian Hellen and Vishal Kumar, both security PM at Secure Windows Initiative (SWI) have put up some presentation slides for the recent Hack In the Box Security Conference in KL, Malaysia. The slides give an overview of the major security initiatives that fundamentally change the engineering process of Windows Vista compared to Windows XP.
“Stop playing catch up! - Find & fix before ship!” is the guideline for the initiatives. Windows Vista security approach starts with the engineering process. There are 4 key areas Microsoft has identified to address in Windows Vista.
- Apply least privilege throughout the architecture: Harden services, applications, browser
In this presentation, Oliver Sharp talks about Microsoft’s business process management (BPM) system. The presentation gives a nice overview of what is BPM? what is Microsoft BPM? and what is coming to Microsoft BPM?
What kind of process do we normally see in business? The processes range from very loose to the extremely rigid. Oliver Sharp classifies the processes into four categories depending on the level of complexity and rigidity. They are Individual Ad hoc, Human Semi Structured, System Highly Structured and Fixed Process.
- Individual Ad hoc: email, instant messaging, personal task list
- Human Semi Structured: document approval, vacation approval
- System Highly Structured: expense reporting, management dashboard
- Fixed Process: extending LOB applications, supply-chain
Active Directory uses the Kerberos protocol and LDAP as follows:
• Active Directory uses the Kerberos protocol for authentication (by default).
• Active Directory uses LDAP for authorization (by default).
• Active Directory can use LDAP for authentication (optionally).
Because Active Directory, by default, uses the Kerberos v5 protocol for authentication and LDAP v3 for authorization, Active Directory is compatible with Kerberos v5 clients and LDAP v3 clients across all platforms, including UNIX and Linux. Together, Active Directory authentication and authorization can provide a strong, easy-to-administer security system for a mixed network.
Continue reading ‘Active Directory, Kerberos, LDAP and Unix’