homeweb favoritesshoppingsupportbruceb news

subscribe

archives

CATEGORIES
Acrobat
Apple
audio
backup
broadband
business
computers
domains
DRM
file sharing
games
Google
hardware
Home Server
humor
IE
Internet
law
mail
Microsoft
mobile
network
Office
OneCare
Outlook
parents
phone
photos
printers
remote
SBS
search
security
software
spam
video
Vista
web services
WinXP
wireless

 
 
Search bruceb news
 

December 08, 2008
SBS 2008 - ONECARE POSTSCRIPT

One glitch in the SBS 2008 migration nagged at me - it didn't make sense that the computers with the individual version of Windows Live OneCare were not reporting in to the SBS 2008 console, which tracks the security status of all the workstations on the network.

This is a sample of the new console for managing workstations in SBS 2008.

sbsglitch4

A handful of the computers running OneCare were able to get through and the server reported they were secure. I looked in vain for firewall exceptions for ports or services that were different on those.

It took a while to track it down, and in the end it wasn't the firewall after all.

Many things on a Windows Server network are controlled by "group policy," a very extensive set of rules that can be applied from the server to the workstations to control everything from network communications to your browser home page. There are thousands of settings that can be closely controlled with group policy.

Windows Server 2008 and SBS 2008 introduced hundreds of new group policy settings, but the workstations do not recognize them until new Group Policy Client Side Extensions are installed (Microsoft KB 943729). The group policy extensions are available through the Windows Update system but apparently are never offered as anything other than an optional update - ignored by OneCare and apparently ignored by WSUS, the system built into SBS 2008 to keep workstations up to date.

Sure enough, most of the computers had never installed the Group Policy Client Side Extensions. When the update was installed, the SBS 2008 console reflected their secure status about an hour later.

One more thing for the SBS migration checklist!

Labels: , , , , ,


posted by bruceb at 12/08/2008 12:06:00 AM | permalink


December 05, 2008
SBS 2008 - MIGRATION GLITCHES

Let me leave a few notes behind about some of the glitches during the migration from SBS 2003 to SBS 2008. I don't have many answers but perhaps it will help someone to know that I'm able to commiserate with them. (Loyal clients - this is not aimed at you and it won't help you get your work done. I'll be back to general interest topics next week!)

As background: I was migrating an SBS 2003 server with a very basic configuration - no ISA, no use of Sharepoint, a single NIC and external firewall, and no particular pre-existing issues.

MIGRATION WIZARD

Microsoft provides a detailed guide to the migration procedure. (Have you noticed that Microsoft's documentation has been getting better and better lately? There's much less ambiguity about what to click next - each step is described in precise and accurate detail.) The guide was great.

SBS 2008 begins a migration when a USB stick with an answer file is inserted in the new server before the SBS 2008 installation starts. Several people have reported that the USB stick has to be present when the server is turned on or SBS 2008 is likely to miss it. After installation, the first and most important item on the SBS 2008 is the "migration wizard" that leads through all the steps required to be successful.

SBSglitch1I was about two-thirds of the way through the wizard when I took a break and installed the Server 2008 updates that were waiting. When the server restarted, the migration wizard crashed with a mysterious error that proved impossible to fix. I researched it and got nowhere. I removed a couple of the updates that conceivably might have unsettled something and got nowhere.

The wizard never came back to life. Fortunately most of its steps only lead to help files that describe the process for actually accomplishing each task by going into AD or MMC consoles or the like. I think - I think - I was able to finish the migration and cover the remaining steps without the wizard. There is still room for some surprise glitch - I'm going to cross my fingers when I demote the source server.

MAIL MIGRATION

I expected the mailbox migration to be slow but was still surprised. The Exchange 2003 mailbox store was about 25Gb after I pruned and archived as much as I could from the biggest mailboxes. The mailbox move took just about ten hours.

PUBLIC FOLDERS

I had no luck moving the public folders, and didn't really expect to, given the reports I had read. That may have been the result of a pre-existing glitch on the source server - this server, like several other of my SBS 2003 servers, throws up an error message when I try to do anything to the public folders in Exchange Server Manager. I've researched that one, too; I've removed the SSL requirement from EXADMIN in IIS, and a few other things suggested in other places, to no avail. I exported the public folders to a PST and stored them for now, since public folders were not being actively used and may not need to be implemented at all on the new server.

BACKUP

The most mysterious problem involves the backup system. The firm had been using ShadowProtect to back up to an NAS and two rotated external Maxtor hard drives. The backup built into SBS 2008 looks like it will be just fine but it does not directly back up to an NAS. I connected a Maxtor drive, formatted it, and ran the backup wizard. Hmm. Error message at the very end.

SBSglitch2

Since the message says "Cannot configure backup schedule," I started trying every scheduling option - once a day, twice a day - as well as swapping in the other (identical) hard drive, and couldn't get anywhere. I couldn't find anything in the logs at all. I got the flavor that it might be caused by the server disliking the external hard drives.

I'd like to talk to the person who thought it would be helpful to write: "If this problem persists, contact the person who provides you with technical support." It made me irritable.

ShadowProtect claims that the current version will back up SBS 2008 servers. With any luck I'll be able to install that and never know the answer to this one.

PHONE PASSCODES

This isn't a glitch, just something to warn your users about. By default, Exchange 2007 enforces a new passcode requirement on Windows Mobile phones (and iPhones) syncing with the server. Users are forced to set up a four-digit password that will be tapped in every time the phone is used. I'm sympathetic to all the reasons that this is an important security measure, but I'm also sympathetic to the desire to keep my job and not be fired by the attorneys who began flipping out immediately. It's possible to turn the requirement off in Exchange Management Console / Organization Configuration / Client Access / Windows SBS Mobile Mailbox Policy, which then allows it to be turned off on the phones. The iPhone balked and refuses to relax, even after the policy was changed, which apparently is a known glitch.

SERVER CERTIFICATE

I was determined to allow my users to continue to use the familiar URL for remote access, even though it didn't match the naming scheme preferred by SBS 2008. The email domain is www.bigfirm.com, say, and my users have been reaching RWW at www.bigfirmnet.com for years. I have a GoDaddy SSL certificate for www.bigfirmnet.com and heck, I just like it. Plus I've got migrations coming up where I know it will be difficult to work with the web hosting company to set up a subdomain and MX records for the primary domain name.

The Internet address wizard insists on getting the primary address and only allowing RWW to be reached at the same address with a prefix - remote.bigfirm.com or something like it. I had to work around that by lying to the wizard that the primary domain name was bigfirmnet.com, which (in Advanced Settings) would then let www.bigfirmnet.com be the remote access address.

sbsglitch3

When that was in place, then I could set the primary email addresses back to @bigfirm.com in Exchange Manager / Organization / Hub Transport / Email address policies / Windows SBS Email Address Policy.

ONECARE

Windows Live OneCare has been a trusted friend but it does make me a little crazy sometimes. SBS 2008 expects to get feedback from each workstation about its security status and apparently OneCare isn't set up to let that happen. So far I haven't found the firewall port or other hack that will let the workstations report in, so they're all showing in the server console as "unknown." I can't even find a definitive statement that it's possible or impossible with the standalone version of OneCare. I'm not going to install OneCare for Server so I may just not get good feedback in the console until we switch to Trend Micro. I was hoping to procrastinate on that - everyone has been used to OneCare for a long time - but change happens.

DRIVE MAPPING

Drive mapping is supposed to be accomplished in Group Policy now. I was comforted that other people online said they had trouble with it, because I couldn't make a mapped drive appear on a workstation no matter what I did in Group Policy. After a fruitless half hour of researching and trying things, I put the nice simple logon script in the folder and assigned it to everybody. I feel kind of crude, but it works.

SHARED PRINTERS

Another little headache - it was easy to install 64-bit drivers for network printers and share them from the server. At least, it was easy once I stopped clicking on the "Add printer" button and getting an "Access denied" message when it tried to set up a TCP/IP port. Right-click in the Printers folder and click on Run As Administrator / Add printer - ah, that's intuitive! Sheesh.

Out at the first workstation, I was reminded forcibly that there were no 32-bit drivers around, so I downloaded the corresponding 32-bit drivers for a few of the printers (a couple of HP Laserjets and a Toshiba copier) and went to add them on the server using Additional Drivers on the Sharing tab. The server thought that was a terrible idea - it never agreed that the 32-bit drivers corresponded with the 64-bit drivers. (I read somewhere that it was known problem with some HP drivers but I had the same epxerience with the Toshiba drivers.) So I parked the 32-bit drivers where I could get to them, went back to the workstation, and browsed to the 32-bit drivers when the workstation tried to connect to the shared printer and rejected the 64-bit drivers. Nope! The workstation also didn't agree that it was a match. It was the closest match, trust me - these were the identical 32-bit and 64-bit drivers for the same model running the same PCL level.

Fortunately, we already had reason to be running a Windows XP virtual machine on the second server with Hyper-V. I've shared all the printers from there and I bet it's rock solid.

A migration is a complex project! I think it went smoothly. These are the kind of glitches that happen constantly, every day at every level. Some of them will happen to me the next time, others will come up that are brand new. It's the nature of IT today. With luck I'll bring good instincts and a lot of experience and use them both the next time I come to your office!

Labels: , , , , , , , , , ,


posted by bruceb at 12/05/2008 12:09:00 AM | permalink


November 20, 2008
ONECARE FOLLOWUP

Information will be coming out rapidly to fill in the details of Microsoft's surprising announcement yesterday. Over in the OneCare forum, someone pointed out to me that the OneCare blog post says: "Microsoft has committed to making sure you are protected for the life of your subscription."

That probably means that OneCare will be kept current and fully updated at least through June 2010. I'll be watching for confirmation about that.

Labels: ,


posted by bruceb at 11/20/2008 09:15:00 AM | permalink


November 19, 2008
MICROSOFT PROMISES FREE SECURITY SOFTWARE, KILLS ONECARE

OneCareRIP That rumbling you feel is a seismic shift in the field of security software. This will affect every single one of you and cause major changes in the entire industry.

Microsoft announced today that it will deliver free antivirus and anti-spyware software for all Windows computers, beginning in the second half of 2009.

Windows Live OneCare will be phased out and it will no longer be sold after June 30, 2009.

From the press release:

"Code-named "Morro," this streamlined solution will be available in the second half of 2009 and will provide comprehensive protection from malware including viruses, spyware, rootkits and trojans. This new solution, to be offered at no charge to consumers, will be architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs. As part of Microsoft's move to focus on this simplified offering, the company also announced today that it will discontinue retail sales of its Windows Live OneCare subscription service effective June 30, 2009."

Here's the Microsoft press release, and the post on the OneCare blog. There are a few more details in this interview with Microsoft's senior director of product management.

As far as I know, this is completely unexpected. No one seems to have had a clue it was coming. There have been rumors about an imminent new version of Windows Live OneCare; now there's no word whether it will ever be seen. When Microsoft officially released Small Business Server 2008 last week, one of its features was a new product, Windows Live OneCare for Server, and central management for up to 25 workstations running OneCare. To me, that was one of the compelling features of the new SBS, but it is now dead on arrival; it should not be installed and will not be supported after June 30, 2009.

I can easily imagine that Microsoft is frustrated. Windows is frequently blamed for the onslaught of viruses and malware but computer users around the world have resisted buying subscriptions to security software for a variety of reasons: they can't afford it; they don't understand that it's necessary; they don't keep it current or they never activate an expired trial subscription; or their computers are underpowered for the security suites that are currently available. It's a particular problem outside the United States, where the percentage of unprotected computers is much higher. The press release suggests that Microsoft particularly wants to provide protection for emerging markets and the new low-powered netbooks and OLBCs.

Microsoft claims that it will deliver new software (not a repackaged version of OneCare) which includes only the security protection, with the simplest, least intrusive, and smallest footprint possible. It will not be automatically included with every copy of Windows but it will be free and presumably so easy to obtain that it might as well be built-in.

I assumed that Microsoft had not done this up to now because it would be attacked as "anticompetitive" by the other security software companies. Apparently Microsoft thinks it can avoid those claims - or who knows, maybe it thinks it's the right thing to do and is willing to see how it plays out. Norton, McAfee and the rest will have to adapt - maybe by criticizing Microsoft's software, maybe by adding value to it with other features, maybe by exiting the field and finding something else to do.

ONECARE SUBSCRIBERS: Do not let your subscriptions lapse! OneCare will be fully supported and updated through June 30, 2009 and we will have much more information before then about our options. If your subscription expires on April 30 and you have to pay $49.99 for two months of updates, I'm going to insist that you renew without hesitation. I don't want anyone running a PC without current anti-malware protection - this is not an excuse to procrastinate!

COMPUTER BUYERS: If you buy a new computer, get it protected! If you have to pay $49.99 for OneCare and you don't get a full year out of it, so it goes. You'll get three months or six months or eight months, and that's just fine. Or get another product, I don't care. As long as your security, backup and update needs are covered, I don't care - but this is not an excuse to procrastinate.

[Update 11/20: It's likely that Microsoft will keep OneCare updated for the entire subscription term. See this post and watch for more information to follow.]

A few more points:

Microsoft Equipt was the ill-fated subscription package bundling OneCare with Microsoft Office 2007 Home and Student Edition, sold only through Circuit City. Microsoft never committed to it, Circuit City is defunct, and Equipt is being withdrawn from the market.

How could this major decision be made with so little notice that it kills a key feature of a major product launched last week? Is the SBS team angry, embarrassed, or resigned?

OneCare includes features that its users depend on - printer sharing, backups, system maintenance, attention to Windows and other Microsoft updates, control over the firewall, and control over startup programs. Everything that needs attention is reported by a single icon, and necessary actions are described in a consistent interface. If OneCare is discontinued, will something else be developed to provide those functions? Don't tell me that products from third parties will take over - I'll cry, really I will.

Will the new software run on servers? Small businesses really need easy software to protect servers and provide centralized security management. The choices now are difficult and expensive.

This is a remarkable change that will affect all of us. I hope it's for the better but boy, are there a lot of questions left to be answered. More to come!

Labels: , , , , , , ,


posted by bruceb at 11/19/2008 12:05:00 AM | permalink


October 23, 2008
WINDOWS LIVE ONECARE FOR SERVER

Microsoft Small Business Server 2008 will be released on November 12. Veterans of SBS 2003 are finding many things to like in the new version; I'll have more to say about it in the next few weeks. Here's an early look at the features and changes in SBS 2008.

At about the same time, Windows Live OneCare will be upgraded to version 3. If you already use OneCare, the new version will presumably be sent to you automatically, it will restart your computer, and it will cause enough glitches that I'll be busy on the phone for a few days. I don't have any details about the new version yet but I'll keep you posted about what to expect.

(Loyal OneCare users - I've spent some time in the last few days with the latest security suites from Symantec/Norton, ZoneAlarm, and TrendMicro. Trust me - OneCare is the very model of decorum and politeness and looks angelic by comparison.)

The big news for Windows Live OneCare is the addition of Windows Live OneCare for Server, which will be included with SBS 2008 as an optional choice for security. The new server product will provide simple virus and malware protection, which in itself is a welcome addition for small businesses.

But apparently it will also allow up to 25 workstations to be managed centrally and covered by a single OneCare license, which is good news indeed! I've needed better monitoring and management for my clients' computers. It also allows the data on the workstations to be backed up centrally, which might be sufficient to protect the Outlook .PST archives that are piling up everywhere. Here's some info about the new server product.

Pricing is pretty reasonable:

  • OneCare for server only: $189.95/year
  • OneCare for server plus a "site license" (apparently up to 25 workstations): $399.95/year.

There is a big caveat, though - OneCare for Server will only work with SBS 2008. I can't install it on my clients' existing SBS 2003 networks.

In my mind, this is a big selling point for an upgrade to SBS 2008 as we replace aging SBS 2003 servers!

Windows Live OneCare for Server

Labels: , , , ,


posted by bruceb at 10/23/2008 12:37:00 AM | permalink


August 27, 2008
SETTING UP A WINDOWS LIVE ID

Windows Live ID is a single sign-on service from Microsoft that allows people to log into many websites and services with one account. A Windows Live ID is an email address and a password stored in Microsoft's servers. It's free.

Most people will have a single Windows Live ID. I'm setting them up routinely for each employee in my clients' offices.

More services are being added all the time. Almost all of them are free. They are increasingly tied together so that access to them is easy. This includes instant messaging (Windows Live Messenger), file syncing and sharing (Live Mesh), online file storage and sharing (Windows Live Skydrive), online photo sharing (Windows Live Photo Gallery), and more.

If you don't yet have a Windows Live ID, follow this process. I'm including a couple of extra steps that will save you time later.

Go to this site and click on Sign up on the left.

Use your regular email address.

Choose a safe password. Put it somewhere secure. Remember it.

    • (If you're already got a Windows Live ID for the email address, you'll find that out when you leave the signup screen. If so, you'll have to figure out what the password is, or reset it.)

You'll get an email asking you to verify the email address. Follow the instructions - you'll click the link in the message, then go through a couple of very short screens online.

Go to http://account.live.com

Click on "Registered information"

windowsliveid1

Enter first and last name

Enter birth date (apparently required, but you don't have to tell the truth as long as you make yourself an adult)

Change home and work country to NONE

Change home and work country back to United States. Each one should now have extra lines for addresses. They can be left blank.

The page for "Registered Information" will look like this - on the left when you arrive, on the right when you're done.

windowsliveid2    windowsliveid3

Click SAVE

You should now see your name and Country/Region: United States on the front page.

You're done!

When you're prompted for your Windows Live ID and you're sitting at your primary computer, watch for the checkboxes to save your login name and password - the Windows Live services can almost always open automatically with no password prompt after the first time.

Read about the Windows Live services on my news page or online. There are links to many of the services here on my Favorites page. You may find something that you can use right away!

Labels: , , , , , ,


posted by bruceb at 8/27/2008 12:56:00 AM | permalink


July 08, 2008
MICROSOFT EQUIPT

On July 15, Microsoft will begin selling a product that many of you should consider for your next computer.

Microsoft Equipt includes Office 2007 Home and Student, Windows Live OneCare, and some Windows Live programs and services (Office Live Workspace for online storage of files, plus Windows Live Photo Gallery and Windows Live Mail). It will be sold as a seventy dollar per year subscription for up to three computers, and theoretically cannot be used on an office computer.

New Microsoft Office subscription bundle to hit in mid-JulyI wrote some extensive notes about this bundle when it entered beta testing. It's cheaper than the earlier rumors suggested. Some people object to the subscription pricing but Microsoft has picked a good price point; this is only a couple of hundred dollars worth of software at best, but seventy bucks makes it really cheap to get started and you wouldn't even arguably come out ahead for almost three years if you bought and installed everything separately.

It's worth noting that the subscription will include free upgrades if new versions of programs are released - and Office is scheduled for a new version in the next year or two. Theoretically that gives this bundle a price advantage.

But the more significant reason to buy this is because it's the right software for most home users and students setting up a new computer, delivered in a reasonably simple way. If your next computer had Vista and this bundle, you'd be able to do just about everything most people do with a computer!

There are two problems.

  • "Equipt" is a terrible name. What is it with Microsoft and names? It's meaningless and silly sounding and fails to gain any leverage from the "Microsoft Office" brand name.
  • At first it will only be sold at Circuit City.
  • At first it will only be sold at Circuit City. I had to repeat that to be sure you got it. What? I'm supposed to tell people Microsoft has a great new package for their new home computer and they have to schlep to Circuit City to get it? What, nobody else would sell it? Circuit City is falling apart, for gods sake! Who in the world made that decision and why do they hate us?

Really, the marketing people at Microsoft need a long holiday.

Labels: , , ,


posted by bruceb at 7/08/2008 02:21:00 AM | permalink


May 20, 2008
ADWARE - NOT DEAD YET

The best security software will not protect you if you click "OK" and install something from a web site.

Adware/spyware was at epidemic levels until a couple of years ago when Microsoft released Windows Defender and the antivirus vendors reluctantly stepped up with their own products, and bitter experience taught us to surf with a high degree of paranoia. Security programs now monitor constantly to prevent adware/spyware from installing in the background and Internet Explorer has been hardened against stealth attacks.

Vista brings even more security - Windows Defender is included with the OS and Internet Explorer operates with very low privileges, which stops bad programs in their tracks. Vista will protect you in many cases even if you click "OK," but let's not test that, eh?

On Windows XP, you have authority to install any malicious, dangerous program you choose. You're protected against programs that try to do a "drive-by" stealth install simply because you visited a web site, but Windows XP and your security program cannot completely protect you if you click "OK" and authorize a program to be installed!

I spent too many hours today trying to clean adware off a perfectly nice, up to date Windows XP system running security software. The adware had probably arrived during a MySpace visit, although we don't know what was clicked that allowed the invasion to occur. The last time this happened to one of my clients, it was a porn site whose innocent looking window said a "video codec" had to be installed to view the movies. Well, sure, click OK, whatever - and bang! the system has bad stuff on it, leaving the security program trying to play catchup and gamely reporting about whatever it notices. The bad guys have become smart and devious enough that if their adware gets installed, the security programs simply can't remove all of it.

The adware folks are still up to the same old tricks. On the compromised computer today, all Google searches were diverted over to advertising pages and all security web sites were blocked, as was Windows Update for some reason. The adware sets up multiple layers of increasingly deeply hidden ways for it to reinstall itself after efforts are made to clean the system. I can go clean out startup programs and browser helper objects and IE addins and shell extensions and a few other places in the registry where things hide, and run scans to remove or quarantine a few more things - and there will be more stuff to replace them when the system restarts. Often now the names of the adware files and DLLs are randomized strings of letters so they won't turn up in searches, and frequently they immediately go online and invite more adware onboard as often as possible.

I might lose this system; it won't be the first time. We've done deep cleaning (a lot of deep cleaning), installed IE7, installed Windows XP SP3, and made no progress yet. Now we'll turn to system restore and a few other tricks. It's time consuming work. All it took was a single errant click but now I may wind up having a frustrating conversation about the economics of struggling with the repair versus the expense of buying a new computer. (It's almost never economical to pay me to reformat the hard drive of an old computer. It takes a  horrendously long time to back up data, install Windows, install other programs and restore the data, and at the end you still have an old computer.)

You are responsible for the health of your computer. Some of that responsibility is discharged if you have up to date security software that covers the computer's basic needs. You must be conservative about installing software and never agree to anything requested online unless you are completely confident that you are doing the right thing. The bad guys are liars. They will say anything to get past your defenses, without conscience or remorse. Please, be careful out there!

Labels: , , , , ,


posted by bruceb at 5/20/2008 12:56:00 AM | permalink


April 23, 2008
MICROSOFT & THE CLOUD

Microsoft is working on a package of software and online services that might be exactly right for students and home computer users.

Although Vista includes important features out of the box, it does not include Microsoft Office - Word, Excel, and Powerpoint. That's surprising to many people. (Dell will preinstall Office if you remember to check the box, but all the other manufacturers leave it off to keep the computer sale price down.) I talk to a lot of people about why they have to make an unexpected trip to Costco or Office Depot to buy a copy of Office.

The computer manufacturer may include security software but all too often it's a bloated suite from whatever vendor paid the most to be included, or it's only a trial version.

Similarly, most people have a poor experience with badly designed software for editing and sharing photos that comes preinstalled with their new computer or installed along with the driver for a new printer or camera.

These are not deep mysteries. Any technically adept person is able to jump in and clean things up! Uninstall the crap. Sign up for online services - lots of people have favorites of the hundreds available. Use Google Docs or OpenOffice for free or buy a copy of Office 2007 Home & Student Edition.

The package from Microsoft isn't aimed at those people.

Instead, Microsoft will be packaging up a collection that's good enough for people who want the choices to be made for them and presented in a neat, easy-to-use package. And Microsoft will be experimenting with selling the package as a cheap monthly subscription instead of an expensive box at Best Buy. (Microsoft sees subscriptions as an inevitable shift in the long run but it's had trouble figuring out how to jump in without cannibalizing its current license fees.)

The "software plus service" bundle is code-named "Albany" during testing. Let's fantasize and assume that Microsoft delivers a well-designed integrated experience. Here's the way it will go sometime this fall.

  • If you don't have one, you'll get a free Windows Live ID.
  • You'll agree to pay a monthly fee - not yet determined but probably $10-15/month.
  • A single installer will download and install these programs on your new computer, and set up access to their online components:

The programs would then all be updated automatically.

There's nothing new about the package except the integration and the subscription pricing. Most of those components are free; Office 2007 Home & Student is about $140 and Live OneCare is $49.99 or less, so this is under two hundred dollars of software.

But the integrated experience is everything! If I've learned anything over the last ten years, it's that many people don't want to think about their computers. They want to sit down and do stuff! If this package was installed on a nice cleaned-up computer, people would be able to do stuff with a minimum of fuss. I think it's a winner.

Here's an article about Microsoft's official acknowledgement that this package would enter beta testing soon, leading to a final release sometime this fall.

Labels: , , , , , , , , ,


posted by bruceb at 4/23/2008 01:28:00 AM | permalink


April 14, 2008
BAD GUY UPDATE

Many of you practice safe computing - you install security updates from Microsoft and other vendors, you run antivirus and adware/spyware programs and keep them current, your email program has a spam filter and blocks .EXE and other potentially dangerous attachments, and you don't click on strange links in email messages or on web sites.

You probably haven't seen a virus or gotten adware on your computer in a long time. You may be wondering what the security fuss is about. Is it really necessary to be so paranoid?

VIRUSES

By the end of this year, security experts expect to have identified a total of more than one million viruses. The chief technology officer for Sophos says about 25% of unique malware has been created in the last six months. Another security company executive said it identifies about 25,000 malware samples a day.

As security programs improve, virus writers get less results from email attachments, so they're switching their focus to creating web sites that can infect unpatched computers automatically just by visiting the site. A couple of years ago those attacks were limited to installing advertising programs and popups, but now malicious software is being installed without the user's knowledge.

Google owns Postini, a messaging security company, which recently promised that security challenges will grow exponentially in 2008 as the Bad Guys become more skilled at "social engineering" - presenting you with an email message or web site that in some way convinces you to make a fatal click or divulge personal information. There might be references to current events or messages that purport to be from legitimate business agencies - the IRS or Securities & Exchange Commission for example. The Bad Guys are getting better all the time at presenting messages that appear to be genuine. Their grammar is getting better, too.

BOTNETS

At one time viruses were designed to break computers. If malware is installed on your computer now you might never know it. The latest exploits are designed to hide away undetected and respond to commands from Bad Guy Central.

The most sophisticated malware authors use compromised computers to send spam. A security researcher just examined 11 "botnets" that send spam and estimated that they control over a million computers and are capable of flooding our mailboxes with more than 100 billion spam messages every day.

PHISHING

Identity theft starts with disclosure of personal information. If you can be persuaded to type in a bank account number or a password, the Bad Guys win.

Read this chilling account by a Symantec researcher about a virus that steals bank account details. The sophistication of the scheme is striking.

"Targeting over 400 banks and having the ability to circumvent two-factor authentication are just two of the features that push Trojan.Silentbanker into the limelight. The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis.

"This Trojan downloads a configuration file that contains the domain names of over 400 banks. Not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, the UK, Finland, Turkey - the list goes on.

trojanbanker "The ability of this Trojan to perform man-in-the-middle attacks on valid transactions is what is most worrying. The Trojan can intercept transactions that require two-factor authentication. It can then silently change the user-entered destination bank account details to the attacker's account details instead. Of course the Trojan ensures that the user does not notice this change by presenting the user with the details they expect to see, while all the time sending the bank the attacker's details instead. Since the user doesn't notice anything wrong with the transaction, they will enter the second authentication password, in effect handing over their money to the attackers. The Trojan intercepts all of this traffic before it is encrypted, so even if the transaction takes place over SSL the attack is still valid. Unfortunately, we were unable to reproduce exactly such a transaction in the lab. However, through analysis of the Trojan's code it can be seen that this feature is available to the attackers.

"The Trojan does not use this attack vector for all banks, however. It only uses this route when an easier route is not available. If a transaction can occur at the targeted bank using just a username and password then the Trojan will take that information, if a certificate is also required the Trojan can steal that too, if cookies are required the Trojan will steal those. In fact, even if the attacker is missing a piece of information to conduct a transaction, extra HTML can be added to the page to ask the user for that extra information. (In the example below the user is asked to enter their encryption key, in addition to the regular information.) . . .

"Add to all of the above the ability to steal FTP, POP, Web mail, protected storage, and cached passwords and then we start to see the capabilities of this Trojan."

PCs VS MACs

Fewer attacks are aimed at Macs than PCs, primarily because PCs have a 90%+ market share. That is sometimes misinterpreted to mean that Macs are less vulnerable and Apple does a better job of addressing security holes. This has not ever been true. Two years ago I highlighted reports that Apple was slow to respond to security flaws when they were discovered, and Apple's products have required a constant stream of updates to fix security problems. Here's Paul Thurrott's report on the most recent study reporting the same results:

"Microsoft actually fixes security vulnerabilities much more quickly than does Apple, meaning that users of Windows are, in fact, better protected by their vendor than are Mac OS X users. Researchers from the Swiss Federal Institute of Technology independently examined six years of data and found that 658 high- and medium-risk vulnerabilities affected Microsoft products during the time period, compared with 738 for Apple products. Then they looked at how well the companies did at fixing these bugs. The conclusion? 'The number of unpatched vulnerabilities are higher at Apple,' a researcher involved in the study said. 'Apple [was] just surprised or not as ready or not as attentive. It looks like Microsoft had good relationships earlier with the security community. Based on our findings, this is hurting [Apple].'"

Labels: , , , , , ,


posted by bruceb at 4/14/2008 01:46:00 AM | permalink


March 05, 2008
ONECARE RENEWAL

WIndows Live OneCare is actually a subscription, renewed annually. Many of you are coming up on your one-year anniversary. The date is displayed in the lower left corner of the OneCare window; you'll get an e-mail reminder about a month before the expiration.

onecarerenewal1 If you have a credit card on file with your Windows Live ID, your subscription will be renewed automatically for $49.95. Log on to the Windows Live ID associated with your subscription (click in the upper right on this page), then click on Billing to check the credit card info. (You can also open OneCare and click on the renewal reminder.)

There's a way to renew it for less.

If you click ononecarerenewal2 Windows Live OneCare on the Billing page, then click on Renew this service, you'll see a little tiny link to renew the subscription with a "product key or prepaid PIN."

Bingo! Save a buck. Buy OneCare on sale and enter the license code on the inside of the box. You'll get a one-year renewal for a fraction of the cost. Throw the box and the CD away afterwards (all you need is the license code) and fear for our landfills.

OneCare is frequently on sale. Costco had it for $9.99, local stores had it for $14.99 for a while, but the best sale today comes from Amazon, where you can purchase OneCare for thirty dollars. With a thirty dollar rebate. Extend your subscription for free while the offer lasts!

onecarerenewal3

Labels: ,


posted by bruceb at 3/05/2008 08:06:00 AM | permalink


February 21, 2008
SECURITY SOFTWARE - SMALL BUSINESSES

I work with small businesses - typically with 1-25 workstations, 1-2 servers, and no onsite IT staff. The business owners know it's important to stay safe and up-to-date, but there's little desire to have me hanging around doing routine audits.

Theoretically a business with a server can manage all the workstations centrally but the reality is a little more complicated. Centrally-managed antivirus/malware products are aimed at companies with hundreds or thousands of computers and full-time IT support employees. They're complicated and demanding and quirky.

avgmanual1 Last week I installed AVG's "Anti-Malware SBS Edition," with "reduced administrator workload and security costs" for small businesses running Small Business Server 2003. The first installation manual has 212 pages of mindbending details about how to roll out the program to clients and maintain the database showing their status. There were more manuals after that. Worse, I found questions I couldn't answer within the first couple of hours, when everything was supposed to be going well. I don't have the luxury of endless time to experiment! I can't spend dozens of unbillable hours testing programs to locate something that I might roll out once, especially when it's all too likely that each one will be quirky or buggy or difficult in unforeseen ways.

Perhaps I was soured by experiences a few years ago with Symantec Antivirus, the enterprise version of its antivirus program. It started as a complicated but usable program, but later versions turned into a nightmare of licensing bugs and increasing instability. The wasted time on the phone with tech support was intolerable for me, much less for the clients footing the bills.

I've tested other enterprise antivirus products. Avast has a nice suite for SBS that installs with a minimum of fuss to protect the server and integrate with Exchange Server, but it also requires rocket science before the workstations can be centrally managed. (And the workstation software featured not one but two stupid icons by the clock, and one of them was constantly spinning around for no reason. Think that doesn't matter? Answer my phone for a while. It matters.)

I feel stupid and slow. I can't find any centrally-managed anti-malware protection for my clients that makes me feel confident that I understand it and can support it.

It's also important to get security updates installed on workstations in small businesses. Microsoft has developed Windows Server Update Services to meet that need; it's included with recent releases of Small Business Server. I've deployed it several times - and so far I've regretted it. It's yet another big, complex service that requires enough attention to outweigh any value I've gotten from it. It adds complexity to service pack installations, it has its own demands for updates and new versions, and all things considered it's a heckuva lot easier for me to walk around to 7 or 8 computers and see if they need updates.

That's why most of my clients are set up with Windows Live OneCare on their workstations. Most people can maintain it themselves; I keep track of who is likely to overlook a yellow icon and check in on them every once in a while. I've had to fix a few failed OneCare upgrades lately, but on balance it works better than the more complicated solutions.

Today Microsoft announced "Windows Live OneCare for Server." There has been no prior notice of any such product and the information so far is sketchy. It may only run on Windows Server 2008; it may not include any workstation management. But it's possible that it will bring centralized management onto my small business servers without unnecessary complexity. I'm hoping for the best!

Labels: , , , , , ,


posted by bruceb at 2/21/2008 01:05:00 AM | permalink


February 20, 2008
SECURITY SOFTWARE - INDIVIDUALS

Windows Live OneCare is the only software that takes responsibility for all four of the important housekeeping functions. When its icon is green, I'm confident that a computer is protected against viruses and adware/spyware and all security updates are installed for Windows and for other Microsoft products. Regular disk maintenance - defragging and temporary file cleanup - is a nice bonus.

Each step away from OneCare exposes another icon down by the clock that requires attention. For example, no other vendor tries to take over the Windows Update process. It's not hard to be alert for the gold shield when updates need to be installed manually - but each additional icon demanding attention makes it easier for people to look away from all of them.

OneCare has had bugs and annoyances in the last year. Sadly, as near as I can tell, it has had fewer problems than any of its competitors. Norton 360 and McAfee Total Protection are similar products - subscription services for virus and adware/spyware protection, plus backups and miscellaneous other features. Norton 360 is praised highly in reviews - Editor's Choice!

There's an odd disconnect between the reviewers and the real world. Let me give you a screen shot that tells you everything you need to know about Norton 360 (left) and McAfee Total Protection (right), from CNet's review pages this evening:

norton360review mcafeecnetreview

(It's worth it to click on the pictures and go read some of the user comments - almost all contributed by viciously angry people. I wear a badge on my shirt. When I approach a computer with a Norton product installed, the badge turns black. If I had a canary, it would die as I got close. Stores can't stock Norton products because toxic waste oozes from the boxes and eats through the shelves. Norton products make computers smell bad. Look, just don't buy Norton stuff, okay?)

If you are an attentive computer user, you have a wealth of options!

  • Many vendors make good antivirus programs - TrendMicro, AVG, Panda, Avast, and more. (AVG's free antivirus program is particularly highly regarded.) Watch the program icon for a change in shape or color.
  • You can either get integrated adware/spyware protection with the antivirus coverage, or depend on Windows Defender (included in Windows Vista, or free for Windows XP). A little castle icon appears when Windows Defender needs attention.
  • The gold shield for Windows security updates is obvious and easy to deal with.
  • Backups can be done in a hundred ways. Online backup services are becoming ubiquitous. Vista's built-in backup options are top notch. Storagecraft ShadowProtect Desktop Edition does some extraordinary things. Some backup programs require manual intervention, others work automatically; some notify you when backups are missed or don't finish correctly, others make it a fun surprise.

If you cover those four tasks - virus protection, adware/spyware protection, security updates, and backups - you will be happy and my phone will not ring. I don't care how you do it!

If you want that to be done in the simplest, least intrusive way, then Windows Live OneCare is still the program that does the most with the least intervention.

Now be careful out there!

Tomorrow: some additional considerations for small businesses.

Labels: , , , , ,


posted by bruceb at 2/20/2008 12:44:00 AM | permalink


February 19, 2008
SECURITY SOFTWARE - OVERVIEW

There are four housekeeping functions that require attention on every computer.

1. Antivirus protection

2. Adware/spyware protection

3. Installation of security-related updates

4. Backups

If those functions are performed, you can use a computer to accomplish wonderful creative things. If they are neglected, you will likely end up disgraced and humiliated, possibly bankrupt, maybe the tragic victim of a violent crime.

Some people would add other items to that list. Firewall protection - I consider the built-in firewall in Windows XP/Vista to be adequate. Spam filtering, defragging, parental controls - all potentially useful but you can keep a computer running without them.

There is no solution that fits everyone. There doesn't need to be. If you have any product from any major vendor in any of those categories and you give it whatever attention it needs, you are adequately covered in that category.

Each of you has acquired different levels of technical expertise and different abilities to maintain programs running on your computers. Each of you has a different tolerance for popup bubbles and update warnings. If there is any generalization, though, based on long experience I assume that most people do not want to pay attention to computer housekeeping chores.

My job is to help match my clients with products that will do those jobs reliably with the least need for me to intervene. Over the next couple of days, I'll tell you what that means for individuals and small businesses.

Labels: , , , , ,


posted by bruceb at 2/19/2008 12:06:00 AM | permalink


February 04, 2008
MORE ONECARE ANNOYANCES

The Windows Live OneCare team continues to find new ways to shoot themselves in the foot. There have already been a number of bugs and annoyances that have been poorly handled. Better communication would have prevented some of the negative media coverage in the past, and now they're doing it again.

Over the last couple of months, a new version of OneCare was automatically installed on the computers of all OneCare users. There was no notice by e-mail and the random timing of the rollout made it impossible for me to advise people effectively. The upgrade made the program slightly more complex but the real problem was worse - the upgrade required decisions about the new features immediately without sufficient explanation or context. A wrong choice - designating a network connection as "Public" instead of "Home or Work" for example - left computers cut off from shared folders or printers with no obvious fix. I've had a frustrating few weeks cleaning that up.

On January 31, again with no notice (not even any notice to the online forum where OneCare is discussed), another minor update was automatically installed. Again, computers had to be restarted. Ignoring the notice to restart was perilous - if ignored for more than a few hours, the computer forced a restart. At no time was any explanation offered about the upgrade or the restart.

onecarered The January 31 update has created its own flap. With no notice - again, not even any notice to the dedicated advisors working the OneCare online forums - OneCare now goes scary Red if AdAware or McAfee Site Advisor are installed on the same computer.

Those two programs have a long history and many people have had one or the other of them coexisting quite happily with OneCare. The imperious red icon leads to a message demanding that they be uninstalled, with no explanation.

People are irritated. If you want additional protection and believe it's necessary to supplement OneCare with another program, you should be able to do that, right?

The answer is, not necessarily. The problem isn't that the instructions aren't appropriate - they might be. The problem is that there was no warning ahead of time, and yet again the OneCare team isn't responding to people's questions in a timely way.

Here's the most active thread on the OneCare forum about AdAware, and here's the thread about McAfee Site Advisor. There has been no official response. There's reason to suspect that the OneCare team acted without researching these programs deeply. Naturally there is speculation that Microsoft is just trying to avoid competition, not reacting to any real problem at all. People are getting no answers but there's the OneCare icon glowing red - the color that should only be used when there is a grievous, system-threatening problem with security.

The worst thing is that there may be a plausible reason to heed the warning. It is well-known that only one antivirus program can run on a computer; they are built in a way that almost guarantees conflicts if two run simultaneously.

Adware/spyware scanning is starting to take on some of the same characteristics. OneCare and the paid 2007 version of AdAware both run as services - a deep level where conflicts may occur. The OneCare team may well believe that it is safer not to run AdAware and OneCare together; like all conflicts, not everyone will experience a problem but some people might.

McAfee Site Advisor does a different kind of work, but the OneCare advisor on the forum quite reasonably pointed out that McAfee also designates OneCare as a conflicting program for all McAfee programs, without exception.

Why not make an announcement ahead of time, in a clear way and with a warning that OneCare will begin to treat the programs as a sufficient threat to change the color of the OneCare icon? Why generate the press that will undoubtedly use this as an excuse to throw more bricks at OneCare?

I need a security suite to believe in - something that will make you safe, something that will take care of itself so you don't have to call me. OneCare has been so close that things like this are maddening.

Labels: , , , ,


posted by bruceb at 2/04/2008 02:16:00 AM | permalink


January 16, 2008
WINDOWS LIVE ONECARE 2.0 OVERVIEW

I have championed Windows Live OneCare since its release in November 2005. It arrived when Norton and Mcafee were disgracing themselves with increasingly poor security suites and took over chores that are critically important but easily overlooked. Antivirus protection, adware/spyware protection, firewall protection, security updates and patches, and system maintenance (including disk defragging), reduced to a single icon, with clear explanations of what to do if some task had to be performed. It was (and largely still is) a brilliant product well-suited for many people.

No other vendor has anything close to it. I'm going to list a number of criticisms of the OneCare upgrade and I hope you understand how disheartened I am - but there is nothing better out there. Some Norton and Mcafee products are slightly improved this year but they continue to be buggy messes, with ill-chosen services, difficult configuration and intrusive dialogs, and system-crushing loads on a computer's resources.

It is possible to get individual products in each category that have arguable advantages over OneCare. TrendMicro and AVG have good reputations for antivirus protection. Microsoft Windows Defender is sufficient adware/spyware protection for most people. The built-in Windows XP firewall is adequate. Backups can be handled in many ways. If you are technically knowledgeable, or if you are prepared to pay attention, then individual programs can be wonderful things.

The difficulty lies with splitting these chores among multiple programs. Each program will have its quirks and require its own learning curve, each will occasionally need attention or put up messages or demand updates, and each one potentially will have bugs or conflict with other programs. Many people want their computers to be maintained and kept secure without thinking about it. OneCare comes close to delivering that.

This "upgrade" to version 2.0 has mucked things up. It's not fatal, just a frustrating misstep.

  • There was insufficient warning for each person before the upgrade was installed, and the explanations of the new features after the upgrade are unsatisfying. I have been prepared to help but the upgrade is being staggered over several months on an unpredictable schedule. I wrote this coverage a month ago, but that's long forgotten by people who confronted the upgrade unexpectedly this morning.
  • Too many upgrades have ended in failure, with OneCare in various failed states that are difficult to diagnose and cure. If there's going to be a stealth upgrade, you'd better make sure it's successful!
  • The questions asked after the upgrade cannot be answered without a deep understanding of the new program features and they introduce a level of complexity that undercuts the program's compelling simplicity. Some people will benefit from a "hub PC," for example, but it absolutely should not be a choice that has to be made consciously with no notice by every OneCare user!
  • The backup program has been "simplified" in the wrong way. The OneCare designers have removed the ability to designate folders that will be backed up in their entirety. Why? That mattered deeply to many people who wanted the assurance that something important was included that might not be caught by OneCare's default choices. The new features are valuable - centralized backup and additional options for storage of backup files - but every single OneCare user is having to consider those options after the upgrade, which is annoying some and confusing others.
  • By default, OneCare turns on a modified version of printer sharing and messages appear with no warning on other computers sharing the OneCare subscription. One of OneCare's advantages was a minimum of unexpected messages in our faces; this is yet another incremental way to undercut that advantage.

The upgrade problems have spilled over into the media - not the first time OneCare's team has dropped the ball and gotten scolded in the press and online.

I want to like OneCare. I think it keeps people safe. But I've spent way too much time in the last few weeks fixing it or helping confused people and I don't like that a bit.

Having said all that, let's get some perspective.

If you're a OneCare user, don't change. It still works.

If you're running Windows XP and choosing a program, I still suggest OneCare - but with slightly less of a cheerleader attitude.

And if you're running Windows Vista, you have an option that does not apply to Windows XP. The security and maintenance built into Vista is good. Really good. Vista's firewall is the equal of OneCare's firewall. Vista's backup program is essentially identical. Vista's built-in adware/spyware protection is adequate. Vista maintains itself and keeps programs up to date quite nicely.

Vista can be run with a simple antivirus program and no additional security or maintenance products. You'll be roughly as safe and secure and up to date with or without OneCare - as long as you remember to set up Vista's backup so it's done automatically.

Good luck! Keep me posted!

Labels: , ,


posted by bruceb at 1/16/2008 12:15:00 AM | permalink


WINDOWS LIVE ONECARE 2.0 UPGRADE TIPS

After the upgrade to version 2.0 is installed, OneCare will demand answers to a number of questions. These steps will get you through with a minimum of fuss, and return you to the simplest setup.

  • If you are asked for a Windows Live ID name and password to activate the program, you'll have to deal with it. OneCare was originally installed with a Windows Live ID - an e-mail address and a password. If you're my client, send me a note and I'll try to help out.
  • If you are asked whether you want your computer to be a Hub PC, say NO.
  • When you are asked to review your backup plan, choose NOT to centrally manage your backups, then click Next and Save. You do not need to change any settings.
  • If you are asked for the location of your computer, choose HOME OR WORK, not "Public."

One additional change will help avoid unnecessary messages:

  • Open OneCare and click on Change Settings, then click on the Printer Sharing tab. Uncheck the box to "automatically share my printers."

If you'd rather have me deal with these settings, send me a note.

I am helping you bypass some potentially useful features for simplicity. If you are interested, click here for more information. I encourage you to investigate the new features and put them to work!

Labels: , ,


posted by bruceb at 1/16/2008 12:10:00 AM | permalink


WINDOWS LIVE ONECARE 2.0 TROUBLESHOOTING

Here are some Microsoft support documents for specific OneCare problems.

Here is a list of general and specific troubleshooting tips.

If you need technical support from Microsoft, this page describes the flow that leads to e-mail or phone support. Basically, you'll go to this page, click on "Get more help" in the lower right, then click on "Get support."

The OneCare forums are a good source of information and feature a very dedicated guy named Stephen Boots who tries hard to solve problems and make people feel better.

Labels: , ,


posted by bruceb at 1/16/2008 12:05:00 AM | permalink


December 13, 2007
WINDOWS LIVE ONECARE 2.0 UPGRADE NOTES

The upgrade to Windows Live OneCare 2.0 is being rolled out this week to many OneCare users. A few of them have reported confusion or problems with the upgrade. Here are some of the situations I've run into recently.

WHAT TO DO IF THE UPGRADE FAILS

A few people are having trouble - OneCare reports that antivirus protection isn't turned on, or that it can't connect, or that it can't complete the installation.

There may be other ways to fix it but I've used brute force successfully. Here are the steps:

  • Close all programs.
  • Open Control Panel / Add-Remove Programs. Uninstall Windows Live OneCare.
  • Restart the computer.
  • Download and run the OneCare cleanup utility, which removes all trace of OneCare from your system.
  • Restart the computer.
  • Go to the OneCare web site and install the new version by clicking on the link "Add another PC."
  • Restart the computer. When OneCare starts and asks for activation, use the same Windows Live ID as before.

onecare5

 onecare3 CIRCLE & HUB

If the OneCare upgrade is installed on more than one computer with the same subscription, you'll be asked various questions about forming a "circle" of computers - one computer designated as the "hub" monitoring the others.

It's a handy way for somebody in a family to keep track of the other PCs in the house, but it will only work if you take a few minutes to read the OneCare screens and understand what's going on. Turn down the "circle" choices if you don't care and want to leave each computer to fend for itself.

BACKUP

Version 2.0 revamps OneCare's backup system.

  • If you have a "circle" of computers, one of them can back up the others.
  • There's more flexibility on where backups can be stored.
  • There's no longer any option to designate particular folders to be backed up but the default choices will cover everything for most people. (Basically OneCare backs up all files on the hard drive for many file types, regardless of their location. If you've got limited storage space for backups, this might make it over-inclusive.)
  • OneCare will not back up any files in a handful of places - especially the Program Files folder - so some data may be missed.

I'm not sure if the changes to the backup system are an improvement but it's still a good choice for most people, especially if you otherwise might not do any backup at all.

The changes mean that you'll be required to open OneCare and configure the backup settings after the upgrade to version 2.0. There's a checkbox to uncheck if you don't plan to use OneCare for backups.

PRINTER SHARINGonecare4

If you set up a "circle" of computers, you'll be asked if you want to let OneCare handle printer sharing so all computers can use all printers. So far that's been more annoying than helpful - it results in messages popping up on the other computers offering to set up the printers, even if sharing is already set up. You'll wind up with duplicative entries in the printer folder.

If you've already set up shared printers without OneCare's help, turn down the OneCare offer. It can be turned off at each computer later - in OneCare, click on Change settings / Printer Sharing and uncheck the box.

SUPPORT

If you need technical support, this page describes the flow that leads to e-mail or phone support. Basically, you'll go to this page, click on "Get more help" in the lower right, then click on "Get support."

The OneCare forums are a good source of information and feature a very dedicated guy named Stephen Boots who tries hard to solve problems and make people feel better.

BUYING ONECARE

It looks like Microsoft is putting OneCare on sale again. This week it's available at Costco Online for $9.99. (Might be in the store too - I haven't been there to check.)

Labels: , , ,


posted by bruceb at 12/13/2007 12:39:00 AM | permalink


November 15, 2007
WINDOWS LIVE ONECARE 2.0

At some point next week, computers running Windows Live OneCare will automatically be upgraded to OneCare 2.0. Apparently the intent is to make the update automatic and invisible; it's free to existing subscribers.

New features are integrated into the familiar OneCare layout, so little will change for many of you. The most significant new feature permits creation of a "circle" of computers running OneCare on the same home or office network, allowing some OneCare features to be centralized. A single computer can monitor the health of all the computers in the circle, and backups can be centrally configured and monitored. OneCare also takes over printer sharing, making sure any computer in the circle can print to any printer.

"StartupCleaner" is a nicely designed display of the computer's startup programs and processes. OneCare will watch the computer's operation for a week or so, then begin to offer advice on which startup programs might not be necessary. That's a big part of the housekeeping I do regularly for friends and clients, and I'm glad to have some help with it.

OneCare will offer to check the security on your wireless network, and Microsoft is planning to integrate an online backup service for photos (at extra cost).

It's hard to predict whether the rollout of the new version will go smoothly. OneCare has gotten periodic minor updates in the last year without causing too much fuss. Cross your fingers and be prepared to restart your computer at some point during the next week or two!

Labels: , , ,


posted by bruceb at 11/15/2007 12:05:00 AM | permalink


June 23, 2007
MICROSOFT BILLING & ONECARE
Microsoft has a centralized billing system for many of its online services. If you're using Windows Live OneCare, you can view the status of your subscription at http://billing.microsoft.com/. Log in with your Windows Live ID - the e-mail address and password used to install OneCare.

If you click on OneCare (or other services listed), you'll see the renewal date. If it's scheduled to expire in the next couple of months and you plan to keep using it, go ahead and click on "Renew." You won't be billed until the expiration date.

While you're there, check your credit card information and bring it up to date if necessary. OneCare is currently wrestling with a bug that causes it to complain if the credit card on file is past its expiration date, even if the OneCare subscription itself doesn't expire for months.

Labels: ,


posted by bruceb at 6/23/2007 01:34:00 AM | permalink


May 21, 2007
MICROSOFT MALWARE PROTECTION CENTER
Microsoft continues to make progress with its security software.

A preview is available of the Microsoft Malware Protection Center, a long overdue web site to gather information about viruses and adware/spyware, as well as information about the definitions and status of Microsoft's security programs.

The OneCare team has made significant progress in beefing up the program's detection rates to make it score better in tests run by the labs that grade security programs. I'm sympathetic to their argument that the program already catches everything that matters in the real world - some of the labs also check results with long-dead anc