Windows 7 first look: More than just "Vista, fixed"

From ZDNet Blogs

Windows 7 won’t be officially available to the public until next week—Thursday, August 6, to be exact—when MSDN and Technet subscribers will finally get the chance to download the software legitimately and activate their copies with product keys. It’s the first step on a long rollout that will end October 22 when the software will be available for purchase in retail boxes and on new PCs.

I’ve been able to get a head start, using the official RTM build (7600.16385). For the past 10 days, I’ve been methodically installing and testing the final release of Windows 7 on a wide range of desktop and notebook configurations in my home and office. I’ve done upgrades and clean installs, with and without the Easy Transfer utility, using different editions in 32-bit and 64-bit flavors. I’ll have a through review of Windows 7 next week, including a deep dive into its most interesting new features. Today, I want to offer some first impressions and an image gallery based on my initial experience with these final bits.

Windows 7 isn’t perfect, but it is greatly improved over its predecessors in many ways. Calling it an “evolutionary” release in comparison to Windows Vista is probably a fair characterization. However, if you assume that Windows 7 is simply “Vista, fixed,” you’ll miss many small but meaningful changes and several large ones that give Windows 7 its own identity. In daily use, I continue to be impressed by the attention to detail that went into the Windows 7 iterations of features that are part of every Windows user’s daily routine. I’ve also found some hidden gems, which I’ll spotlight here and in next week’s full review.

Read the full article on ZDNet. I am looking forward to trying the release version of Windows 7. I have been happy with Vista for a while now, but am eager to give Windows 7 a try, especially on systems where I am still running XP.

Has Microsoft switched from defense back to offense?

From Tech Republic

It’s easy to forget that Microsoft started its life making programming languages. The world’s largest software company, which was founded in 1975, didn’t throw its first touchdown pass until it backed into the contract with IBM to supply the operating system for the first IBM PC in 1981.

During the 1980s and 1990s, Microsoft may not have built the best products or been the first mover in most of the markets where it built products, but it was the scrappiest and the most tenacious (and sometimes, the most ruthless) competitor in the computer market. And, that’s why it succeeded.

But, when Microsoft was hauled into court by the U.S. Department of Justice in 1998 and charged with monopolistic and anti-competitive practices, the company lost its edge. It became a much less aggressive company.

However, there is mounting evidence that Microsoft is casting itself as the underdog and going back on offense, as Larry Dignan pointed out last week. Here are the five plays that Microsoft has run recently that make me think the company doesn’t want to simply defend its turf any longer, but wants to move the ball down the field

I couldn't agree more. As I have watched Microsoft's moves against Apple and Google and the capabilities of Server 2008 and Windows 7 as well as their renewed push in the development tools arena, I have been struck by the impression of a slumbering beast awakening. It's not just that they are making moves, they are making the right moves.

The one essential truth of computer security

From InfoWorld

Who doesn't love that scene in "A Few Good Men" in which Jack Nicholson's character tells Tom Cruise's character, "You can't handle the truth. I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom I provide, and then questions the manner in which I provide it. I would rather you just said 'Thank you' and went on your way."

I often feel like I'm acting out that scenario when speaking to CIOs and senior security leaders. They want me to tell them how to stop hackers and malware from invading their environments. Usually I'm consulting on some multitiered firewall/proxy/security solution aimed at protecting back-end databases. We talk about packet-inspecting firewalls, intrusion detection, two-factor authentication, and all sorts of high-tech defensive solutions that add several layers to their defense-in-depth protection.

Then I say something like, "That's all great, but it won't work." I usually have their attention by then.

Next, I throw out the inconvenient truths:

• Most of today's security risk in the average computing environment comes from "drive-by downloads" -- that is, trusted insiders get infected by Trojan software that they were tricked into installing.
• If you allow your end-users to install any software they want, then your risk of security exploitation is high.
• Even if you are fully patched and the software you run contains zero bugs (this is never true), it barely decreases the risk from drive-by downloads.
• Most malware and malicious hackers are criminally motivated and seek monetary gain.
• End-user education is highly overrated and will fail.
• Your firewall, your anti-malware software, and your IDS will fail.

This is hard for many people to accept, but I think we need to start thinking in terms of a office computer being a business tool. It is NOT a general purpose computing device to be used for personal purposes by employees. Harsh? Of course it is, but not as harsh as a trojan deleting essential work information or company secrets sold to the competition.

Manchester City Council pays $2.4m in Conficker clean up costs

From ZDNet Blogs

How severe can the impact of the Conficker worm be on a single city council that has apparently not implemented basic security solutions in place?

Pretty severe according to a recently released a report entitled “Service interruption resulting from ICT disruption in February 2009” which details the financial costs of a Conficker incident affecting Manchester City Council’s network - 1.5 million pounds in clean up costs and lost revenue from the downtime.

This organisation did not have security in place that would have mitigated the attack. And cleaning up after an attack is always a lot more expensive that preventing the attack. The message is clear - being proactive is cheaper than being reactive.