To me, part of the job is letting people know alternatives exist. It is up to them if they choose to use the alternatives, but I would certainly offer it to them and outline some of its benefits. Of course some of this will depend on the customer, it is the tech's job to make sure the alternative solution will let them function with all the functionality they had before. If some aspect of what the customer does prevents this, then the solution should not be forced on them.
I also think mentioning open alternatives that run on the Windows OS is a great step as well. Some people just don't want a lot of change at once. Change their browser and let them see how pleasant FireFox is. Later on, maybe they will be more open to changing Office around. As they become confident with the changes and recommendations you are making they might be more welling to consider a switch to Linux (again, if it is appropriate for them).
Don't tell me I don't have battle experience with Microsoft Licensing.
I am certainly not trying to say you don't have battle experience with MS Licensing. I am trying to say that from MS's Open licensing web page mentioned in my previous link that the following is said:
Open Value Company-wide Option:And you'll have access to your licenses for as long as you need them (perpetual).
In that scenario there is no reason anyone should be asking you to remove software from your machines. Now if you obtained your licenses outside of the US or Canada then there may have been a subscription based license involved (described in my previous links) where removing the software very well may have been requested.
Not quite... Check here. Scroll down to the 'Open Value Options' section. Note there are three options of Open Value licenses, one of which is subscription. It is that option that is nonperpetual and also according to this page not an option in the US or Canada.
That much is probably true. Implementing some new process on a Linux box probably does take a bit longer. But here's the thing: Once it's done, it's done.
This is what I tend to tell folks at work. Sure, it might take me a little longer to get something setup and configured in Linux than Windows. But once I have it configured correctly in Linux I don't have to worry about from then on. So in the long run Linux works out better.
Been awhile since you've worked on an Exchange box? First, in Exchange 2000 it is enabled by default. Second, the user CAL will satisfy the user access for OWA.
Care to point out an MS article that dictates otherwise?
No -- Exchanges standards for how it operates and stores the messages does suck. I hate the fact I can't get to this stuff without using a crappy almost not supported web interface...
You must be using the old OWA 5.5, which was rather limited in its interface. OWA 2000 was a welcome improvement, and OWA 2003 is an even bigger improvement. Try the free trial of OWA2003 here.
To be fair; that patch didn't install on a significant portion of machines (any system running w2k sp2)...
Didn't install on W2KSP2 machines? The bulletin (going back to the original MS03-026 one) clearly states it will install on an SP2 machine. Granted it took them until August 12th to update the bulletin with this information.
I installed the patch on several W2KSP2 machines all of which were confirmed to be successfully patched by three different scanners.
when you intall any kind of app (like an SMTP server) in OS X, the system won't let you do it unless there's user interaction.
The executable that comes with SoBig acts as the SMTP server, it's not like you are INSTALLING an SMTP server on your system.
...attach it to an email and outlook runs it.
Not if you installed the Outlook Security Patch from a touch over three years ago. And recent versions of Outlook Express allow you to prohibit access to dangerous attachments. (Tools | Options | Security)
Maybe you should try using a recent version of Linux before bashing it. Most (RH, MDK, Debian) make you install a normal user account during install. All (except Lindows) include dire warnings about using the root account for normal activities.
I've worked with several recent versions of Linux. You have missed my point. I never said that various distros didn't make you create a non-admin user account for the system. I SAID most Joe Users will end up running as root more than one thinks. Why? Becuase they will tire of typing passwords for sudo or su to do things on their system. This has nothing to do with whether a particular distro has you create a non-admin user or not.
And before you think I am bashing Linux (which I am not) I think su and sudo are great (as I think run as in Windows is great). They let you run as a normal user day to day while providing a facility to run adminstrator type tasks as needed.
...(as opposed to Windows programs, which won't run as anything *but* admin).
Yeah, go ahead and lump ALL Windows programs together. The vast majority of users on my network are not local admins on their machines, yet they are fully productive workers for our company and able to run all the applications necessary to be productive.
He does, however, need to know the importance of layered priviledges enough to enter the root password when needed. Besides, *nothing* is easier than su, except maybe the link on my app menu that says "Terminal- Super User Mode".
Remember who we are talking about here, Joe User. Not you, not I or three quarters of the Slashdot crowd. Nothing easier than su, eh? These are the same people that can't grasp using Automatic Update to keep their machines updated.
I am talking about the millions of Joe users out there that are running in the administrators account out-of-the-box and don't know better not to. This is not their fault, it is the fault of MS for making that decision to put user in the local Administrators group out-of-the-box.
I will agree that making the user an admin by default is a poor decision.
But, if we are using Joe User as the example I will bet they end up running as root more often than you think. Why? Because they are Joe User. They will be lazy and not want to sudo to do things (or su). I've also seen posts to my local Linux User's Group mailing list stating that a handful of people run as root all the time, this from people who probably aren't even Joe User if they are bothering to hang out on a local LUG list.
So while you and I understand that running as local admin (or root) all of the time is not the best idea, Joe User doesn't. As Linux becomes more mainstream I am certain we will see similar issues of people running as root all the time.
After so many "outbreaks" like this, I wonder how could MS not have long ago updated Outlook with a built-in filter that displays a big red warning whenever any file with a.exe or other non-Big 3 extension shows up in an email messsage?
They did, over 3 years ago, it was called the Outlook E-Mail Security update. That pretty much took care of Outlook 98 and Outlook 2000. Outlook XP already has it built in.
Microsoft finally included the feature to block access to dangerous attachments for Outlook Express with version 6, I believe. I think SP1 for OE6 actually made to the default set to block access to these attachments. (Tools | Options | Security)
excerpt from your link... So a virus like SoBig can infect a Windows machine and e-mail itself out, to everyone in the user's address book, without the user realizing it.
No Mac e-mail program allows this, so Mac users would have to spread a virus like SoBig manually by intentionally mailing it other users -- not a likely scenario.
The guy doesn't even understand how SoBig worked and I am supposed to believe him when he says OS X is more secure? Viruses haven't used the old email everybody in your address book for quite some time. They are now come pre-packaged with their own SMTP server and scan the file system for email addresses. How is OS X not allowing this?
Umm, nope. It doesn't matter if your are in the ADMINISTRATORS group. You can easily delete a file or change the ACL.
Uh, You don't use root as a normal user on your Linux box, right? Why are you running as a user with local administrator on your Windows box? And before you say it's because it's too hard to get anything done on a Windows box as a normal user, don't forget the 'Run As' feature in new flavors of Windows.
If I am in the Administrators group, I can change those rights back VERY EASILY.
HHhhmmm, and if I am root I can easily change permission on files and directories also. What's your point?
Does the occasional MS patch cause an issue? Yes. Anymore though it is the exception not the rule. Should one test patches before implementing them in the Enterprise? Yes, but this applies to ANY OS you are running.
The first post in the link says installing SP4 over the Blaster patch overwrites it. The VERY next post states that this is simply not true.
I had wondered the same thing when the Blaster patch originally came out. So what did I do? I TESTED it in a test environment. The results? Installing SP4 over the Blaster patch did NOT cause the system to become vulnerable (confirmed with three different vulnerability scanners).
Sure there is something you can do. Use group policy to disable LM/NTLM and force machines to only accept NTLMv2. No need not to use the OS, only a need to use the tools provided to you.
Of course with physical access to a machine running Linux one can easily boot off a Linux boot disk and set the root password to be blank. If one has physical access to the machine then the machine is vulnerable.
Keep in mind there are two types of people (well, at LEAST two types of people) who want to use Linux, those that want to hack and tweek and those that just want to use it to get their work done.
I definitely agree though that for the hackers and tweekers your way works best in the long run. Often times when I am helping a friend with a Linux question the first thing I say is "Well open up a terminal window and then..."
Before I started getting into Linux and such I had a friend that was sysadmin who would just fly along at command line on his FreeBSD and Linux boxes. I would always think he was doing something really fancy and such. Then I learned more and realized whenever he would first sit at a console he would out of habit just start typing things like df, ls -l, vmstat, etc. More to get his thinking process started than anything else....
If you only got 33 days out of a 2K server acting as a file server then you did something wrong. Heck, I can get more than 33 days out of an old decrepit file server running NT4.0 on SP4.
*NIX servers are good, and their uptimes are admirable, but NT/2K OS's are not 33 day bad......
I finally bought one of these when the prices came down (about a month and half ago). So far it has been great, most of the things it is good for have been mentioned already, scheduling, contacts, able to take notes that then get backed up to the PC, etc, etc. I use it all of the time.
Even in comparison to a Pocket PC I am still happy with my PALM IIIxe. Now in the future this may change once the PocketPC models are cheaper. But at this point all I was looking for was basic functionality. My laptop can handle the MP3's, color and whatever else I need.
Slashdot Mirror
I also think mentioning open alternatives that run on the Windows OS is a great step as well. Some people just don't want a lot of change at once. Change their browser and let them see how pleasant FireFox is. Later on, maybe they will be more open to changing Office around. As they become confident with the changes and recommendations you are making they might be more welling to consider a switch to Linux (again, if it is appropriate for them).
I am certainly not trying to say you don't have battle experience with MS Licensing. I am trying to say that from MS's Open licensing web page mentioned in my previous link that the following is said:
Open Value Company-wide Option: And you'll have access to your licenses for as long as you need them (perpetual).
In that scenario there is no reason anyone should be asking you to remove software from your machines. Now if you obtained your licenses outside of the US or Canada then there may have been a subscription based license involved (described in my previous links) where removing the software very well may have been requested.
Not quite... Check here. Scroll down to the 'Open Value Options' section. Note there are three options of Open Value licenses, one of which is subscription. It is that option that is nonperpetual and also according to this page not an option in the US or Canada.
This is what I tend to tell folks at work. Sure, it might take me a little longer to get something setup and configured in Linux than Windows. But once I have it configured correctly in Linux I don't have to worry about from then on. So in the long run Linux works out better.
Been awhile since you've worked on an Exchange box? First, in Exchange 2000 it is enabled by default. Second, the user CAL will satisfy the user access for OWA.
Care to point out an MS article that dictates otherwise?
You must be using the old OWA 5.5, which was rather limited in its interface. OWA 2000 was a welcome improvement, and OWA 2003 is an even bigger improvement. Try the free trial of OWA2003 here.
You can implement Exchange 2003 in a Windows 2000 AD. Here...
I installed the patch on several W2KSP2 machines all of which were confirmed to be successfully patched by three different scanners.
I've worked with several recent versions of Linux. You have missed my point. I never said that various distros didn't make you create a non-admin user account for the system. I SAID most Joe Users will end up running as root more than one thinks. Why? Becuase they will tire of typing passwords for sudo or su to do things on their system. This has nothing to do with whether a particular distro has you create a non-admin user or not.
And before you think I am bashing Linux (which I am not) I think su and sudo are great (as I think run as in Windows is great). They let you run as a normal user day to day while providing a facility to run adminstrator type tasks as needed.
Yeah, go ahead and lump ALL Windows programs together. The vast majority of users on my network are not local admins on their machines, yet they are fully productive workers for our company and able to run all the applications necessary to be productive.
Remember who we are talking about here, Joe User. Not you, not I or three quarters of the Slashdot crowd. Nothing easier than su, eh? These are the same people that can't grasp using Automatic Update to keep their machines updated.
But, if we are using Joe User as the example I will bet they end up running as root more often than you think. Why? Because they are Joe User. They will be lazy and not want to sudo to do things (or su). I've also seen posts to my local Linux User's Group mailing list stating that a handful of people run as root all the time, this from people who probably aren't even Joe User if they are bothering to hang out on a local LUG list.
So while you and I understand that running as local admin (or root) all of the time is not the best idea, Joe User doesn't. As Linux becomes more mainstream I am certain we will see similar issues of people running as root all the time.
Microsoft finally included the feature to block access to dangerous attachments for Outlook Express with version 6, I believe. I think SP1 for OE6 actually made to the default set to block access to these attachments. (Tools | Options | Security)
FUD. Back this statement up.
Does the occasional MS patch cause an issue? Yes. Anymore though it is the exception not the rule. Should one test patches before implementing them in the Enterprise? Yes, but this applies to ANY OS you are running.
Did you even read the link you posted?
The first post in the link says installing SP4 over the Blaster patch overwrites it. The VERY next post states that this is simply not true.
I had wondered the same thing when the Blaster patch originally came out. So what did I do? I TESTED it in a test environment. The results? Installing SP4 over the Blaster patch did NOT cause the system to become vulnerable (confirmed with three different vulnerability scanners).
Stop the FUD...
Uh, this only disables NTLM within MS's telnet. Edit the Registry or use Group Policy to prevent client from using NTLM elsewhere.
Sure there is something you can do. Use group policy to disable LM/NTLM and force machines to only accept NTLMv2. No need not to use the OS, only a need to use the tools provided to you.
Of course with physical access to a machine running Linux one can easily boot off a Linux boot disk and set the root password to be blank. If one has physical access to the machine then the machine is vulnerable.
Because it's not a MS security hole....
Seriously though I would have thought this should have been on the front page too. It certainly seems news worthy enough.
Keep in mind there are two types of people (well, at LEAST two types of people) who want to use Linux, those that want to hack and tweek and those that just want to use it to get their work done.
I definitely agree though that for the hackers and tweekers your way works best in the long run. Often times when I am helping a friend with a Linux question the first thing I say is "Well open up a terminal window and then..."
Before I started getting into Linux and such I had a friend that was sysadmin who would just fly along at command line on his FreeBSD and Linux boxes. I would always think he was doing something really fancy and such. Then I learned more and realized whenever he would first sit at a console he would out of habit just start typing things like df, ls -l, vmstat, etc. More to get his thinking process started than anything else....
Except of course in cases such as kernel 2.4.11 which was promptly replaced with kernel 2.4.12....
If you only got 33 days out of a 2K server acting as a file server then you did something wrong. Heck, I can get more than 33 days out of an old decrepit file server running NT4.0 on SP4.
*NIX servers are good, and their uptimes are admirable, but NT/2K OS's are not 33 day bad......
PALM IIIxe, what a piece?
I finally bought one of these when the prices came down (about a month and half ago). So far it has been great, most of the things it is good for have been mentioned already, scheduling, contacts, able to take notes that then get backed up to the PC, etc, etc. I use it all of the time.
Even in comparison to a Pocket PC I am still happy with my PALM IIIxe. Now in the future this may change once the PocketPC models are cheaper. But at this point all I was looking for was basic functionality. My laptop can handle the MP3's, color and whatever else I need.