TechEd's Desktop Push: Deploying Windows XP SP2By Rob Enderle | Posted 2004-05-25 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
With Windows XP Service Pack 2 due to market in a few weeks, the company's mantra is that you need to start testing now, Rob Enderle writes.Disclaimer: Microsoft, Transmeta, Intel and VIA are clients of mine.
SAN DIEGOTechEd is one of three important shows from Microsoft, the other two being the Windows Hardware Engineering Conference, focused on hardware companies; and the Professional Developers Conference, focused on developers.
For IT, TechEd is the most important because it focuses on the people who deploy technology, and there are 11,000 IT people here. Looking around in the huge keynote room, it isn't hard to believe that they are all here with me in the room.
I am unable to create a VPN or make contact with my Exchange Server, even though I can browse the Web intermittently.
Having this many people in close proximity remains a huge problem, but I can't help but think that Microsoft is trying to showcase one of its new solutions in this instance.
That solution, which works only on current versions of Office, Exchange and Windows Server 2003 platforms, is RPC over HTTP. This allows you to connect, in a secure fashion, to Exchange without opening a VPN and opening an organization to attack through the trusted link that a VPN represents.
One of the announcements here is that this connection, which is Exchange-only at this time, will be expanded to a variety of products next year with an interim drop of Windows 2003 server.
I first became aware of this when my ISP, LAN Logic, which hosts my Exchange Server, suggested it to me several months ago.
It is interesting to note that while my own technicians appear to be up on this, and clearly the IT folks attending are being trained on it, the technicians on the floor have never heard of this improvement.
You also can use several thousand HP desktops to access your e-mail if it is exposed to a Web client, and I can't help but wonder how many of these machines may have password-caching turned ononce again pointing to the need for a USB dongle I highlighted in my column on hoteling a few weeks ago.
If there is a central message from Microsoft with regard to the desktop, it is the drive to deploy Windows XP Service Pack 2 (SP2), due to market in a few weeks. In the platform sessions, the repeating message is that you need to start testing now.
It is so strong that it is becoming clear to me that shortly after SP2 is released, messaging that focuses more on the responsibility of the IT manager and less on the product will roll.
And this messaging will go a long way toward creating the belief in non-IT management that anyone who is on Windows and is not running SP2 is taking an unnecessary risk.
This will undoubtedly upset a large number of folks, but the practical aspect is that this is really the only strong lever Microsoft has to drive massive adoption of the most important patch, with regard to security, that it has ever provided.
We can argue that it is overdue, but once it arrives, the pressure shifts to us to deploy itand Microsoft is already driving this hard.
It takes about nine days from the time a regular patch is released until some idiot reverse-engineers it to create a virus that exploits unpatched systems.
It takes the virus companies about 24 hours to identify the virus and distribute the definitions that allow the virus to be accurately identified, disabled and removed.
In that 24-hour period, the viruses may infect thousands of machines and mutate, making it virtually impossible to respond to these newer threats.
Some of the most recent viruses actually turn off popular virus protection programs. Like an athlete who plays without the proper protective gear and gets injured, once SP2 is out, those who are hit with a virus and haven't installed this comprehensive patch are more likely to be seen as the problem, not the victim. And were that to happen, it would clearly be career-limiting.
One related announcement is that all of the patching services will be combined in a few months into something called SAS 2.0. Then, an IT department can set up its own intermediate service to make sure the patches are tested before being deployed.
Given that patching is killing the desktop staffs, most here at TechEd appear to agree that this is one of the more powerful desktop fixes. But remember that at least one patch requires a change in hardware and that, without this change, desktop hardware will remain uncomfortably exposed.
Next Page: The importance of Data Execution Protection, formerly called NX.
The Importance of Data Execution Protection (formerly called NX)
One thing to remember is that the DEP component of SP2, which we covered in an earlier column back when it was called "NX" for "No Execute" at WinHEC, requires a processor that is enabled to run it.
Currently, the only processors on the market that do this are the AMD Athlon and Opteron 64 processors, and the Intel Itanium processors.
NX is designed to eliminate buffer overflow exploits, and these have been some of the most damaging and disruptive to date. Transmeta will have support for this shortly, Intel by the fourth quarter, and VIA (which hasn't yet announced) is expected to have it as well.
Given that this will be one of the exposures that will continue to exist on most systems even after SP2 is installed, it would seem likely that the related exposure will be more aggressively attacked. This is true of desktops, laptops and servers.
This is something to think about as you go through your hardware purchase plans. Realistically, you probably can't shift next year's hardware upgrade budget into this year, but you should really think about how you are going to protect your users next year and factor that into your buy and build plans.
Discovering the reality about these exposures is what many of these shows are good for, and given the attendance here and at other shows, it appears that large numbers of people understand this.
SP2 is due in July or August, and application compatibility is what is holding the release up. It is currently in Release Candidate 1, and one more release candidate is expected before this service pack will be finalized.
Now, if you didn't pick this up already, shows are back. They are a place to go to make contacts and get a better feel for vendor direction, and they can provide a view into the future that will be critical for business decisions.
One of the core values here is the chance to talk to other IT folks and capture best practices, get the real stories underneath the products, and make contactswhich in this changing world could become invaluable to your continued employment.
People often will favor those they know, and this is not only a good place to meet potential employers, but employees as well. There are people here who actually manage thousands of desktops and servers with teams that are well under 10 people.
Understanding how they do that could protect you against being outsourced and/or provide financial benefits that could reflect favorably on you.
There are three shows I recommend attending this year. TechEd, for the reasons already noted; Business4Site, a new Ziff conference designed to provide a forward-looking business outlook and develop contacts; and Comdex, whichdespite pretendersremains the most powerful IT technology show in the market for a variety of hardware and software vendors.
Rob Enderle is the principal analyst for the Enderle Group, a company specializing in emerging personal technology. Full disclosure: One of Enderle's clients is Microsoft as well as Advanced Micro Devices, Dell, Gateway, Hewlett-Packard, Intel, Transmeta, VIA and Vulcan. In addition, Enderle sits on advisory councils for AMD, ClearCube, Comdex, Dell, Hewlett-Packard, IBM, Intel, Microsoft and TCG.