Maximum Uptime Blog

Which platforms are at higher risk?
Systems that are mostly likely to be affected are those systems whose Windows Firewall is disabled OR those systems whose firewall is enabled, but also have file and print sharing enabled. If you are unsure if you computer is fully patched, or wish to wait until the patch has been tested and released, you can remediate the threat by simply enabling the Windows Firewall and turning off File and Print sharing.  If you are running Windows Vista or Windows 2008 Server, the out-of-box configuration of the operating system will protect you as the RCP interface is secured via authentication, however there are a number of changes that can be made to these operating systems that will expose the computer to risk, so it is best to keep your operating system current and patched.

How to Remediate Vulnerabilities
Begin by applying the patch to all servers in your network environment. This patch should be applied during a maintenance window as it requires restarting the host operating system. When all servers have been patched, apply the security update to all nodes (workstations). Workstations and servers that have Windows update installed will receive the patch the next time the Windows Update runs a scan. If you are relying on this tool for patch deployment, be sure to check the scheduled runtime. You can always run windows update by going to http://update.microsoft.com/

If you have questions about this critical service patch or need assistance remediating this vulnerability on your system, please contact us via email at info@empiricpartners.com.

In a picture-perfect world, once your network infrastructure is installed and configured, the job is done. Hardware doesn't fail, power never goes out and packets are never dropped. Nice thought, huh? Back on Planet Earth, everyone knows that things go wrong. And the things that go wrong are often out of your hands. Sure, you can call a vendor, but the service won't come back online until someone else fixes it. We'd love to do it ourselves (sometimes) but it usually isn't possible.

But wait- Aren't we always talking about Maximum UptimeTM and application continuity? Redundancy, redundancy, redundancy. It's the reason the servers have two power supplies, RAID arrays for disk failure, and dual network interfaces. But we can't stop there. Think about the rest of your infrastructure. Network switches, firewalls, routers and finally, the internet connection itself.

So you're saying I should have two internet providers? If you're skeptical about your provider's claim of 99.9% uptime, you just passed the test (.1% still means over 8 hours of downtime a year). Sure, might not cause a big problem if the outages are every once in a while at 3am for 20 minutes at a time and your online backups (you do have off-site backup, right?) were running. Murphy decided that YOUR 8 hours of downtime are going to start on Mondays. At 8:45am.

So where am I going with this? Redundancy. Right. Two internet circuits are a good idea. Not just two internet circuits, but two internet circuits from different providers. Even better, two internet circuits from different providers that don't live in the same conduit because the backhoe operator trying to fix the sewer system is probably not precise enough to decimate one string of fiber without taking out the one sitting a few millimeters to the left. Think about a provider like Veroxity that will work with you to install your connection through a physically different location in the building. Also consider where THEIR infrastructure resides. If all roads lead to the same place, you still have a single point of failure. Ask them about which POPs are available to provide service to your location.

We can't eliminate outages, but we can stop them from affecting uptime. A little forethought goes a long way, and sometimes saying "I'm on the phone with Verizon right now" isn't enough to keep the CEO happy.

My friend Devine recently received a notice on his computer that his antivirus software was out of date and that he needed to renew. His computer was telling him that it had found all sorts of viruses and that he should upgrade to Antivirus 2009 to clean the viruses and spyware from his computer. Not wanting to bother his IT friend, he click the upgrade now button, entered his contact information and credit card info.

After cleaning his computer on Friday, he called me on Saturday screaming and yelling. He had paid fifty bucks for the new version of his Antivirus, but the bleeping thing kept telling him he had viruses. As it turns out, Devin had inadvertently installed a new piece of malware. This new malware "Antivirus 2009" is in the same family as Antivirus XP 2008, System Antivirus 2008 and Doctor Antivirus. Once installed, this fine piece of software (and I do think the user interface is particularly well designed for it's target audience), scans the local computer and reports back a list of fake viruses. The software attempts to scare the user into purchasing the one piece of software that can remove the viruses completely, promising certain doom if the problem is left unchecked.

When Antivirus 2009 is installed Internet Explorer also displays fake messages. These messages range from a line at the top of the browser stating an infection was found to adding a text box on Google’s website homepage saying that Google has detected an infection on your computer. These tactics are just two more methods where Antivirus 2009 uses false information to scare you into purchasing their software. The related versions of the malware will do other obnoxious things like change the wallpaper and screensaver and then lock the user out of the ability to change them back.

Removing Antivirus 2009 is fairly simple; it requires removing the application, editing the registry, and unregistering the software's DLLs. The best way to avoid getting Antivirus 2009 or it's decendents is to browse safely. Only click on  downloads and links from trusted sources. Use a name brand antivirus package--there are some that are free for home use--(AVG, Avast, TrendMirco, etc) and run the software in active protection mode. Most importantly, if you're not sure if your computer is clean, contact your IT support provider. 

Update to iPhone improves performance

Last week Apple released several software updates that add features and fix bugs in its iPhone software, iTunes (and QuickTime). Here's what we found:

iTunes 8

Along with updates to the iPhone software (see below), Apple updated iTunes to version 8 to support its new Genius playlists (this feature creates new playlists based on your music library). 

The initial release of iTunes 8.0 included a buggy USB driver, causing the dreaded BSOD (blue screen of death) on lots of Windows Vista computers. Apple released an updated version of iTunes 8 on Thursday to fix this, so be wary of updating iTunes if you're using Vista. The iTunes installer includes an update to QuickTime 7.5.5.

iPhone 2.1

The latest iPhone software update, version 2.1, released on September 12, provided a number of helpful updates. Here's what Apple claimed to fix in this release and what I've seen in a few days of testing with the new software.

Stop putting out fires in your server room

Network monitoring is the most powerful took you can use to keep your business technology up and running. Network monitoring systems constantly watch over your servers, switches, and other network gear.

When something the system is watching passes a predefined threshold (such as disk space usage or network activity) the system sends an alert to your technology staff to let them know something is wrong. Sounds great for IT, but what are the business benefits of a network monitoring system?

1. Know about service problems before the outside world does

2. Hold your internet provider to their word

3. Keep your systems secure

4. Track usage patterns

5. Know when it's time for an upgrade

Bluetooth headsets sound like a great idea -- they promise to give you a wireless earpiece that will let you take or make phone calls handsfree while you're on the road.

But there are so many on the market, how can you pick one? We've boiled down our experience with a number of different headsets to three top criteria you should consider when looking at Bluetooth headsets.

Comfort & Fit

People come in all shapes and sizes, but earpieces are limited to a small range of sizes that try to fit every ear. You'll need to find an earpiece that is comfortable to wear, stays in your ear, and doesn't poke or jab your ear or your face.

Take a look at the number of attachments that the earpiece comes with -- is there just one or two, or does the manufacturer provide a variety of parts so you can find a better fit? You'll want to make sure the earpiece is comfortable when wearing it the way the manufacturer intends. For example, Aliph's Jawbone earpiece needs to touch your face for its noise canceling feature to work. If you're not comfortable with an earpiece resting on your face, this particular model may not be the one for you.

Ear loops can be painful if they're too small, and an earpiece can fall off if the loop is too big. An ear loop that hooks over your ear is really only useful when walking around.

Ear buds, on the other hand, can be uncomfortable if they are too large. If they're too small, the earpiece can fall off.I find Apple's iPhone Bluetooth Headset fits my ear perfectly and I can wear it for hours. (Meanwhile, I find the white earbuds that ship with the iPhone to be uncomfortable after an hour or so.)

Try a few to see what best fits your ear.

Style & Design

Headsets have become more accepted despite their nerdy appearance. Style is an important personal choice, and recent earpieces have become smaller, less obtrusive, and have fewer flashing lights. Jawbone has positioned their headset as trendy and stylish. Others are more functional.

Buttons are important to the function of an earpiece. You need to be able to find them when you're wearing the earpiece so you can actually answer or drop calls. Some earpieces work with voice activated dialing on BlackBerry handhelds, which adds a great convenience factor. If you have large fingers, you don't want to end up disconnecting your callers  by pressing the wrong button. You also want to be able to put the earpiece on without pressing the wrong button and dropping a call.

Charging is easiest with headsets that will charge via USB on your computer. Most require a special USB cable with a proprietary connector that plugs into the earpiece. Check the cable before you buy, since you'll need to add this cable to your traveling kit.

Does it work?

It's important that an earpiece work in the environment where you'll use it most. Think about your calling patterns. Where do you need to use an earpiece? We see three common scenarios:

1) Low background noise, in a quiet office or at home.

2) In a place with constant background noise, such as an airport terminal.

3) Outdoors on a windy city street.

In the office all of the headsets we tried worked well, with clear sound that callers could understand. Background noise filtering was reliable with the Jawbone, so it did what it advertises in our colocation facility with constant background fan noise. All of the headsets we've tried failed the wind test, making it hard for callers to hear us.

Know that you won't be able to use a headset when walking down the street in an urban environment. Wind, buses, and traffic will make your calls unintelligible.

If you spend a lot of time on the phone and are constantly on the go, a bluetooth headset is probably a good addition to your mobile tech kit.

But remember:  If callers tell you they can't hear you, shut off the earpiece and use your phone.

The other day a client asked why we don't support every device that can connect to an Exchange server using Microsoft ActiveSync. I explained our reasons, but he still didn't seem to think that we should limit what we support. (We limit what we support so that we can be very, very good at what we do.)

After pondering his question, it dawned on me that I hadn't articulated the business benefits of using standardized hardware.

There are three dramatic benefits to standardizing:

1. Support can be more responsive

Since we use the same technology that we recommend to our clients, we encounter many of the same problems they do. When you use something day in and day out, you get to know the quirks and limitations of a system rather intimately, so it makes support more of a show-and-tell training experience than a research and trial-and-error troubleshooting session.

2. Less time spent on support calls

With know equipment in use in a known configuration, there's much less time wasted. We had a horribly long support session the other day with a client who had a self-configured laptop and was having trouble with Outlook. Since we were unable to gain remote control of his computer, it took several hours of walking him through steps over the phone. After that exhausting support call, it felt like FedEx-ing a newly configured, managed laptop would have been a better solution. (And considering the cost of an a la carte support session, that may have been a cheaper solution, too.) Short support sessions mean people get back to work faster.

3. Standardizing costs less

Having fewer variables in configuration means there are fewer spare parts to keep on hand, components can be swapped out to get a computer back up and running quickly, and less time is spent relying on faraway hardware vendors who often can't provide same-day response.

It doesn't really matter what you standardize on -- whether it's Mac or PC (we do both), ThinkPad or Latitude, iPhone or BlackBerry. It just needs to be consistent to generate a benefit. Having half of an office on a standard and the other half on a random array of aging equipment means that only half of the benefit accrues. In a small office, that's often not enough. A single break-fix support session on an outdated, unmanaged PC can cost as much as a replacement PC itself!

The benefits of standardizing are sometimes hard to communicate, but they are clear to us:  We can provide a higher level of service to customers who agree to use standard equipment. Standardizing lets us provide same-day hardware replacement, unlimited phone and email support, remote control and patch management, and peace of mind that our clients' computers will work reliably.

Since Apple released its iPhone 2.0 software on July 11, we've been exploring the iPhone's new features to see how well it works in an enterprise environment with Microsoft Exchange.

So far, the experience has been very good:

• Push email works as expected, and it's faster than on a BlackBerry handheld;
• Push calendar lets you view your Exchange calendar, create new items, and respond to meeting invitation requests on the go;
• Push contacts sends all of your contacts and updates your contacts in the background as updates arrive from the server;
• Enabling ActiveSync on an Exchange server requires some downtime to reconfigure SSL security and restart a number of services, but the process is relatively straightforward for a skilled Exchange administrator.

A few notable shortcomings:

• Activation sometimes fails with no error message on the handheld (but you can see Server Activesync errors on the Exchange server);
• Tasks and Notes still don't sync to the iPhone;
• Contact searching is very slow at times;
• There is no way to search email messages.

For most users, the overall feature set in iPhone 2.0 will let them switch from a BlackBerry to an iPhone without losing their connection to the corporate server.