The wait is over!

Microsoft has released the final service pack for Windows XP (SP3) and you can download it now via the Windows Updates or Microsoft Updates services or from the Download Center on the company's Web site.

I first installed it on an older machine with LOTS of various software and the system was completely updated to pre-SP3 state. It took about 30 minutes over a broadband connection and it was smooth goings all-the-way through, with only 3 prompts (2 from CounterSpy).

After restarting the system, digging around a bit and using various programs - everything tested out perfectly and there were no issues, concerns or hassles to deal with. The machine runs well and even seems a bit more responsive. While this is an unexpected surprise, it is one that I welcome.

If you have not installed this system update/service pack for Windows XP, I would recommend doing so as soon as possible! For more information about what is included in this final service pack, please check out: http://www.micaspecialties.org/blog/post/index/52/Windows-XP--Service-Pack-
3-SP3 or visit Microsoft directly and download this update.

REDMOND, Wash., Feb. 4, 2008 – Approaching the company’s largest enterprise launch in its history, Microsoft reached another important milestone today with the release to manufacturing (RTM) of Windows Server 2008. The response from IT professionals and developers has been strong as the company moves toward the worldwide launch of Windows Server 2008, SQL Server 2008 and Visual Studio 2008 on February 27.

One indication of the momentum that is building around the latest server operating system is the number of beta and evaluation versions that customers and partners have obtained: more than two million.

IT professionals face increasing pressure from rapidly changing technology, increasing costs and security concerns, and expanding business needs. Windows Server 2008 helps alleviate these pressures by automating daily management tasks, tightening security, improving efficiency and increasing availability. It also offers virtualization solutions that will enable IT professionals to reduce costs, increase hardware utilization, optimize their infrastructure, and improve server availability.

Furthermore, because Windows Server 2008 was developed in tandem with the Windows Vista code base, it has most of that operating system’s advanced management and security features, such as integrated Network Access Protection (NAP) and Group Policy. Customers will also see system-wide performance improvements from an integrated system architecture, including network file sharing, managed quality of service and reduced power consumption. Common tools and processes across both operating systems will result in efficiencies for IT organizations.

“We’ve been working with partners around the world who are creating solutions that take advantage of the new platform’s feature set,” said Bob Visse, senior director, Windows Server Marketing Group at Microsoft. “There’s been tremendous support for the operating system and a lot of excitement around the opportunity it represents for the industry.”

Microsoft is also offering customers a Go Live License, which permits them to deploy beta releases of Internet Information Services 7.0 (IIS 7.0) into live production. So far, 28 companies worldwide have created and launched hosted offerings using this program, and hundreds more have downloaded the Windows Server 2008 beta and begun testing.

With Windows Server 2008, Microsoft is also embracing PHP hosting on Windows via the FastCGI module for IIS 7.0. PHP is a popular open-source scripting language used to build dynamic web applications. This allows IT Professionals to host PHP and ASP.net applications side by side. As a result, the PHP community will be able to take advantage of the increased reliability of PHP on Windows and simplified administration available on the Windows platform.

[ more.. ]

What Is In Service Pack 3

Windows XP SP3 includes all previously released Windows XP updates, including security updates and hotfixes, and select out-of-band releases. For example, the service pack includes functionality previously released as updates, such as the Microsoft® Management Console (MMC) 3.0 and the Microsoft Core XML Services 6.0 (MSXML6).

Microsoft is not adding significant functionality from newer versions of Windows, such as Windows Vista, to Windows XP through XP SP3. For instance, Windows XP SP3 does not include Windows Internet Explorer 7, although Windows XP SP3 does include updates to both Internet Explorer 6 and Internet Explorer 7, and it will update whichever version is installed on the computer. One notable exception is that, SP3 does include Network Access Protection (NAP) to help organizations that use Windows XP to take advantage of new features in the Windows Server® 2008 operating system. For more information about Internet Explorer 7, visit http://www.microsoft.com/windows/products/winfamily/ie/default.mspx.

Knowledge Base article 936929 lists all other all Knowledge Base articles associated with updates that are included in Windows XP SP3. The following sections also provide a high-level description of the functionality included in Windows XP SP3.

Previously Released Functionality

The functionality described below is already available for Windows XP in stand-alone updates. System administrators must choose to install each of these updates, however. Windows XP SP3 includes them by default.

• MMC 3.0
• MSXML6
• Microsoft Windows Installer 3.1 v2 (3.1.4000.2435)
• Background Intelligent Transfer Service (BITS) 2.5
• IPsec Simple Policy Update for Windows Server 2003 and Windows XP
• Digital Identity Management Service (DIMS)
• Peer Name Resolution Protocol (PNRP) 2.1
• Wi-Fi Protected Access 2 (WPA2)

New and Enhanced Functionality

New and Enhanced Functionality that is described below lists some of the more significant changes in Windows XP SP3. With few exceptions, Microsoft is not adding new features or functionality from newer versions of Windows to Windows XP through SP3. As noted earlier, one exception is the addition of NAP to Windows XP to help organizations running Windows XP to take advantage of new features in Windows Server 2008. For a list of Knowledge Base articles that Windows XP SP3 addresses, see Knowledge Base article 936929.

• "Black Hole" Router Detection
• Network Access Protection (NAP)
• Descriptive Security Options User Interface
• Enhanced security for Administrator and Service policy entries
• Microsoft Kernel Mode Cryptographic Module
• Windows Product Activation

Deploying Windows XP SP3

Windows XP SP3 will be available through Windows Update and the Microsoft Download Center. The service pack will also be available to Volume License customers, TechNet subscribers, and MSDN® subscribers. Through Windows Update, the download size varies, but it is typically 70 megabytes (MB), depending on the computer’s configuration.

Through the Download Center, the download size is approximately 580 MB. Fundamentally, deploying Windows XP SP3 works the same as deploying SP1 and SP2 for Windows XP:

• SP3 is cumulative, so users can install SP3 on top of Windows XP SP1 or SP2.
• Windows XP SP3 supports the same languages as Windows XP did in its initial release.
• You can run the SP3 update package on any SKU of Windows XP SP1 or SP2. For example, you can run the SP3 update package on a computer running the Windows XP Media Center Edition with SP1.
• Tools and guidance for system administrators have not fundamentally changed from Windows XP SP2. For comprehensive information, visit the Deploy Windows XP Professional and Windows XP Service Pack 2 Deployment Information sites on Microsoft TechNet.
• You can deploy SP3 using Microsoft Systems Management Server 2003, Microsoft System Center Configuration Manager 2007, or third-party solutions. The process has not fundamentally changed.
• Windows XP SP3 is for x86 editions of Windows XP only. The x64 editions of Windows XP were serviced by Windows Server 2003 SP2. For additional information, go to Windows Server 2003 Service Pack 2.

Internet Explorer 8 and Acid2: A Milestone

As a team, we’ve spent the last year heads down working hard on IE8. Last week, we achieved an important milestone that should interest web developers. IE8 now renders the “Acid2 Face” correctly in IE8 standards mode.

Acid2 Face

If you’re not a web developer, the details of this blog post probably aren’t all that interesting for you. I’d like you to know that we’re building IE8 for many different customers (consumers, web service providers, independent software vendors, enterprises, web developers, and others), and we’ll cover more details of the non-developer oriented work (e.g. user experience, reliability, security, etc.) in other posts in the future, after MIX. While web developers will immediately recognize what Acid2 means, I want to step back and offer some context for other readers of this blog who may not be familiar with web standards. Briefly: Acid2 is one test of how modern browsers work with some specific features across several different web standards.

At first glance, this test seems simple. I think it actually offers a view into the subtle and complex world of web standards in a number of ways. Showing the Acid2 page correctly is a good indication of being standards compliant, but Acid2 itself isn’t a web standard or a web standards compliance test. The publisher of the test, the Web Standards Project, is an advocacy group, not a web standards defining body.

When we look at the long lists of standards (even from just one standards body, like the W3C), which standards are the most important for us to support? The web has many kinds of standards – true industry standards, like those from the W3C, de facto standards, unilateral standards, open standards, and more. Some standards like RSS or OpenSearch lack a formal standards body yet work pretty well today across multiple implementations. Many advances in web technologies, like the img tag, start out as unilateral extensions by a vendor. The X in AJAX, for example, has only started the formal standardization process relatively recently. As some comments have pointed out, CSS 2.1, one of the key standards that Acid2 exercises, is not “finalized” yet. Different individuals have different opinions about different standards. The important thing about the Acid2 test is that it reflects what one particular group of smart people “consider most important for the future of the web.”

The key goal (for the Web Standards Project as well as many other groups and individuals) is interoperability. As a developer, I’d prefer to not have to write the same site multiple times for different browsers. Standards are a (critical means to this end, and we focus on the standards that will help actual, real-world interoperability the most. As a consumer and a developer, I expect stuff to just work, and I also expect backwards compatibility. When I get a new version of my current browser, I expect all the sites that worked before will still work.

With respect to standards and interoperability, our goal in developing Internet Explorer 8 is to support the right set of standards with excellent implementations and do so without breaking the existing web. This second goal refers to the lessons we learned during IE 7. IE7’s CSS improvements made IE more compliant with some standards and less compatible with some sites on the web as they were coded. Many sites and developers have done special work to work well with IE6, mostly as a result of the evolution of the web and standards since 2001 and the level of support in the various versions of IE that pre-date many standards. We have a responsibility to respect the work that sites have already done to work with IE. We must deliver improved standards support and backwards compatibility so that IE8 (1) continues to work with the billions of pages on the web today that already work in IE6 and IE7 and (2) makes the development of the next billion pages, in an interoperable way, much easier. We’ll blog more, and learn more, about this during the IE8 beta cycle.

Now, with all that context, I’m delighted to tell you that on Wednesday, December 12, Internet Explorer correctly rendered the Acid2 page in IE8 standards mode. While supporting the features tested in Acid2 is important for many reasons, it is just one of several milestones for the interoperability, standards compliance, and backwards compatibility that we’re committed to for this release. We will blog more on these topics. Here’s a relevant video.

For IE8, we want to communicate facts, not aspirations. We’re posting this information now because we have real working code checked in and we’re confident about delivering it in the final product. We’re listening to the feedback about IE, and at the same time, we are committed to responsible disclosure and setting expectations properly. Now that we’ve run the test on multiple machines and seen it work, we’re excited to be able to share definitive information.

While blog posts and links to videos are a good start, publicly available code is even better. We will have a lot more information available at sessions at MIX08 and will release a beta of IE8 in the first half of calendar 2008.

Each year, The SANS Institute releases a short list of the top threats within the IT market. Those of us in the industry know that these lists are pretty darn actuate and worthy of study. While we should always be on top of our security game, these items are some of the anticipated hot beds of attack.


2008 SANS's Threat Report

1. Browser Vulnerabilities
2. Botnets
3. Cyberespionage
4. Mobile Phone Attacks
5. Insider Attacks
6. Identity Theft from Persistent Bots
7. Malicious Spyware
8. Social Engineering
10. Infected Consumer Devices

What do you think of when you hear the name, Microsoft? Well, there could be many answers to that question, but they are most likely not the one I am thinking of right now.

While some might answer with Windows or Internet Explorer, others may answer with OneCare or Windows Defender, and still, some might answer with SQL or Server 2003 or even Office Word. These are all excellent examples of who Microsoft is and I can understand why you would think of them when hearing the name, Microsoft.

But, the name I was thinking of and the one that seems to be much less known is Microsoft Research. This division is changing the way technology is used across the globe. “We’re focusing more on research than ever. We’re building the technology that will enable computers to see, listen, speak, and learn so people can interact with them as naturally as they interact with other people” says Bill Gates, Microsoft chairman and chief software architect.

Let's take a quick look at some Microsoft Research facts:

• In 1991, Microsoft® Corp. became one of the first software companies to create its own computer science research organization. As part of a dynamic industry that is continually reinventing itself, Microsoft saw the need to support long-term computer-science research—research that is not bound by product cycles—so there would be new foundations and technology breakthroughs upon which future generations could build.

• Over the last 14 years, Microsoft Research has evolved into an organization with more than 700 researchers studying more than 55 research areas. These include speech recognition, information retrieval, user-interface research, programming tools and methodologies, operating systems and networking, graphics, natural language processing, machine learning, and mathematical sciences.

• Microsoft researchers work closely with product-development groups to transfer research technology into Microsoft products. Nearly every Microsoft product on the market today has been influenced by the work of Microsoft Research. The organization’s independence from product groups also enables Microsoft Research to focus on a long-term (10-15 years out) research vision, setting its sights on grand challenges.

• Microsoft Research is based on an open academic model. Many of the researchers maintain their academic ties and continue to collaborate with the research community through participation and attendance at conferences, acting on committees, and publishing papers for peer review.

• The diversity of scientists at Microsoft Research is an important component of the innovation that comes out of this group. We have researchers from all backgrounds, from psychologists and sociologists to anthropologists and medical doctors, working together to find answers to computer science’s greatest challenges. This mixture of the social and the technical strikes the right balance to deliver long-term, companywide innovation.

• Prestigious national and international honors bestowed upon Microsoft researchers include the National Medal of Technology, the Turing Award of the Association for Computing Machinery, the Kyoto Prize in Advanced Technology, the Fields Medal of the International Mathematical Union, and the British knighthood. Several Microsoft researchers are members of the National Academy of Engineering, and others have received the Academy of Motion Picture Arts and Sciences Award for Technical Achievement.

• While Microsoft Research focuses on basic research, two new efforts in collaboration with MSN are focused on delivering cutting-edge technologies through applied research. The adCenter Incubation Lab and Live Labs bring together top-notch researchers and product teams to incubate and to provide rapid prototypes of advertising and search technologies, respectively.

• While most of Microsoft Research is located at the company’s Redmond, Wash., headquarters, there are also facilities in Silicon Valley; Beijing; Cambridge, U.K.; and Bangalore, India.

Microsoft Research Silicon Valley - Established in August 2001 on the Microsoft campus in Mountain View, Calif., the lab employs 25 researchers who focus on distributed computing, including privacy, security, resource location, protocols, the Internet as a platform, reliability, availability, scalability, management, and related theory.

Microsoft Research Asia - The Beijing lab was founded in 1998. As with the other Microsoft Research labs, the talents of its researchers will largely guide the research focus of the Beijing lab. More than 150 researchers are developing next-generation multimedia applications and Asia-specific computing technologies such as adapted user interfaces and language-conversion systems.

Microsoft Research Cambridge - Research at the facility in Cambridge encompasses programming languages, security, information retrieval, and operating systems and networking. Established in July 1997, the lab has grown to more than 80 researchers.

Microsoft Research India - Microsoft Research India was established in January 2005 in Bangalore. The lab’s mission is to conduct long-term basic and applied research in multilingual systems, technologies for emerging markets, geographical-information systems, sensor networks, and software productivity. The lab also will collaborate with Indian research institutions and universities to support scientific progress and innovation.

For more information about Microsoft Research, please visit www.research.microsoft.com!

Hunting Cybercrooks

The cybersleuths who helped smoke out some of the biggest crooks online can be as reclusive as their prey.

Tucked inside an inconspicuous office in a business park on the banks of the Monongahela River, two dozen employees of the National Cyber-Forensics & Training Alliance quietly peck away at PCs in small cubicles. Here, the nation's cyberequivalent of CSI relies on a computer lab that simulates Internet attacks and diagnostic tools that extract clues from tainted PCs and suspicious Web sites. Yet few people are aware of the non-profit group.

"I chuckle whenever people complain nothing is being done to stop cybercrime," says investigator Sarah Patrick, who -- like a dozen other college students -- monitors Web sites and chat rooms from a desktop computer in a small, unadorned cubicle. "What have I been doing the past nine months?"

That was abundantly clear in August, when a Justice Department sting led to 160 arrests, including dozens of spammers and online fraudsters. Key evidence came from NCFTA, whose discoveries could fetch more arrests. "We're at the start -- not the end -- of a major crackdown on digital crime," FBI Special Agent Tom Grasso says. As consumer losses to online fraud mount, the FBI has identified cybercrime as one of its top priorities, behind terrorism and counterintelligence.

Lab work

The rugged mountains of western Pennsylvania seem more suited for deer hunting than for hunting the Internet's most-wanted criminals.

But Pittsburgh is considered a digital epicenter by federal officials. It is also home to Carnegie Mellon University's CERT Coordination Center and near the FBI's Internet Crime Complaint Center (IC3) and finger-printing facility, both in West Virginia.

NCFTA was established in 2002 as an extension of the Pittsburgh High Tech Crimes Task Force, a team of federal, state and local law enforcement officials. The federal government, private industry and academia underwrite NCFTA's annual budget of about $750,000. Microsoft recently donated $46,000 in software and lent an analyst, Liz Christopher.

Security experts compare NCFTA to a teaching hospital, where cases are treated and employees share research and training. NCFTA, they say, could be the template for how tech companies work with government agencies to tackle cybercrime. "It's a spectacular idea to have the learning take place in the context of real-world cases," says Alan Paller, director of SANS Institute, an Internet security think tank and training center.

The NCFTA's deathly quiet office resembles a college study hall or a library more than it does a bustling hospital. Analysts methodically peck away at PCs, looking for leads in areas in which they specialize. What they find they share with other analysts and law enforcement officials who also work in the office.

Patrick, for example, scours Russian Web sites to follow the exploits of organized crime groups. She routinely engages in online chats for clues.

She says online misdeeds are soaring there because the post-Soviet Union lacks civil and criminal code, the area is economically depressed, and there is a high degree of engineering talent among the young, who view the Internet as an ideal vehicle for stealing.

"There is a cultural mind-set that it's OK to gouge rich Americans," says Patrick, a University of Pittsburgh graduate student who in August presented a paper on Internet crime in Russia.

Behind Patrick, a private room with five workstations is home to a lab, where another investigator sifts through the computer hard drives and disks of a suspected spammer. Special software lets investigators view files, e-mail and Web searches -- including those deleted -- on a hard drive. The cybersleuths also sift through criminal files and the IC3 database of criminal activity to spot links between suspected spammers and crooks.

Digital evidence is shared among a coterie of NCFTA partners -- the FBI, the National White Collar Crime Center, Carnegie Mellon, West Virginia University, Microsoft and others -- to understand who is behind digital attacks and track them down. "As much as we've been trained in cybercrime, the reality is we need the tech industry's expertise to target the bad guys," says Dan Larkin, unit chief of IC3 and founder of NCFTA. Larkin recently barnstormed Silicon Valley to recruit tech companies as partners.

"We have a lot of resources law enforcement doesn't. We're on the front line," says Stirling McBride, senior investigator in Microsoft's digital-integrity group, which shares information with NCFTA. "We have trap (e-mail) accounts set up to identify spammers. We collect data (spam) they need to present a case."

When Microsoft, America Online and others develop cases, rather than try to find law-enforcement interested in them -- as they sometimes did before -- they hand information to NCFTA. It, in turn, goes to the proper law-enforcement agency to build a case and pursue charges.

During Justice's recent investigation, the NCFTA discovered through industry experts that hundreds of powerful computers at the Defense Department and U.S. Senate were hijacked by hackers, who used them to send spam e-mail. It is unclear how long the computers were compromised or how much spam was sent, investigators say. Authorities are in the process of repairing the computers.

Investigators also came across new spam and phishing schemes that incorporate digital images to deceive consumers and elude computer defenses. Phishing scams use e-mail to trick consumers into surrendering personal information on bogus Web sites.

Christopher, the Microsoft investigator lent to the NCFTA, concentrates on passing phishing-related data from Microsoft. "We see her as a conduit to get information from Microsoft," Grasso says.

A tough task

Although federal authorities have made strides in digital gumshoeing, they are more accustomed to chasing bank robbers than computer nerds. Hunting high-tech high jinks requires extensive training and a new crime-fighting approach, admits Bruce Townsend, who coordinates cybercrime investigations for the U.S. Secret Service.

Complicating matters, the few computer crime laws on the books are poorly written and a Bush administration strategy on cybersecurity lacks government regulations and funding, critics say. Historically, private sector-government partnerships sputter and have little impact. There can be jurisdictional snags with foreign governments when trying to extradite suspects, many of whom strike with impunity from Europe and Asia. Spammers, for example, increasingly are establishing operations in China and South Korea, security experts say.

The challenge can be as daunting as getting President Bush and Sen. John Kerry to share a podium in Ohio to swap Vietnam War stories. Tech companies are loath to share sensitive information with anyone, and investigators are reluctant to have companies wade into law-enforcement matters. "Many companies don't have the know-how or resources to investigate, and the cops don't have the expertise," says John Frazzini, a former Secret Service agent who now is a computer-security consultant.

By necessity, authorities often rely on old-fashioned crime-fighting methods besides cyberforensics. Private investigators at Microsoft and AOL supply information to cops.

And, if all else fails, authorities offer cash rewards. Microsoft last year created a $5 million reward fund for information leading to the arrest and conviction of writers of viruses and worms. A $250,000 slice of the fund led to the May arrest of Sven Jaschan, a German teenager who confessed to writing the Sasser and Netsky worms, which infected millions of computers worldwide this year.

Still, the crime-busting exploits of NCFTA and others are an encouraging start, says Howard Schmidt, chief information security officer at eBay, which has shared information with NCFTA.

"The problem is nearly overwhelming," says U.S. Rep. Mac Thornberry, R-Texas, chairman of the cybersecurity subcommittee of the Select Committee on Homeland Security. But groups such as NCFTA are "good and reasonable efforts."

Article By: Jon Swartz, USA TODAY

http://www.usatoday.com/educate/college/careers/news15.htm

File a complaint today:

http://www.ic3.gov/complaint/