Things we knew would happen and things we didn’t

This post is more of a combination of things that have come to my attention over the last few weeks. Some of them I expected and some I didn’t. The first thing that has happened was an expected result from the new way that Microsoft is updating their Windows 10 product. As released in the Windows Server Essential and Small Business Server blog a recent Windows 10 update breaks connectivity with the Windows Essential Connector functionality. What surprises me about this is that this is part of a current supported Microsoft product and they have no known solution to the problem. This really has me wondering about their testing program. But this is not an unexpected development. Many of the IT professionals that were in the Windows 10 launch meeting that I was at predicted that the automatic required updates would cause these types of issues. I don’t think that we collectively thought Microsoft would shoot their own foot so quickly.

I have heard various reports that Windows 10 updates remove applications without notification (http://lifehacker.com/windows-10-updates-are-deleting-some-apps-without-notif-1762347989) but that really was expected with one of Windows 10’s security features. One of the announced features of Windows 10 the removal of “old applications” like an old anti-virus program that is out-of-date. The logic behind this was that removing an old anti-virus program and re-enabling Windows Defender was better than relying on an old out-of-date program that was really not helping but was making you think you were protected. That makes sense. But what does not make sense are new hardware drivers being automatically replaced with older Microsoft ones because the update software thinks the Microsoft ones are newer (?) or better (?).

What this all shows is that Microsoft’s attempt to mimic the Apple update philosophy just doesn’t work on the Windows platform. The biggest reason for this, in my estimation, is that the Apple environment is a closed environment. Apple controls what can and cannot connect to their computers a lot tighter than Microsoft does. The PC market was created and has existed as an open hardware and software environment since IBM created the first PC. Open Source Foundation fans may complain that Microsoft doesn’t publish their code so others can copy it or add to it, but, in my opinion, the Apple platform that is based on the “free” and open UNIX operating system is more closed than the Microsoft platform. Steve Jobs said that he want a system that incompatible with everyone else’s.

The second piece of interesting news comes from a more security perspective. A Reuters report is talking about a new security hole found by a couple of researchers from a new cyber security company called Bastille. The researchers found that they could hack computers from as far as 180 meters (about 600 feet – or a typical city block) away by attacking the connection between a computer and its wireless mouse. Many mice use unencrypted signals between the device and the computer. This signal could mimicked by a device that sends keyboard commands to the computer via the same wireless connection as the mouse uses. “If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute,” said Chris Rouland, the CTO and Founder of Bastille.  Typing that fast could easily take over a computer faster than a person sitting at that computer could stop it. The parts to build such a device would cost less than $50 according to the story. The only comment I have to this is how many wireless mice do you use?

Finally, I saw this article and thought “Where was this when McGyver needed it?” A Digital Trends article talks about a $99 product that can turn your smartphone into a 3-D printer. Yes, I wrote 3-D printer. The Olo device uses a special resin that is put into a tank that uses the screen from your smartphone to print an object defined by an app that is loaded to your phone. The speed of the printing would probably lead more to a Saturday Night Live McGruber episode than a McGyver, but this does sound interesting. The company developing this device is currently being funded by a KickStarter Campaign. Check them out if you are interested. As I’ve always said, “Anything is possible given enough time and enough money. I’m not saying how much time or how much money.”

The Summer I knew was Coming

This has been an interesting summer in the computing world. The first item that caught my attention was the hack of Jeep by some white hat hackers (http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ if you haven’t already seen it). When I first heard that Audi was allowing an Internet connection from their Audi A6 vehicle some time before the Jeep hack, my first reaction was “Now I have to find a firewall for my car???” I knew other manufacturers would follow and it would be the newest “neat” feature.

Talking about the above hack with a friend of mine that just bought a new Chevy Impala, he said that he wasn’t concerned because the OnStar™ wasn’t connected to any of the engine systems. A few days later I caught a news story talking about how OnStar slowed down that had been carjacked so the police could capture the thief. Here’s a story on how the new technology works http://www.geek.com/mobile/onstar-now-slows-down-stolen-vehicles-1373845/ . So much for that theory.

A month or so later I was at CompTIA’s ChannelCon2015 event in Chicago and one of the session titles was “Refrigerators Telling Secrets: How the Internet of Things Will Change Privacy”. Of course I went to this session. Tim Hahn, a Distinguished Engineer at IBM presented on some of the basics of what his group was doing. Basically, he described the Internet of Things (IoT) as being the same thing that has been done by process control machines for decades. The difference is rather than the connections being wires running to a computer, the devices are reporting to the control computer over the Internet. The biggest problem is that people programing these devices are looking at resolving the problem they have been presented rather than the security problems they could be creating.

This is nothing new. We saw this with web browsers way back in the last century. One thing I learned early on in my software development career is that you never know what users will do with the code you write. They will find ways of using that code to do things you never thought about. So whatever you write, you need to think of security with the same priority that you do fulfilling the task you are trying to accomplish.

So as an end-user what can you do? Do you really need a refrigerator to tell you that you need milk? Do you have to adjust the heat in your house from your office? But we know people will want the convenience and not care about the cost. How many of you don’t like that people know where you are all the time, but don’t turn off the GPS on your phone? What you need to do as a consumer is make yourself aware of what you are giving up and make an informed decision on what you feel comfortable with giving up.

How to install Office 2013 Home and Business without a Microsoft Account

When Microsoft released Office 2013 the thought at Microsoft was that cloud storage is something that everyone would want. It was discovered very early on that this idea did not work well in the corporate environment. Many businesses, even small businesses, did not want their data out there for the world to discover. And as we all know, given enough time and money, any secure environment can be compromised.

If you purchased your license for Office 2013 with a computer, the OEM Office installation did allow one to install the product without creating a Microsoft Account. This solved the problem for many people.

However, the Microsoft Account requirement became a problem when the operating system was re-installed. Some managed providers routinely remove the factory installed image to install an OS image of their own for consistency reasons. At other times, the time effective way of removing a malware infection is just to wipe the disk and re-install the OS.

With the help of Wayne Cooley of Dell Technical Support, a link to download an image of Office 2013 has been found! Wayne found a link in Spiceworks (http://community.spiceworks.com/topic/299174-microsoft-office-2013-product-key-card-requires-account?page=2#entry-20760870) by Peter Court that pointed to a Microsoft download site. That site can be found at http://officecdn.microsoft.com/pr/39168D7E-077B-48E7-872C-B232C3E72675/media/en-US/HomeBusinessRetail.img. I burnt this image to a DVD (for future use) and installed it with the Product Key supplied by Dell with the machine.  I should note that the installation worked extremely fast from the CD for the machine I was working on.

I should also point out that there is another option for any Registered or better Microsoft Partner. You can download the OEM installation environment from Microsoft at http://www.microsoft.com/oem/en/installation/downloads/Pages/office-single-image-v15-opk.aspx#fbid=0H22b2sEUs- . Although I have not tried it, this should give you the ability to install the same “Out of Box” experience that one would get when first receiving a machine from a manufacturer.

I hope these links help those of us out there that really don’t want our Office environment out in the cloud.

More on Quickbooks Multi-User mode and Windows 2012 R2

In my last post, I explained how the Base Filtering Engine service was blocking the ability for Quickbooks 2014 to go into multi-user mode. As it turned out, that was part of the answer, but not the whole answer. Two days after I did that post, the server rebooted because of Microsoft updates. Suddenly, the client could no longer get Quickbooks to go into multi-user mode.

So it was back to Microsoft PSS to get some answers. The tech that found the Base Filtering Engine solution was totally puzzled. So she passed the case to the networking group. Many more hours of testing, network traces and at one point locking out all remote access to the server, they declared the problem was because of a Group Policy Object was re-establishing the block on port 8019. But since the networking group doesn’t know much about Group Policy, they pass the case back to the OS support group.

The question became was it the Default Domain Controller policy or one of the Direct Access policies. More testing resulted in singling out the Direct Access Server GPO as being the problem policy. This policy gets setup automatically if you setup Anywhere Access from the 2012 R2 Essentials dashboard. Removing this policy from the Domain Controllers group fixed the Quickbooks problem.

I should also note that disabling that policy had no effect on any of the remote access features of the Server Essentials role, VPN or Terminal Server Access. Hopefully this will help more people in the same situation.

So you can’t get Quickbooks to work in Multi-user mode on Windows 2012 R2

Usually I write more about technology from a business owner’s perspective. But today, after spending about hours and hours with tech support from both Quickbooks and Microsoft, I’m writing about a technical issue. I just upgraded a client’s network to a Windows 2012 R2 Essential server. Like most small businesses, they use Quickbooks extensively to run their business. They had been running Quickbooks 2011 and needed to upgrade to Quickbooks 2014 to support their payroll functionally. For those that are legal eagles, I should note that Quickbooks™ is a registered trademark of Intuit, Inc. and Windows™ is registered trademark of Microsoft, Inc.

Like most IT professionals, the plan was to do one upgrade at a time to try and keep the number of things that changed to a minimum. The installation of the new server and all the new workstations worked like a charm. We then tried testing Quickbooks. In this case, 5 users access Quickbooks as a major function of their job. Each of the users could access and work with the Quickbooks 2011 database, but only in single user mode; we could not change to multi-user mode.

So, it was off to Quickbooks support. Since we had to change to Quickbooks 2014 for payroll support, the recommendation from tech support was to upgrade to Quickbooks 2014 to see if that fixed the problem. After several hours of conversion attempts and diagnostics, our Quickbooks tech declared that there was something wrong with the Quickbooks database and it needed to be sent into their database group for repair. This repair was to take 3 to 5 days. Since it was the Wednesday before a holiday weekend, we were hoping we would get notified that the file was available on Friday, but more realistically, we figured we would hear on Tuesday.

Not having heard from Quickbooks by mid-day Tuesday, the client called Quickbooks and discovered that the database group had received the file, but had no idea what they were supposed to do with it. Instructions were given and the file was made available late Thursday.

We installed the file and started testing. We still could not get multi-user access to the new Quickbooks 2014 version of the database. Quickbooks support got called in again. After spending another half day with Quickbooks support, they declared that there was something blocking the ports they needed open on the server. When asked if there was any additional help we could get from them, like Tier 2 support, we were informed that there was no additional support that is available to clients and we were on our own to figure out what the problem was with the ports. They only thing they would point to is an article in their knowledge base that walk you through the same steps we had taken. There were also the following lines at the bottom of the article:

Once you have followed all the steps in the article above and still experience the H202 error (your file is hosted on a Windows Server 2012 server), sign up to be notified below.

We are working to resolve this issue. We will notify you as soon as we have a solution or update to this topic.

Knowing that Quickbooks support wasn’t going to be any more help, I did some additional testing. Taking another server in my lab, I installed Windows 2008 R2 and added in Quickbooks 2014. That configuration allowed me to open the client’s file in multi-user mode. To take it a step further, I wiped the test machine and installed Windows 2012 R2 Essential, just like the client server, added Quickbooks 2014 and it worked! This meant the problem was isolated to the specific server at the client. I also determined that the problematic port was port 8019.

Since the problem was now isolated to being the client server environment, I went back to the client site and installed the Quickbooks database on a Windows 7 machine and the client’s staff was able to access the database in multi-user mode. While they were catching up on the work that had piled up, it was now time to contact Microsoft support to find an answer.

It was a long day with Namrata Manchanda of Microsoft PSS. Quickbooks tech support tested the ports by attempting to telnet to each of the ports required by their application. If a connection could not be opened, they concluded that the port was closed. My testing had shown that if I tried the same telnet test on the server using the loopback address (127.0.0.1) the connection worked. If I used the internal LAN address, the connection failed. Namrata found the same results. She checked the firewall rules, deleted them, re-added them with the same results. She compared SysInternal Process Explorer logs between the working workstation “server” and the real server. She still found nothing to point to the cause of the problem. We then removed Quickbooks from the server and she created a temporary website that would respond to port we were working on. After confirming the website worked via a browser, she tried the telnet tests. They responded exactly the same, loopback worked, LAN address didn’t. She then changed the port on the website to 8020 to test on a non-modified firewall port. Again the results were the same!

This testing now showed that the problem was indeed the firewall. Since restarting the firewall service several times did not fix the problem, Namrata tried restarting the Base Filtering Engine service. Now both tests worked! We reinstalled the Quickbooks database engine and we were able to open the file in multi-user mode.

The final result was that for some reason the Base Filtering Engine was not acknowledging the changes to the firewall rules and had cached the old rules. This is why when checking the rules, it appeared that the rules were correct, but in actuality, they were not applied. So if you have a Windows Firewall issue that will not resolve properly even if the rules are correct, try restating the Base Filter Engine service as well as the Windows Firewall service.

Does Anti-Malware really work?

I’ve been off taking care of business, but an article crossed my desk that I could not help sharing. The Wall Street Journal reported

“Software designed to block malicious actors from infiltrating networks is no longer viable and enterprises need to transition to new cybersecurity strategies focused on identifying threats and mitigating damages, according to the company that put antivirus software on the map. Brian Dye, senior vice president for information security at Symantec, says even the best antivirus software can now only intercept less than half of all malware, which is prompting the company to shift its focus on new products that help companies detect and respond to breaches.
The Wall Street Journal (tiered subscription model)

Many of my colleagues, me included, have thought that Symantec AntiVirus had been living off its reputation and no longer really worked in the SMB marketplace. From our perspective, the code had gotten too bloated and had too large of an impact on the performance of user workstations. Additionally, the just did not seem to find the malware that other options found. Now they are basically admitting that they have not done a great job and have given up.

This may be in reaction to the Target and other similar break-ins that have happened over the last few months. And it may be a reaction to the change in the legal environment’s view of what responsibilities an anti-malware provider really has. And it may have nothing to do with any of these occurances.

IT should be noted that anti-malware has always been a reactive science; you can never perfectly predict what a person will do, you can only report what they have done. Malware creation is no longer a hobby, but a real profession with real monetary rewards.

Does this mean that you should just forget about keeping your anti-malware up to date, or even run it on your machine? Just ask anyone how has done this. Ask them how well their machine runs, or should I say crawls.

I think that this is just a case of a company that was not doing the best job out there decided to cut its losses and move to another segment where it thinks it can do better.

Should we trust our Phones?

Recently I wrote about the number of malware apps for the android operating system. Well, I think the article I found interesting was found interesting by other people. From an article posted in Network World, it appears that HP found that 90% of Apple iOS mobile apps show security vulnerabilities. Now in reading this summary of the HP report in detail, the point made by HP is not that 90% of iOS apps are malware, rather “86% of the apps tested lacked the means to protect themselves from common exploits.”

As companies expand their IT presence into phone and tablet apps, the question of the security of those platforms needs to be answered. After spending the first 20 years of my career as an application developer, I understand the problem. The first thing you do as a developer is find a solution to the problem that is presented to you. The second to last thing you do (the last always being documentation, if you ever do it) is test your code for unexpected usages. And you never think of all of them. I remember being thanked by a user for writing a particular function a year or so after I had released the code. He told me what he was doing with what I had written and my response was “It does that?” The user was using what I had written to do one thing for something completely different and totally unexpected. What was more interesting is that it was working perfectly.

The problem according to HP is that adequate penetration testing is not done. This is probably because of the speed in which apps are being developed and released. Like any other client, mobile apps are at some point going to be connected back to the corporate servers. Then, like any other client, malware on the client may be transported to the server. As noted above, you never know what someone will do with something you wrote.

As an IT professional, you need to be aware of what apps you are recommending/developing do and what they might do under malicious conditions. Although malware protection is a reactive science, you should be as proactive as possible when evaluating mobile apps.