Rob Short is the corporate vice president in charge of the team that architects the foundation of Windows Vista. This is a fascinating conversation with the kernel architecture team. It's our Christmas present to all of the Niners out there who've stuck with us day after day.

This is a very candid interview. We even ask "do you ever wish the registry had never been developed?" Charles Torre does this "going deep" interview. Out of all the interviews we've done this one is the most interesting because this team has such a deep impact on how reliable, scalable, secure, etc Windows Vista actually will be.

In this video you'll meet:

Darryl Havens, Architect.
Richard B. Ward, Architect.
Rich Neves, Architect.

WMV: http://download.microsoft.com/download/8/1/c/81cdb151-0aae-4f50-ab44-654b5f7ae0db/kernel_windows_vista_2005.wmv
Full screen: mms://wm.microsoft.com/ms/msnse/0512/26042/kernel_windows_vista_2005_MBR.wmv
Video length: 00:49:11

http://www.amustsoft.com/econdom/

AMUST eCondom for Microsoft Internet Explorer is designed to make your Internet browsing safer, and reduce your exposure to malicious web sites.

Imagine you click on a link while searching the Internet with your favorite search engine. The web site you land at turns out to be a malicious site. It uses the latest security vulnerability in Internet Explorer to install spyware, keylogger or rootkit on your Windows computer to track your behavior, steal your personal information or even take over your computer. It does it without you ever noticing anything. eCondom will protect you in this scenario by preventing the installation of malware, or limiting the things it can do.

eCondom reduces and eliminates the risks by allowing you to run Internet Explorer in a SafeBrowse™ mode.

Microsoft is planning to introduce a new feature called Internet Explorer "Protected Mode" in the next version of Windows - Windows Vista. eCondom offers you the same "Safe Mode" functionality for Windows XP today!

Source: http://support.microsoft.com/?kbid=907747

This article describes the update process that you can use to maintain the Intelligent Message Filter version 2 that is included with Microsoft Exchange 2003 Service Pack 2 (SP2).

The updates are available every first and third Wednesday through Microsoft Update and Automatic Updates technologies. The article also describes the update process, the version numbering system, the uninstallation process, and the manual procedures for updating or for rolling back updates.

Intelligent Message Filter updates are supported in the following configurations:
On a server that is running Exchange Server 2003 SP2 or a later version of Exchange Server 2003, with Intelligent Message Filter enabled
On a server that is running both Microsoft Small Business Server and Exchange Server 2003 SP2 or a later version of Exchange Server 2003, with Intelligent Message Filter enabled

Intelligent Message Filter updates are available every first and third Wednesday through Microsoft Update and Automatic Updates technologies. Organizations can also use Windows Server Update Services (WSUS) and System Management Services to deliver the updates in a corporate environment.

When the Exchange Server team cannot release the update on a Wednesday, they will release the update on the following day. In case the update is unavailable on a Thursday, the update for that week will be skipped. Then, the update will be released on the next scheduled Wednesday.

The Intelligent Message Filter is language-independent. Intelligent Message Filter updates are offered for all language versions of Exchange Server 2003.

How to enable updates
After you enable the Intelligent Message Filter in Exchange System Manager, to enable Intelligent Message Filter updates, you must create the ContentFilterState registry entry. To do this, follow these steps:1. Click Start, click Run, type regedit, and then click OK.
2. Expand the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange
3. In the left pane, click Exchange. Then, right-click in the right pane, point to New, and then click DWORD Value.
4. Type ContentFilterState, and then press ENTER to name the new registry entry.
5. Right-click ContentFilterState, and then click Modify.
6. In the Data value box, type 1, and then click OK.
7. Quit Registry Editor.
8. In the Services snap-in, restart the Simple Mail Transfer Protocol (SMTP) service.

Version numbers
An Intelligent Message Filter update package includes both a .dll file and a .dat file for the filter. The version information for the Intelligent Message Filter update files MSExchange.UceContentFilter.dll and MSExchange.UceContentFilter.dat reflects the Exchange Server build versioning in the following format: MajorProductVersion.MinorProductVersion.MajorNumber.MinorNumber. The version numbers are consistent with the Exchange Server build number, such as 6.5.XXXX.X. This makes it easier to identify the version number of the Intelligent Message Filter update that you have installed on the computer.

The update package version of an Intelligent Message Filter update is based on the date of the package build. Additionally, the update package version of an Intelligent Message Filter update is identified in the package name. For example, an update package that is dated December 14, 2005 has the following title:
Update for Intelligent Message Filter on Exchange Server 2003: 2005.12.14 (KB907747)
The executable package for this update has the following file name:
IMF-KB907747-2005.12.14-x86.exe

The update process
By default, when the Intelligent Message Filter is installed together with Exchange Server 2003 SP2, a new folder that is named MSCFV2 is created. The Intelligent Message Filter engine and the .dat file are stored in the following location:
Drive_Letter:\Program Files\Exchsvr\Bin\MSCFV2
Subsequent updates are stored in subfolders under the MSCFV2 folder. The subfolders are named according to the version number of the updates. For example, after you install several updates, the folder structure may appear as follows:
Drive_Letter:\Program Files\Exchsvr\Bin\MSCFV2
Drive_Letter:\Program Files\Exchsvr\Bin\MSCFV2\6.5.7612.0
Drive_Letter:\Program Files\Exchsvr\Bin\MSCFV2\6.5.7615.0
Drive_Letter:\Program Files\Exchsvr\Bin\MSCFV2\6.5.7620.0
The registry entry that is described in the "Enable updates" section reflects the state of the Intelligent Message Filter. This registry entry also serves as a reference point for the Intelligent Message Filter update package installer and for the Microsoft Update detection logic. This registry entry enables the update package installer to know whether the Intelligent Message Filter update functionality has been enabled on the server. If the registry entry does not exist, Intelligent Message Filter update packages are not offered. If the registry entry exists, Intelligent Message Filter update packages are offered.

The existing active version of the .dat file that is currently installed on the computer is recorded under the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP3
For example, after you install the IMF-KB907747-2005.12.14-x86.exe update, the registry entry is similar to the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP3\KB907747
This registry entry is verified every time that an update is offered for installation. If an update is successfully installed, the registry entry is updated. The update package installer knows which update is currently being installed. The update package installer compares that value to the current registry entry value. If the value is earlier than the update that is currently being offered, the update package installer performs the following actions, in this order:1. Verifies that Exchange Server 2003 SP2 or a later version is installed on the server.
2. Records the existing active version number from the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Updates\Exchange Server 2003\SP3
3. Creates a subfolder that is named the same as the build number. This subfolder is created in the MSCFV2 folder. The path of the folder is similar to the following:
Drive_Letter:\Program Files\ExchSrvr\Bin\ MSCFV2\BuildNumber
4. Copies the Intelligent Message Filter .dll file and the Intelligent Message Filter .dat file to the newly created subfolder.
5. Registers the Intelligent Message Filter .dll file.
6. Updates the registry key based on the update version number.
7. Deletes all updates that exist on the system except for the current update that has been installed by the update package installer and the last two updates. Therefore, after the first three updates, the next update removes the oldest update. This always leaves the latest three updates on the computer. Updates are installed in a sequential order. For example, if updates U1, U2, U4 are installed, the next update that can be installed is U5 or a later update. When U5 is installed, U1 is removed.
8. During the update process, the update package installer restarts the IIS Admin Service for the package to take effect.

You can make QuickBooks available in a TS environment, if you give the users some extra privileges.  By extension, that means that Quickbooks 2006 will run on ANY Windows 2000/XP+ desktop without the need for local "power user" or "administrator" privileges as well.  It does not matter what Intuit tells you - you can do it this way!  Quickbooks 2006 Professional has been confirmed to work with this configuration.

Justin + Patience + RegMon and Filemon = Solution.

Justin + Google + Solution = Terminal Server Solution found as well.

I've compiled both into here, along with links that I found via Google after I'd got it working myself.

Standalone/Terminal Server (ignore steps as necessary)

1. perform a normal installation of QuickBooks (in install mode!)

2. reboot

3. enter install mode again (change user /install), start QuickBooks and activate it by entering the registration code (this is a crucial step, and must be performed immediately following the reboot

4. go back to execute mode (change user /execute)

5. copy the %system root%\Intuit folder into each users %user profile%\Windows folder

6. create a QuickBooks Users group

7. add your users to this group

8. give the group Full Control to HKEY_LOCAL_MACHINE\Software\Intuit\QuickBooksRegistration

9. give the group Full Control to HKEY_CLASSES_ROOT\.QPG

10. give the group Full Control to HKEY_CLASSES_ROOT\obja.obja

11. give the group Full Control to HKEY_CLASSES_ROOT\QuickBooks.application

12. give the group Modify rights to the Program Files\Intuit\QuickBooks Pro folder

Group Policy / OU based mass deployment

1. Create a new Security Group.
2. Add the necessary users to it.
3. Create a new policy, and link to the appropriate OU.
4. Edit it.
5. First, set the file system permissions
   We need to do the following to these two locations:
   C:\Program Files\Intuit (it will automatically 'flip it' to %Program File%\Intuit)
   C:\Program Files\Common Files\Intuit (becomes %Program Files%\Common Files\Intuit)
   1. Drill down to Computer Configuration, then Windows Settings, then File System
   2. Click Add File
   3. Type in C:\Program Files\Intuit (it will automatically 'flip it' to %Program File%\Intuit)
   4. You'll then get a permissions screen - add the security group you just created.
   5. Grant FULL control
   6. Click OK - and configure this file or folder, then: Propagate inheritable permissions to all subfolders and files
   7. Repeat for second location
6. Now, the registry.Click on Registry, right mouse click, on "Add Key".  Drill down to "Machine" which is the equivalent of HKEY_Local_Machine.
   Set permissions on these keys: (Add as necessary, granting full access to the security group)
   MACHINE\SOFTWARE\Intuit
   Then also add
   HKEY_CLASSES_ROOT\.QPG
   HKCR\QuickBooks.ATaxLink\CLSID
   HKCR\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}
   HKCR\.QBW
   HKCR\.QBB
   HKCR\.qbr
   HKCR\.iif
   HKCR\.qbx
   HKCR\.qba
   HKCR\.des
   HKCR\CLSID\{F0AD44C0-60FB-11D1-B265-00A0243F1B5C}\Intuit\QuickBooks
   HKCR\qpgFile
   HKCR\AppID\QBW32.EXE
   HKCR\QuickBooks14.Application.1
   HKCR\QuickBooks.Application.1
   HKCR\AppID\{FAC93D44-FFC2-11d1-9DEB-0008C7A08EBA}
   HKEY_CLASSES_ROOT\obja.obja
   HKEY_CLASSES_ROOT\QuickBooks.application
   MACHINE\SOFTWARE\Classes\CLSID\{6FC4F4EA-D148-4632-B77D-294117ABF807} 
   USERS\S-1-5-21-1708537768-436374069-1957994488-1153_CLASSES 
   Run a gpupdate /force on the workstation will cause it to pull the latest OU information.
7. Also make sure that clients use short names for printers if they need to print to a redirected local printer. QuickBooks cannot handle long printer names.

Obviously, without Group Policy, just use regedit or regedt32, and set these registry permissions.  File system permissions can also be set manually on the machine.  No brainer.

Further reading:
320185 - HOW TO: Use the CHANGE USER Command to Switch to Install Mode in Windows http://support.microsoft.com/?kbid=320185

186498 - Terminal Server Application Integration Information http://support.microsoft.com/?kbid=186498

Source http://www.quickbooksgroup.com/webx/forums/canada/54

Group Policy Permissions Delegation: http://www.sbslinks.com/lua2.htm

There are lots of programs that permanently delete files and recover them, but doesn't just having one on your hard drive make you look like you have something to hide? Restoration can rescue your accidentally deleted files and permanently delete the files you want good-and-gone. It can live on a floppy, so it leaves no trace of its activities.

Freeware.  Download: http://www.pcworld.com/downloads/countit.asp?fid=23108&fileidx=1

I've just about had it with Symantec antivirus products.  I've had nothing but headaches with their products - compatibility problems, and VERY poor detection/infection prevention that has left numerous computers infected by trojans and spyware.

And now... bring on the exploits:

"LIKE FIREFIGHTERS."  Symantec contends it has the wherewithal to take on the hackers. The company has more than 100 researchers combing cyberspace to figure out where hackers are going next and how to protect its customers. "The issue is, when a vulnerability [is found], how quickly do you respond?" says Symantec Chairman and CEO John Thompson. "If by some quirk of fate we discover a problem, like firefighters we move quickly to address it." Symantec sends out patches within 28 hours of a vulnerability being exposed, which compares favorably with an average of 51 days for most software firms.

But in a world of industrial-scale hacking, that might not be fast enough. According to AV-Test.org, a German virus tracker, Symantec's average response time for the 12 major virus outbreaks during the first half of 2005 was 10 hours, 48 minutes. McAfee scored slightly better with 9 hours, 29 minutes. F-Secure, a Finnish security firm, took 2 hours, 37 minutes. "[A few hours] make a world of difference," says F-Secure President and Chief Executive Risto Siilasmaa. "Viruses infect PCs exponentially."

http://www.businessweek.com/technology/content/dec2005/tc20051201_834834.htm?campaign_id=rss_topStories

”Because of its awesome real-time protection and overall performance, Anti-Virus Client Security 6 received the highest score of the ten products reviewed.“
InfoWorld, September 2005

”I tested the product in our Syracuse University Real-World Labs and found it to be a top-notch enterprise security bundle.“
Secure Enterprise, August 2005

Product page
http://www.f-secure.com/products/anti-virus/fsavcs/

Comments
I have found F-Secure antivirus, in its latest iteration, to be an absolutely fantastic product.  I would never recommend or install anything else for my clients.  I have used F-Secure antivirus for Exchange for several years now, and have since been convinced, with their latest product release, that their products are ready for prime-time enterprise deployment.

I had used/recommended corporate editions of Symantec for years; CA eTrust was also a suggestion due to its frequent updates and clean scanning engine.  Compatibility problems, LiveUpdate nightmares, and eTrust's horrible interface left me looking.  F-Secure is a welcome change.

F-Secure is superior as it responds to the latest spyware threats, provides a nice logging and management interface, and delivers the latest production against viruses.

Bottom line: If you're using McAfee, Symantec, or CA eTrust, you're not moving down in the world by switching.  You're getting a far superior detection engine, with excellent/timely updates, and excellent spyware detection/removal routines.  I've loaded websites to 0-day exploits for IE, and have F-Secure respond by blocking HTTP traffic before it reached my browser.

Tight.

Reviews
Support for real-time protection also varies among vendors. McAfee’s, Trend Micro’s, and Tenebril’s versions allow the malware to install, but prevent it from executing, thus leaving it installed but neutered until a removal scan is started. Others, such as Sunbelt CounterSpy, block most malware installs while missing others, and, like Trend Micro, remove existing traces on next scan. F-Secure did the best job of preventing initial installations, blocking all spyware and malware attacks.

F-Secure Anti-Virus Client Security 6, Excellent  9.3
Computer Associates eTrust PestPatrol Anti-Spyware Corporate Edition r5, Good  7.6
Eset NOD32 2.5 Antivirus System, Good  7.2
LANDesk Security Suite 8.6, Excellent  8.7
McAfee VirusScan Enterprise 8.0 with Anti-Spyware Enterprise Module 8.0, Very Good  8.2
Sunbelt CounterSpy Enterprise 1.5, Very Good  8.5
SurfControl Enterprise Protection Suite - Enterprise Threat Shield, Very Good  8.3
Trend Micro Anti-Spyware for Small and Medium Business 3.0, Very Good  8.1
Countering spyware, Infoworld
September 2005
http://www.infoworld.com/article/05/09/19/38FEspy_1.html

Response Time: BOZARI.A

Kaspersky 2005-08-16 21:57
QuickHeal 2005-08-16 22:48
ClamAV 2005-08-16 23:12
eTrust-INO 2005-08-16 23:51
BitDefender 2005-08-16 23:52
F-Secure 2005-08-17 0:03
AntiVir 2005-08-17 0:19
Sophos 2005-08-17 0:44
Trend Micro 2005-08-17 0:44
Kaspersky 2005-08-17 1:06
McAfee 2005-08-17 1:34
eTrust-VET 2005-08-17 1:53
Fortinet 2005-08-17 1:54
Symantec 2005-08-17 3:05
Command 2005-08-17 3:40
Panda 2005-08-17 5:24
Dr Web 2005-08-17 7:04
Ikarus 2005-08-17 7:41
eSafe 2005-08-17 7:50
Avast 2005-08-17 8:04
ClamAV 2005-08-17 9:02
Norman 2005-08-17 9:14
AVG 2005-08-17 11:33
F-Prot 2005-08-17 12:16
Hauri 2005-08-17 13:45
VirusBuster 2005-08-17 14:32
F-Prot 2005-08-17 14:57
QuickHeal 2005-08-17 15:09
McAfee 2005-08-17 15:29
Command 2005-08-17 15:32
Norman 2005-08-17 17:35
Nod32 2005-08-17 18:33
eTrust-INO 2005-08-17 20:27
eTrust-VET 2005-08-18 5:35
F-Secure 2005-08-18 6:32
Proland 2005-08-18 11:16
ClamAV 2005-08-18 13:35
McAfee 2005-08-18 14:15
Fortinet 2005-08-18 16:18

Beta definitions

McAfee (BETA) 2005-08-16 21:19
Symantec (BETA) 2005-08-16 22:07
eTrust-INO (BETA) 2005-08-16 22:13
eTrust-VET (BETA) 2005-08-16 23:15
F-Secure (BETA) 2005-08-16 23:46
Trend Micro (BETA) 2005-08-17 0:45
Fortinet (BETA) 2005-08-17 1:58
eTrust-VET (BETA) 2005-08-17 2:20
F-Secure (BETA) 2005-08-17 6:01
eTrust-VET (BETA) 2005-08-17 6:22
McAfee (BETA) 2005-08-17 11:36
McAfee (BETA) 2005-08-17 14:35
Panda (BETA) 2005-08-17 15:49
McAfee (BETA) 2005-08-17 17:35
eTrust-INO (BETA) 2005-08-17 19:00
Fortinet (BETA) 2005-08-18 9:25

When the SANS Institute, a computer-security training organization, released its Top-20 vulnerabilities last week, the rankings continued an annual ritual aimed at highlighting the worst flaws for network administrators. This year, the list had something different, however: The group flagged the collective vulnerabilities in Apple Computer's Mac OS X operating system as a major threat.

"In 2005, they have about the same number of vulnerabilities in the operating system as Windows, but Microsoft has a much greater market share," Martin said. "The Mac OS doesn't deserve a spot any more than any other operating system."

SANS's Dhamankar stressed that the intent was not to call the Mac OS X operating system a threat, but to give Mac users a wake up call. If they have not been paying attention to security, then they should start today, he said.

"There are some people that feel that, if they are running Mac OS X, then all is well," Dhamankar said. "That is no longer true."

http://www.securityfocus.com/news/11359

A hotfix is available to support the DFS Namespaces Client failback feature on Windows Server 2003 SP1-based computers and on Windows XP SP2-based computers
In Microsoft Windows Server 2003, the Distributed File System technology is renamed to DFS Namespaces. In Windows Server 2003 SP1 and Windows Server 2003 R2, some new DFS Namespaces features are available. One of these features is named Client failback. You can use the new user interface that is available in Windows Server 2003 SP1 and in Windows Server 2003 R2 together with the hotfix that is described in this Microsoft Knowledge Base article to configure client computers to fail back to a preferred, local server if the connection to that local server is restored.

http://support.microsoft.com/kb/898900