Adobe dared what other software companies have only dabbled in doing: converting their entire, hugely popular software library into a rental-only commodity. Why do software companies aspire to this model? As you might suspect, users of expensive software packages like Adobe’s Creative Suite or Microsoft’s Office products are able to enjoy multiple years of use from the software before reluctantly upgrading, a consumer trend that bodes ill for any software manufacturer bottom line. The solution: make your highly desirable products only available for rent, or in software parlance: “subscription-based”, guaranteeing you a regular income that will make shareholders dance with glee. While this move has angered a large number of Adobe users, the software company was able to pull the plug on ownership because of the virtual stranglehold it has on this particular category of software, especially its flagship products Photoshop, Illustrator and Lightroom, for which there is virtually no competition its users are willing to consider.
What this means for you:
Adobe’s success (or failure) will determine how other companies proceed. Microsoft already has an extensive subscription-based offering of its productivity suite, which can be rented for what most in the business world consider to be a fair price, especially seeing as how critical Office is in daily business, but “rentals” are only a fraction of its overall sales, which still come through more traditional licensing channels. Annual licensing and maintenance has long been an accepted and expected revenue generator on the enterprise side, a means to bolster profits from an ownership model that came from lengthy software development cycles that are growing shorter and shorter every year. Adobe’s justification behind the subscription model maintains that subscribers will be able to enjoy continuous improvement to and expansion of their products. The question remains, however, whether business is ready for applications and platforms that continually change. While new features and improvements are always welcome, the constant change also present bugs, security holes and training challenges that are definitely not covered by the subscription. Where before companies could control the rate at which their critical business software was changed, now they may have to join a race in which the finish line is constantly moved away from the partipants.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
As predicted, the zero-day flaw in multiple versions of Microsoft’s web browser, Internet Explorer, is now being actively exploited by multiple APT (Advanced Persistent Threat) groups in attacks that are targeting large numbers of people. The most publicized and successful of these attacks have been focused on government websites. Their primary purpose: to install rootkits on government worker machines to facilitate access to confidential government documents. On top of the growing number of attacks leveraging this weakness, the Metasploit framework (an open source hacking tool used by security researchers and white-hat hackers) just released a module to the public that demonstrates how this security flaw can be used to hack IE, theoretically making it even easier for malicious agents to understand and develop their own exploits. Microsoft has yet to say when a patch will be released to fix this weakness, which affects just about every version of IE from 6 through 10.
What this means for you:
If you are using Internet Explorer, whether by corporate mandate or by choice, make sure you’ve applied Microsoft’s temporary fix, or ask your IT guy if they’ve distributed the fix throughout the company. If you work for the government, either as an employee or contractor, be extra wary of strange behavior on your computer, and ensure that your antimalware software is fully functional and up to date.
If you are using some other browser, you don’t have to worry about this particular exploit, but as always, remain ever vigilant and make sure your OS, software and antimalware are fully patched!
In case you were worried that Internet Explorer might be gaining ground as a secure web browser, security researchers have uncovered another zero-day vulnerability that is actively being exploited in version 8 and 9 of Internet Explorer. I’ll spare you the gory details but the gist of the hole is such that it can be exploited in a simple “drive-by” attack, and doesn’t even require interaction from the user. Sadly, this weakness seems to afflict all versions of Microsoft’s web browser, including the yet-to-be released version 11. Microsoft is aware of the issue, and is working to plug the hole, but could be weeks away from a formal fix.
What this means for you:
If you are using IE 8 (extremely likely if you are still using Windows XP), or IE 9 (also likely throughout much of the corporate world), there is a Microsoft Fixit that can be applied, and enterprise IT shops can address this centrally if they are running well-managed computer fleets. If you are leery of applying temporary patches and are not restricted to using Microsoft’s browser, you can give Chrome, Firefox or even Safari a try until Microsoft issues a formal patch for this exploit. At minimum, make sure your anti-malware is up to date and working, and watch carefully for suspicious behavior while surfing the internet, especially if you are visiting new/unfamiliar websites.
News has surfaced via various outlets that Microsoft has finalized the “.1” update to Windows 8. This has a two-fold implication for everyone: first, manufacturers can now start to build PCs with 8.1 instead of 8 (which may help flagging sales), and consumers can expect the major update to arrive in October, as originally promised by Microsoft. Among the improvements promised in this update, only two are likely to raise an eyebrow with most folks: the “return” of the Start menu and a more easily accessible Desktop Mode which can now be set to load on bootup. The quotes around return are explained below.
What this means for you:
Based upon dismal sales numbers, it’s likely you’ve been holding off on adopting Windows 8 unless you were forced to through the purchase of a new PC, or you were among the technically adventurous/curious. I’ve warned many of my clients away from taking on the Windows 8 “adventure” primarily because of the significant changes to the user interface. To say the differences are jarring and a productivity killer in the first few months of adoption would only be a slight exaggeration, and depending on how savvy you were with technology, that learning curve was the dealbreaker.
However, now that Microsoft has graciously given us the option to enable “Desktop Mode” by default, new users can ease into the transition using an interface that is essentially the same one they’ve used the past 10-15 years. On the other hand, the return of the “Start Menu” isn’t what you think it might be. Yes, there’s an icon in the lower left, as in past versions of windows, but it merely acts as a shortcut to the Windows 8 “Start Screen”. Granted, Microsoft supposedly has made many improvements to this interface, so it may not be all that bad, but if you want a menu like the one in Windows XP/Vista/7, you’ll need to stick to third-party addons like Pokki.
Hackers have compromised a Department of Energy website, leveraging a previously undiscovered security flaw in version 8 of Microsoft’s Internet Explorer. IE 8, which is now 2 versions back from Microsoft’s most recent release (v10), is used by almost a quarter of all Internet Explorer users, and is most commonly found on Windows XP computers. The “watering hole” style attack is thought to be the work of Chinese hackers based upon the malware used and the command and control protocols used. The hacked website is used by the DOE to disseminate information on radiation-based illnesses, leading analysts to believe that this was a targeted attack aimed at compromising the computers of government employees working with nuclear weapons and reactors, ostensibly for the purposes of gaining access to classified information and systems.
What this means for you:
This is the first instance of this particular exploit being discovered, but given the publicity and Microsoft’s well-known inertia in issuing security updates for it’s older products, there is a chance that if you are still using IE 8 you could be at risk. Microsoft recommends upgrading to a new version of Internet Explorer, but in the event that you are unable to upgrade due to your business requirements or application limitations, Microsoft has issued the following guidance for working around the security flaw until it can be patched:
- Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
- Add sites that you trust to the Internet Explorer Trusted sites zone to minimize prompt disruption
As I’m not a Microsoft employee, I can also recommend switching browsers to Chrome or Firefox. Both issue security updates much more rapidly, and though they are not free of security flaws and zero-day exploits, both browsers typically fair better than IE in terms of overall security strength.
Though they haven’t officially confirmed it, Microsoft’s update to Windows 8 (codenamed “Blue”) is supposedly set to give users back their “Start” menu and the ability to boot into the more familiar “desktop” mode of the OS, as opposed to using the tile-based interface that Windows 8 boots into currently. According to Microsoft, the impetus to remove the Start menu from Windows 8 was provided by user interface data gathered automatically by previous versions of Windows, but it’s fairly clear that whatever the data shows, customer feedback has been fairly pointed about the lack of the Start menu: Users want it back.
What this means for you:
The developer preview of Windows 8.1 is set to be released in June of this year, and should be publicly available in August, according to Microsoft’s timeline, so we won’t know for sure for at least another month as to whether Windows users will actually have their wishes granted. Many analysts point out that it’s likely the Start menu won’t be what everyone remembers – current opinion is the returning menu will actually only be a button to launch the Windows 8 Start page, ie. the screenful of tiles that everyone’s been avoiding by switching to “desktop” mode, which emulates the Windows interface from version 7 on back. These concessions are likely in response to lackluser sales figures and slumping PC sales, possibly in response to the general public’s reluctance to move to Windows 8.
The controversial CISPA (Cyber Intelligence Sharing and Protection Act) proposal has passed committee review and is heading to the Senate for a vote, despite a clear warning from the Obama administration that it would VETO the proposed law. Unlike the equally controversial SOPA (Stop Online Piracy Act) backed by media companies and defeated through vigorous and coordinated protests from the technology industry, CISPA has divided the technology industry. Many large companies like IBM, AT&T, Oracle and Verizon backing it, while other, equally sizeable companies like Facebook, Microsoft, Google and dozens of activist organizations oppose the bill on the grounds that it doesn’t do enough to protect the privacy of US citizens.
What this means for you:
In case you are confused as to how CISPA might impact you or your business personally, here’s a summation of what the bill proposes: This law would allow telecommunication companies to share data with governmental agencies for the purposes of combatting terrorist or criminal activity, overriding any local laws that would prohibit such sharing. According to supporters, law-abiding citizens should have nothing to worry about, but opponents contend that on top of very weak protections for citizen privacy, there is nothing in the bill that would protect citizens from potential abuse by the various intelligence agencies who could amass an inconceivably comprehensive database from the information gained by CISPA. Regardless of which side of the privacy fight you stand on, it behooves you as a US citizen to be aware of where you stand on this issue, as well as encouraging everyone around you to participate as they can in helping our government come to terms with this problem.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Microsoft seems to be taking Fat Tuesday to heart: this month’s package of software updates includes a whopping 57 fixes for security flaws across most of its current product line. Microsoft isn’t the only one patching: Adobe also has a handful of security fixes for its products – the most commonly installed are Flash and Acrobat. The security exploits patched are just as potentially dangerous as the vulnerabilities patched in Internet Explorer.
What this means for you:
Ideally, you either have an IT department watching out for you and making sure your software is being updated in a timely fashion, or you have Automatic Updating turned on and will automatically download and apply all critical and important patches released by Microsoft and Adobe. In the case of the former, it may actually be a week or two before the actual patches are applied, as many IT departments routinely test all MS patches before distributing them through the enterprise, mostly to ensure Microsoft doesn’t break something proprietary to your company’s platforms. And in the case of this month’s Patch Tuesday, they will have much more to test and deploy.
If your computer is relying on automatic updates received via the internet, make sure you pay attention to the little message popups in the lower right corner of your screen. Windows Update will let you know when its doing its thing, and will also notify you when it has finished applying the necessary patches. Not sure whether your machine has been patched? For most versions of Windows (XP, Vista, 7) you can click the Start Menu and select “All Programs” and scroll until you find “Windows Update”. Review the information on the screen, and if you have any questions, don’t hesitate to call us for a second opinion!
If you’ve been salivating at the prospect of upgrading to Microsoft Office’s latest iteration – 2013 – then your wait is officially over. Multiple SKU’s of Microsoft’s productivity platform will become officially available on Jan 29. Most importantly, Microsoft is now making the Office suite available to be “rented” via the Office365 Home Premium package. This subscription-based service will allow the main Office apps (Word, Excel, PowerPoint, OneNote, Outlook, Access, and Publisher) to be installed on up to 5 computers on your local network (Windows or Mac) for $99/year.
What this means for you:
Up until the arrival of Office365, most organizations couldn’t afford (or didn’t want to afford) an enterprise license for Microsoft products with the Sofware Assurance premium which basically guaranteed upgrades for their entire license base over a certain number of years. Instead they purchased what is known as a “perpetual use” license: it allowed the licensee to use the version of Microsoft software they purchased for as long as the software remains viable. This has manifested as many, many organizations running much older versions of Office dating back 10 or more years, and still quite happily getting work done without paying a single additional dime to Microsoft.
Microsoft, in an effort to keep the coffers full and users happy in all categories, has commoditized Office with this subscription service for everyone, allowing companies and families with tight budgets to remain competitive without breaking the bank. Office has been the predominant productivity package for business, and now with affordable pricing for entire households, Microsoft hopes to further extend and cement its grasp throughout the consumer market as well. Depending on where you stand in the industry, this is not always necessarily a bad thing. Broad standardization will lighten support burdens everywhere. On the flipside, crushing the competition might lead to stagnation in innovation, and as we all know, it’s been a long, long time since anyone every looked at a new version of Office with anything other than trepidation.
According to The Verge, Google notified Microsoft of its plans to discontinue support for ActiveSync on the Gmail platform last year, and has recently notified Microsoft that the cut-off is coming on Jan 30, despite Microsoft’s efforts to get a 6-month extension from Google. ActiveSync is widely used to sync calendar and contact data from Gmail to Windows and iOS devices. Microsoft has noted that the Windows Phone OS will support CardDAV and CalDAV, which are the protocols used currently for synching on Android devices, in a future update of Windows Phone OS, but the update release data has not been announced yet.
What this means for you:
If you use Gmail as your primary calendar and contact management system, and you are syncing contacts and calendar data to a Windows Phone or an iPhone, you will lose the ability to sync up your data between phone and the cloud for an unknown length of time once Google drops support for ActiveSync – Gizmodo projects it could be as long as six months time. If you need this functionality, start considering alternatives ASAP!