And the latest Conficker worm news is …

While the doomsday predictions for April 1st may have proved to be unnecessarily alarmist, it seems that Conficker is starting to show signs of activity. Seemingly, a new variant known as WORM_DOWNAD.E has been recently been discovered by a well-known security company. The new variant:

1. (Un)Trigger Date – May 3, 2009, it will stop running
2. Runs in random file name and random service name
3. Deletes this dropped component afterwards
   Propagates via MS08-067 to external IPs if Internet is available, if no connections, uses local IPs
4. Opens port 5114 and serve as HTTP server, by broadcasting via SSDP request
5. Connects to the following sites:
   Myspace.com
   msn.com
   ebay.com
   cnn.com
   aol.com

The new variant also attempts to download a binary associated the Waladec worm, which has led to some speculation as to whether there could be some connection between Conficker and Waladec. 

Continue reading Is Conficker going to cease its strike in May?

On 15th April, Microsoft announced the availability of Exchange 2010, the successor to Exchange Server 2007. According to Microsoft:

Exchange 2010 is part of the next wave of Microsoft Office-related products and is the first server in a new generation of Microsoft server technology built from the ground up to work on-premises and as an online service. This release of Exchange 2010 introduces a new integrated e-mail archive and features to help reduce costs and improve the user experience.

What’s new in Exchange 2010? Here’s some details: Continue reading The Public Beta of Exchange 2010 is Available

The Exchange Server Remote Connectivity Analyzer (ExRCA) is an online beta testing/diagnostic tool from Microsoft that may make your life somewhat easier. The tool includes a range of tests including:

• ActiveSynch
• RPC/HTTP (Outlook Anywhere)
• Inbound SMPT
• Outlook 2007 AutoDiscover

It’s easy to use and let’s you test some things that you wouldn’t be able to test with the cmdlets built into Windows. The tests produce pretty comprehensive reports and, helpfully, include a “Tell me more about this issue and how to resolve it” link whenever possible.

A video demonstration of how to use ExRCA can be found on TechNet.

According to Microsoft, additional tools will be added to ExRCA including OWA, IMAP, POP and Exchange Web Services.

I think that ExRCA has great potential. Note, however, that it’s still in beta and a work-in-progress so bugs should be expected.

My only complaint is in relation to the CAPTCHA. That thing is dang near impossible to read sometimes! That said, I don’t know about you, but I’m finding that CAPTCHAs have become a real pain in the butt. I often find myself squinting at the screen, attempting to work out whether it’s an “I” or an “l” or a “1″or something completely different … and then curse loudly when I guess incorrectly for the twentieth time. What’s particularly irratitating is when, after having refreshed a CAPTCHA numerous times, I finally get one that I think I can read … and then still get it wrong! But I’m digressing …

Be sure to try ExRCA out and let us know what you think.

“The more the better,” is a common mantra when it comes RAM but, in the case of Exchange Server 2007, that’s certainly not the case (OK, so it isn’t really the case in relation to other operating systems either, but that’s for another story).

With Exchange Server, Microsoft recommend no more than 32 GB of RAM. That’s because a) more than 32 GB will not substantially improve performance (and so you’d be wasting your money) and b) it may actually negatively impact performance. Here’s why (from Microsoft):

Cold state is defined as the state of the Mailbox server immediately following a server reboot or store.exe process restart. The Database Cache, which is used to cache database read/write operations, is small in size (or “cold”) during this period so it has a significantly diminished ability to reduce read I/O operations. As the Mailbox server processes messages, the Database Cache Size grows which increases the effectiveness of the cache and subsequently reduces the I/O footprint of the server. The larger the physical memory size of the server the longer it takes the Database Cache size to reach its optimal size. If the storage is designed/sized for a server with a large amount of physical RAM (>32GB), and the I/O profile of the users assumes an optimal Database cache state (large/warm cache); then the client experience may be compromised due to insufficient disk performance during these “cold state” periods.

Continue reading How Much Memory is Too Much?

Some people call them after family members. Some people call them after animals. And the Lord of the Rings series of books and Greek mythology seem to be an eternally popular sources of inspirations. What am I talking about here? Kids names? No, server names, of course!

David Stennett, a freelance contractor specializing in program and project management who’s old enough to know better, gets his ideas from the sky at night and cartoons:

I usually name my servers using either 1. Planets (the bigger the server, the greater the name … big servers named Jupiter1, Jupiter2, etc … smaller servers or desktops … Mercury, etc.) or 2. Transformers (servers named after larger transformers like Devastator, Omega Supreme, Unicron; desktops named after normal Autobots or Decepticons).

According to one of the chaps over at Diskeeper Corporation – who, to spare his blushes, I shall allow to remain anonymous - they once went down the Greek mythology route (Athena, Atlas, Janus, etc.), but have since adopted a much less interesting approach:

We have since standardized our servers with a naming convention of 3 letter location > Server Function > Number of Server.

*yawn* How to suck the fun out of life!

Continue reading What do you call yours?

It’s almost midnight when you’re woken from your peaceful slumber by a phone call from the boss. He’s calling from the pub in an inebriated state and is close to panic. “I’sh loshted my mobile and need it wiped … *hick* … immediately,” he slurs. Fortunately, with Exchange 2007 and Outlook Web Access (OWA), this is easy enough to do – without needing to make a visit to the office in the small hours of the morning.

Simply start up your computer and then (from Microsoft):

1. Open Outlook Web Access.
2. Log on to the device owner’s mailbox.
3. Click Options.
4. In the Navigation pane, select Mobile Devices.
5. Select the ID of the device that you want to wipe and remove from the list.
6. Click Wipe all data from device.
7. Click OK.
8. Click Remove Device from List.
9. Curse your boss, turn off your phone and go back to bed (okay, so this one isn’t actually part of Microsoft’s instructions but it is nonethless a step that you’ll probably wish to perform in order to ensure that the boss cannot disturb you again to tell you that he’s found the device and the remote wipe should be cancelled).

Step #8 is non-essential, but there’s really no point in not doing it as the device will otherwise continue to be wiped even after it has been found (which is bound to happen when he sobers up).

Note that it’s also possible to perform remote wipes with ES/SBS 2003, but do so you’ll need to have previously installed the Microsoft Exchange Server ActiveSync Web Administration Tool.

In a somewhat peculiar case, e360Insight LLC – the one-man mass mailing company which sued Spamhaus for besmirching its *cough* good name with accusations of spamming and which is now itself being sued for spamming – is suing data aggregation company ChoicePoint for CAN SPAM violations and breach of contract.

BackGround: e360Insight bought millions of email addresses from ChoicePoint. Some of the addresses were marked with an “O” to indicate that they could not be used for email marketing, while others were marked with an “I” to indicate that they could be used for email marketing. e360 proceeded to send emails to all addresses, regardless of whether they were marked with an “O” or an “I” – and that resulted in them being sued by some peeved recipients. Now here’s where it gets interesting: CAN SPAM prohibits the selling of email addresses belonging to people who have opted out of mailings. Consequently, e360 are claiming that ChoicePoint breached both contract and CAN SPAM provisions by selling opt-out addresses, even though those addresses were clearly marked as such:

If Ms. Sidewater’s assertion is true, this assertion constitutes an admission of violation of the CAN-SPAM Act of 2003, which provides that if a recipient requests not to receive commercial email, then it is unlawful for the sender to release, sell, or transfer such person’s email address to a third party. Thus, ChoicePoint admits that it breached 12(a)(ii) of the Agreement. But for this breach, e360 would not have sent any emails to the complainants and would not have been sued.

Hmmm. Gotta say, I don’t have much sympathy – in fact, make that I have no sympathy at all – for either side in this dispute. Who’d you prefer to see win? A(n) spammer alleged spammer? Or a company which sells your email address to a(n) spammer alleged spammer?

Tough choice!

Should you be interested in reading more, the documents are available over at SpamSuite.

The Florida Legislature recently suffered some embarrassment as a result of its lack of an email retention policy – or, more accurately, the inadequacy of its retention policy. Background: former House Speaker accepted a $110,000 per year position with the Northwest Florida State College after, supposedly, being one of the driving forces behind the state funding directed to the College while Speaker. The press caught wind of a possible scandal and attempted to obtain copies of emails between Sansom and the College. And that’s when it emerged that the Legislature had no real form of email retention policy: sent items were routinely purged after 30 days and deleted items were routinely purged after 90 days.

It’s time for the Florida House and Senate to join the 21st century. If lawmakers are going to use 21st-century technologies to communicate with the public and one another, they should take steps to ensure these communications are preserved — and accessible to the public,  read the editorial in TCPalm.

So, why weren’t the Legislature hanging onto their emails for longer? Because of storage constraints, seemingly. Sorry, but that’s a really lame excuse. Storage is dirt cheap and the price point of archiving solutions puts them well within reach of even smaller businesses. According to the Panama City News Herald:

The average House member uses about 569 megabytes of server space each month, with the average senator using about 700 megabytes, the documents said. Both are less than the 1 gigabyte of space available on an iPod Shuffle, Apple Inc.’s smallest portable music player, which holds about 500 songs. A free e-mail account from Google Inc. gives each user about 7,300 megabytes of space.

The House spends about $124,000 yearly on maintaining the system, according to Legislature information.

For that much, the House could also archive e-mail for three years, said Forrester Research analyst Chris Voce, who studies IT infrastructure. Upkeep for the House’s 750 users that would retain e-mails for three years should cost about $108,000 annually, Voce said.

Exactly. Retaining your email is actually pretty cheap these days – and the cost of retaining it can certainly be less than the cost of losing it.

Continue reading Here Today, Gone in 30 Days or The Need of Email Archiving

Some tidbits are starting to emerge about the next version of Exchange Server, code-named Exchange 14 (How dull is that? Why the heck have Microsoft stopped using interesting code-names such a Touchdown and Titanium?). While details are still rather scant, what we do know is that:

• Outlook Web Access (OWA) will have cross-browser support. While it’s always been possible to access a dumbed-down version of OWA – referred to by Microsoft as OWA Light – with browsers other than Internet Explorer, E14 will enable users to access the premium version with Firefox and Safari. Whether or not Microsoft will choose to add support for other browsers, such as Opera and Chrome, remains to be seen.
• IM capabilities shall be integrated into OWA and so users will be able to see who’s online/offline and initiate conversations right from within their browsers.
• E14 will include what Microsoft call a “turbo-charged conversation view” which will enable users to collapse or group their emails into threads.

Continue reading Early Look at Exchange 14

Can you make your email greener? Possibly.

With the release of Microsoft Windows Server 2008 with Hyper-V and Microsoft Hyper-V Server 2008, a virtualized Exchange 2007 SP1 server is no longer restricted to the realm of the lab; it can be deployed in a production environment.

So says Microsoft in the Exchange Team Blog. Yup, it’s now possible to virtualize Exchange Servers while continuing to be entitled to support from Microsoft. But there’s good news and bad news here. The good news is that virtualizing Exchange can offer real savings. In one of the examples that Microsoft cite (with 7 servers being consolidated to 3 servers running 7 virtual servers) the potential energy savings are estimated at 25,754 kWh or $22,516 per year. On top of that, there’s also savings to be had on hardware and, if your utility company has a high tech incentive program (as PG&E do) you may even be able to recover a portion of your project costs. Woohoo! So, not only can you cut your costs, but you can make your operations a bit greener in the process.

But here’s the bad news. As Microsoft put it, “Due to the performance and business requirements of Exchange, most deployments would benefit from deployment on physical servers.” What that really means is that most Exchange deployments will not be suitable candidates. Microsoft provide the following 3 scenarios in which virtualization is worth considering:

• Small Office with High Availability
• Remote or Branch Office with High Availability
• Mobile LAN

Continue reading Greening Exchange Server