Yesterday I attended a Tech Rally in Mansfield, hosted by a local reseller-and-servicer business there with the word "typewriter" in its name (or, at least, that's what it used to stand for).
The Sophos presentation on network security was a real eye-opener for me. A lot of what the guy said made sense, on some level, but he was talking mostly about kinds of networking we don't even have at the library. In particular, the whole mindset of the talk was deep in Microsoft think. When he spoke of not allowing a system "onto the network" if it doesn't meet your requirements (e.g., for having certain antivirus software installed), I'm pretty sure he was actually thinking mostly in terms of not allowing it to access certain services on the network, e.g., application servers. There were also a lot of highly-Microsoft-centric things that were fairly central to his talk, not least Active Directory. (As an administrator of OS-agnostic/heterogenous TCP/IP-style networks, I only just barely know what AD even *is*. It's not really relevant to any kind of computer network I've ever worked with.)
This doesn't make everything he said invalid, it only makes it irrelevant to me, at this time. (If I'd known that was the kind of network he was going to be talking about, I wouldn't have attended the talk, but it was just labelled "Network Security", and I work with network security (I write firewall rulesets, for instance), so how was I to know?)
I did catch the presenter in one mistake, which he made presumably because he is thinking at a higher level (specifically, at the application layer on the OSI model) and mostly looking past or ignoring the details on lower layers (notably the data link and network layers). The specific mistake he made (which I swear on Dave Barry's life that I'm not making up) was in speaking of DHCP as an enforcement mechanism. As anyone who understands TCP/IP at even a basic level can tell you, it fundamentally isn't that. (DHCP is a convenience mechanism; it doesn't enforce squat.) If the system doesn't meet your requirements, he was saying, then the DHCP server can hand it a 32-bit subnet mask, and so then it "can't go anywhere" on the network.
Yeah, he really said that. The reader may now laugh heartily at the prospect of an attacker that does not know how to change the TCP/IP settings on his computer. What kind of threat are we protecting against here? Great Aunt Mildred? Dilbert's boss?
However, he also talked about other enforcement mechanisms, including access control lists, among other things. To fully evaluate the correctness of his talk I'd have to know more about things like LDAP and NT's non-DNS "domain"-based networking, but I didn't get the impression that it was all bogus like the DHCP thing. On the whole the talk seemed coherent and mostly sane. Not that any network administrator should ever swallow anything said by any security vendor without a large helping of salt, mind you.
I also got to see one of the Microsoft "across America" vehicles (sort of like a converted bookmobile or mobile home with a lot of computer hardware crammed inside). On feature, of course, was Vista, which I got to see up close and personal for the first time. (Previously I'd seen screenshots on the web and a couple of short promo videos.) The demo guy (whose name I didn't catch) did a really nice job and seemed to be pretty well informed.
First, I want to say that the Aero Glass visual enhancements are quite slick. As someone who generally sets XP systems to the Classic look because it's just less goofy and dumb-looking than the default appearance in XP, I must say I'm pleased this time.
Some of the improvements to the Start menu in Vista also appear to be quite worthwhile. Expanding folders vertically (right into the list, albeit with an indent, sort of like in the left pane of the Explorer view in the Windows Explorer file manager) rather than horizontally seems like it will overall be an improvement (less mouse movement is required, for one thing), and the Start Search appeared to be really slick. I don't know what kind of hardware they were running it on, but it did perform really well. Impressively well, compared with XP on any hardware I've ever seen it on. These are small things, but it's often the small things that determine the quality of the user's experience. I am optimistic now about Vista being a real improvement over XP.
Not that I'm going to rush to deploy it right away, mind you. I'd like to hold out for SP1 if possible, or at least wait until next year when it's been out for a while and the first round of post-release bugs found and fixed. Nonetheless, I'm now kind of looking forward to it.
Lastly, I want to talk about the panel applets. (Microsoft has another name for them, which I forget at the moment, but I'm talking about the little applications that run embedded in that panel on, by default, the right side of the screen, updating the display in realtime.) As I predicted, it *is* more than just a fancier clock: it's a real panel-applet capability, or at least the beginnings of one, and thus a major step forward for Microsoft. I asked specifically about biff, and the demo guy confirmed that yes, there is one. Although he specifically used the word "Outlook" (which suggests to me that it may be specific to that (highly undesirable) mailreader, rather than doing POP3 or IMAP checks itself), it is nonetheless a good beginning. That's one of the major things people use panel applets for, so it's important that Microsoft thought to include it. It means they're thinking in the right directions. Also there was a system monitor of sorts (showing CPU usage and a couple of other things; gkrellm it is not, but for a ships-with-the-OS component it is a worthwhile inclusion) and something that looked like it might have been an RSS reader, though I don't actually know where it was getting its data. I didn't ask about the availability of third-party ones, but I imagine they will appear in time.
The bad news is that these panel applets cannot be placed on the regular panel (the taskbar in Windows parlance), only on the special panel dedicated to them. I asked specifically about this and the demo guy confirmed my suspicion. I didn't get a chance to find out how resizeable it is. Nonetheless, it's a beginning, and a good one. Hopefully now that it's a core feature of the Windows UI it will see improvements in future releases.
They will know it when they see it…
13 hours ago