MS Windows 8

Windows 8, is going to be available soon for your tablets, desktops and for selected smartphones.

Yes Windows 8 comes with a hybrid design and isn’t like the Windows OS we are usually familiar with. Latest version brings completely new visual interface, which is optimized for touchscreen devices but can be equally efficient with mouse and keyboard for desktop computers.

Here’s a preview of What Windows 8 will look like:

Start Screen:



Lock Screen:



Keyboard and Apps (Earlier we used to call them programs):



File Management:


Download Windows 8

Microsoft was quick enough to release the developer version for Windows 8 for general public.

You can select from one of following versions available at Microsoft’s website:
Windows Developer Preview with developer tools English, 64-bit
Windows Developer Preview English, 64-bit
Windows Developer Preview English, 32-bit

It appears that Windows Developer Preview English, 32-bit will be suitable for many, unless you need to get the developer tools too.

You can download any version of Windows 8 from this link.
How to Install Windows 8 on Virtual Machines:
You can install Windows 8 preview on a virtual machine instead of dedicating an entire PC for it.
You can use VirtualBox for hardware virtualization
Download Windows 8 from above given link.
Create a new VirtualBox virtual machine and select Windows 8 as the OS type.
In the Motherboard tab under System, check Enable IO APIC.
In the Processor tab under System, check Enable PAE/NX.
In the Acceleration tab under System, check Enable VT-x/AMD-V and Enable Nested Paging.
In the Video tab under Display, check Enable 2D acceleration.
Remember to mount the Windows 8 .ISO file you downloaded and you’re good to go!

Note: Make sure your PC supports hardware virtualization for this to work, or you can go with a fresh machine to install Windows 8. Remember, you can’t un-install this copy of Windows unless you format the drive.

Want to Change Metro UI:
If you want to disable the Metro UI?
Go to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Change the value of RPEnabled from 1 to 0.

Microsoft buying Skype for $8.5 Billion

The software giant, Microsoft has bought Skype for $8.5 billion, in all cash deal.

The agreement has now been approved by the boards of directors of both Microsoft and Skype.

Skype will become a new business division within Microsoft, and chief exec Tony Bates will assume the title of president of the Microsoft Skype Division, reporting directly to Microsoft CEO Steve Ballmer.

Skype has been up for sale for some time. eBay and Silver Lake Partners, previous share holders of Skype have been getting nervous about the delayed initial public offering and have been pushing for a sale of Skype.

Facebook and Google were also in the list to acquire Skype, but Microsoft, though a late applicant, has now taken it.

Skype gives Microsoft a boost in the enterprise collaboration market, thanks to Skype’s voice, video and sharing capabilities, especially when competing with Cisco and Google.
It gives Microsoft a working relationship with carriers, many of them looking to partner with Skype as they start to transition to LTE-based networks.
It would give them a must-have application/service that can help with the adoption of the future versions of Windows Mobile operating system.
However, the biggest reason for Microsoft to buy Skype is Windows Phone 7 (Mobile OS) and Nokia. The software giant needs a competitive offering to Google Voice and Apple’s emerging communication platform, Facetime.
The purchase also provides Microsoft with a wealth of p2p and collaboration technology expertise and intellectual property, an increasingly important asset to have these days.
It also brings reach: Skype’s user base is comparable to that of Facebook in terms of size (more than 600 million registered users).

It may be pre-predictions but Microsoft has got one big tool in his hand now and surely the competitors must be thinking what is coming next? The integration of Skype in the later version of Windows will surely make Google and Facebook to feel the heat.

Whatsoever is the output, Microsoft seems to be back in the battle with Google Voice, while Facebook still stands at the other end.

Microsoft Windows 8

What’s Really Going on With Windows 8?

We all know that these days, guys at Microsoft are very busy preparing the next major version of their Windows family. Recently, they have finished the 2nd milestone of Windows 8… But that’s also leaked news! This time they are very strict about leaking information to the press. To tell you the truth, in Windows 7, we received a load of leaked info and screenshots at this stage. But what’s happening with Windows 8? It’s a big mystery!

In Windows 7, we got the first public beta with their third milestone. But in Windows 8, we can’t say what will happen. Recently, at the CES, Microsoft officially announced that Windows 8 is going to support ARM and SoC (System on a Chip) devices. This will take it beyond our normal x86 and x64 processors to things like the ARM-based devices built by NVIDIA, Qualcomm and Texas Instruments.

Another leaked source has mentioned that Windows 8 is going to have a brand new graphics system which is said to have more Silverlight on it. But, these facts are unofficial! The biggest problem is we have no much information to tell you what they are really cooking in those lab…
Are they cooking something big and innovative which could change the whole world? Well, if that’s the case, then secrecy might be the best policy! But still, we cannot say anything until we get the public beta! So, what do you think? What are they doing with all these secrecy? Will we ever get a public beta?

How to Install Windows XP in less than 15 minutes

Today’s trick will be very helpful for those people who frequently install Windows xp operating system. Normally Windows XP operating system installation takes around 40-60 minutes to complete, but through this trick you can save 15-20 minutes.

1. Boot through Windows XP CD.
2. After all the files are completely loaded, you will get the option to select the partition. Select partition “C”.
3. Now Format the partition, whether it is normal or quick with NTFS or FAT
4. Once the formatting is completed, All the setup files required for installation are copied. Restart your system by pressing Enter. Now, here begins the Simple trick to save 10-15 minutes.
5. After rebooting, you get a screen where it takes 40 minutes to complete or finalize the OS installation.
6. Now, Press SHIFT + F10 Key -> This will open command prompt.
7. Enter “Taskmgr” at the command prompt window. This will open Task Manager.
8. Click the Process Tab, here we find a process called Setup.exe -> Right Click on Setup.exe -> Set Priority ->Select High or Above Normal. Initially it will be Normal.
Thats it, no more work to do. Relax your self and see how fast the installation process completes.

Some Dangerous Risks to MS Security

Security has always been an important part of any IT infrastructure. As technology progresses, it’s a safe bet that there will always be people who will try to infiltrate your network to do their malicious deeds. As security technology improves, so do the skills of these notorious hackers. But what can we do to protect ourselves from these threats? Few tips to help improve your awareness of some of the more important risks threatening your Microsoft infrastructure.


1. Physical Attacks
Let’s start with the most basic attack. A physical attack on a computer can be a daunting thing. Suppose someone actually has physical access to a machine, and they wish to obtain data from it. With heightened awareness of password security, things are a little better. However a determined hacker can easily get to information that is stored on a machine whether it be a stand-alone client or a full-blown domain controller. Some obvious best practices include making sure that no one has physical access to any of your servers. Hopefully, most organizations running a back-end SAN will have whatever room the servers are located in under lock and key. Physical attacks can also include an attacker coming in with an external hardware device like a usb drive and infiltrating a system that way.
Thankfully, Microsoft has supplied us with group policy settings so we can set a policy in place that prohibits the use of any type of external storage device. With the advent of Microsoft Server 2008, Microsoft has also given us Read Only Domain Controllers (RODC), and this helps tremendously as far as networks are concerned. Because of the unilateral replication, if any of the structure is changed or manipulated, it ensures that the changes won’t be replicated out to the rest of the network, not to mention the choice of which account credentials will be cached. We were also given the new BitLocker feature to help protect sensitive data. BitLocker Drive Encryption is a full disk encryption feature included with Vista Ultimate and Enterprise as well as the new Windows 7 and Server 2008. It’s designed to protect data by providing encryption for entire volumes. It uses the AES encryption algorithm in CBC mode with a 128 bit key. However, as with anything else in terms of security, hackers found a work-around.

Back in February of 2008, a straightforward cold boot attack was discovered. This basically allows a Machine that is protected by BitLocker to be compromised by booting the machine off of a USB device into another OS and then dumping the contents of the pre-boot memory. The attack relies on the fact that DRAM retains information for up to several minutes after the power has been removed. If cooled, it can buy the attacker even more time. This takes away any protection because the keys are held in memory while Windows is running. BitLocker can also operate in a sort of “USB Key” only mode. Of course, anyone using this method better be sure that the key is never left with the computer. There is also the possibility that a malicious program, like a pre-boot or post-boot malware program, could read the startup key off of the USB key and store it. It’s always a good idea to remove the USB key from the USB port before Vista completely starts.



2. Password Policies
When talking about password policies, we often think of complexity requirements. This can include number of characters, type of characters (letters, upper-case, lower-case, numbers, and special characters), how often the password should be changed, and failure threshholds. Any password policies not using Kerberos are using NT Lanman, which uses 56-bit DES encryption, and that’s really weak. Unless you happen to be running any NT boxes in your network, you can rest easy knowing that Kerberos authentication, with it’s Advanced Encryption Standard (AES), is at work for you. However, one thing that can often be overlooked is that any password that is less than 15 characters long is automatically stored in backup with an NTLanman backup hashfile. Taking this into consideration, it’s easy to realize why you might want to have a password policy that requires a password of over 15 characters. So instead of a password, have your users come up with a passphrase instead. You might even consider having your users change the password every 90 days instead of every month because it cuts down on the chance that the user might write down their password. From a security standpoint, any passwords that are written down for someone else to possibly see are a potential hazard.


3. Privileged Accounts and Social Engineering
Let’s say that you’re the network admin at your organization. You have full domain rights and privileges. You go to install a new vulnerability scanner that your friend Bob recommended to you (so you know it’s from a safe source, right?). Unbeknownst to you, the program actually has a series of simple net commands that are running in the background that create a new domain account, change your password, and a few other things that make you cringe in retrospect. How could this have happened? After all, you’re certain that your anti-virus software is up to date. The problem with this scenario is that it has nothing to do with a virus. According to the system, it was you who created the new admin account and changed your own password.
Over the years, the game in security has changed from “Can I guess your password?” to “How can I get you to run something while you’re signed on with your privileges?” Because of the way that security works within
Microsoft, as soon as you login with an account that has administrative privileges, you possess a “token” that gives you access to those privileges. Whether it be establishing rapport and good credibility with Bob and then offering him a new vulnerability scanner to try at work or setting up a web site with dirty active x controls, attackers can get pretty creative in how they try to accomplish this.
Microsoft has been telling us for years not to login with an account with administrative privileges and go web surfing, and checking our e-mail. Hence the “run as” feature that was so kindly given to us. While working with an account with non-admin rights, if we need to install a program, we can right-click and choose “run as” and only that one process will use the administrative token. Windows Vista tried to alleviate much of this by giving us the User Account Control (UAC), but how often is it really used or turned off altogether?
A company called BeyondTrust released a report recently that indicates that according to their analysis of all the security bulletins Microsoft published last year, 92% of the critical vulnerabilities could have been mitigated by the principle of least privilege. Below are some key points from the report.
• 92% of Critical Microsoft vulnerabilities are mitigated by configuring users to operate without administrator
rights
• Of the total published Microsoft vulnerabilities 69% are mitigated by removing administrator rights
• By removing administrator rights, companies will be better protected against exploitation of 94% of Microsoft Office, 89% of Internet Explorer, and 53% of Microsoft Windows vulnerabilities
• 87% of vulnerabilities categorized as Remote Code Execution vulnerabilities are mitigated by removing administrator rights

4. E-mail Attacks
Imagine that you’ve just sat down to check your e-mail, and you receive an e-mail claiming to be from your bank or, better yet, from your HR department, claiming that a new policy is in place and it’s required that you change your password for security reasons. You click on the link provided in the e-mail only to be directed to a site that looks alarmingly identical to your bank site or your internal HR site. At the site, it asks you to put in your current credentials for authorization. Spam and phishing attacks are classics in the online criminal’s repertoire. But, as long as users keep falling for the tricks, the bad guys will just keep sending on the e-mails. These types of attacks can leave you wide open for some of more popular risks such as...

5. Worms
We’ve all heard of computer worms. Basically a self-replicating program, they use our networks to send copies of themselves to other machines, and they do so without any intervention on the user’s end. It doesn’t need to attach itself to an existing program like a virus. Although they don’t corrupt or devour files like a virus, worms can still pose a security threat nonetheless, usually in the form of bandwidth consumption.
The Conficker worm that caused so many problems to networks recently is still around. It was so serious that Microsoft thought it was worth putting a $250,000 bounty on the head(s) of those who created it. However, the worm is still out there and spreading. A new variant known as Conficker B++ has been released into the wild sporting new characteristics that could try to get around the IT industry’s attempts to bring it down.


6. Increasingly Malicious Malware
Malware is malicious software. We’ve all heard of malware infecting our systems. We usually only find out about it through scans because they’re designed to infiltrate or damage a computer system without the user’s consent. Although most of the malware is not malicious in nature and is usually referred to as spyware, the threat of malicious software infiltrating our machines is an ever-alarming one.
Hackers continue to refine the capabilities of malware, expanding on flux technologies in order to obscure their infrastructure, making it even harder to locate their servers. There are also recent variants that are able to detect when someone is investigating activity and then respond with a flooding attack against the investigator. As this kind of thing is becoming more main-stream, it’s growing more difficult to make investigations. Some examples also target and dodge anti-virus, anti-spyware, and anti-rootkit tools. So basically, malware is becoming stickier on target machines and more difficult to shut down. When you look at a list of malware threats you may begin to experience deja vu. You might ask yourself if you’ve seen the names of some of these processes before. The reason is that the writer of the malicious code is trying to pull a fast one and have disguised the code by giving it a name similar to another harmless, but essential, application. Below is a list of some examples taken from ProcessLibrary.com.


ISASS.EXE
Part of Optix.Pro virus, Isass.exe is registered as the Optix.Pro Trojan that carries in it’s payload the ability to
disable firewalls and local security protections, and which also contains a backdoor capability, allowing a hacker fairly unrestricted access to the infected PC. This Trojan was developed by someone going by the name of s13az3 who formed part of the (since discontinued) Evil Eye Software crew.

NVCPL.EXE
Part of W32.SpyBot.S Worm Nvcpl.exe is a process that is registered as the W32.SpyBot.S worm (it also seems to be associated with the Yanz.B worm, which may just be another name). It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow, forcing your computer to shut down. Although not necessarily a particularly destructive piece of malware, it is a nuisance because it will access your e-mail address book and send spam to your contacts.

CRSS.EXE
Part of W32.AGOBOT.GH Crss.exe is a process-forming part of the W32.AGOBOT.GH worm. This spyware worm is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hope that you open its hostile attachment. The worm has its own SMTP engine, which means it gathers E-mails from your local computer and re-distributes itself. In worst cases, this worm can allow attackers to access your computer, stealing passwords and personal data.

SCVHOST.EXE
Part of W32/Agobot-S virus, the scvhost.exe file is a component of the W32/Agobot-S virus. Another member of the Agobot (aka Gaobot) computer worm family, this Trojan spreads via networks and allows attackers to access your computer from remote locations, stealing passwords, and Internet banking and personal data.

SVHOST.EXE
Part of W32.Mydoom.I@mm Svhost.exe is a process that is associated with the W32.Mydoom.I@mm worm. This worm is distributed as an e-mail message and requires that you open a hostile attachment. Using its own SMTP engine, the Mydoom worm will gather e-mails from your local computer and redistribute itself. The original Mydoom worm was first spotted in January 2004 and went on to become the fastest spreading e-mail worm ever. In worst case scenerios, this worm can allow attackers to access your computer, stealing passwords and personal data; however, it is also interesting in that, in addition to the Trojan, the other payload it carried was a denial of service attack on the website of SCO Group. Later versions of the worm have included denial of service attacks on other sites, including Google and Lycos.


7. Unauthorized Network Access
Probably one of the biggest risks to keep an eye out for would be any type of device that has access to the network that should not. Just imagine a scenario where someone is able to walk into your organization and plug in a wireless router that starts automatically handing out IP addresses. Fortunately, we have tools at our disposal to prevent something like this. These tools include Network Access Control (NAC), which uses a set of protocols to define and implement a security policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. Thus, when a computer connects to a computer network, it is not permitted to access anything unless it complies with a set of standards, including anti-virus protection level, system update level, and configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues. Once the standard is met, the computer is able to access network resources and the Internet, within the policies defined within the NAC system.
We also have Network Access Protection (NAP), which is used for controlling network access of a computer host based on the system health of the host. With NAP, system administrators of an organization’s computer network can define policies for system health requirements. Examples of system health requirements are whether the computer has the most recent operating system updates installed, whether the computer has the latest version of the anti-virus software signature, or whether the computer has a host-based firewall installed and enabled.
Connecting or communicating computers have their health status evaluated. Computers that comply with system health requirements have full access to the network. Administrators can configure health policies that make it possible to ensure that computers not in compliance with system health requirements have restricted access to the network.
One of the biggest improvements for ensuring that you’re protected against unauthorized use of the network
has to be the use of certificate services. Certificate servers validate or certify not only devices on a network but also users and even processes through the use of keys. Of course, the use of managed switches and protocols, like ipsec to help protect data and ipv6, don’t hurt either.


8. Not Updating Patches
Of course most of these threats could be avoided altogether if everyone followed best practices and made sure that all of their patches are up to date. For the common end user, it’s just a matter of keeping auto update turned on inside of Windows. For a larger organization, things may not be so simple. Patches and updates have to be tested before being rolled out on an active network to ensure there won’t be any conflicts with other software that might be running. Sometimes, the software running may be detrimental to the functioning of the particular organization. Of course, this is where having a testing environment along with Windows Software Update Services can be key. With WSUS, administrators have more direct control over the type and time updates are applied to network systems. This not only controls precious bandwidth but also gives administrators control over yet another entry point into their networks. This might seem obvious, but neglect in this department can be catastrophic as it keeps the door wide open for all the exploits and vulnerabilities set forth by all the viruses, worms, and rootkits that malware and other types of attacks have lying in wait.


9. Third Party Applications
It’s fair to say that Microsoft has put tremendous effort into adding a lot of security in the Windows operating system as well as its Microsoft Office applications. It seems that as our operating systems become more secure, attackers are beginning to focus more on application exploits rather than OS exploits. Microsoft is generally great about routinely updating Internet Explorer to patch any security vulnerability. However, the vendors of many third-party applications are less security-minded or aware. Just think of how many independent developers there are out there offering freeware. Some of these programs present an opportunity we can expect hackers to take advantage of because most have not been written with security in mind and do not automatically check for and download security updates.

10. The Human Factor
A lot of the things mentioned here also rely on one of the biggest vulnerabilities in any IT infrastructure whether it be Microsoft or any other platform, the human factor. The weakest link in all security initiatives are the people. When thinking of this, it reminds me of a term we used to use when troubleshooting back in the day. “I know what the problem is. It’s PEBKAC” (problem exists between keyboard and chair). Without heightened awareness of things like social engineering, password security, e-mail scams, and best practices, like keeping all of your software updated, all of these things will continue to thwart the normal functioning and security of our systems. When deciding what the most dangerous risks to any network are, one must try to imagine where the attacks may be coming from and, more importantly, how they will try to get into the network. Becoming familiar with these “holes” and how they’re approached is key to protecting our data and ensuring that our systems won’t be infiltrated.
As of this writing, there are currently some very specific exploits concerning the server products and other applications such as “token kidnapping.” This allows an attacker to gain full control of a server if the attacker can first run malicious code on the server as a lesser privileged user.

Internet Explorer 9

Internet Explorer 9 Beta was unleashed to public some time back and having used it for quite some time now, here’s a brief review and my take on it.

To be really honest, I had really high expectations from Internet Explorer 9 and I’m a die hard Google Chrome fan for it’s fast browsing and good page rendering, Internet Explorer 9 is in it’s beta stages therefore it has lots of bugs lying around which will be washed out with time but still it does gets annoying to use at times.

Interface

Microsoft has taken a minimalistic approach on IE9’s design, it’s really clean, you get more of the web and less of the annoying toolbars and options which bloat the top of the browser. Take a look at the screenshot below and you’ll get an idea what I’m talking about.

Speed

IE 9 Beta is no doubt a fast browser, if you’ve been using older versions of Internet Explorer then the speed difference is noticeable right from the start. Pages load really fast and this is the first time in my life that Internet Explorer can be compared to Chrome in terms of speed.

Websites load really fast on it and even the browser itself loads up really fast and you can feel that it’s really light on system resources, it doesn’t even feel like Internet Explorer in any way! Why? Because the best word to relate to Internet Explorer is “slow”, but IE9 takes down that stereotype.

Page Rendering

This is the part where IE9 falls behind all the other browsers which we’re used to using, page rendering is not that good, Chrome, Firefox, Opera and Safari rules over here!

I have constantly seen pages loading in an awkward manner, majorly due to the fact that tons of websites online aren’t compatible with IE9 yet. The most noticeable glitches in page rendering can be seen on the social network Facebook, text and images overlap at times but some times it doesn’t.

Keep in mind that IE9 is still in it’s beta stage so this shouldn’t come to us as a surprise, I really wish that Microsoft washes out all the quirks when the final version hits the download section.

There is a compatibility mode button in IE9 which does “fix” your pages up if it’s not compatible with IE9 but it kills some CSS content on the website you’re viewing.

Performance

IE9 has full hardware graphic acceleration support and therefore it should perform good while loading Flash and HTML5 content. I tested out the claim on different websites and quite frankly I didn’t see any huge difference, it was like I’m viewing the same website I would on Chrome or any other browser.

I’m using a GeForce 9500GT graphics card and I did not see gain in performance in a lot of places, notably on YouTube. Flash content did load quickly and performed better than other browsers but I’m quite sure that the final IE9 build would do even better!

Overall I would sum up IE9’s performance on Flash and HTML5 as a lot better when compared to other browsers.

Conclusion

IE9 is in it’s beta stages and has lots of bugs and glitches which you’ll notice once you start using it for daily use.

In terms of speed it’s good, performance not that bad but should you use it as your regular browser? Well that totally depends on you, if you’re fine with small bugs and seeking performance on native Windows browser then do give IE9 Beta a shot!

I’ve spent time with IE9 Beta since day one of it’s launch and I keep on switching between Chrome and IE9 depending on my usage. But, if you want speed without bugs then go for Chrome, if you want tons of extensions but don’t mind some performance sacrifice then go for Firefox.

But in my opinion, do give IE9 Beta a shot once, you can download IE9 Beta from this link.