T
Tom Penharston
Windows Genuine Advantage
http://www.eweek.com/article2/0,1759,1754886,00.asp
Instead of debating the merits of Genuine Advantage I'm writing this
post to get advice on configuration steps for brand new computers once
the initiative starts.
INSTALLING BRAND NEW SYSTEMS OFF-LINE
I'm under the impression that most serious administrators keep their
machines off-line until they are patched (I do). When an unpatched
system goes on-line the window of vulnerability may be one minute or
one day depending on who you ask, but I think most of us agree that the
window is becomming shorter each year as viruses become more
aggressive. (I recall that the Blaster virus was capable of infecting
an entire subnet in minutes.)
QUESTIONS
Here are my questions for home users. If Joe downloads updates through
the Microsoft Download Center using Genuine Advantage, what's to stop
Joe from burning a CD for Mary with the executable update files? Will
Mary be prevented from installing the patches off-line? Thus, a window
of vulnerabiltiy? What's the absolute best way for Mary to handle the
situation? Please don't tell me it shouldn't be that way, just tell me
the best answer!
Similarly, can we download patches to a Macintosh or Linux computer to
distribute to a PC?
Here are some questions for business:
SUS Servers have the ability to download all Microsoft updates. Will
SUS (or SMS) undergo changes under the Windows Genuine Advantage
initiative? Will each client computer share key codes with SUS? (That
would be a huge addition to what is now, a very lean update server.)
So far I'm lead to believe that just one key code would be required but
I haven't found the information on the Microsoft website. Does anyone
have a link?
Two similar questions about bulk licensing:
If an organization has purchased multiple computers through an OEM
dealer must each computer go through Genuine Advantage? If site
licenses (or upgrade licenses) are purchased through Microsoft's EOPEN
Open Licensing Program must each individual system go through Genuine
Advantage?
WORK / HOME
I guess it's unlikely there will be problems for institutions
installing computers with RIS, Ghost, or other tools. There will be
always be a way for us to build safe computers for business, education,
etc. Genuine Advantage is just another part of the routine now.
I'm a little less optomistic for home users than I am for business.
Legitimate users will connect to the internet and race against the
clock to reach a Genuine Advantage web server and a Windows Update web
server. During that time the neighbor's unpatched, unlicensed,
infected computer has a chance of making an attack. This has always
been the case, but now this initiative is likely to cause a surge in
unprotected systems. That means more of your fellow DSL, Cable Modem,
or dial-up users are likely to attack you. (That's the point of most
of the blogs and articles I've read, and I tend to agree.)
In the long run, it's good news for tech-minded people who earn a
living fixing compters for homes and small businesses, but casual users
(those with and without valid licenses) are more or less in a fog. I'm
trying to be neutral, but I have to make a comment about Microsoft. I
don't think MS knows how to break the fog; I don't think they really
know how to communicate with the average Joe. My confidence would be
restored by an update check at boot, or ip enable, that is regulated by
a firewall - and requires no understanding by the user. Then I'd stop
advocating Mac OS-X and encourage folks to continue using Windows.
(Hey, I didn't stay as neutral as I intended, but it's tough to do.)
Links would be appreciated. I didn't find my answers at TechNet, maybe
there is another part of Microsoft's site with good info.
-Tom
http://www.eweek.com/article2/0,1759,1754886,00.asp
Instead of debating the merits of Genuine Advantage I'm writing this
post to get advice on configuration steps for brand new computers once
the initiative starts.
INSTALLING BRAND NEW SYSTEMS OFF-LINE
I'm under the impression that most serious administrators keep their
machines off-line until they are patched (I do). When an unpatched
system goes on-line the window of vulnerability may be one minute or
one day depending on who you ask, but I think most of us agree that the
window is becomming shorter each year as viruses become more
aggressive. (I recall that the Blaster virus was capable of infecting
an entire subnet in minutes.)
QUESTIONS
Here are my questions for home users. If Joe downloads updates through
the Microsoft Download Center using Genuine Advantage, what's to stop
Joe from burning a CD for Mary with the executable update files? Will
Mary be prevented from installing the patches off-line? Thus, a window
of vulnerabiltiy? What's the absolute best way for Mary to handle the
situation? Please don't tell me it shouldn't be that way, just tell me
the best answer!
Similarly, can we download patches to a Macintosh or Linux computer to
distribute to a PC?
Here are some questions for business:
SUS Servers have the ability to download all Microsoft updates. Will
SUS (or SMS) undergo changes under the Windows Genuine Advantage
initiative? Will each client computer share key codes with SUS? (That
would be a huge addition to what is now, a very lean update server.)
So far I'm lead to believe that just one key code would be required but
I haven't found the information on the Microsoft website. Does anyone
have a link?
Two similar questions about bulk licensing:
If an organization has purchased multiple computers through an OEM
dealer must each computer go through Genuine Advantage? If site
licenses (or upgrade licenses) are purchased through Microsoft's EOPEN
Open Licensing Program must each individual system go through Genuine
Advantage?
WORK / HOME
I guess it's unlikely there will be problems for institutions
installing computers with RIS, Ghost, or other tools. There will be
always be a way for us to build safe computers for business, education,
etc. Genuine Advantage is just another part of the routine now.
I'm a little less optomistic for home users than I am for business.
Legitimate users will connect to the internet and race against the
clock to reach a Genuine Advantage web server and a Windows Update web
server. During that time the neighbor's unpatched, unlicensed,
infected computer has a chance of making an attack. This has always
been the case, but now this initiative is likely to cause a surge in
unprotected systems. That means more of your fellow DSL, Cable Modem,
or dial-up users are likely to attack you. (That's the point of most
of the blogs and articles I've read, and I tend to agree.)
In the long run, it's good news for tech-minded people who earn a
living fixing compters for homes and small businesses, but casual users
(those with and without valid licenses) are more or less in a fog. I'm
trying to be neutral, but I have to make a comment about Microsoft. I
don't think MS knows how to break the fog; I don't think they really
know how to communicate with the average Joe. My confidence would be
restored by an update check at boot, or ip enable, that is regulated by
a firewall - and requires no understanding by the user. Then I'd stop
advocating Mac OS-X and encourage folks to continue using Windows.
(Hey, I didn't stay as neutral as I intended, but it's tough to do.)
Links would be appreciated. I didn't find my answers at TechNet, maybe
there is another part of Microsoft's site with good info.
-Tom