Windows Home Server goes RTM - Platform designed for the consumer

Sat, 21 Jul 2007 14:11:38 EDT

Earlier this week, Microsoft announced that Windows Home Server had gone RTM and would be available to OEM's and through System Builder channels in a few short weeks. This comes after extensive testing, where thousands of volunteers provided feedback, bug reports, etc., to the Product Development team.

So what is WHS? Basically, it is a platform designed for consumer home networks to provide Automatic backup of Windows XP and Windows Vista PCs on the network, a centralized storage of data and media files along with Remote access to files and folders from the Internet, also allowing for future expansion of disk drive capacity.

WHS is designed to run "headless", i.e., once the initial setup is complete all functionality, configuration, etc., is done through a "Connector" that is installed on the client machine.

Through this utility, the administrator can modify a variety of settings including Backup Management, User Account Password policies (forcing use of complex passwords), Media Library Sharing, Remote Access, etc.

Experienced server admins will be happy to know they can also remote into the Server itself. Since it is built on Server 2003 technology, many of the administrative tools are still available.

Installation of the connector is very simple. Upon completion of the install, the connector searches the network for a WHS device and when found, offers the client the opportunity to set his\her machine up for backup. After the administrator has set up a user account, then the client can also access any shared folders that they have access to. The connector is not needed to explore these shares, it can all be done from Windows Explorer. In fact, a Shared Folders shortcut will be placed on the client Desktop for quick access.

Backup is done using the Volume Shadow Copy services in XP and Vista. Even in the event of a catastrophic disk failure on the client, the backup created on the server can be used to restore a machine to the last backup; this is done utilizing a bootable Restore CD provided as part of WHS.

In conjunction with the release of WHS, Microsoft has also sponsored a Code2Fame challenge to developers for creation of useful Add-Ins to the Server. This tester has installed and used a few of the add-ons that have been made available and found them to be extremely useful.

For me, the best feature is Remote Access. An easy-to-use Wizard allows an Administrator to create a mini Web Site on WHS that provides connectivity to the Server when you are away from home. Users with assigned priveges can also remotely access client workstations on their network. I find this to be incredibly powerful, yet easy to deploy. There is a concern on use of UPnP at the router level to allow Server access but as an alternative, savvy administrators can configure port forwarding directly at their router.

Finally, for many years I have wanted an easy way to provide friends and family access to my extensive collection of music, photos and video. With WHS, I have been able to create user accounts for them so they can easily connect to the server and download from my shares. Now, if I could only find an Add-On for them to preview it before downloading...

My opinion? I think Microsoft has hit a Home Run with this product and believe WHS will be the next revolution in home networking. Stay tuned, only time will tell.
read comment(s)

Welcome to Microsoft Watch - Have you updated your PC today?

Wed, 11 Jul 2007 23:47:31 EDT

Editor note: This entry was originally written on Tuesday, 7/10/07. Technical difficulties prevented the release of this to the public...M

What is this space? It's where I will occasionally commiserate on new releases, updates and various other sundry items coming from Redmond, WA. It is fitting that my inaugural release comes on "Patch Tuesday", the second day of each month when Microsoft releases Security Bulletins along with patches for vulnerabilities and flaws found in their products.

This month, six new issues were identified and "hopefully" fixed. One such release included an issue with the Windows Vista firewall which Microsoft states "could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host."

"Oh my!! I'm unsafe...what am I going to do?" That is the first response many people may have when they see this bulletin. At first glance, it seems this could be a major problem, so why is it only rated Moderate? Further reading of the bulletin sheds a little more light on the topic...

How could an attacker exploit the vulnerability?
An attacker could remotely activate the Teredo interface under certain configuration scenarios or would have to convince a user to click a link containing a Teredo network address on a Web site, in an e-mail message or Instant Messenger message. Clicking the link would cause Teredo to enter an active state and subsequently cause the affected host to initiate communications with the attacker. This would then allow the attacker to know the target s Teredo network address which could then be used to send communications to the host that are not blocked by the local Windows Vista firewall. Additionally, as Teredo facilitates network tunneling once a connection is established with an attacker, it would also be possible for the communications to potentially bypass network perimeter firewalls.

Teredo? WTH is that? Read on...

What is Teredo?
Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). To traverse IPv4 NATs, IPv6 packets are sent as IPv4-based User Datagram Protocol (UDP) messages. See the TechNet Web site for more information regarding the Teredo service.

Ok...but does it really affect me? Let's read on.

Could the vulnerability be exploited over the Internet?
Yes, this vulnerability could be exploited over the internet once a user has clicked on specially crafted link containing an IPv6 address causing the Teredo interface to be activated.

At this point, one can weigh the pros and cons of installing this update. It seems somewhat benign...I know my surfing habits and don't think I would stumble into the vulnerability. Yet, I am compelled to install it anyway. Why? A couple reasons:

•Although it may not affect me today, the chance of it affecting me in the future is pretty good as IPv6 technologies become more prevalent.•I paid a lot of money for the privilege of running the latest Operating System and by god, I'm going to at least make sure my investment is protected.
Will these updates break my system? That is another question I hear asked regularly. The answer I always give is sure, it could possibly affect your system. However, generally if a problem is created with an update, it is potentially affecting millions of others around the world. In that event, the vendor is usually very responsive to the problem and issues a "fix to the fix" in short order.

In all cases, I recommend users utilize the "Automatic Updates" feature built into the Microsoft Operating Systems to download these patches to their machines. I qualify this statement by suggesting users modify the settings to "Download updates for me, but let me choose when to install them." This change can be made by going to Control Panel-->Automatic Updates and modifying the settings accordingly. The image below shows the settings in Windows XP:

When updates appear, an icon will appear in the Notification Area of your Desktop (in the Task Bar, where your time is displayed). Clicking on the icon will present users with a dialogue box with the option to review each of the updates identified as necessary for the PC configuration. Not only does this allow the user to make an informed decision on what to install (assuming they take the time to read them) but it also eliminates the possibility of the system automagically rebooting after updates are applied, increasing the risk of lost or damaged data that may not have been saved.

For those interested in keeping up with the monthly releases from Microsoft, you can visit a regularly updated Security Bulletin FAQ in the Microsoft Forum. Another fantastic accumulation of information on updates for other popular Anti-Virus, anti-trojan and Spyware detection/removal appears daily in the Security Forum. If you are really keen on keeping up with the latest vulnerabilities in software not only from Microsoft but other vendors like Sun Java, Mozilla Firefox, Ubuntu, etc., then bookmark the Secunia.org web site. Be sure and check them all out.
read comment(s)