There is an easy part and a hard part to building a resume and preparing it to be submitted to potential employers. The easy part is seeking out and obtaining the information that you will need to place into your resume. This includes your past work history, objective, references and schooling credentials in addition to any certifications or special training that you may have. The hard part is actually properly formatting your resume. In fact, formatting a resume is one of the hardest things that you will have to do when you are creating a resume.
The majority of people who build their resumes will use Microsoft Word to create their resumes with. Now, when attempting to format your resume using Microsoft Word, there are many things that you will have to do with your resume. You will have to use the proper dimensions, headers, footers, tabs, spacing, font style and font size. These are just a few of the things that you will need to have some knowledge of. However, most people who begin building their resume using Microsoft Word will begin running into one problem after another. Did you know that by adding too many words in a sentence or by hitting the space bar, tabs or even the enter key you can easily destroy your entire format!
So what can you do to ensure that your resumes format does not become a problem for you while using Microsoft Word to format your resume?
The Solution To Proper Resume Formatting Is Resume Templates!
The easiest way to ensure that you don't encounter formatting issues and the easiest way to save you a substantial amount of time is to use Microsoft Word resume templates. These are templates that are already formatted according to the industry standard. All you have to do is download these Microsoft Word resume templates onto your computer and begin filling them in with your general resume information.
These templates are designed to take out all the headaches and issues that people generally encounter while putting their resume together. In fact, you can save yourself hours of headaches and formatting issues by simply relying on Microsoft Word resume templates.
Just be sure that you are acquiring a resume template that is designed with your chosen industry in mind.
Where Can I Find Microsoft Word Resume Templates?
The good news is that there are literally hundreds upon hundreds of websites that offer free to use and downloadable Microsoft Word resume templates. By doing a quick web search you should immediately be able to acquire these downloads. The only thing you will need to make them compatible with your computer is Microsoft Word.
Just be sure that you are obtaining these Microsoft Word templates from websites that are respectable and reliable in the resume community. You also need to check that you are acquiring resume templates that are formatted according to current industry standards in resume writing. This will ensure that you are able to create an effective and top notch resume that will generate the results that you desire to obtain in the work force.
Wednesday, September 29, 2010
Downloadable Microsoft Word Resume Template Examples
There is an easy part and a hard part to building a resume and preparing it to be submitted to potential employers. The easy part is seeking out and obtaining the information that you will need to place into your resume. This includes your past work history, objective, references and schooling credentials in addition to any certifications or special training that you may have. The hard part is actually properly formatting your resume. In fact, formatting a resume is one of the hardest things that you will have to do when you are creating a resume.
The majority of people who build their resumes will use Microsoft Word to create their resumes with. Now, when attempting to format your resume using Microsoft Word, there are many things that you will have to do with your resume. You will have to use the proper dimensions, headers, footers, tabs, spacing, font style and font size. These are just a few of the things that you will need to have some knowledge of. However, most people who begin building their resume using Microsoft Word will begin running into one problem after another. Did you know that by adding too many words in a sentence or by hitting the space bar, tabs or even the enter key you can easily destroy your entire format!
So what can you do to ensure that your resumes format does not become a problem for you while using Microsoft Word to format your resume?
The Solution To Proper Resume Formatting Is Resume Templates!
The easiest way to ensure that you don't encounter formatting issues and the easiest way to save you a substantial amount of time is to use Microsoft Word resume templates. These are templates that are already formatted according to the industry standard. All you have to do is download these Microsoft Word resume templates onto your computer and begin filling them in with your general resume information.
These templates are designed to take out all the headaches and issues that people generally encounter while putting their resume together. In fact, you can save yourself hours of headaches and formatting issues by simply relying on Microsoft Word resume templates.
Just be sure that you are acquiring a resume template that is designed with your chosen industry in mind.
Where Can I Find Microsoft Word Resume Templates?
The good news is that there are literally hundreds upon hundreds of websites that offer free to use and downloadable Microsoft Word resume templates. By doing a quick web search you should immediately be able to acquire these downloads. The only thing you will need to make them compatible with your computer is Microsoft Word.
Just be sure that you are obtaining these Microsoft Word templates from websites that are respectable and reliable in the resume community. You also need to check that you are acquiring resume templates that are formatted according to current industry standards in resume writing. This will ensure that you are able to create an effective and top notch resume that will generate the results that you desire to obtain in the work force.
The majority of people who build their resumes will use Microsoft Word to create their resumes with. Now, when attempting to format your resume using Microsoft Word, there are many things that you will have to do with your resume. You will have to use the proper dimensions, headers, footers, tabs, spacing, font style and font size. These are just a few of the things that you will need to have some knowledge of. However, most people who begin building their resume using Microsoft Word will begin running into one problem after another. Did you know that by adding too many words in a sentence or by hitting the space bar, tabs or even the enter key you can easily destroy your entire format!
So what can you do to ensure that your resumes format does not become a problem for you while using Microsoft Word to format your resume?
The Solution To Proper Resume Formatting Is Resume Templates!
The easiest way to ensure that you don't encounter formatting issues and the easiest way to save you a substantial amount of time is to use Microsoft Word resume templates. These are templates that are already formatted according to the industry standard. All you have to do is download these Microsoft Word resume templates onto your computer and begin filling them in with your general resume information.
These templates are designed to take out all the headaches and issues that people generally encounter while putting their resume together. In fact, you can save yourself hours of headaches and formatting issues by simply relying on Microsoft Word resume templates.
Just be sure that you are acquiring a resume template that is designed with your chosen industry in mind.
Where Can I Find Microsoft Word Resume Templates?
The good news is that there are literally hundreds upon hundreds of websites that offer free to use and downloadable Microsoft Word resume templates. By doing a quick web search you should immediately be able to acquire these downloads. The only thing you will need to make them compatible with your computer is Microsoft Word.
Just be sure that you are obtaining these Microsoft Word templates from websites that are respectable and reliable in the resume community. You also need to check that you are acquiring resume templates that are formatted according to current industry standards in resume writing. This will ensure that you are able to create an effective and top notch resume that will generate the results that you desire to obtain in the work force.
Downloadable Microsoft Word Resume Template Examples
There is an easy part and a hard part to building a resume and preparing it to be submitted to potential employers. The easy part is seeking out and obtaining the information that you will need to place into your resume. This includes your past work history, objective, references and schooling credentials in addition to any certifications or special training that you may have. The hard part is actually properly formatting your resume. In fact, formatting a resume is one of the hardest things that you will have to do when you are creating a resume.
The majority of people who build their resumes will use Microsoft Word to create their resumes with. Now, when attempting to format your resume using Microsoft Word, there are many things that you will have to do with your resume. You will have to use the proper dimensions, headers, footers, tabs, spacing, font style and font size. These are just a few of the things that you will need to have some knowledge of. However, most people who begin building their resume using Microsoft Word will begin running into one problem after another. Did you know that by adding too many words in a sentence or by hitting the space bar, tabs or even the enter key you can easily destroy your entire format!
So what can you do to ensure that your resumes format does not become a problem for you while using Microsoft Word to format your resume?
The Solution To Proper Resume Formatting Is Resume Templates!
The easiest way to ensure that you don't encounter formatting issues and the easiest way to save you a substantial amount of time is to use Microsoft Word resume templates. These are templates that are already formatted according to the industry standard. All you have to do is download these Microsoft Word resume templates onto your computer and begin filling them in with your general resume information.
These templates are designed to take out all the headaches and issues that people generally encounter while putting their resume together. In fact, you can save yourself hours of headaches and formatting issues by simply relying on Microsoft Word resume templates.
Just be sure that you are acquiring a resume template that is designed with your chosen industry in mind.
Where Can I Find Microsoft Word Resume Templates?
The good news is that there are literally hundreds upon hundreds of websites that offer free to use and downloadable Microsoft Word resume templates. By doing a quick web search you should immediately be able to acquire these downloads. The only thing you will need to make them compatible with your computer is Microsoft Word.
Just be sure that you are obtaining these Microsoft Word templates from websites that are respectable and reliable in the resume community. You also need to check that you are acquiring resume templates that are formatted according to current industry standards in resume writing. This will ensure that you are able to create an effective and top notch resume that will generate the results that you desire to obtain in the work force.
The majority of people who build their resumes will use Microsoft Word to create their resumes with. Now, when attempting to format your resume using Microsoft Word, there are many things that you will have to do with your resume. You will have to use the proper dimensions, headers, footers, tabs, spacing, font style and font size. These are just a few of the things that you will need to have some knowledge of. However, most people who begin building their resume using Microsoft Word will begin running into one problem after another. Did you know that by adding too many words in a sentence or by hitting the space bar, tabs or even the enter key you can easily destroy your entire format!
So what can you do to ensure that your resumes format does not become a problem for you while using Microsoft Word to format your resume?
The Solution To Proper Resume Formatting Is Resume Templates!
The easiest way to ensure that you don't encounter formatting issues and the easiest way to save you a substantial amount of time is to use Microsoft Word resume templates. These are templates that are already formatted according to the industry standard. All you have to do is download these Microsoft Word resume templates onto your computer and begin filling them in with your general resume information.
These templates are designed to take out all the headaches and issues that people generally encounter while putting their resume together. In fact, you can save yourself hours of headaches and formatting issues by simply relying on Microsoft Word resume templates.
Just be sure that you are acquiring a resume template that is designed with your chosen industry in mind.
Where Can I Find Microsoft Word Resume Templates?
The good news is that there are literally hundreds upon hundreds of websites that offer free to use and downloadable Microsoft Word resume templates. By doing a quick web search you should immediately be able to acquire these downloads. The only thing you will need to make them compatible with your computer is Microsoft Word.
Just be sure that you are obtaining these Microsoft Word templates from websites that are respectable and reliable in the resume community. You also need to check that you are acquiring resume templates that are formatted according to current industry standards in resume writing. This will ensure that you are able to create an effective and top notch resume that will generate the results that you desire to obtain in the work force.
Monday, September 20, 2010
History of the Microsoft Support Lifecycle policy
History of the Microsoft Support Lifecycle policy
I wanted to start off the blog with a posting about the history of the Microsoft Support Lifecycle policy. We often get questions about the history of the policy, how it came about and how long it’s actually been in place.
Prior to 2002, Microsoft did not have a centralized team or set of policies to govern the length of support provided for each product or the level of service provided throughout a product’s supported life. Instead, each of the product groups (PGs) was independently responsible for defining the length and terms of support for their individual products. The PGs managed their own support groups, published information regarding their support policies and communicated directly with the customers regarding the supportability of their products.
While this allowed the PGs significant flexibility to support their products according to their business needs, the situation was not ideal for Microsoft customers. Customers often complained that it was difficult to understand how long products were supported and that there was little consistency in the support levels, communication approaches and support availability between PGs. The approach to these policies often differed between the PGs and sometimes even differed between products within the same PG. In addition, these inconsistencies made it difficult for customers to plan their information technology IT upgrade cycles and future product purchases.
By the beginning of 2001 the majority of the PGs had committed to providing support for both the current version and the previous version of their product. Unfortunately, the length of support and services provided still differed between most products. In addition, there were inconsistent requirements for the application of product service packs. Some PGs always required a products current service pack to be applied, while other PGs had a more liberal policy regarding service pack support.
As a result of continued customer feedback, Microsoft Services chartered a team with the responsibility of creating a unified set of support policies that could be applied all Microsoft products. The goal was to create a comprehensive support policy that customers could easily understand, reference and plan for. As a result, in October 2002 Microsoft unveiled the first version of the Microsoft Support Lifecycle. This original version of the policy provided 5 years of Mainstream Support for Consumer products and 5 years of Mainstream Support and 2 years of Extended Support for Business & Developer products.
In 2004, Microsoft announced a major revision to the Microsoft Support Lifecycle. Among the changes announced were expanded lengths of support for Microsoft’s Business & Developer products, clarifications on some of the existing policies, and additional support options for customers who needed support for products that were no longer publicly supported. While there have been some clarifications and minor changes over the years, this is still the same policy that we use today.
Next time, I’d like to get into more details about some of the specific policies and perhaps clear-up some common confusion and misconceptions. In the meantime, please feel free to ask any questions or leave ideas for future postings.
*This posting is provided "AS IS" with no warranties, and confers no rights.*
I wanted to start off the blog with a posting about the history of the Microsoft Support Lifecycle policy. We often get questions about the history of the policy, how it came about and how long it’s actually been in place.
Prior to 2002, Microsoft did not have a centralized team or set of policies to govern the length of support provided for each product or the level of service provided throughout a product’s supported life. Instead, each of the product groups (PGs) was independently responsible for defining the length and terms of support for their individual products. The PGs managed their own support groups, published information regarding their support policies and communicated directly with the customers regarding the supportability of their products.
While this allowed the PGs significant flexibility to support their products according to their business needs, the situation was not ideal for Microsoft customers. Customers often complained that it was difficult to understand how long products were supported and that there was little consistency in the support levels, communication approaches and support availability between PGs. The approach to these policies often differed between the PGs and sometimes even differed between products within the same PG. In addition, these inconsistencies made it difficult for customers to plan their information technology IT upgrade cycles and future product purchases.
By the beginning of 2001 the majority of the PGs had committed to providing support for both the current version and the previous version of their product. Unfortunately, the length of support and services provided still differed between most products. In addition, there were inconsistent requirements for the application of product service packs. Some PGs always required a products current service pack to be applied, while other PGs had a more liberal policy regarding service pack support.
As a result of continued customer feedback, Microsoft Services chartered a team with the responsibility of creating a unified set of support policies that could be applied all Microsoft products. The goal was to create a comprehensive support policy that customers could easily understand, reference and plan for. As a result, in October 2002 Microsoft unveiled the first version of the Microsoft Support Lifecycle. This original version of the policy provided 5 years of Mainstream Support for Consumer products and 5 years of Mainstream Support and 2 years of Extended Support for Business & Developer products.
In 2004, Microsoft announced a major revision to the Microsoft Support Lifecycle. Among the changes announced were expanded lengths of support for Microsoft’s Business & Developer products, clarifications on some of the existing policies, and additional support options for customers who needed support for products that were no longer publicly supported. While there have been some clarifications and minor changes over the years, this is still the same policy that we use today.
Next time, I’d like to get into more details about some of the specific policies and perhaps clear-up some common confusion and misconceptions. In the meantime, please feel free to ask any questions or leave ideas for future postings.
*This posting is provided "AS IS" with no warranties, and confers no rights.*
History of the Microsoft Support Lifecycle policy
History of the Microsoft Support Lifecycle policy
I wanted to start off the blog with a posting about the history of the Microsoft Support Lifecycle policy. We often get questions about the history of the policy, how it came about and how long it’s actually been in place.
Prior to 2002, Microsoft did not have a centralized team or set of policies to govern the length of support provided for each product or the level of service provided throughout a product’s supported life. Instead, each of the product groups (PGs) was independently responsible for defining the length and terms of support for their individual products. The PGs managed their own support groups, published information regarding their support policies and communicated directly with the customers regarding the supportability of their products.
While this allowed the PGs significant flexibility to support their products according to their business needs, the situation was not ideal for Microsoft customers. Customers often complained that it was difficult to understand how long products were supported and that there was little consistency in the support levels, communication approaches and support availability between PGs. The approach to these policies often differed between the PGs and sometimes even differed between products within the same PG. In addition, these inconsistencies made it difficult for customers to plan their information technology IT upgrade cycles and future product purchases.
By the beginning of 2001 the majority of the PGs had committed to providing support for both the current version and the previous version of their product. Unfortunately, the length of support and services provided still differed between most products. In addition, there were inconsistent requirements for the application of product service packs. Some PGs always required a products current service pack to be applied, while other PGs had a more liberal policy regarding service pack support.
As a result of continued customer feedback, Microsoft Services chartered a team with the responsibility of creating a unified set of support policies that could be applied all Microsoft products. The goal was to create a comprehensive support policy that customers could easily understand, reference and plan for. As a result, in October 2002 Microsoft unveiled the first version of the Microsoft Support Lifecycle. This original version of the policy provided 5 years of Mainstream Support for Consumer products and 5 years of Mainstream Support and 2 years of Extended Support for Business & Developer products.
In 2004, Microsoft announced a major revision to the Microsoft Support Lifecycle. Among the changes announced were expanded lengths of support for Microsoft’s Business & Developer products, clarifications on some of the existing policies, and additional support options for customers who needed support for products that were no longer publicly supported. While there have been some clarifications and minor changes over the years, this is still the same policy that we use today.
Next time, I’d like to get into more details about some of the specific policies and perhaps clear-up some common confusion and misconceptions. In the meantime, please feel free to ask any questions or leave ideas for future postings.
*This posting is provided "AS IS" with no warranties, and confers no rights.*
I wanted to start off the blog with a posting about the history of the Microsoft Support Lifecycle policy. We often get questions about the history of the policy, how it came about and how long it’s actually been in place.
Prior to 2002, Microsoft did not have a centralized team or set of policies to govern the length of support provided for each product or the level of service provided throughout a product’s supported life. Instead, each of the product groups (PGs) was independently responsible for defining the length and terms of support for their individual products. The PGs managed their own support groups, published information regarding their support policies and communicated directly with the customers regarding the supportability of their products.
While this allowed the PGs significant flexibility to support their products according to their business needs, the situation was not ideal for Microsoft customers. Customers often complained that it was difficult to understand how long products were supported and that there was little consistency in the support levels, communication approaches and support availability between PGs. The approach to these policies often differed between the PGs and sometimes even differed between products within the same PG. In addition, these inconsistencies made it difficult for customers to plan their information technology IT upgrade cycles and future product purchases.
By the beginning of 2001 the majority of the PGs had committed to providing support for both the current version and the previous version of their product. Unfortunately, the length of support and services provided still differed between most products. In addition, there were inconsistent requirements for the application of product service packs. Some PGs always required a products current service pack to be applied, while other PGs had a more liberal policy regarding service pack support.
As a result of continued customer feedback, Microsoft Services chartered a team with the responsibility of creating a unified set of support policies that could be applied all Microsoft products. The goal was to create a comprehensive support policy that customers could easily understand, reference and plan for. As a result, in October 2002 Microsoft unveiled the first version of the Microsoft Support Lifecycle. This original version of the policy provided 5 years of Mainstream Support for Consumer products and 5 years of Mainstream Support and 2 years of Extended Support for Business & Developer products.
In 2004, Microsoft announced a major revision to the Microsoft Support Lifecycle. Among the changes announced were expanded lengths of support for Microsoft’s Business & Developer products, clarifications on some of the existing policies, and additional support options for customers who needed support for products that were no longer publicly supported. While there have been some clarifications and minor changes over the years, this is still the same policy that we use today.
Next time, I’d like to get into more details about some of the specific policies and perhaps clear-up some common confusion and misconceptions. In the meantime, please feel free to ask any questions or leave ideas for future postings.
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Saturday, September 18, 2010
What is a Microsoft Small Business Server? and do you need one for your organization?
What is a Microsoft Small Business Server? and do you need one for your organization?
What is a Microsoft Small Business Server?
What is the difference between a Small Business Server and a single role server?
Here is a simple non technical explanation of what a Microsoft Small Business Server is and is not.
After reading this article you will have a better understanding so lets get started.
Larger companies such as fortune 500 or fortune 100 companies have many servers that do different things.
Examples are:
* Multiple Domain controllers / file servers
* Multiple SQL / database servers
* Multiple Exchange servers
* Multiple web servers
* Multiple DHCP servers
* and so forth…
Let’s pretend that “some big company” has 40 servers and each server has its own role to do something specific for the computer network. In theory this would mean that this company has 40 separate physical servers setup in a room to control the computers for this company. In today’s world this would be consolidated using server virtualization but that is getting off topic so I’m not going to get into that in this article.
Now let’s pretend you are a small business owner and you need a file server + a SQL database server + an exchange server. Ok so this means you would need 3 physical servers + 3 different server operating system licenses and many of other things and this can get expensive quickly not to mention an experienced network administrator to design, configure, deploy, test and manage this for you.
Now with a Microsoft Small Business Server Operating System you get 1 physical server that has multiple server roles built into 1 nice neat package. So you can have that file server and that database server and an exchange server and that web server all combined into 1 neat little package. This can save the small business owner money IF the server is properly configured and maintained.
Microsoft states the SBS – small business server will support up to 75 computer users / workstation computers. In theory this will work but in the real world if you have 75 computers connected to a SBS server you can expect very poor performance.
From my experience I will say that Microsoft SBS servers are pretty cool IF they are properly configured with the right hardware and software. I have seen many small businesses have an SBS server that were NEVER configured correctly or are just being used as a simple file server. In such a case the SBS server isn’t necessary and is a waste of money for the business owner.
So without getting into technical details this concludes what a Microsoft Small Business Server does.
If you are thinking about purchasing a new server for your business get to know an Orlando computer consultant and find out if a Microsoft Small Business Server will benefit your organization.
What is a Microsoft Small Business Server?
What is the difference between a Small Business Server and a single role server?
Here is a simple non technical explanation of what a Microsoft Small Business Server is and is not.
After reading this article you will have a better understanding so lets get started.
Larger companies such as fortune 500 or fortune 100 companies have many servers that do different things.
Examples are:
* Multiple Domain controllers / file servers
* Multiple SQL / database servers
* Multiple Exchange servers
* Multiple web servers
* Multiple DHCP servers
* and so forth…
Let’s pretend that “some big company” has 40 servers and each server has its own role to do something specific for the computer network. In theory this would mean that this company has 40 separate physical servers setup in a room to control the computers for this company. In today’s world this would be consolidated using server virtualization but that is getting off topic so I’m not going to get into that in this article.
Now let’s pretend you are a small business owner and you need a file server + a SQL database server + an exchange server. Ok so this means you would need 3 physical servers + 3 different server operating system licenses and many of other things and this can get expensive quickly not to mention an experienced network administrator to design, configure, deploy, test and manage this for you.
Now with a Microsoft Small Business Server Operating System you get 1 physical server that has multiple server roles built into 1 nice neat package. So you can have that file server and that database server and an exchange server and that web server all combined into 1 neat little package. This can save the small business owner money IF the server is properly configured and maintained.
Microsoft states the SBS – small business server will support up to 75 computer users / workstation computers. In theory this will work but in the real world if you have 75 computers connected to a SBS server you can expect very poor performance.
From my experience I will say that Microsoft SBS servers are pretty cool IF they are properly configured with the right hardware and software. I have seen many small businesses have an SBS server that were NEVER configured correctly or are just being used as a simple file server. In such a case the SBS server isn’t necessary and is a waste of money for the business owner.
So without getting into technical details this concludes what a Microsoft Small Business Server does.
If you are thinking about purchasing a new server for your business get to know an Orlando computer consultant and find out if a Microsoft Small Business Server will benefit your organization.
Friday, September 10, 2010
Microsoft plans double-sized Patch Tuesday next week
Microsoft plans double-sized Patch Tuesday next week
Microsoft today said it will issue nine security updates to patch 13 bugs in Windows, Office and its Web server software next week.
The number of Sept. 14 updates will be more than double the maximum the company has delivered in any other of this year's odd-numbered months. Microsoft traditionally delivers relatively few patches in those months.
Four of the updates were labeled "critical," Microsoft's highest threat ranking in its four-step scoring system. The remaining five were marked "important," the second-highest rating.
The update tally that Microsoft spelled out in its monthly advance notification to customers is "quite substantial," said Wolfgang Kandek, chief security officer of Qualys, considering that September should be an "off" month for patches.
Microsoft has been shipping alternating large and small batches of fixes, with the larger-sized updates landing in even-numbered months. In August, for example, Microsoft delivered a record 14 updates that patched a record-tying 34 vulnerabilities. July's batch, however, contained just four bulletins that fixed five flaws.
By that back-and-forth, Microsoft should have issued a small number of security updates.
"I'm a little bite surprised at the number," said Kandek. "Maybe some of them will be fixes for the DLL issue."
Kandek was referring to a vulnerability in a large number of Windows applications -- some estimates have pegged it as north of 200 -- that was first publicly disclosed three weeks ago by HD Moore, chief security officer at Rapid7 and the creator of the open-source Metasploit hacking toolkit. At the time, Moore announced that several dozen Windows programs were flawed because they improperly loaded code libraries -- dubbed "dynamic-link libraries," or "DLLs" -- giving hackers a way to hijack a PC by tricking the application into calling on a malicious DLL.
A week later, Microsoft said it would not be able to patch Windows to stymie attacks, but instead said application developers would have to fix their own products. The company also released a complicated-to-use tool to block possible attacks.
"Some of these could be patches for the DLL issue," said Kandek, pointing to the two updates slated to address vulnerabilities in Microsoft's Office suite.
Researchers have claimed that several Office applications, including PowerPoint 2007 and 2010, and Word 2007, are vulnerable to the bug, which has acquired the name "DLL load hijacking."
By the bare bones details Microsoft includes in its advance warning, "Bulletin 3" could be a patch for Word's DLL problem.
Eight of the nine updates affect one or more versions of Windows; one of those will patch Microsoft's IIS (Internet Information Services) Web server software. Two will impact Office. (Microsoft listed one of the bulletins under both categories.)
"I don't think it's likely that they'll have something [in Windows] on the DLL problem," said Kandek. "I'd like to see it, but it's a tough decision for them because that has the potential of making apps stop working."
Some security experts have speculated that Microsoft could come up with a way to protect Windows users, perhaps by adding a warning that appears when a DLL or executable file is loaded from a Web site or SMB (Server Message Block) share. Their argument rested on the fact that most users will not deploy the blocking tool.
Three ways to Prevent USB Insecurity in Your Enterprise: Download now
"I don't see too many people going down that route [with the blocking tool]," Kandek said.
Microsoft may take an alternate route to a Windows tweak. Last week, Jerry Bryant, a group manager with the Microsoft Security Response Center, said that the company would offer the blocking tool to companies via Windows Server Update Services (WSUS), Microsoft's most-used business patch management mechanism. He also said Microsoft was thinking about pushing the tool to everyone, including consumers, via Windows Update.
The update mix is strongly slanted towards older versions of Windows, noted Don Leatham, senior director of solutions and strategy at Lumension.
In an e-mail, Leatham pointed out that Windows XP Service Pack 3 (SP3), the only version of the nine-year-old OS that Microsoft still supports, will receive eight updates, three of them critical. Windows Vista, on the other hand, will be affected by just five updates, two of them critical, while Windows 7 will get only three updates, none critical.
"These results show that organizations running Windows 7 are running much more secure environments, and as an added benefit, this Patch Tuesday will practically be a non-event for them," Leatham said. "Organizations stuck on Windows XP need to take a hard look at the cost and risk factors associated with staying on that dated platform."
Microsoft, which typically confirms security advisories it plans to address in an upcoming Patch Tuesday, said nothing about patching the DLL load hijacking issue or closing any other outstanding bugs.
"[We] cannot share the details of the bulletins being released this month," said Bryant in a reply to questions. "The DLL preloading issue is an ongoing investigation. We expect to address affected products through security bulletins and/or defense-in-depth updates."
Microsoft last week said it was looking into new reports of a long-known vulnerability in Internet Explorer (IE). A fix for that is unlikely, as the company always specifies impending IE security updates in its advance notifications.
Microsoft today said it will issue nine security updates to patch 13 bugs in Windows, Office and its Web server software next week.
The number of Sept. 14 updates will be more than double the maximum the company has delivered in any other of this year's odd-numbered months. Microsoft traditionally delivers relatively few patches in those months.
Four of the updates were labeled "critical," Microsoft's highest threat ranking in its four-step scoring system. The remaining five were marked "important," the second-highest rating.
The update tally that Microsoft spelled out in its monthly advance notification to customers is "quite substantial," said Wolfgang Kandek, chief security officer of Qualys, considering that September should be an "off" month for patches.
Microsoft has been shipping alternating large and small batches of fixes, with the larger-sized updates landing in even-numbered months. In August, for example, Microsoft delivered a record 14 updates that patched a record-tying 34 vulnerabilities. July's batch, however, contained just four bulletins that fixed five flaws.
By that back-and-forth, Microsoft should have issued a small number of security updates.
"I'm a little bite surprised at the number," said Kandek. "Maybe some of them will be fixes for the DLL issue."
Kandek was referring to a vulnerability in a large number of Windows applications -- some estimates have pegged it as north of 200 -- that was first publicly disclosed three weeks ago by HD Moore, chief security officer at Rapid7 and the creator of the open-source Metasploit hacking toolkit. At the time, Moore announced that several dozen Windows programs were flawed because they improperly loaded code libraries -- dubbed "dynamic-link libraries," or "DLLs" -- giving hackers a way to hijack a PC by tricking the application into calling on a malicious DLL.
A week later, Microsoft said it would not be able to patch Windows to stymie attacks, but instead said application developers would have to fix their own products. The company also released a complicated-to-use tool to block possible attacks.
"Some of these could be patches for the DLL issue," said Kandek, pointing to the two updates slated to address vulnerabilities in Microsoft's Office suite.
Researchers have claimed that several Office applications, including PowerPoint 2007 and 2010, and Word 2007, are vulnerable to the bug, which has acquired the name "DLL load hijacking."
By the bare bones details Microsoft includes in its advance warning, "Bulletin 3" could be a patch for Word's DLL problem.
Eight of the nine updates affect one or more versions of Windows; one of those will patch Microsoft's IIS (Internet Information Services) Web server software. Two will impact Office. (Microsoft listed one of the bulletins under both categories.)
"I don't think it's likely that they'll have something [in Windows] on the DLL problem," said Kandek. "I'd like to see it, but it's a tough decision for them because that has the potential of making apps stop working."
Some security experts have speculated that Microsoft could come up with a way to protect Windows users, perhaps by adding a warning that appears when a DLL or executable file is loaded from a Web site or SMB (Server Message Block) share. Their argument rested on the fact that most users will not deploy the blocking tool.
Three ways to Prevent USB Insecurity in Your Enterprise: Download now
"I don't see too many people going down that route [with the blocking tool]," Kandek said.
Microsoft may take an alternate route to a Windows tweak. Last week, Jerry Bryant, a group manager with the Microsoft Security Response Center, said that the company would offer the blocking tool to companies via Windows Server Update Services (WSUS), Microsoft's most-used business patch management mechanism. He also said Microsoft was thinking about pushing the tool to everyone, including consumers, via Windows Update.
The update mix is strongly slanted towards older versions of Windows, noted Don Leatham, senior director of solutions and strategy at Lumension.
In an e-mail, Leatham pointed out that Windows XP Service Pack 3 (SP3), the only version of the nine-year-old OS that Microsoft still supports, will receive eight updates, three of them critical. Windows Vista, on the other hand, will be affected by just five updates, two of them critical, while Windows 7 will get only three updates, none critical.
"These results show that organizations running Windows 7 are running much more secure environments, and as an added benefit, this Patch Tuesday will practically be a non-event for them," Leatham said. "Organizations stuck on Windows XP need to take a hard look at the cost and risk factors associated with staying on that dated platform."
Microsoft, which typically confirms security advisories it plans to address in an upcoming Patch Tuesday, said nothing about patching the DLL load hijacking issue or closing any other outstanding bugs.
"[We] cannot share the details of the bulletins being released this month," said Bryant in a reply to questions. "The DLL preloading issue is an ongoing investigation. We expect to address affected products through security bulletins and/or defense-in-depth updates."
Microsoft last week said it was looking into new reports of a long-known vulnerability in Internet Explorer (IE). A fix for that is unlikely, as the company always specifies impending IE security updates in its advance notifications.
Wednesday, September 8, 2010
Microsoft to issue patch for dangerous USB rootkit hole
Microsoft to issue patch for dangerous USB rootkit hole
Microsoft on Tuesday will release a rare out-of-band patch to fix the highly dangerous zero-day vulnerability that has caused multiple researchers to issuing warnings earlier this month. The patch will be for all supported versions of Windows and will require a restart.
As I previously wrote about, the exploit is a whopper on all levels. It comes into the enterprise via hidden files on USB sticks or via shared network files. It requires no user interaction to infect the system (simply viewing the icon is enough to trigger it). It propagates itself. It loads as a rootkit infection. It affects all Windows operating systems, even full-patched Windows 7 systems. It seems to target extremely sensitive information -- researchers say it seems to have been made for espionage. If all that weren't scary enough, a researcher has already published proof-of-concept code.
The attack exploits a vulnerability in Windows Shell, a component of Microsoft Windows. Although many anti-virus software makers claimed that they were able to update their wares to detect the rootkit, security experts remained highly concerned about the hole, as did Microsoft. In a blog post today, Christopher Budd, Sr. Security Response Communications Manager at Microsoft, explained, "we're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability."
Microsoft will also hold a special edition of the bulletin release webcast on Monday, August 2, 2010 at 1:00 PM PDT. If you are interested in attending the webcast, click here to sign up.
Other articles Network World has published that discusses the attacks include:
Ms. Smith's report on the hole and how it targets espionage. (Includes links to various researcher's reports)
Microsoft confirms 'nasty' Windows zero-day bug (no patch will be forthcoming for Windows 2000)
Microsoft's actual security alert and recommended workarounds.
One researcher publishes exploit, another claims Microsoft's workarounds won't work
Microsoft on Tuesday will release a rare out-of-band patch to fix the highly dangerous zero-day vulnerability that has caused multiple researchers to issuing warnings earlier this month. The patch will be for all supported versions of Windows and will require a restart.
As I previously wrote about, the exploit is a whopper on all levels. It comes into the enterprise via hidden files on USB sticks or via shared network files. It requires no user interaction to infect the system (simply viewing the icon is enough to trigger it). It propagates itself. It loads as a rootkit infection. It affects all Windows operating systems, even full-patched Windows 7 systems. It seems to target extremely sensitive information -- researchers say it seems to have been made for espionage. If all that weren't scary enough, a researcher has already published proof-of-concept code.
The attack exploits a vulnerability in Windows Shell, a component of Microsoft Windows. Although many anti-virus software makers claimed that they were able to update their wares to detect the rootkit, security experts remained highly concerned about the hole, as did Microsoft. In a blog post today, Christopher Budd, Sr. Security Response Communications Manager at Microsoft, explained, "we're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability."
Microsoft will also hold a special edition of the bulletin release webcast on Monday, August 2, 2010 at 1:00 PM PDT. If you are interested in attending the webcast, click here to sign up.
Other articles Network World has published that discusses the attacks include:
Ms. Smith's report on the hole and how it targets espionage. (Includes links to various researcher's reports)
Microsoft confirms 'nasty' Windows zero-day bug (no patch will be forthcoming for Windows 2000)
Microsoft's actual security alert and recommended workarounds.
One researcher publishes exploit, another claims Microsoft's workarounds won't work
Saturday, September 4, 2010
Choosing The Right Microsoft MCTS Course Clarified
Choosing The Right Microsoft MCTS Course Clarified
As you’ve arrived here it’s possible that you’d like to enter the world of computers and the MCTS Training has reared its head, or you could already be in IT and it’s apparent that the next stage is the Microsoft qualification.
When researching training colleges, be sure to avoid those who reduce their costs by failing to use the current Microsoft version. This is no use to the trainee as they will have been learning from an old version of MCTS which doesn’t correspond to the current exam syllabus, so it’s likely they’ll fail. A training provider’s focus must be based upon doing the most for their students, and the whole company should care about getting things right. Studying isn’t just about passing exams – the process should be all about helping you to decide on the best action plan for your future.
Students will sometimes miss checking on something of absolutely vital importance – the way their training provider actually breaks down and delivers the physical training materials, and into how many parts. Typically, you will purchase a course that takes between and 1 and 3 years and get posted one section at a time – from one exam to the next. While this may sound logical on one level, consider this: What if you find the order prescribed by the provider doesn’t suit you. You may find it a stretch to finalise all the sections inside their defined time-scales?
In an ideal situation, you want everything at the start – so you’ll have them all to come back to at any time in the future – whenever it suits you. This allows a variation in the order that you move through the program where a more intuitive path can be found.
It’s likely that you probably enjoy fairly practical work – the ‘hands-on’ personality type. Usually, the unfortunate chore of reading reference guides is something you’ll make yourself do if you have to, but it’s not really your thing. So look for on-screen interactive learning packages if you’d really rather not use books. Recent studies into the way we learn shows that we remember much more when we use all our senses, and we get practically involved in what we’re studying.
You can now study via self-contained CD or DVD materials. Real-world classes from the instructors will mean you’ll learn your subject through their teaching and demonstrations. Then you test your knowledge by practicing and interacting with the software. Don’t take any chances and look at some of the typical study materials provided before you hand over your cheque. The minimum you should expect would be instructor demonstrations, video tutorials and a variety of audio-visual and interactive sections.
Avoiding training that is delivered purely online is generally a good idea. Ideally, you should opt for CD and DVD ROM courseware where possible, so that you have access at all times – you don’t want to be reliant on a quality and continuous internet connection.
An all too common mistake that students everywhere can make is to look for the actual course to take, instead of focusing on the desired end-result. Training academies have thousands of direction-less students that chose a program because it looked interesting – instead of the program that would surely get them the career they desired. You could be training for only a year and end up doing the job for 20 years. Don’t make the mistake of choosing what sounds like an ‘interesting’ training program only to waste your life away with an unrewarding career!
Be honest with yourself about what you want to earn and what level of ambition fits you. Sometimes, this affects which exams you will need and what industry will expect from you in return. Look for help from a skilled professional who appreciates the market you’re interested in, and who can offer ‘A typical day in the life of’ understanding of what duties you’ll be performing day-to-day. It makes good sense to ensure you’re on the right track before you jump into the study-program. There’s little reason in starting your training and then discover you’re on the wrong course.
What is the reason why traditional academic studies are being overtaken by more commercial certifications? The IT sector now acknowledges that to cover the necessary commercial skill-sets, the right accreditation from the likes of Adobe, Microsoft MCITP Certification, CISCO and CompTIA is closer to the mark commercially – for much less time and money. Of course, an appropriate quantity of background knowledge must be taught, but focused specialised knowledge in the areas needed gives a vendor educated student a massive advantage.
Put yourself in the employer’s position – and you wanted someone who could provide a specific set of skills. What’s the simplest way to find the right person: Pore through loads of academic qualifications from graduate applicants, trying to establish what they know and which trade skills they’ve acquired, or choose a specific set of accreditations that specifically match what you’re looking for, and make your short-list from that. You’ll then be able to concentrate on getting a feel for the person at interview – rather than establishing whether they can do a specific task.
As you’ve arrived here it’s possible that you’d like to enter the world of computers and the MCTS Training has reared its head, or you could already be in IT and it’s apparent that the next stage is the Microsoft qualification.
When researching training colleges, be sure to avoid those who reduce their costs by failing to use the current Microsoft version. This is no use to the trainee as they will have been learning from an old version of MCTS which doesn’t correspond to the current exam syllabus, so it’s likely they’ll fail. A training provider’s focus must be based upon doing the most for their students, and the whole company should care about getting things right. Studying isn’t just about passing exams – the process should be all about helping you to decide on the best action plan for your future.
Students will sometimes miss checking on something of absolutely vital importance – the way their training provider actually breaks down and delivers the physical training materials, and into how many parts. Typically, you will purchase a course that takes between and 1 and 3 years and get posted one section at a time – from one exam to the next. While this may sound logical on one level, consider this: What if you find the order prescribed by the provider doesn’t suit you. You may find it a stretch to finalise all the sections inside their defined time-scales?
In an ideal situation, you want everything at the start – so you’ll have them all to come back to at any time in the future – whenever it suits you. This allows a variation in the order that you move through the program where a more intuitive path can be found.
It’s likely that you probably enjoy fairly practical work – the ‘hands-on’ personality type. Usually, the unfortunate chore of reading reference guides is something you’ll make yourself do if you have to, but it’s not really your thing. So look for on-screen interactive learning packages if you’d really rather not use books. Recent studies into the way we learn shows that we remember much more when we use all our senses, and we get practically involved in what we’re studying.
You can now study via self-contained CD or DVD materials. Real-world classes from the instructors will mean you’ll learn your subject through their teaching and demonstrations. Then you test your knowledge by practicing and interacting with the software. Don’t take any chances and look at some of the typical study materials provided before you hand over your cheque. The minimum you should expect would be instructor demonstrations, video tutorials and a variety of audio-visual and interactive sections.
Avoiding training that is delivered purely online is generally a good idea. Ideally, you should opt for CD and DVD ROM courseware where possible, so that you have access at all times – you don’t want to be reliant on a quality and continuous internet connection.
An all too common mistake that students everywhere can make is to look for the actual course to take, instead of focusing on the desired end-result. Training academies have thousands of direction-less students that chose a program because it looked interesting – instead of the program that would surely get them the career they desired. You could be training for only a year and end up doing the job for 20 years. Don’t make the mistake of choosing what sounds like an ‘interesting’ training program only to waste your life away with an unrewarding career!
Be honest with yourself about what you want to earn and what level of ambition fits you. Sometimes, this affects which exams you will need and what industry will expect from you in return. Look for help from a skilled professional who appreciates the market you’re interested in, and who can offer ‘A typical day in the life of’ understanding of what duties you’ll be performing day-to-day. It makes good sense to ensure you’re on the right track before you jump into the study-program. There’s little reason in starting your training and then discover you’re on the wrong course.
What is the reason why traditional academic studies are being overtaken by more commercial certifications? The IT sector now acknowledges that to cover the necessary commercial skill-sets, the right accreditation from the likes of Adobe, Microsoft MCITP Certification, CISCO and CompTIA is closer to the mark commercially – for much less time and money. Of course, an appropriate quantity of background knowledge must be taught, but focused specialised knowledge in the areas needed gives a vendor educated student a massive advantage.
Put yourself in the employer’s position – and you wanted someone who could provide a specific set of skills. What’s the simplest way to find the right person: Pore through loads of academic qualifications from graduate applicants, trying to establish what they know and which trade skills they’ve acquired, or choose a specific set of accreditations that specifically match what you’re looking for, and make your short-list from that. You’ll then be able to concentrate on getting a feel for the person at interview – rather than establishing whether they can do a specific task.
Wednesday, September 1, 2010
AusCert 2010: Brilliant engineers in Microsoft walled-garden
AusCert 2010: Brilliant engineers in Microsoft walled-garden
Linux communities are hostile and Microsoft is a walled garden "stuffed-full of brilliant engineers", according to a former Linux, now Microsoft engineer, Crispin Cowan.
In an AusCERT 2010 presentation titled "a Linux guy in a Microsoft world", Cowan said the stereotypes of Microsoft engineers as "baroque money-hogs", and Linux engineers as "open, passionate experts" were not "entirely true".
60 Minutes with Security Visionary Nir Zuk: View now
Best online Microsoft MCTS Training, Microsoft MCITP Certification at certkingodm.com
"Linux communities are shockingly hostile to women and newbies, attack failures to conform to norms and God help you if you top post," Cowan said. "Everyone is a butt-head.
"Microsoft is a closed garden, but it really has the same lump of engineers [as Linux] who are doing nerd things."
Cowan said his ideas to improve Microsoft products, forged in the Linux communities before he took the job last year, were rejected because "the 80,000 engineers had already invented and tested them."
Cowan also argued that User Access Controls (UAC) had improved Microsoft Windows security. According to figures from the software giant, 65 per cent of Windows Vista Service Pack 1 users had not recieved an Access Control prompt during a single session.
The figure was as high as 80 per cent for enterprise users, but only half for those using Vista without the service updates.
"UAC sucks less than you think," he said. "It was designed to teach applications not to depend on administration rights [but] it was like forcing a barefoot kid to start wearing boots."
Cowan said 88 per cent of Windows 7 users leave UAC on, and "only whiny bloggers turn it off."
Linux communities are hostile and Microsoft is a walled garden "stuffed-full of brilliant engineers", according to a former Linux, now Microsoft engineer, Crispin Cowan.
In an AusCERT 2010 presentation titled "a Linux guy in a Microsoft world", Cowan said the stereotypes of Microsoft engineers as "baroque money-hogs", and Linux engineers as "open, passionate experts" were not "entirely true".
60 Minutes with Security Visionary Nir Zuk: View now
Best online Microsoft MCTS Training, Microsoft MCITP Certification at certkingodm.com"Linux communities are shockingly hostile to women and newbies, attack failures to conform to norms and God help you if you top post," Cowan said. "Everyone is a butt-head.
"Microsoft is a closed garden, but it really has the same lump of engineers [as Linux] who are doing nerd things."
Cowan said his ideas to improve Microsoft products, forged in the Linux communities before he took the job last year, were rejected because "the 80,000 engineers had already invented and tested them."
Cowan also argued that User Access Controls (UAC) had improved Microsoft Windows security. According to figures from the software giant, 65 per cent of Windows Vista Service Pack 1 users had not recieved an Access Control prompt during a single session.
The figure was as high as 80 per cent for enterprise users, but only half for those using Vista without the service updates.
"UAC sucks less than you think," he said. "It was designed to teach applications not to depend on administration rights [but] it was like forcing a barefoot kid to start wearing boots."
Cowan said 88 per cent of Windows 7 users leave UAC on, and "only whiny bloggers turn it off."
Subscribe to:
Comments (Atom)