Should You Fire Microsoft?

Maybe you really like Microsoft's products and wonder why you should consider using Linux. Think about this. Every few years Microsoft releases a new Operating System, which is incompatible with the previous one. Every few years Microsoft updates the critical applications that you use every day in your business. For example, Word has changed - each version incompatible with the previous. Same for Excel. Do you really want your business controlled by a software company like that?

We can show you how to install reliable replacement software for the Office applications you need. There are no confusing licensing requirements. No requirements that change every few years.

And if you need a specific Windows application in your business, that's fine. You don't have to eliminate Windows in order to use Linux. It's compatible. It's friendly. Call to learn more.

Linux for Business can assist your company in ordering, configuring, and installing server systems that can be accessed from Windows computers. We can also help you get Linux deployed on the desktop. Contact us if you want training for a new or existing Linux installation.

Looking for a replacement for Outlook? Look no further than Ximian Evolution. There is also an add-on product called Ximian Connector that will let your Linux system function as an Exchange 2000 client.

Ximian Evolution

Ximian Evolution is the premier personal and workgroup information management solution for Linux and UNIX. The software seamlessly integrates email, calendaring, meeting scheduling, contact management and online task lists in one powerful, fast, and easy to use application. Ximian Evolution also delivers a comprehensive set of features that help you keep your work organized and your projects on track. Automatic email indexing keeps your information at your fingertips. The unique Ximian vFolders are virtual folders you use to create and save powerful contextual views of your email messages.

Ximian Evolution is also powerful collaboration software that connects Linux and UNIX users to popular corporate communications architectures. Ximian Evolution supports standard communications and data interchange standards, so you can collaborate with users on other platforms. For example, Ximian Evolution is compatible with SMTP, SMTP/Authorized, POP, IMAP and other standard messaging environments. It can import mailboxes created with Netscape, Outlook Express, UNIX mbox, Eudora and other email managers. It supports peer-to-peer calendaring with users on products that support iCalendar, including Microsoft Exchange and Lotus Notes. Ximian Evolution uses corporate address books created using the popular LDAP protocol. And, Ximian Evolution supports the vCard protocol; so exchanging personal information with other users is easy.

Ximian Connector is an optional add-in to Ximian Evolution that is now available for purchase. With Ximian Connector installed, Ximian Evolution functions as a Microsoft Exchange 2000 client, seamlessly integrated with Exchange calendaring and other mail storage and mail handling features.

Microsoft Alerts

Microsoft has issued patches for what it termed critical security lapses in its Office software and Internet Explorer Web browser that put tens of millions of users at risk of having their files read and altered by online attackers. Microsoft said an attacker, via e-mail or a Web page, could use Internet-related parts of Office to run programs, alter data, and wipe out a hard drive as well as view file and clipboard contents on a user's system. Microsoft also reported vulnerabilities in the three latest versions of Internet Explorer that let infiltrators read files. The IE vulnerability affects:

• Microsoft Internet Explorer 5.01
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 6.0

See this article by Brian Livingston for more information on this issue.

September 26, 2002

A flaw has been found in Microsoft's FrontPage Server Extensions that could allow attackers to run malicious code on systems. Microsoft is urging users of FrontPage Server Extensions 2000 and FrontPage Server Extensions 2002 to patch their systems or do a workaround. Older versions may be affected, but Microsoft no longer supports them.

October 23, 2002

FIRM FINDS NINE IE SECURITY HOLES; EIGHT ARE CRITICAL | News: CNET Israel-based GreyMagic Software warned Internet Explorers of nine security vulnerabilities in the browser that could allow an attacker access to files on a vulnerable system. Eight of the nine flaws are critical and can be exploited by using a specially coded Web page that would run malicious programs on a victim's computer if the victim visited the page. The flaws could also allow attackers to copy clipboard information, execute programs and trick users by forging trusted Web sites.

August 15, 2002

"Telecommunications company Verizon Communications saved $6 million in equipment costs by moving its programmers to Linux computers, the company said Wednesday."

"The company cut costs by replacing programmers' Unix and Windows workstations with Linux systems that run OpenOffice instead of Microsoft Office, said George Hughes, a Verizon executive overseeing the work. The average desktop cost went from $22,000 to $3,000 per developer, he said in a talk at the LinuxWorld Conference and Expo."

November 21, 2002

A critical buffer overflow vulnerability affecting Microsoft's Internet Information Services (IIS) Web server and Internet Explorer could leave companies open to Nimda-style attackers.

The flaw is in Microsoft Data Access Components, a collection of components that make it easy for programs to access databases and manipulate the data within them. It's used by IIS and Internet Explorer.

Microsoft and security experts are urging affected users to patch their systems as soon as possible. Web servers running Microsoft Data Access Components 2.1, Microsoft Data Access Components 2.5 and Microsoft Data Access Components 2.6 are affected. Several versions of the Windows operating system are also affected. Attackers exploiting the flaw could run code on a vulnerable machine. No exploits are known to exist, experts said.

"Clearly, this vulnerability is very serious, and Microsoft recommends that all customers whose systems could be affected by them take appropriate action immediately," the company said in an advisory released Wednesday.

March 23, 2003

Microsoft is warning users of virtually every version of its Windows operating system of a new critical security vulnerability. It's urging users of Windows 98, 98SE, Windows ME, NT, 2000, and XP, as well as Windows NT 4.0 Terminal Server Edition, to patch immediately.

The security flaw resides within the Windows Script Engine, which is used by the operating system and apps to automate certain tasks. The flaw, detailed in Microsoft bulletin MS03-008, exists in the way the engine for the scripting language Jscript processes information, so an attacker could design a Web page or HTML-based E-mail that exploits this buffer overrun vulnerability. A successful attack could let a hacker gain compete control of a user's system and execute software of their choice, Microsoft warns.

Microsoft also revealed a moderate vulnerability within its Microsoft Internet Security and Acceleration Server 2000 in bulletin MS03-009. According to Microsoft, customers running unpatched versions of the security server could be subject to denial-of-service attacks. The company says system administrators should consider patching this vulnerability.

October 7, 2004

A security flaw in Microsoft's ASP.NET technology could allow intruders to enter password-protected areas of a web site by altering a URL. A fix is not yet available, but Microsoft is offfering guidelines to help ASP.NET users secure their sites against intrusion attempts. The flaw exists only in ASP.NET, not ASP (Active Server Pages).

Microsoft reported: "This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003." Netcraft data finds that ASP.NET is currently on over 2.9 million active sites.

The security hole involves a bug in ASP.NET's handling of URLs, known as "canonicalization." If a visitor to an ASP.NET site substitutes '\' or '%5C' for the '/' character in the URL, they may be able to bypass password login screens. The technique may also work if a space is subsituted for the slash. Security researchers say the bug operates differently in Mozilla browsers and Internet Explorer. It also apparently allows authenticated users to bypass password protection on administrative areas of a site.

Earlier this year, the handling of URLs was at the heart of a security flaw in Internet Explorer that allowed phishing scams to more easily spoof web pages. While that flaw was tied to the IE browser's handling of URLs, the new flaw exploits a weakness in the way ASP.NET handles URLs in requests to the web server.

ASP.NET is a programming framework that can be used on a server to build web applications, and serves as a successor to ASP. Microsoft presents ASP.NET as offering numerous advantages over other development platforms, including improvements in performance and scalability.

Click here for the complete story.

We're Here to Help

Call us. We know Linux.