E-Bitz - SBS MVP the Official Blog of the SBS "Diva"

Know your marketplace?

Doing some research today on Small Businesses and some interesting links...

http://www.usatoday.com/money/smallbusiness/columnist/abrams/2004-05-06-success_x.htm

"The lesson? To greatly increase your chance of success, find out as much as you can BEFORE you open your doors. Talk to people who run their own businesses, especially businesses similar to yours, and get a realistic understanding of the time, financial, and emotional resources necessary. Keep your eyes open — not to the possibility of failure, but to the very real demands of running your own business."

Business Starts and Stops:
https://www.nfib.com/object/2752733.html

Small Business Problems and Priorities:
http://www.nfib.com/object/IO_16191.html

Lessons from Katrina.. http://www.nfib.com/object/IO_25515.html

Top 10 Reasons Why Small Businesses Fail | Starting a Business > Business Plans:
http://www.allbusiness.com/articles/startingbusiness/1440-25-1822.html

• Procrastination
• Ignoring the Competition (and I would argue it's not your fellow SBS consultant)
• Sloppy or ineffective marketing
• Ignoring customers' needs
• Incompetent employees
• Lack of versatility
• Poor location
• Cash flow problems
• A closed mind
• Inadequate planning

Just some links for thought.....

Feedback worth listening to

I was reading a post on the coding horror blog and the post about "good bugs versus bad bugs" reminded me of a company that seemingly takes feedback and does nothing with it.  No, I'm not talking about Microsoft here...but rather one of my LOB apps CCH. 

They do something in their tax program that just is inconceivable to me.  You see there are times that we need to fill in a form called a "Power of Attorney" where we can talk to the IRS (taxing agency) directly.  And there are specific identification numbers that we use.  Unique to each partner in the firm.  So when we migrated from Lacerte to CCH you can imagine our surprise that the "supposedly" less robust Lacerte, who all along has this master firm database ability to quickly and easily pop in a partner listing of unique info that was global to the program has been able to do this all along, but when we got to the CCH program, it cannot do this. 

It's a database program mind you.... in reality...and a basic database function....the ability for the program to remember unique data for each partner without having to individually place it in each taxpayer... it's now a "feature request" that we've put in for three years.

Now I cannot imagine that larger firms don't see this as a feature request.  I cannot imagine that larger firms don't have umpteen times in a day that they need to fill out a power of attorney form.  And the fact that this process is so manual, and that I have to keep a document separately to keep track of this information absolutely boggles my mind.

Why does it take a number of customers to wake up to a fact that they are missing out on something only because they haven't compared the features of a competing vendor to realize that neither vendor seemingly designing the software in a manner that optimizes what is the basic function of the program.  A database... a gathering of data.  Not a word document that has to be opened each time to enter in a data, database.  But an all encompassing program that keeps track of everything that the user of the program might need to do their job?

There are times I really wonder if any of the app developers are listening to the right people. 

Are they listening too much to the bleeding edgers?  Are they listening too much to the folks that have been using the same tax software since 1913 and they haven't changes their technology ways one iota?  (Okay so I'm exaggerating, but I kid you not, people do not change and migrate to new ways of techology well at all).  But truly, are they listening to the users of this software?  Sometimes I wonder.

My guess is that many of you reading this blog are not "users" of SBS but Var/Vaps.  And you are not the "users" of the software.  Oh sure you use the admin consoles and what not, and you still have to from various third party apps like Level Platforms or MOM and what not cobble together the "Var/Vap" console that you'd love to have (and that I swear I was at a AICPA Technology conference a few years ago and Bcentral was supposed to do something similar in the accounting space, but I digress) but in reality, you aren't the users of SBS.  

There are times that I don't think the vendors out there listen to you guys the "Admins" of SBS.  But the problem is and will always be the marketplace of SBS.  We're cheap down here, let's face it.

MyWife Malware

 This alert is to notify you of the release of Microsoft Security
Advisory (904420).

Microsoft wants to make customers aware of the Mywife mass mailing
malware variant named Win32/Mywife.E@mm. The mass mailing malware tries
to entice users through social engineering efforts into opening an
attached file in an e-mail message. If the recipient opens the file, the
malware sends itself to all the contacts that are contained in the
system's address book. The malware may also spread over writeable
network shares on systems that have blank administrator passwords.
Customers who are using the most recent and updated antivirus software
could be at a reduced risk of infection from the Win32/Mywife.E@mm
malware. Customers should verify this with their antivirus vendor.
Antivirus vendors have assigned different names to this malware but the
Common Malware Enumeration (CME) group has assigned it ID CME-24.

On systems that are infected by Win32/Mywife@E.mm, the malware is
intended to permanently corrupt a number of common document format files
on the third day of every month. February 3, 2006 is the first time this
malware is expected to permanently corrupt the content of specific
document format files.  The malware also modifies or deletes files and
registry keys associated with certain computer security-related
applications. This prevents these applications from running when Windows
starts. For more information, see the Microsoft Virus Encyclopedia
(http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Win32/Mywife.E@mm).

As with all currently known variants of the Mywife malware, this variant
does not make use of a security vulnerability, but is dependant on the
user opening an infected file attachment. The malware also attempts to
scan the network looking for systems it can connect to and infect   It
does this in the context of the user. If it fails to connect to one of
these systems, it tries again by logging on with "Administrator" as the
user name together with a blank password.
Customers who believe that they are infected with the Mywife malware, or
who are not sure whether they are infected, should contact their
antivirus vendor.  Alternatively, Windows Live Safety Center Beta Web
site (http://safety.live.com) provides the ability to choose "Protection
Scan" to ensure that systems are free of infection. Additionally, the
Windows OneCare Live Beta (http://www.windowsonecare.com), which is
available for English language systems, provides detection for and
protection against the Mywife malware and its known variants.

For more information about the Mywife malware, to help determine whether
you have been infected by the malware, and for instructions on how to
repair your system if you have been infected, see the Microsoft Virus
Encyclopedia
(http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Win32/Mywife.E@mm).

For Microsoft Virus Encyclopedia references, see the
"Overview" section. We continue to encourage customers to use caution
with unknown file attachments and to follow our Protect Your PC guidance
of enabling a firewall, getting software updates, and installing
antivirus software. Customers can learn more about these steps by
visiting the Protect Your PC Web site
(http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx).   
Suggested Actions:

*    Use up-to-date antivirus software
Most antivirus software can detect and prevent infection by known
malicious software. You should always run antivirus software on your
computer that is updated with the latest signature files to
automatically help protect you from infection. If you don't have
antivirus software installed, you can get it from one of several
companies. For more information, see
http://www.microsoft.com/athome/security/downloads/default.mspx

*    Use caution with unknown attachments
Use caution before opening unknown e-mail or IM attachments, even if you
know the sender. If you cannot confirm with the sender that a message is
valid and that an attachment is safe, delete the message immediately,
and run up-to-date antivirus software to check your computer for
viruses.

*    Use strong passwords
Strong passwords on all privileged user accounts, including the
Administrator account, will help block this malware's attempt to spread
through network shares. 
*    Remove unneeded network shares
Malware can often spread over network shares. Remove unneeded network
shares that are mapped to your computer. To remove network shares in Windows XP
o    On the Start menu, click My Computer.
o    On the Tools menu, click Disconnect Network Drives...
o    In the Disconnect Network Drives dialog box, click the drives to
disconnect and click OK.

*    Protect Your PC
We continue to encourage customers follow our Protect Your PC guidance
of enabling a firewall, getting software updates and installing
ant-virus software. Customers can learn more about these steps by
visiting Protect Your PC Web site (http://www.microsoft.com/protect).
For more information about staying safe on the Internet, customers can
visit the Microsoft Security Home Page
(http://www.microsoft.com/security).

More information can be found:
http://www.microsoft.com/technet/security/advisory/904420.mspx
Microsoft Security Advisories are located at this location:
http://www.microsoft.com/technet/security/advisory/default.mspx

If you have any questions regarding this alert please contact your
Technical Account Manager or Application Development Consultant.

Thank you,
Microsoft PSS Security Team

Hey did you see this on Brian's blog?

What do you get for the price of CPE but is more than CPE? 

An offer from K2 for software and CPE!

Forward this link to your CPAs that are your clients (and remind them to sign up for the MPAN program and get the action pack while you are at it)

....and if they just happen to install SBS.... well.....

A blog should not have email

The RSA Security Conference is coming up and if you remember last year's conference Bill Gates made two announcments.... one was that IE 7 was going to be released for Windows XP and the second was that Antispyware was to be free to individuals.  It will be interesting to see what keynotes there are this year.  Last year the major ones were webcast.  So I'm out on the site and they have a new "Security Exchange" that includes Blogs....well..let's just say it has "one" blog.  And here's the kicker that made me laugh.  When you go to the page where the blog content is, there isn't ...that I can see anyway... a RSS subscribe icon.  Instead there's a place to click to..... "Subscribe to receive emailed updates of new blog entries from Ira Winkler"

Uh... gang... there's this thing called RSS? You know it's where you have a RSS reader like Newsgator or RSS bandit and all your RSS feeds come to you...and they aren't jumbled in all with all that junk mail I already get?

It's bad enough that the Orange XML tag is "RSS" on some pages and "XML" on another...but can we have another standard?  A blog standard?  That it comes with a XML feed that can be sucked in?

Not emailed, thank you very much.

https://www.rsaconference.com/exchange/blog_view.aspx?id=3

The ugly truth about small businesses and POP

There's a group of small businesses that are small and paranoid.  Or paranoid and small.  But the point is they like two things.  Not having a server and they love POP accounts.  It's funny because the official stance of the SBS var/vap community is that POP is a four letter word.  POP mail is worse than a four letter word...it's like the worst swear word you can think of ever.....yet show me many a small business and the Var/vap will say that they cannot get the small business off of POP accounts. 

Either it's because they are not cautioning them on the security issues of a Port 110/POP connection that passes the username/password in clear text, or the thought they are dependent on the server (get a backup MX record) or it's not letting them know about Outlook over HTTP but the ugly truth is that there is still a lot of POP in SBSland.  For all it's lack of robustness, for all it's "it's a transition product to full SMTP", the ugly truth is that there's still a huge group of folks still transitioning and have been since SBS 4.0.

Then ...about being on a server.  There isn't a week that goes by that someone doesn't post in about a 'high availability' server idea for SBS.  But here's the thing... if you buy decent server hardware...this isn't an issue.  Vlad on the mssmallbiz listserve talks about how he sees some folks use a hosted SBS (as his firm www.ownwebnow.com does this)...start realizing the power of it and then switch to a real server as they realize they want to have more control.

There are firms that either get technology...or don't get it and need to be pushed a bit more.....

Poor man's DFS

Need a way to share files?  I know that SeanDaniel.com blogged about this before..it's a way to share folders between computers...and if this is the service/product I'm thinking of, someone is using this between a SBS box and a remote server.

www.foldershare.com is the company but like Sean says.... choose a good password will ya?