Wednesday, November 02, 2005
Windows Connections - Wednesday Sessions
It would have been a big problem. Just suppose I had won that Harley Davidson motorcycle at the Windows Connections conference today. How would I have managed to get it back to Kitchener, Ontario? So, thankfully, I have one less problem in my life. ;>(
The conference sessions today were as engaging as yesterday - lots of information (sometimes too much, to be accurate), lots of ideas germinating from those sessions, and lots of books to purchase and web sites to visit. And then there are the tools! Probably the most important of the tools I will start using is Process Explorer from http://www.sysinternals.com/.
The last session of the day for me involved the same presenter who gave the keynote address this morning after breakfast. Mark Russinovich is not only a brilliant programmer, he is an excellent speaker and top-drawer communicator. His keynote this morning was entitled Understanding and Fighting Malware: Spyware, Viruses, and Rootkits. His session in the late afternoon was Advanced Windows Troubleshooting with Process Explorer. In both cases, Mark delivered talks with very useful slides, a polished presentation, and much to stimulate those attending.
Rootkits, for instance, are a very, very scary technological development in the malware arena. The most recent rootkits can mask processes, services, TCP/IP ports, files, registry keys, and user accounts. They can hijack processes, manipulate kernel-mode data structures, filter user-mode and kernel-mode APIs and so on. Sysinternals’ RootkitRevealer is one tool to help IT Pros fight rootkits, but the tool itself has already been attacked by rootkit authors in a cat-and-mouse game. The bottom line is that unless you have exceptional skills and knowledge in dealing with rootkits, you’re better off formatting your hard drive and reinstalling Windows after you’ve confirmed a rootkit problem!
Process Explorer, the focus of Mark’s afternoon session, is a ‘no-contest’ winner over the default Task Manager tool in Windows. I’ve already downloaded version 9.5 and started learning how to use it to diagnose problems with processes, security, services, CPU time, threads, and handles.
Mark Minasi’s presentation Windows Logons Revealed was a disappointment, despite Mark’s valiant attempt to make the subject interesting and approachable. Maybe it’s just me, but the technical detail was overwhelming and, in my view, unnecessary. There was simply too much material and too great detail. The bottom line was that Kerberos is better than anything previous.
I branched out for two Exchange presentations for the other two sessions I attended. One was with Tom Meunier’s (no slides, unfortunately) Exchange Systems Administration on a Dollar a Day which offered a wealth of resources and tools to help the IT Pro charged with managing messaging. Sue Mosher’s Outlook 2003 Security: Balancing Protection with Usability was also quite helpful in setting the context, both historical and technical, for the preferred email client for Microsoft Exchange.
Finally, in addition to the sessions today, I had breakfast with the Culminis people (Peggy, Frank, and Joyce) and lunch with Ruth Morton from our own WWITPro user group and Roger, a lead from the San Diego Small Medium Business user group. In both cases, I got lots of useful suggestions for starting and promoting our own user group in the Waterloo/Wellington region.
Tomorrow is the last day of the conference for me before returning to Kitchener. There will be another keynote and three more sessions, a final draw and Q&A before leaving for the airport. Too bad there wasn’t more time to see some of the sights and sounds of San Diego. This city really impresses me. The weather is temperate, the city streets pristine, and the overall atmosphere very comfortable. Maybe some day there’ll be another opportunity to visit.