Wednesday, June 29, 2011

Asus A53E-XN1 B940 2GHz 15.6" Notebook $420 at Newegg

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.

Newegg has the new Asus A53E-XN1 B940 2GHz 15.6" Notebook for $420 with free shipping. [Compare]

Intel Pentium B940 2GHz CPU, 4GB DDR3 RAM, 500GB HDD
15.6" LED-backlit, Super Multi, Wireless-N, 6-cell, Win 7 HP x64


More aboutAsus A53E-XN1 B940 2GHz 15.6" Notebook $420 at Newegg

ASUS B940-CPU Laptop with HDMI, gigabit LAN - $419

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Rating: 2 Posted By: Flector
Views: 707 Replies: 0

ASUS Laptop at Newegg

Stats:
* 4 Gb RAM
* 500 Gb HD
* backlit LED 15.6" screen
* gigabit LAN
* HDMI-out
* VGA port (no DVI)
* b/g/n wireless
* 3x USB

Pentium B940/B950's are the Sandy Bridge successor chips to the P6200's. They are just starting to show up in laptops.

More aboutASUS B940-CPU Laptop with HDMI, gigabit LAN - $419

Dell Vostro 3450 Intel Core i5-2410M 2.4GHz [Sandy Bridge] 14in Laptop (Aluminum) $529 at Dell Small Business

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Small Business Coupon
More aboutDell Vostro 3450 Intel Core i5-2410M 2.4GHz [Sandy Bridge] 14in Laptop (Aluminum) $529 at Dell Small Business

Tuesday, June 28, 2011

Dell Vostro 3550 Intel Core i5-2410M 2.3GHz [Sandy Bridge] 15.6in Laptop (Aluminum) $549 at Dell Small Business

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Small Business Coupon
More aboutDell Vostro 3550 Intel Core i5-2410M 2.3GHz [Sandy Bridge] 15.6in Laptop (Aluminum) $549 at Dell Small Business

Lenovo ThinkPad T61 15.4" 6464-WG6 Notebook $319 at Newegg

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.

Newegg has the refurbished Lenovo ThinkPad T61 (6464-WG6) 15.4" 6464-WG6 Notebook for $305 + $14 shipping = $319 shipped. [Compare]

Core 2 Duo T7500 2.20GHz CPU, 2GB DDR2 RAM, 100GB HDD
DVD/CD-RW Combo Drive, Intel HD, Windows XP Pro, 9-cell


More aboutLenovo ThinkPad T61 15.4" 6464-WG6 Notebook $319 at Newegg

Toshiba Satellite C655D-S5136 AMD P340 Dual-Core 2.2GHz 15.6in Laptop (3GB/320GB) $349.99 at Office Depot

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Office Depot Coupon
More aboutToshiba Satellite C655D-S5136 AMD P340 Dual-Core 2.2GHz 15.6in Laptop (3GB/320GB) $349.99 at Office Depot

Monday, June 27, 2011

Dell D630 Core 2 Duo 2.0Ghz 2GB 80GB DVDRW Laptop T7250 w/Dock-Bag $250 ship (REFURB)

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Rating: 2 Posted By: MISTERCHEAP
Views: 967 Replies: 2

http://cgi.ebay.com/Dell-D630-Core2Duo-Laptop-w--Dock-%26-Bag---...

Dell D630 Notebook **
** AC Adapter Included **
** Docking Station Included **
** Carrying Case Included


link to specs below

http://www.dell.com/us/dfb/p/latitude-d630/pd?refid=latit_d630&s...

More aboutDell D630 Core 2 Duo 2.0Ghz 2GB 80GB DVDRW Laptop T7250 w/Dock-Bag $250 ship (REFURB)

Dell XPS 15 Intel Core i5-480M 2.66GHz 15.6in 1080p Laptop $699.99 Free Shipping at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutDell XPS 15 Intel Core i5-480M 2.66GHz 15.6in 1080p Laptop $699.99 Free Shipping at Dell Home

HP Coupon Codes up to $375 off HP Laptops & Desktops at HP

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
HP Coupon
More aboutHP Coupon Codes up to $375 off HP Laptops & Desktops at HP

11.6" HP Pavilion dm1z AMD Dual-Core E-350 1.6GHz, 3GB/320GB, WifiN, Webcam Bluetooth, Win7HP64, Notebook $380 FS @ HP

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Rating: 7 Posted By: templeboy
Views: 3552 Replies: 17

Linky

Use code NBMX4925

More about11.6" HP Pavilion dm1z AMD Dual-Core E-350 1.6GHz, 3GB/320GB, WifiN, Webcam Bluetooth, Win7HP64, Notebook $380 FS @ HP

Lenovo G570 Intel Core i5-2410M 2.3GHz Sandy Bridge 15.6in Laptop w/ Blu-Ray $649 at lenovo

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
lenovo Coupon
More aboutLenovo G570 Intel Core i5-2410M 2.3GHz Sandy Bridge 15.6in Laptop w/ Blu-Ray $649 at lenovo

Sunday, June 26, 2011

New Release - Dell XPS 15z Intel Core i5/i7 Sandy Bridge 15.6in Laptops (1in Thin!) $999 at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutNew Release - Dell XPS 15z Intel Core i5/i7 Sandy Bridge 15.6in Laptops (1in Thin!) $999 at Dell Home

Toshiba Satellite 15.6" Notebook, 2GB DDR3 RAM, 250GB HDD, DVD RW, Win 7 Home Premium 64 --$299-- shipped @ Buy.com/ebay

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Rating: -1 Posted By: MisterGadget
Views: 919 Replies: 5

Toshiba Satellite 15.6" Notebook, 2GB DDR3 RAM, 250GB HDD, DVD RW, Win 7 Home Premium 64, $299 shipped @ Buy.com/ebay

 

Features

Intel Celeron 925 processor (2.3GHz, 3MB L2 Cache)
2GB DDR3 SDRAM system memory (expandable to 4GB): Gives you the options for surfing, video conferencing, documents, basic photo editing and simple computer tasks
250GB SATA hard drive: Store 166,000 photos, 71,000 songs or 131 hours of HD video and more
SuperMulti DVD Burner with Labelflash: Watch movies, and read and write CDs and DVDs in multiple formats
10/100 Ethernet, 802.11b/g/n Wireless LAN: Connect to a broadband modem with wired Ethernet or wirelessly connect to a Wi-Fi signal or hotspot with the 802.11b/g/n connection built into your PC
15.6" TruBrite TFT LCD display: Intel Graphics Media Accelerator 4500M with 128MB-829MB of dynamically allocated graphics memory
Built-in webcam and microphone
4-in-1 memory card reader
2 x USB 2.0 ports, 1 x RGB port, 1 x headphone output, 1 x mirophone input, 1 x RJ-45 Ethernet port
6-cell lithium-ion battery, up to 4 h 23 min battery life

More aboutToshiba Satellite 15.6" Notebook, 2GB DDR3 RAM, 250GB HDD, DVD RW, Win 7 Home Premium 64 --$299-- shipped @ Buy.com/ebay

Dell Inspiron 15R Intel Core i3-2310M 2.1GHz Sandy Bridge 15.6in Laptop $499.99 at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutDell Inspiron 15R Intel Core i3-2310M 2.1GHz Sandy Bridge 15.6in Laptop $499.99 at Dell Home

HP ENVY 14 Intel Core i7-740QM Quad-Core 14.5in Laptop (6GB/500GB/Radeon HD5650) $799.99 at HP

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
HP Coupon
More aboutHP ENVY 14 Intel Core i7-740QM Quad-Core 14.5in Laptop (6GB/500GB/Radeon HD5650) $799.99 at HP

Dell Inspiron 14R Intel Core i3-380M 2.53GHz 14in Laptop $399 (15in Model $449) at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutDell Inspiron 14R Intel Core i3-380M 2.53GHz 14in Laptop $399 (15in Model $449) at Dell Home

Saturday, June 25, 2011

HP dv7tqe Intel Core i7-2630QM Quad-Core Sandy Bridge 17.3in 1080p Laptop Blu-Ray $1024 at HP

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
HP Coupon
More aboutHP dv7tqe Intel Core i7-2630QM Quad-Core Sandy Bridge 17.3in 1080p Laptop Blu-Ray $1024 at HP

Dell Inspiron 14R Intel Core i3-2310M 2.1GHz Sandy Bridge 14in Laptop (4GB/320B) $549.99 at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutDell Inspiron 14R Intel Core i3-2310M 2.1GHz Sandy Bridge 14in Laptop (4GB/320B) $549.99 at Dell Home

HP dv6tqe Intel Core i7-2630QM Quad-Core Sandy Bridge 15.6in 1080p Laptop $924.99 at HP

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
HP Coupon
More aboutHP dv6tqe Intel Core i7-2630QM Quad-Core Sandy Bridge 15.6in 1080p Laptop $924.99 at HP

Lenovo IdeaPad S205 AMD Dual-Core E-350 (FUSION) 11.6in Laptop (3GB/320GB) $389.99 at lenovo

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
lenovo Coupon
More aboutLenovo IdeaPad S205 AMD Dual-Core E-350 (FUSION) 11.6in Laptop (3GB/320GB) $389.99 at lenovo

Asus A52F-XE6 Intel Core i5-480M 2.66GHz 15.6in Laptop (4GB/500GB) $549 Free Ship at Buy.com

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Buy.com Coupon
More aboutAsus A52F-XE6 Intel Core i5-480M 2.66GHz 15.6in Laptop (4GB/500GB) $549 Free Ship at Buy.com

Dell XPS 15 Intel Core i5-2410M 2.3GHz Sandy Bridge 15.6in Laptop $644.99 at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutDell XPS 15 Intel Core i5-2410M 2.3GHz Sandy Bridge 15.6in Laptop $644.99 at Dell Home

Friday, June 24, 2011

Lenovo IdeaPad Y560p Intel Core i7-2630QM Quad-Core Sandy Bridge 15in Laptop $829 at lenovo

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
lenovo Coupon
More aboutLenovo IdeaPad Y560p Intel Core i7-2630QM Quad-Core Sandy Bridge 15in Laptop $829 at lenovo

Dell Inspiron 15R Intel Core i5-2410M 2.3GHz Sandy Bridge 15.6in Laptop Blu-Ray $649 at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutDell Inspiron 15R Intel Core i5-2410M 2.3GHz Sandy Bridge 15.6in Laptop Blu-Ray $649 at Dell Home

Lenovo IdeaPad Y460p Intel Core i7-2630QM Quad-Core Sandy Bridge 14in Laptop $829 at lenovo

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
lenovo Coupon
More aboutLenovo IdeaPad Y460p Intel Core i7-2630QM Quad-Core Sandy Bridge 14in Laptop $829 at lenovo

Dell XPS 17 Intel Core i7 Quad-Core Sandy Bridge 17.3in 1080p 3D Laptop $1199 at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutDell XPS 17 Intel Core i7 Quad-Core Sandy Bridge 17.3in 1080p 3D Laptop $1199 at Dell Home

Toshiba - Satellite Laptop / Intel Sandy Bridge i3-2310m / 15.6" Display / 3GB Memory / 320GB Hard Drive $399 @ bestbuy

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Rating: 10 Posted By: Butcherboy
Views: 3630 Replies: 5

Toshiba - Satellite Laptop / Intel Sandy Bridge i3-2310m / 15.6" Display / 3GB Memory / 320GB Hard Drive - Black $399 @ Best Buy
Toshiba - Satellite Laptop / Intel Core i3 Processor (Sandy Bridge) / 15.6" Display / 3GB Memory / 320GB Hard Drive - Black

http://www.bestbuy.com/site/Toshiba+-+Satellite+Laptop+/+Intel%2...

Intel Core i3-2310M processor
Features a 3MB cache and 2.1GHz processor speed.
Intel Core i3 processor
Features smart 4-way processing performance for HD quality computing. Intel HD graphics provide extra graphics power for your laptop when you need it.
3GB DDR3 memory
For multitasking power, expandable to 8GB.
Multiformat DVDRW/CD-RW drive with double-layer support
Records up to 8.5GB of data or 4 hours of video using compatible DVD+R DL and DVD-R DL media; also supports DVD-RAM.
15.6" LED-backlit TFT-LCD high-definition widescreen display
With 1366 x 768 resolution and TruBrite technology showcases movies and games in stunning clarity.
320GB Serial ATA hard drive (5400 rpm)
Offers spacious storage and fast read/write times.
Mobile Intel HD graphics
Feature 64-1317MB shared graphics memory for lush images.
Built-in webcam and microphone
Make it easy to video chat with family and friends.
Multiformat media reader
Supports Secure Digital, Secure Digital High Capacity, miniSD and MultiMediaCard formats.
2 USB 2.0 ports
For fast digital video, audio and data transfer.
Built-in high-speed wireless LAN (802.11b/g/n)
Connect to the Internet without wires.
Built-in 10/100 Ethernet LAN
With RJ-45 connector for quick and easy wired Web connection.
Weighs 5.3 lbs. and measures just 1.6" thin
For easy portability.
Trax texture finish in black
Offers a sophisticated look.
Microsoft Windows 7 Home Premium Edition 64-bit operating system preinstalled

Can't beat $399 for a Sandy Bridge CPU!

 

thanks whenry83

More aboutToshiba - Satellite Laptop / Intel Sandy Bridge i3-2310m / 15.6" Display / 3GB Memory / 320GB Hard Drive $399 @ bestbuy

Dell XPS 15 Intel Core i7-2630 Quad-Core Sandy Bridge 15.6 1080p Laptop Blu-Ray $999 at Dell Home

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Dell Home Coupon
More aboutDell XPS 15 Intel Core i7-2630 Quad-Core Sandy Bridge 15.6 1080p Laptop Blu-Ray $999 at Dell Home

Thursday, June 23, 2011

HP Pavilion Intel Core i7-2630QM Quad-Core Sandy Bridge 17.3in Laptop w/ Blu-Ray $699AR at Staples

The remote server returned an unexpected response: (417) Expectation failed.
The remote server returned an unexpected response: (417) Expectation failed.
Staples Coupon
More aboutHP Pavilion Intel Core i7-2630QM Quad-Core Sandy Bridge 17.3in Laptop w/ Blu-Ray $699AR at Staples

Database security

Translate Request has too much data
Parameter name: request
Translate Request has too much data
Parameter name: request

Database Security is one of the broader topics that Securosis covers. Database servers are highly complex systems – storing, organizing, and managing data for a wide array of applications. Most mid-sized firms have dozens of them, some embedded in desktop applications, while others serve core systems such as web commerce, financials, manufacturing, and inventory management. A Fortune 100 company may have thousands. To address the wide range of offerings and uses, we will cover database security from two different angles. The first is the security of the application itself, and the second is the use and security of the data within the database.

Database Vulnerability Assessment (VA), access control & user management, and patch management are all areas where preventative security measures can be applied to a database system. For securing the data itself, we include such topics as Database Activity Monitoring (DAM), auditing, data obfuscation/masking, and database encryption. Technologies like database auditing can be used for either, but we include them in the later category because they provide a transactional view of database usage. We also include some of the database programming guidelines that can help protect databases from SQL injection and other attacks against application logic.

Papers and Posts

If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and comments).

  1. Database Activity Monitoring research paper remains a reader favorite and can be downloaded here: “Understanding and Selecting a Database Activity Monitoring Solution” white paper.
  2. Understanding and Selecting a Database Assessment Solution is now available. We are very happy with this paper. We have even been told by database assessment vendors their product teams learned some tips from this paper, and we think you will too.
  3. Our Understanding and Selecting a Database Encryption or Tokenization Solution paper is available.
  4. Database Audit Events is a comprehensive list of database events available through native database auditing techniques.
  5. Many supporting posts on Database Encryption: Application vs. Database Encryption and Database Encryption: Fact vs. Fiction, Format and Datatype Preserving Encryption, An Introduction to Database Encryption, Database Encryption Misconceptions, Media encryption options for databases,and threat vectors to consider when encrypting data.
  6. The 5 laws of Data Masking.

Database Security Patch Coverage

  1. Oracle Critical Patch Update, July 2009.

General Coverage

  1. SQL Injection Prevention
  2. Database Audit Performance in this Friday Summary introduction
  3. Database Encryption Benchmarking
  4. Three Database Roles: Programmer, DBA, Architect
  5. Database Security: The Other First Steps
  6. Sentrigo and MS SQL Server Vulnerability.
  7. Amazon’s SimpleDB.
  8. Information on Weak Database Password Checkers.
  9. Database Connections and Trust, and databases are not typically set up to validate incoming connections against SQL injection and misused credentials, and this post on recommending Stored Procedures to address SQL Injection attacks
  10. Separation of Duties and Functions through roles and programmatic elements, and putting some of the web application code back into the database.
  11. Native database primary key generation to avoid data leakage and inference problems, and additional comments on Inference Attacks.
  12. Your Top 5 Database Security Resolutions.
  13. Posts on separation of duties: Who “Owns” Database Security, and the follow-up: DBAs should NOT own DAM & Database Security.
  14. A look at general threats around using External Database Procedures and variants in relational databases.
  15. Database Audit Events.
  16. Database Security Mass-Market Update and Friday Summary - May 29, 2009
  17. Database Patches, Ad Nauseum
  18. Acquisitions and Strategy
  19. Comments on Oracle’s Acquisition of Sun
  20. Oracle CPU for April 2009
  21. Netezza buys Tizor
  22. More Configuration and Assessment Options. Discusses recent Oracle and Tenable advancements.
  23. Policies and Security Products applies to database security as well as other product lines.
  24. Oracle Security Update for January 2009.
  25. Responding to the SQL Server Zero Day: Security Advisory 961040 includes some recommendations and workarounds.
  26. Will Database Security Vendors Disappear? and Rich’s follow-on Database Security Market Challenges considerations for this market segment.
  27. Behavioral Monitoring for database security.
  28. NitroSecurity acquired RippleTech.
  29. Database Monitoring is as big or bigger than DLP.

Presentations

Podcasts, Webcasts and Multimedia

None at this time

Vendors/Tools

The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections.

Database Activity Monitoring

Database Vulnerability Assessment

Database Encryption

Note that some of the vendors listed provide transparent disk encryption or application layer encryption that can be applied to database files or content.

Database Auditing

Database Masking

Note that there are several vendors who offer format preserving encryption and tokenization, such as NuBridges, Prime Factors, Protegrity and Voltage, which also provides some masking capabilities.

Database Vendors

There are dozens of vendors, both big and small, who offer databases – many with specific competitive advantages. We aren’t even attempting to comprehensive, and specifically ignored any without widespread mainstream adoption. There are also dozens more open source databases with small numbers of deployments, perhaps primarily embedded in applications or backending non-commercial web applications.

More aboutDatabase security

WASC party at RSA

Web Application Security Consortium (which I am a founding member of co) is throwing a party at RSA this year in San Francisco. Here's the official announcement. "Take a break @ RSA and Meet-up with your peers at the WASC meet up to join your peers in the Web application security for lunch at the Jillian's@Metreon....".
More aboutWASC party at RSA

I began using the SDL, but how do I?

Jeremy Dallman here with another publication of free documentation of SDL. Today we are making available a library of templates to help you get started with the SDL practices or activities more focused thinking.

The major issues we face the beginning of Microsoft and are now still more businesses of all sizes, start to adopt the SDL in their own organizations is "How can I [insert a practical activity or process SDL]." The most often, these questions are specifically speaks SDL practices that can be addressed with the tools and are more oriented process or focused on thinking.

As these issues have begun to come from other companies, we started digging into some of our internal archives for documents, we used the early on at Microsoft. Since then, most of these documents have been incorporated into web forms or our internal management SDL tables. However, we discovered that they were very useful for other companies models. Now we want to let other SDL organizations look and put them to good use as well!

Today, we publish a small template for SDL practices library that can help you to address:

  • Define security requirements
  • Creation of a security bug bar
  • Performing a security risk assessment
  • Perform a basic threat model (when not not using the set of the EOP or SDL threat modeling tool)
  • Exception of SDL applications management
  • Conduct a Final review of security

... and a.ZIP contains all the templates in one package.

These documents are published under the same Creative Commons license as our other SDL documents. Please put to use in their form by default (without modifications), as models to modify customize for your needs, or as a catalyst for brainstorming and creating your own documents simply. The objective is to help you accelerate the implementation of the SDL practices and gather useful security information about your projects.

We are happy to share these pieces of the Microsoft SDL with the ecosystem and the eager to hear how they have used in your own SDL projects.

More aboutI began using the SDL, but how do I?

Denim Group releases Application Security remediation Resource Center

By Dan Cornell Denim Group announced the first application security remediation Resource Center. There are many resources to it: video, a practical guide on sanitation of the software, the slidedecks and links to all the posts on this blog clean....
More aboutDenim Group releases Application Security remediation Resource Center

Published the OWASP Top 10 2010

On Monday, the OWASP - Open Web Application Security project, released the new version of your best known project: OWASP TOP 10. It is the third edition of the project which is the largest 10 vulnerabilities in Web applications. From the previous edition of 2007, the list of vulnerabilities has not changed much, being [...]
More aboutPublished the OWASP Top 10 2010

Wednesday, June 22, 2011

New white paper: comparative analysis of security: beyond the parameters

Since I wrote the CSO pragmatic life there (OK, 4 years, but it feels like life), I've been evangelizing better quantify security programs. Even without context, quantification is valuable, but they are much more useful as a whole. If I was intensely to find against a set of similar societies to compare your settings, which provide needed context. Unfortunately, with the number of fires, that we must fight every day, people of more accurate security are not time to adopt measures.

This article focuses on why you should. Keep us account security measures at a high level of the Foundation, and then spend most of the article explaining what benchmarking offers to your security program and how to do it. A brief extract Executive Summary explains well:

A key aspect of maturation of our safety programs must be the collection of parameters of security and their use to improve business processes. Even those with broad security measures programs still have difficulty in communicating the relative effectiveness of their efforts - in large part because they have no point of comparison. When speaking of success/failure of any safety program, without Management main objective reference point has therefore no idea if your results are good. Or a bad thing.

Enter the reference for the security, which involves comparing your security settings to a group of peers from similar businesses. If you can get a whole broad enough consistent data (both qualitative and quantitative), then compare your numbers with this data set, you can get a feeling of relative performance. Obviously, it is the care must be exercised when sharing, but the ability to transcend "yellow" (not bad) identifying current and arbitrary issues as 'red' (bad), or "green" (a little better) allows us to finally have some clarity on the effectiveness of our sensitive data security programs. In addition, metric and reference data can be exploited internally to provide goals and illuminate the trends to improve key security operations.

Those of you who espouse quantification acquire an objective method to make decisions regarding your security program. No more black magic, Voodoo or hypnosis for your approved budget, OK?

The paper has a landing page, or you can download the document directly: Security Benchmarking: Going Beyond Metrics (PDF).

While you enjoy the paper, please send a thank you to nCircle for her licence.

-Rothman (0) Mike comments
More aboutNew white paper: comparative analysis of security: beyond the parameters

Mobile security for oblivion

Are you interested in security of mobile applications? Max Veytsman, consultant in security at security Compass, to speak on this hot topic at the next meeting of the OWASP Toronto Chapter. Come and check it out! Date/time: May 11th, 2011 5: 00 - 6: 00 PM place: Auditorium C, 315 Front Street West, Toronto, ON M5V 2 d 6 length: 60 minutes [...]
More aboutMobile security for oblivion

For your account: SDL progress report

Hello all world-Dave here...

I wanted to take a few moments to alert you about a new publication of Trustworthy Computing, entitled "the SDL Progress Report."  This work is in progress for a number of months and integrates the data and the analysis of various groups in our Organization. We hope that you will find valuable information on the lessons of development secured at Microsoft, how we have applied the science of security and the correlation between the process of global security, risk reduction and organizational effectiveness.

If we have learned a truth prevails over the years, is that threats to security are not static - as a result, our work to secure software development and the evolution of the SDL to stay ahead of the complex attacks will never be made. We believe that our SDL tools and processes add value and should be shared widely with the ecosystem of security - a collective effort is needed to meet the threat to computer users around the world.

The first section of the document focuses on the history of the Microsoft SDL since its early days - highlighting important milestones in the development of the SDL process.  As we have collected material for this section of the document, it wound up being an interesting history lesson; from original TwC memo from Bill Gates in 2002, he discovered the inclusion of a large number of processes and technologies over time that make up the SDL, as it is practised today.

For example, some of the theoretical foundations of the threat of process modelling (including STRIDE), are based on a document written by Praerit Garg and Loren Kohnfelder in 1999. We would be remiss if we did not include a "tip of the hat" security researcher community. We have noticed an increased use of technical fuzzing to find vulnerabilities from the late ' 90. In accordance with the "use what works" philosophy here, we have integrated the fuzzing in the early days of the SDL - we remain aggressive advocates of fuzz testing to date.

In the second section of the document, Matt Miller has done an excellent job to illustrate our ongoing commitment to the science of safety.  And going into detail on mitigation techniques required by the SDL, the science of security section exposes some interesting information on the adoption of these techniques by a section of the ISV community.

We surveyed 41 popular applications around the world to evaluate the use of technologies such as ASLR and DEP.  In addition, we have further analysis to look at the use of these technologies in four European countries - France, Germany, Russia and the United Kingdom.  I would encourage you readers of the blog to take a look - the results are telling.  For example, use of ASLR in 41 apps sample all is mixed-34% activated full support, 46% partially allowed to support and (unfortunately) 20% did not support ASLR in their applications.  Many data much, much perceptive analysis...

As mentioned above, one of the goals in writing that this article was to illustrate this point by using a holistic development process is that a good idea - holistic security process leads to the reduction of the risk, but also tracks to increase organizational effectiveness.  Two recent studies published by Forrester Research and the Aberdeen Group lend faith in this statement.

Forrester Consulting thought leadership paper (full disclosure: study sponsored a Microsoft) concluded that end-to-end security approaches reduce the risk and increase the King; and those who use SDL (or similar SDL process) report significant ROI gains to organizations that do not support a coordinated approach.

In addition, Aberdeen Group (independent research) concluded that the average investment in the process of comprehensive security is $400 k - while the average cost of fixing a vulnerability critical after deploying the application, close to 300 k $ by the vulnerability.  It requires no great intellectual conclusion feat than a deliberate find approach and fixation vulns pays for itself very shortly after the first critical in a development project vulnerability is found and fixed, before release. Finally, the respondent companies Aberdeen reported a 4 x return on annual investment for those who adopt an approach deliberately to the realization of the security of applications.

Two things struck me, I have worked with Matt and others on the creation of this report.

First of all, to advocate a point of view, I think that the days of "easy find" vulnerabilities are more.  Note, I am not saying that there is no easy vulns still there - I know that the security research community will continue to find issues based on a process, human error or equipment failure. That said, Microsoft is seeing an increase in the number of attacks that are unique and complex. For example, the attack on IE8 in the "Microsoft" required three individual vulnerabilities CanSecWest contest - and two of those already was set using the SDL to announced.  This is a very innovative approach - to illustrate my point of view.  We see more complex cases "edge" - not the traditional stack overflows that we have witnessed five years ago.

Second, I remain convinced that the approaches of the "list of basic" security (at the useful starting) are not a bet of good long-term development concerned about security associations. Until recently, allegations about the effectiveness of holistic approaches were based on anecdotal data and usability of the digestive tract.  I think over time, IT associations will be faced with the need for something more than the typical "how I stack against process x?" or the last security popularity competition. Therefore, the adoption of security processes of dynamic end - as the SDL - that follow the threat environment and adapt accordingly the process and technology, will increase.

Thank you for reading - download the report and the sounds in the wide, what you think!

Dave

P.S. Stay tuned for more details on how the SDL is using real organizations with the challenges of security.

P.P.S. that follow our Twitter feed http://twitter.com/msdl for more information about SDL News releases, events and news!

More aboutFor your account: SDL progress report

N-Stalker is winning 2009′s the web application, database security security software, said!

SECURITY-database, one of the entities of more accredited in the world dedicated to identify and evaluate web security threats (and the best tools available on the market to combat them) named N-STALKER as winner of the 2009's in the assessment tools web application security. It is the result of 10 years, entirely dedicated to the creation, design and development [...]
More aboutN-Stalker is winning 2009′s the web application, database security security software, said!

Security compass to RSA

This year we are going back to RSA to deliver a pair of 1-day training course: hands on the security of applications and the hands on the security of the database. Both are introductory courses to get students match up to fast on these important topics. Know someone who is interested?
More aboutSecurity compass to RSA

The State of Application Security: key findings - a webcast from Forrester & Microsoft

HI all - Doug here

Earlier this year, Microsoft has worked with Forrester Consulting and Dr. Chenxi Wang, analyst on secure development of applications, to assess the current state of the security of applications among the largest companies in the United States and the Canada 150.  I discussed in February when we publish it on this blog. Report has proven to have a lot of very interesting data, that which some we talked about earlier when we published State of the application - security A Forrester Consulting Thought Leadership paper commissioned by Microsoft on our Web site.

Microsoft is hosting a webcast on Monday, May 23 at 11 PAH with Mr. Wang talk about the results and recommendations based on the information contained in the study.  I will follow her presentation with a brief presentation of my own discussing the similar benefits that we have seen in our interactions with other organizations. Both presentations will demonstrate that the SDL as a process from end to end that engages all stakeholders within an organization can have a significant impact.

The current context of security and compliance is the engine of many organizations look at their own secure application development practices.  The results of this study and the information in the retransmission can help provide key elements of the justification for the company to start a secure application development program which is more than just compliance.  The findings of this study are very clear that there is a commercial advantage not only doing better security of the application, but also in the King of the evolution of business around the software development culture.  It is an excellent opportunity for your business decision makers to hear the facts and help you make your case.

Come and listen to and have the opportunity to ask questions.  You can register here, Business Insights Webcast: the State of application security: key findings.

More aboutThe State of Application Security: key findings - a webcast from Forrester & Microsoft

Tuesday, June 21, 2011

The chronic SDL - how a change in Culture of engineering driven by the needs of security paid

Error in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 9737.
Error in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 9842.

Hi All – Doug here…

We recently had the opportunity to get an inside look into a large company’s journey addressing a web application security incident that led to a deep analysis and change in how a development organization builds security into their software development process.  

MidAmerican Energy Holdings Company is a global leader producing energy from diversified fuel sources for the U.S. and U.K. consumer markets with approximately 6.9 million electricity and gas customers worldwide. In mid-May 2008, the MidAmerican Energy website was under attack from a botnet titled banner82. Botnets are networks of compromised computers controlled by hackers known as “bot-herders” and have become a serious problem in cyberspace.

The company has a long tradition of customer service so this was a very important issue to them. They surveyed industry best practices and chose the Microsoft Security Development Lifecycle (SDL) as their preferred process for developing secure software and changing their engineering practices.

This story is captured in a new case study that takes you through the entire story of the cyber-attack and steps to resolution. Important issues show up like the need for executive support and how to get everyone onboard as MidAmerican raised security development as a central focus for their internal development group moving forward. The case study validates the need to make deep changes when necessary within the software development culture versus performing “security around the edges”. Other important insights detail how an aggressive timeline created focus and gave everyone a clear goal. The case study reports on how the company was able to significantly reduce the number of vulnerabilities and meet their security goals while setting the company up for long term success.

What we found particularly interesting was that after they went through this experience, MidAmerican was not only creating more secure applications but they also found something they hadn’t counted on. The SDL’s process requirements and the resultant engineering culture shift had brought together the entire development organization with QA in a way they hadn’t seen previously. Together they engaged in the SDL process and as a result there were fewer security bugs that were found and needed to be fixed late in the process – when it is most expensive. MidAmerican saw a real productivity gain out of their development organization, not just better application security. These ROI results mirror the key findings from the recent Forrester Consulting thought leadership paper as well as the Aberdeen Group research report. You might also want to take a look at the SDL Progress Report as it provides much of the same information that MidAmerican used to make their decision to implement the SDL.

Check out this fascinating real life story that we often don’t get to hear.

 

More aboutThe chronic SDL - how a change in Culture of engineering driven by the needs of security paid

Balance between the short and Long term

Our pal Eddie Schwartz was appointed CSO of RSA earlier this week, probably with a major role in the mothership (EMC). The Tweeter has exploded with congratulations, as well as the warnings on the difficulty of the task, given the various footwear that will inevitably continue to drop resulting from the breach of April. Believe me, Lockheed and L-3 are at the tip of the iceberg.

Also think about Sony, which had been submitted to a continuous pirate maimed loves them which we had not seen before. The sad story is documented in real time at attrition.org. Shit, they even did have Sony a verb (sownage). Which is never good. Sony has recently appointed fellow to resolve, and he faces the same challenge: Eddie. How you drive consistent awareness and behavior change to protect the information in an organization of tens of thousands of people?

You had better have a plan and not in the short term. There is no quick fix for a situation like this.

Why can not Sony and EMC simply write some checks and resolve? Would that be nice? But as my father-in-law said, "If this is a problem you can solve with money, it is not a problem." Guess what? It is a problem. SHRDLU recent missive really illuminates problems to everyone to March for exactly the same drum. As she said, it takes a lot of time (think years, not months) to the effect that the level of change.

As if it were the only issue with these guys, the situation would be manageable. Kind of. Unfortunately it is not so simple, because we live in a world in the short term, and two of them should play find droppings, - I want to say, an assessment of the risks, understand where reside other soft targets. Then, they need to monitor these resources and watch carefully for signs of attack. Like sharks smell blood, it will not take long before the next wave of starving attackers surrounded the trucks, that happens now with Sony. It is the plan in the short term.

But we know that short term is a fun way to consume all resources, forever. You know, life is a series of fires in the short term which must be addressed. Long-term plans never mature (and often are not yet be made). It is what separates the organizations that recovery of breaches of those who do. Art is to pay attention in the short term without losing sight of long-term goals.

Yeah more, easily said than done. Sony, RSA/EMC, Epsilon, Lockheed and all other organizations present in the cycle 24/7 media have an excellent opportunity to take advantage of their pain in the short term to implement the structural changes in the long term. They will do? I have no idea, but we know enough early by keeping an eye on the first page. The media are like that.

-Rothman (0) Mike comments
More aboutBalance between the short and Long term

Computer of Terry Tips Newsletter - June 19, 2011.

When I started my free newsletter, seven years ago, I did not dream that I could keep writing a weekly newsletter for seven years. I was certain that I did of topics and things to say during this period.

Thanks to you, my subscribers, I get questions and thoughts that help me to continue. The issues are important, both for you and for me. Although I try to address at least all the questions, some of them are really good subjects for the articles in the newsletter. I understand that.

As I hope that you are aware, my E-mail newsletters are not published on my website immediately, so the only way to get these really appropriate articles is to subscribe.

Some of the email newsletter articles never make it to my web site. They may be special messages to subscribers or perhaps simply to update at the time that I would otherwise be their position on the site. [...] What CAPTCHA and why do websites Use It?
From time to time, I get a strange message to a Subscriber. They could be confused. They feel frustrated. Or, they could be unhappy…

In it, it is a matter of misunderstanding - a misunderstanding by a computer user on the "confirmation" on the web site requirements.[...]

Not a Subscriber? It is easy to obtain these articles…

Subscribe to my free Terry computer tips newsletter and then use the automatic answering machine for the last two email issues!

This week online:

With my new design of the web site of Terry, my computer tips, I publish now articles individually rather than as a question online. This also means that I can link with the articles, as I have below:

  • Excel - how to display the column a
    One of the major features of Microsoft Excel is that we can hide individual columns, column groups, and even several groups of columns. Similarly, we can hide the lines. For example, to hide the columns e and F, just click and drag the e header on the e column in the header of f in column (f) [...]


VIPRE Antivirus and
VIPRE antiviru Premium
-June Specials

GFI has added a new option for VIPRE Antivirus and VIPRE Antivirus Premium - a new life of PC subscription option, but they have announced that it was a special June!

VIPRE Antivirus PC lifetime
1Pc-$89.95
2PC – 99,95 $
Unlimited Home license-$129.95

VIPRE Antivirus Premium PC lifetime

1Pc-$109.95
2PC-$introductory
Unlimited Home license-$159.95

This week online - Blast From The Past
Newly posted articles

Here are the new individual articles this week on the site of Terry, my computer Tip that have posted in my e-mail or online newsletters.

As above, they are now direct links to individual articles…

  • What is the IP address?
    Subscriber Joseph Murphy has written request:

    I wonder how an IP address is determined and whether it can be modified and how? Thank you, j. P. Murphy.

    It is a good question, Joseph. The response can be simple or it can be used to educate. If you navigate to your home network or access your Internet [...]

  • I want a real backup program
    Subscriber Mike Gallagher recently wrote about his computer backup:

    Terry hi, I'm confused about "backup" on your computer. I see all kinds of advertising and articles on the computer backup. What I see, all is not a real backup. What I mean as a "real backup" is that, if [...]

I love the redesign of web site of Terry, my computer tips - making display section and maintenance much easier than before. I am glad that I switched to WordPress and the Genesis theme framework.

More aboutComputer of Terry Tips Newsletter - June 19, 2011.

OWASP Top10 2010 released!

A few weeks earlier, OWASP - Open Web Application Security Project releases new version of its project known: OWASP TOP 10. It is the third edition of this project on plues 10 found in web applications vulnerabilities. From the previous edition of 2007's, the list of vulnerabilities was not [...]
More aboutOWASP Top10 2010 released!

Computer of Terry Tips Newsletter - June 12, 2011.

Terry hi, I have a computer running Windows XP, SP-2. This will install not SP-3, or [...] Ability to master disk HDD SMART disabled
This week, Subscriber long Tom Sosna wrote an unusual problem.

Dear Terry, I am an avid reader of your newsletter and await his arrival weekly. I learned many things from him, but unfortunately I can still do some things… dumbLa second stage involved running the "check disk" tool in Windows XP. I have checked the box fix and repair as indicated… When I opened my monitor I got a black screen indicating that the capacity of master SMART hard disk had been disabled and it is also responsible for [...]

Not a Subscriber? It is easy to obtain these articles…

Subscribe to my free Terry computer tips newsletter and then use the automatic answering machine for the last two email issues!

This week online:

With my new design of the web site of Terry, my computer tips, I publish now articles individually rather than as a question online. This also means that I can link with the articles, as I have below:

  • The displaying of video on a TV
    Thailand written Keith Vogon Subscriber

    Dear Terry. While trying to find an answer via Google, I suddenly realized that I have a great guru so here goes. I was transferring my films to drive Western Digital Passport hard and suddenly realized that I didn't know how to connect my TV to
    [...]


VIPRE Antivirus and
VIPRE antiviru Premium
-June Specials

GFI has added a new option for VIPRE Antivirus and VIPRE Antivirus Premium - a new life of PC subscription option, but they have announced that it was a special June!

VIPRE Antivirus PC lifetime
1Pc-$89.95

2PC – 99,95 $
Unlimited Home license-$129.95

VIPRE Antivirus Premium PC lifetime
1Pc-$109.95
2PC-$introductory
Unlimited Home license-$159.95

This week online - Blast From The Past
Newly posted articles

Here are the new individual articles this week on the site of Terry, my computer Tip that have posted in my e-mail or online newsletters.

As above, they are now direct links to individual articles…

  • Touchpad of the notebook stopped working
    I received a question this week of a subscriber who feared that his computer had been used to send spam during the night.

    Terry, the night before last, I left my computer on, something I normally do not, and after about 2: 30 pm, approximately 20 e-mails have been sent from my account to everyone [...]

  • Junk Mail is sent from user account
    Subscriber Greg h. wrote this week about a problem he had with his Acer laptop:

    I have a Acer Aspire 4720Z now has a frozen cursor. Using the touchpad has no effect, the cursor is just in one place on the screen. Any suggestions? Thank you first of all, I wrote back to Greg at [...]

I love the redesign of web site of Terry, my computer tips - making display section and maintenance much easier than before. I am glad that I switched to WordPress and the Genesis theme framework.

More aboutComputer of Terry Tips Newsletter - June 12, 2011.

Return on investment (ROI) and Secure application development: a holistic approach can save money and increase productivity?

Doug cavity here to speak to a presentation, that I give to the Conference RSA with the results of a consultation of Forrester think paper of leadership that we have recently published. 

We're often asked, "what is the real return on investment for a program of developing secure in place application?" Wisdom is that the development of secure applications is more expensive that do, the probability of having hacked is low and most organizations really do not have the time or resources to the right. In other secure development organizations is recognized as important; but in practice, the corners are cut and only some activities requested in global security, processes are really ended. There are many examples of the failure of these philosophies in the news.   

We thought about it for some time now. and we have concluded that the Microsoft SDL process does in fact provide return on investment beyond the costs of implementation. To this day however, we did not examined systematically outside the company to confirm our belief that the holistic process shall benefit from a bottom line of the organization.

We have worked with Forrester Research to refine our thoughts and test our premises with 150 Fortune 1000 companies. Forrester concluded that most of the companies in the study does not use a process of development of global security. However, those who have a process (such as the Microsoft SDL), many saw improvements in the overall - especially when King compared to those using ad hoc solutions or approaches to the "list". 

This report provides an overview of the security of the current applications of development practices, exposes gaps in common in the process, and addresses issues that can arise to do not with a comprehensive approach to ensure the development of software. In addition, the report provides guidance on possible improvements in the process and suggests ways to measure development security King. The report can be found here: Forrester Consulting State of Application Security Thought Leadership white paper.

At 16: 10 a.m. on Tuesday 15 February, I will explore this topic more in depth in the booth of Microsoft at RSA. If you are at the RSA Conference, stop and tell us what you think!

More aboutReturn on investment (ROI) and Secure application development: a holistic approach can save money and increase productivity?

Excel - how to display the column a

One of the major features of Microsoft Excel is that we can hide individual columns, column groups, and even several groups of columns. Similarly, we can hide the lines.

For example, to hide the columns e and F, just click and drag the e header on the e column in the header of column (f) f. Then, right-click in the selected E - F header and select hide from the popup menu.

When we want to see again the hidden columns, the show command is used.

Continuing the same example, click on the header D (or any header before the hidden columns) and drag on the hidden columns in the column to the right (in this case G). Click the headers of D - G selected, and then select Show.

This is nothing to hide and show columns.

But what happens if you have hidden A column? There is no column on the left that you select and drag. How we can display A column?

This is a non-obvious feature of Excel comes into play.

The box at the intersection of the letters of the column and line numbers is the key. If you click on this box, you select all the rows and columns.

Once they are selected, simply click on one of the letters of the displayed column. Which will display the popup Menu. Select view from the menu, and you are done.

More aboutExcel - how to display the column a

What is the IP address?

Subscriber Joseph Murphy has written request:


I wonder how an IP address is determined and whether it can be modified and how?

Thank you, j. P. Murphy.

It is a good question, Joseph. The response can be simple or it can be used to educate.

If you access your home network or your provider network Service Internet access as a method to get to the Internet, the basic answer is that the IP address that you use to access a network is assigned by the network administrator or the DHCP (Dynamic Host Control Protocol) server.

You can get assigned a static IP address, in which case you're told to set your computer or your router to use the specific IP address assigned to you. You are also provided with the netmask to use and, perhaps, the specific use computer name.

Your ISP may also require the Media Access Control (MAC) address of the piece of equipment that connects to their system. In this case, they are usually control access to their network address MAC address, or the combination of IP address and MAC address.

Most often, you will get your IP address assigned by DHCP, in which case you're told to set the connection to the network from your computer (or router) If you have to obtain its IP address in the network via DHCP ISP, then it will be automatically assigned.

At first blush, DHCP may seem to be a way to get different IP addresses. After all, the really "leases" DHCP server the IP address to a specific MAC address for a specified period, often 24 hours. However, at the end of this period, the computer (or router) with the IP address will be apply for a renewal of its IP address. If this address is not currently in use, the DHCP server will assign it for a new period of rental.

In the same way, the DHCP protocol often give the same specific (or router) computer IP over and over - simply because the license has expired and this computer was the first to say "I want to renew my permit to address IP XXX."YYY.ZZZ.AAA, or give me a new if this one is used. "Although of course, the computer (or router) really does not mean all that it simply sends the signal saying that he wished to renew its lease.

Then, how you get a different IP address?

First of all, if you have a static IP address, you can contact your ISP and ask a different. They you probably want to know why. They may or may not be interested in giving you a different IP address.

If you have a dynamic IP address, I believe that the best way to do that may be for a different network card (if you are not using a router - and you should use a router for security purposes), so it will have a different MAC address (they are unique to each piece to individual network equipment).

If you use a router, most routers will allow you to specify the MAC address which is presented on the side of the Internet of the router (rather than the side home network). Which was intended to allow the user to modify the hardware without having to go through efforts of reconnecting with the cable or DSL Internet service provider.

What happens if you have a combination Modem DSL + router? In this case, you may not be unable to change the MAC address of the router. Since the router gets the IP address of the Internet, or what IP address is assigned by the ISP, you are stuck with what they will do you for you.

This seems confusing, which is why most ISPs use DHCP for the allocation of IP addresses - so that they will not have to debug as often for their clients.

Related articles:

More aboutWhat is the IP address?

Monday, June 20, 2011

Migration of files when moving from a Vista computer to a Windows 7 computer

After the article of last week mentioning the backup program to use Acronis True Image home 2011, I received a Keith Vigon subscriber email with a question on the subject to use in its process of upgrading its operating system:


HI Terry.

Usually when I turn to computers, I have the same problem (very) Basic, namely moving my contact email, contacts, old messages etc. to the new computer, the same applies to the bookmarks in different search engines, as well the files, photos, etc..

Almost everything I could want from the old computer to be available on the other and a Neanderthal like... hmmmm... me, to be able to do so. The program that you described in this last missive would work, or is there a best suitable for this.

The problem, I think that I can encouner is now I am using Vista and a new computer will have Windows 7 - which will be a problem?

Thanks as always

Keith

I wrote back to Keith to remind him that Acronis True Image home 2011 is a backup program - it is not a migration program to automatically move all your files and settings to a new computer.

If you restore the image of a system of Vista on a Windows 7 computer, it would overwrite everything on the Win7 computer with Vista backup - including the rewriting of Windows 7 itself with the backed up files of Vista. However, the system probably not be bootable, since the equipment would be different.

The problem is that your different drivers (video, ethernet, etc.) would not meet the new hardware. Another part is a Microsoft anti-piracy, Windows is no longer installs all the chipset drivers on the Windows installation DVD, so if the new computer has a chipset northbridge and southbridge different that the original computer, the operating system restoration will miss some critical files needed to start successfully.

While the "Plus Pack" ATIH2011 includes the possibility of creating a backup to restore "different material", if you perform a restore of the image, it is the operating system and all. -When you start the first time, it will ask your Windows license code to license the OS on the new hardware.

The actual value of an image of ATIH backup in this situation, it is that it would be available for you to copy of individual files and folders on the new computer. ATIH will "mount" the image as if it were a hard disk - and you use Windows Explorer to copy files and folders of this pseudo-drive to the computer. In this way, you could get your data - then or later.

Your programs have to be reinstalled as the programs often store information in the Windows registry. You do not want to copy the files from the Windows registry of the computer in Vista on the new computer, even if you could (when you run Windows on the new computer, it locks the registry files, so that you could not have replaced their).

There are some programs designed to migrate the settings of new computers, but I haven't tried them. Use one for a customer that Dell sold with their computers about 5 year; Unfortunately, it is very basic common programs (settings windows, IE, Outlook Express settings, settings of Microsoft Office) and ignored most of his tricks.

Microsoft has their own free program for you help to migrate to Windows 7. He called Windows easy transfer and can be downloaded from the Microsoft web site.

More aboutMigration of files when moving from a Vista computer to a Windows 7 computer

I want a real backup program

Subscriber Mike Gallagher recently wrote about his computer backup:


HI Terry,.

I am confused about "backup" on your computer. I see all kinds of advertising and articles on the computer backup. What I see, all is not a real backup. What I mean as a "real backup" is that if a hard disk crashes - even one with the operating system on it, full recovery can be done. This is true even if the disk crashed with its smell and Visual effects included - a resulting head crash is loud nasty, short films circuit with sparks and nasty stinking smoke. O.K. get you my point.

If I have a real backup, I replace the hard disk, load the backup CD or DVD, boot and start all the required files on the new hard disk loading, delete the backup media, reboot and am right where I was running, just before the excitement.

Such a procedure really exist, or is just a backup of "backup" application, but not all install them and programs run info? It seems that this is what are backup programs.

I'm looking for a backup program, or any term that you want to use, which allows me create a CD / DVD or a set of them that I can retrieve as described above, without having to go find my original install disks for operating system and applications as well.

I am running windows 7, 64 bit, home premium.

Thank you

Mike G.

Mike the asking - and I am already using, as a number of readers of computer advice of Terry. The solution is a backup image program called Acronis True Image home 2011.

You can make your own recovery from the DVD if you want, or save the image in a large file on an external drive, on a computer across your home network, or even on a second physical hard disk in your computer.

While you could save your image backup and subsequent incremental backups on a separate partition on the same hard disk, which would put all your eggs in one basket.

Be sure to create the CD bootable ("Create Bootable"), since you need (to start so that you can run recovery on the CD) If you actually replace the drive or restore your C: drive.

You can schedule backups to occur when you want to that they occur and the backup that you want to save.

I used Acronis True Image home for a few years - version 7, v9, v10, v11, v2009, ISU and now v2011. It retains everything improves.

More aboutI want a real backup program