Blog

Windows Server 2003 Support Ends Next Year

The Microsoft Windows XP end of life cycle has come and gone. Now, XPs server counterpart, Windows Server 2003 and 2003 R2, will be loosing support as well. According to the Microsoft Support site, Windows Server 2003 will no longer be supported after 7/14/2015. After this date, Microsoft will no longer push out security patches.

MCS recommends that any Server 2003 machine should be migrated to a newer version as soon as possible. The later versions of Windows Server like 2008 R2 and 2012 will still be supported for years to come but in most cases, Server 2012 will be the best path. If you are worried about how long an investment in a new server may last, Microsoft states on their website that:

“Microsoft will offer a minimum of 10 years of support for Business and Developer products. Mainstream Support for Business and Developer products will be provided for 5 years or for 2 years after the successor product (N+1) is released, whichever is longer.”–http://support.microsoft.com/gp/lifepolicy

Legacy server managers might see this July 14th, 2015 date as plenty of time to upgrade although that may not be the case. For those servers running Exchange 2003, support has already ended as of 4/8/2014 making a migration even more critical.

Any server currently running Windows Server 2003 has had a long life and the time has come to upgrade. To put its age into perspective, a student going into the 2nd grade at the time of Server 2003s release would now be entering college in 2014. In computer terms, that is an eternity. MCS has been assisting business customers transition to newer server platforms for over 11 years and we can help your organization too. Contact us today for a free evaluation.

RightTrack, our Newest IT Service Offering

Some of our customers might know this new service as simply as an IT Service Agreement, but we have added extra value with our new RightTrack service. Customers that want a simple and proactive solution to their IT needs should defiantly consider RightTrack. This offering ensures that your business is heading down the right track by combining a guaranteed service level, networking monitoring, and a dedicated engineer assigned to your account.

With MCS RightTrack, you get access to our entire team of veteran IT consultants while still having an assigned tech for most service calls. This service is a perfect fit for business that are on the fence about whether or not to hire a full time IT person. Hiring a single IT manager is very expensive when you factor in salary, recruiting, management, benefits, vacation, and idle time. Instead, going with RightTrack from MCS gives you a tech that does not waste time, and has the experience of working with several other companies just like yours. This allows MCS to recommend best practices that are tried and true without spending lots of time in the process.

For more information about this new service, please visit MCS RightTrack

MCS Offers DR and Business Continuation Services

We are proud to announce that we have launched our Business Continuation center. It is located right next to our data center so we can provide high speed access to your critical data. In the event of a disaster, our clients that have signed up for business continuation services will have access to workstations with phones, Internet, and their DR servers. By securing workstations before a disaster, our customers have the ability to install their custom software and run drills to prepare. Then, if this service need to be used in the real world, the process will be smoother and quicker.

We feel this addition to our existing Disaster Recovery services is a great fit for the demands of our customers. If you are interested in adding Business Continuation to your service, contact us for a quote and a tour today.

The OpenSSL Bug, Heartbleed, Has Vast Security Implications

As you may have heard in the news, a vulnerability, the “Heartbleed Bug”, was discovered this week in OpenSSL (Version 1.01 and beta 1.0.2), the software that is widely used for encryption across much of the internet. MCS run servers were not found to be vulnerable to this bug.

The security risk is that a vulnerable server could be exploited to feed data contained in RAM to an attacker. Among this data could be SSL private keys. With a private key, secure website traffic can be eavesdropped.

Along with private key information, attackers could also gain access to any sensitive data residing in memory. On a database server for instance, this could lead to direct access to any database content currently being stored in memory. The implications of what types of data that can be exposed will vary from server to server and the full scope of what that data could be used for in the future is unclear.

To test your servers, use the tool at https://filippo.io/Heartbleed/. You can also let the engineers at MCS take the burden off of your shoulders and perform a Heartbleed audit and patch any affected servers. Request a Heartbleed audit now.

As a web user, you also need to be mindful of sites that you have used and logged into before they were patched. As a precaution, changing your password to these sites is recommended as long as they have been patched and a new SSL private key has been created. The reason for this is if a private SSL key was compromised at any point, any traffic to the server is considered insecure and your login information, as well as any information you saw on your screen while at that site, could have been seen. Odds are that your data was not snooped in on by a malicious party and changing passwords should just be a precaution. As with most security recommendations though, your should always plan for the worst and hope for the best.

On April 8, 2014, Microsoft Will Pull the Plug on XP

April 8, 2014. That’s the day when, after more than 13 years, Microsoft will officially end support for Windows XP and Office 2003. Like millions of others around the world, you may be perfectly happy with your XP system, but it’s now time to move on to either Windows 7 or Windows 8. Here’s how.

After April 8, Microsoft will no longer release any patches or updates for XP, even if critical bugs are found. The only exceptions will be for large corporate customers willing to pay $200 per computer for a year’s extension of “premier” support for hundreds, or thousands, of machines.

Cyber attackers will be able to target vulnerabilities in Windows XP without fear the flaws will be patched, and there won’t be anything users can do to protect themselves besides upgrading to a newer operating system.

Experts worry there will be a jump in the number of attacks targeting XP users come April, especially after new flaws in XP are inadvertently revealed by related fixes to Windows Vista, 7 and 8.

Since you’re going to have to migrate anyway, you might as well as move toward a XP-free future now, instead of waiting for attackers to wreak havoc with your digital life.

Who’s still using Windows XP?

Approximately 15 percent of enterprise users still have Windows XP running on their networks, down from about 35 percent at the beginning of 2013, according to the latest statistics from cloud-security firm Qualys of Redwood Shores, Calif. The company estimates less than 7 percent of enterprise users will still be running XP in April.

Pick an operating system

Before kicking off the migration process, it’s important to decide whether to move to Windows 7 or to Windows 8.

Windows 7 is already more than 4 years old. Mainstream support — i.e., free telephone or online support — for Windows 7 will end in January 2015, although extended support, which includes security fixes, continues until 2020.

Windows 8 — technically Windows 8.1 when the latest updates are added — will require a bit of tweaking for many applications, because the user interface has substantially changed from the “classic” Windows look. But mainstream support for Windows 8 won’t end until 2018, and extended support will go until 2023.

MCS still recommends buying a new PC with a Windows 8 license, but using downgrade rights to run Windows 7 instead. It appears that Windows 8 was DOA for the business world and waiting for another major update or skipping 8 entirely might be the best strategy for now.

Windows 8 is Still Not Ready for Prime Time

Windows 8 Pro was released last year and we are still not recommending it to our clients. Windows 8 overall is not a bad operating system in the same way previous clunkers from Microsoft have been. Other OSs like Windows 98 first edition, Windows Me, and Windows Vista, were easy to use but were buggy and unstable. Windows 8 suffer from the reverse problem.

What lies underneath the hood of Windows 8 is really great work. This latest OS can be faster, more reliable, and even built in some really great features that users can benefit from like better dual monitor support. The problem is that Microsoft decided to put the steering wheel in the middle, and change the basic way we have interacted with a PC for the last 20 years.

Ransomware is a Rising Threat

There is a relatively new threat gaining traction called Ransomware. Unlike most traditional viruses, ransomware may not be a recoverable issue after an infection. The basic idea behind this software is a user gets a virus through an email phishing scam or another source. Then, the virus goes to work on files by using encryption to render data unreadable. Afterward, the user is presented with a demand for payment and a countdown timer. If payment is not made before the end of the timer, the digital key to recover the encrypted data is deleted. Once that happens, there is little to no chance the files will ever be recovered.

In the past, viruses presented more of an annoyance rather than causing real permanent damage. The worst damage MCS engineers usually see is from viruses that use key logging to gather passwords and sometimes even move real money out of bank accounts. While that is a huge issue, it is still often recoverable by alerting the bank to stop the transfer. With these new ransomware viruses, even if a user pays the ransom in time, (usually around $300) there is still a possibility that the key has already been deleted or lost. If the authorities find and shut down a rouge server storing keys, all of the users with keys on that server are out of luck. Even after paying, some files may encounter an error during decryption and still may be unrecoverable.

The latest ransomware threat, called Crypto Locker, started showing up around September 2013 and it is still spreading. Currently, the onlyway to restore an encrypted file is to obtain the key from the attackers. These programs really do live up to their name as they do have control over access to personal files. Ransomware viruses affect all versions of Windows going back to XP.

This new threat is still a virus and can be avoided like any other virus. Avoid emails that look odd and never click a link unless you are sure it corresponds to something you are expecting. Never click a link that claims to be tracking a package you don’t remember ordering. It is safer to copy your tracking number and type the carrier’s web address in manually, or paste the number into a Google search. Even if you can see the carrier’s name in the link, that does not mean you will be taken to a legitimate website.

As always, MCS recommends that users always use up to date anti virus software and SPAM protection. Please contact us if you are interested in a security consultation to lower your chances of infection.

New VVX Line of Phones from Polycom

We have been a Polycom partner for several years and relied on the dependability of Polycom’s Soundpoint IP phones. Now we have a new line to offer from Polycom called the VVX. These phones boast a larger color screen and more line appearances. The cost is similar to the Soundpoint series but VVX offers more features. We have more information on our VoIP page.