Archive for the ‘Commentary’ Category

Mac Tax

December 3rd, 2008

The little extra fee you pay on new PCs for Microsoft Windows, whether you want it or not,  has long been called the Microsoft tax, but what about their counterparts over at Apple?  Is there a Mac Tax?  Let’s check.

I bought a new laptop about four months ago.  I had entertained both a Dell and a Mac.  The Dell I looked at is the Latitude D830, the top of the line of their business laptops.  I then tried to spec a similar MacBookPro, which required the addition of some options and a three year warranty to match the Dell.  Here’s the interesting part – the Dell cost $1050 and the Mac was right at $3000.  That’s a price differential that’s hard to justify on performance or utility alone.

To try to better compare the buying decision, I decided to set a theoretical spending budget of $3000 and see what I could get.

Option 1

  • Dell Latitude D830 laptop ($1050)
  • Asus EEEPC 1000 ultra portable laptop ($500)
  • 1 Terabyte external hard drive ($175)
  • 5 x 4GB USB thumb drives ($150)
  • Nintendo Wii ($250) – After all that work, a little fun is in order
  • 42″ plasma TV ($750) – Maybe a little more fun while we’re at it

Option 2

  • MacBookPro ($3000)

For the money, I will take option 1.

Before you Mac folks stone me, I do like Macs.  I work with them regularly and always walk away impressed.  BUT the apparent Mac Tax has always stopped me short of actually buying one.

I think I’ll go play on the Wii for a few minutes and think about it.


How to Benefit from Microsoft’s Mistake

December 2nd, 2008

In late October, Microsoft released a software patch to address a problem in Windows operating systems.  Every month Microsoft releases new software patches on the second Tuesday of the month, aka Patch Tuesday.  For most companies Patch Tuesday is followed by Reboot Wednesday which is when the most important of these updates are installed and  systems rebooted.  In larger companies, Patch Tuesday is the beginning of a process to prioritize, test, and stage these updates as needed.

So what’s the big deal about October?  Microsoft released an out-of-cycle patch (MS08-067) for Windows on October 23rd, nine days after Patch Tuesday.  Typically patches are queued up until the next second Tuesday, but this one was so important that Microsoft released it immediately.  The urgency about this patch was directly related to the potential damage that could be caused by the flaw it fixes.  In theory the flaw could be exploited by a worm that would blow through networks like wildfire, causing severe damage along the way.

To be fair, Microsoft’s mistake was the flaw in Windows; their handling of the situation has been very good.

How can you benefit from this?  It’s now over a month past the release of this patch, and it’s time to look at how your business handled the situation.  You can use this event as one method to evaluate your overall IT posture.  If you are in management, this may require digging in with the technical folks to get the details.  Specifically, look at the following areas:

  • Awareness
    • When – When did your organization first become aware this out-of-cycle patch had been released?  Was it within hours, days, a week, or more?
    • How – This is important.  How did your company learn about this?  Was it picked up from active reading of email, blogs, news?  Was it just luck that someone noticed it, or do you have an active process to stay informed?
  • Attention
    • Did this event garner the proper amount of attention from the proper people?  If awareness was high, but the appropriate people were so busy “putting out fires” that they didn’t get to it for a week, you have a problem.
  • Application
    • How quickly was this patch applied?  Given the unplanned nature of it, did this patch take longer than normal to go from awareness to actually being installed?
  • Audit
    • Has the installation of this patch been audited?  You need to know that the patch was actually installed.  Setting a patch management system to deploy the patch isn’t enough.  You must be able to verify that computers have actually installed the patch, and have a plan to deal with any problems.

Take a look at how your business responded.  Use this opportunity to identify any shortcomings and work to fix them.  Oh, and if you look around and see that this was handled well, give your IT people the credit they deserve.

Commentary, Other, Security, Windows