I’ve been pretty busy over the past few weeks traveling, starting a new contract and implementing some significant changes to my business’ back office operation. I finally made the leap and bought some Apple gear.
I have replaced three pieces of hardware in my home office network. When I started my consulting business years ago, there was Quickbooks, Peachtree and the really big accounting packages that seemed to be overkill. I chose Quickbooks and have used it ever since. My accountant hates it (I now know why), but over the years it developed its own gravitational pull in that “these are the books” and I never really had the time to move away from it, nor wanted to jeapordize my ability to use it.
That all changed recently when the Windows system upon which QB was loaded got hammered by the latest Windows network exploit. Still not sure what *exactly* came through, but it took out that system (desktop XP with all the latest MS patches plus an active Trend monitor running), my business laptop (also XP and also running Trend in active monitor), and get this – my Orinoco wireless router. Whatever it was that hit my network literally destroyed those three systems.
The desktop was found powered off. When we powered it back on, what little was left of the OS was meakly complaining about not being able to find system files. Our only recovery was to go thru the F10 craziness upon bootup and go for a systems file restoration. This is nice in that it boots the system into a safety partition for disaster recovery of the primary partitions (smart engineering really), but it is at the expense of writing over everything that was in the system folders before the event – your registry settings, user accounts, and all records of previously installed software, and perhaps worst of all – all those patches? Poof! Gone with the wind, or in this case, with the magnetic swipe of the disk heads.
When I did get that system bootable again, none of the previously installed software would run, including QB. None of the program or data files were missing, it just wouldn’t run, which made it useless. I dinked with this for a couple hours, and finally determined that my very recent edition of QB had dependencies on some of the newer XP patches. So I started patching the system, thinking that this would resolve the issue (even if it was a huge pain in the ass). But it didn’t, and the reason why completely floored me: the Windows Update Service wouldn’t update my system, because the version of the update service files on my system was out of date. It offered to upgrade my Update Service to the latest edition (hey, thank you!), but then failed repeatedly to actually install it because of the same type of circular dependencies I was seeing with QB.
This system had been connecting wirelessly – and presumably securely – to my internal network via a wireless Orinoco BG2000 router. This router had provided good service for about two years, but over the past year or so, we began to experience an incredible amount of nuisance connection attempts through its public IP. Since that’s a connection that I need when I travel, it must remain public. When these connect attempts hit, they acted as a DoS attack (perhaps intentionally), and the router would simply close the internal connection as a result. I doubt that this was designed behavior; it simply happened as a side affect of directing resources to the rapidly occuring SYN flooding (least that what it looked like). When this happened, we would have to reset the router. Simple enough, but this became a great annoyance, especially to whomever was trying to actually use the wireless connection at the other end of the house.
I was fuming, and beginning to speak aloud about “…Never Again”.
Then I had the joy of dealing with my laptop. I use my latop every day for multiple hours, and it has been around the world with me (ok, not this *exact* one, I’m on my fourth laptop). If my laptop stops working, it affects my ability to generate revenue. That gets my attention.
So it was with tremendous anxiety that I faced the prospects of a non-functional laptop in advance of another week of traveling. Fortunately, it was less damaged than the desktop, but the manner in which it was damaged made it nearly useless to me. I kept a Windows laptop solely for the ability to easily exchange Word, Excel and Powerpoint files with clients. No other reason. It was convenient that some of my other software could run there too, and I did use it to duplicate freepository member Windows-connection issues, but the only strict requirements were for the document compatibility. And now that wasn’t working. When opened, Word was now complaining that it couldn’t load Addins (wtf??) and no matter what I did, the error message wouldn’t go away.
I googled it, and found nothing useful. I attempted to apply additional MS patches that had been made available that week (coincidence?), but suddenly its installer service wasn’t functioning. Something really bad had happened, and Trend had neither stopped it nor alerted to it.
The laptop was limping along, usefull only for email.
By now I had disconnected both it and the desktop from the net and was running all of Trend’s tests on it. It found a Trojan on the desktop after it had been conencted for less than six minutes.
I’d like to repeat that in case you didn’t catch the significance:
I connected my (now non-SP2-patched) XP desktop to the Net, and even with an up-to-date version of Trend PCCillin running, it became infected in less than six minutes.
I immediately saved critical data files to a memory stick and disconnected the XP desktop again.
The router was now behaving as though it had been flashed somehow. From a cold start, it would power up, go through its system tests, and then go ready for connections. But it would then drop all connections and go into what looked like a system reset loop. I watched it do this perhaps 10 times before I yanked it off my network. I disconnected the power and let it sit long enough to get physically cold, and then reconnected it. Same thing.
I disconnected it again and threw it in the trash. Whatever happened to it had destroyed it.
This all happened two weeks ago. As I walked away from the BG2000 in the trash can, I now vowed forcefully “NEVER AGAIN”. We purchased an Airport Extreme to replace the BG2000 and had it operating securely within 10 minutes. The old XP desktop would have to survive for another week, connecting wirelessly to the Aiport Extreme, while I ordered and Apple delivered a new iMac. For myself, I ordered (and have since received and setup this morning) a Powerbook.
The iMac has been in place for a week now and we haven’t missed a beat. I purchased and installed Office for Mac, so the document compatibilty won’t be an issue. I also purchased QB for Mac, and will be able to easily use the data file I saved off the old XP box. I’ll use iWorks on the laptop, and will go to Office only if I find that I can’t really exchange docs with clients.
As you know, I’ve run freepository on Linux since 1999 and use it for all of my development and production work. Sadly, strict document exchange compatibility is what has kept me from running a Linux laptop with Openoffice. It just doesn’t work 100% of the time, and I can’t afford to find out – by surprise at the last possible second – that any particular document can’t be opened or fully converted. I first tried a Linux laptop five years ago, so please no flames on that subject… I tried to eat my own dogfood, but kept choking.
So far, I am impressed most by one aspect of the Apple experience: everything was easy, intuitive and fast.
Oh yeah, for those wondering – my two production systems were completely unaffected by this. Perhaps that’s because they’re hardened by design – each are Pogo Linux boxes running FC3 hardened to my specs. At the risk of personifiying these systems, I’m sure I heard an electronic yawn from them while all this Windows silliness was happening.
I’ll re-image the laptop to its factory settings, and will install Linux on the desktop. I’ll keep XP on the laptop for duplicating freepository member support issues, but I’ll only connect that to the internal network now.