SQL Server Magazine UPDATE, November 30, 2006

[December 1, 2006]
SQL Server Magazine UPDATE, November 30, 2006
By: Various Authors
SQL Server Magazine UPDATE
InstantDoc #94432
Web Exclusive from SQL Server Magazine

In This Issue:
In the past, security vulnerabilities in Microsoft products have attracted serious criticism. But after the Slammer outbreak, Microsoft realized security is no laughing matter. The current security strength of SQL Server shows the dramatic improvements the company has achieved.

Plus:
Microsoft launches Windows Vista, the 2007 Office system, and Exchange 2007

New Instant Poll: Upgrading to Vista
"Are you planning to upgrade to Vista?" Go to the SQL Server Magazine home page and submit your vote for:

We already have.
We plan to upgrade in the next 3 months.
We plan to upgrade in the next 6 months.
Maybe, but it’ll be a year or more.
No, we like XP just fine.

To ensure that future email messages you receive from SQL Server Magazine UPDATE aren't mistakenly blocked by antispam software, be sure to add SQLServerMag_UPDATE@lists.sqlmag.com to your list of allowed senders and contacts.

Our Sponsors, Who Help Support the Free Delivery Of This Newsletter:

November 30, 2006

1. Perspectives

No Joking About SQL Server Security

2. SQL Server Watch

Windows Vista, 2007 Office System Launch is “Most Significant in Microsoft History”
IT Pro of the Month—October 2006 Winner
Product Watch: LearnKey and Databk.com
This Month’s Focus: SQL Server Management Tools: T-SQL and SQLCLR Debugging

3. Hot Articles

Reader to Reader: Stored Procedure Searches for Strings
T-SQL 2005: An Upgraded UPDATE
Puzzled by T-SQL: Using the RECOMPILE Query Hint to Solve Parameter Sniffing Problems
Hot Threads: SQL Server General Discussion and SQL Server 2005 Security

4. Events and Resources

How Does Compliance Affect IT Infrastructure?
Learn to Manage Windows and UNIX/Linux Networks
Disaster Recovery: Digging for Buried Treasure?
Alternatives to Traditional File Servers and Tape Storage
Differentiate Between Disaster-Recovery Solutions

5. Featured White Paper

TCO of an Email Archive

6. Announcements

SQL Server Performance Tips, Articles, and Forums
Make Your Mark on the IT Community!
SharePoint Pro Online—LIVE!

7. Web Community

http://www.sqlmag.com

Sponsor: Double-Take Software
Enhancing SQL Protection: A Case for Asynchronous Replication
Built-in SQL Server data protection features aren’t enough. Learn to use an automated data protection solution that provides 24x7 availability to meet today’s critical business demands.

1. Perspectives

No Joking About SQL Server Security
by Brian Moran, brian@solidqualitylearning.com

I’m a Microsoft fan, but I admit that telling Microsoft jokes is almost as easy as telling lawyer jokes. (I hope my legal team isn’t reading this, taking offense, and padding their bills to me in retaliation.) Security—or arguably the lack thereof—has long been an area in which Joe Public likes to poke fun at Microsoft. Because so many desktops worldwide run Windows, the popular press has countless opportunities for pointing out Microsoft’s foibles in this space.

But it looks like Microsoft might be improving its security reputation, especially in the SQL Server realm. A recent security briefing published by the Enterprise Strategy Group (ESG), “Microsoft SQL Server Runs the Security Table,” might be of interest to database and security professionals around the world. According to this compelling 3-page paper, “ESG considers Microsoft, with proper execution, to be years ahead of Oracle and MySQL in producing secure and reliable database products.”

Hmm. Wow. Could it be true? I’m not from Missouri, but I believe in the words of the state’s nickname, The Show-Me State. Seeing is believing—unless you’re at a magic show.

The ESG report focuses on a review of Common Vulnerabilities and Exposures (CVE) data from the National Institute of Science and Technology (NIST) National Vulnerability Database to compare security vulnerabilities in SQL Server, Oracle, and MySQL. The results were interesting. For 2006, SQL Server currently has two CVEs, MySQL has 59 CVEs, and Oracle has 70 CVEs. (Note that although ESG’s paper focuses on SQL Server, Oracle, and MySQL, Sybase has seven CVEs for 2006 and IBM DB2 has four.)

I’m not a security expert, and to be honest, I don’t know for sure that the National Vulnerability Database is the only—or best—indicator of database vulnerabilities. But all the vendors who are included in the database self report, and the ESG report says that it used the National Vulnerability Database because it’s a registry that collects data from numerous commercial, academic, and research groups who focus on security matters. The difference between two SQL Server CVEs and 70 Oracle CVEs has to mean something.

The report notes that “Microsoft’s results are almost too good to be true,” and the Missouri lover in me also marvels at the reported results. Honestly, I’d be inclined to discount the report if it weren’t for the connections I have with certain members of the SQL Server product and program-management teams. I was with certain Microsoft engineers on the day that Slammer swept the world a few years ago, and I know how embarrassing that event was for Microsoft. I’ve heard all the standard “we’re going to make it better” promises and understand why customers have been skeptical. But I’ve been able to talk to the SQL Server team members who are responsible for implementing those promises, and I know that they take their responsibility very seriously. Usually, the adage “if it looks too good to be true, then it’s probably not true” is correct, but in this case, the good news really is true. Usually it’s easy to poke fun at Microsoft, but Microsoft has been kicking some serious butt in the race to have a hardened, secure database platform.

Slammer, and the incessant wave of security patches that followed, forced Microsoft to make hard decisions about the way that security would be managed, and at one point caused a many-months-long delay of new work on SQL Server 2005 and 2000 as massive engineering resources were pumped into detailed code review and design reviews to ensure that security was “baked into the core,” as some Microsoft folks like to say. Read the entire ESG report for more insight about how Microsoft achieved these impressive CVE results for 2006. Instead of “it’s too good to be true,” perhaps this time the best advice is “don’t look a gift horse in the mouth.”

Sponsor: PolyServe
Special Report: Perspectives on SQL Server Sprawl
How many SQL Servers are you managing? Is your database inventory out of control? Are costs difficult to manage? You’re not alone. Download this special report today to find out how SQL Server sprawl affects your organization, and learn best practices for preventing it.

2. SQL Server Watch

Windows Vista, 2007 Office System Launch is “Most Significant” in Microsoft History
At a New York press conference this morning, Microsoft Chief Executive Officer Steve Ballmer announced the business availability of Windows Vista, the 2007 Microsoft Office system, and other new products including Office PerformancePoint Server 2007 and SQL Server 2005 Data Mining Add-Ins for Office 2007. Office PerformancePoint Server 2007 (currently available only as a Consumer Technology Preview—CTP—at http://connect.microsoft.com/site/sitehome.aspx?SiteID=181) is the company’s performance-management application, which includes business scorecarding, analytics, and planning functionality. SQL Server 2005 Data Mining Add-Ins for Office 2007 (available as part of the Feature Pack for SQL Server 2005 Service Pack 2 CTP, downloadable at http://www.microsoft.com/downloads/details.aspx?FamilyID=7A9AD90F-7F95-4369-A206-E84053D63FD3&displaylang=en) let you take advantage of SQL Server 2005 predictive analytics in Microsoft Office Excel 2007 and Microsoft Office Visio 2007. The download includes Table Analysis Tools for Excel, Data Mining Client for Excel, and Data Mining Templates for Visio.

Availability of the newly launched products is currently limited to volume licensing customers. The products will be released to consumers and organizations without volume licensing agreements on January 30, 2007. According to Ballmer, this simultaneous release of Microsoft’s flagship products is “the most significant release in company history.” The multi-product release is based on feedback from more than 1 billion user sessions during testing of more than 5 million beta downloads. Microsoft says that the close partnership between the company and beta testers has resulted in new capabilities in Windows Vista and the 2007 Office system, including “advances in graphics and pervasive support for XML.” Microsoft also emphasized the role of the 2007 Office system as a platform for “developing business applications that will eliminate the barriers between organizations, systems, processes and information.” You can read the press release, including a complete list of newly released products, at http://www.microsoft.com/presspass/press/2006/nov06/11-30NewDayPR.mspx.

IT Pro of the Month—October 2006 Winner
Congratulations to Chris Stanley, who was voted the October 2006 IT Pro of the Month. Chris built an Apache Web server (using MySQL and FileZilla) and designed an intranet on which he posted manuals and protocols used in a 911 center. Vital information is now centralized and can be accessed quickly when time matters most. To learn more about Chris’s solution and find out how you can become the next IT Pro of the Month, please visit http://www.windowsitpro.com/go/itpromonth.

Prev. page [1] 2 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

ADS BY GOOGLE SPONSORED LINKS

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

Try Idera’s new SQL admin toolset!: 24 essential desktop tools for managing SQL Server for $495.

Simplify your data management: Affordable multi-database query and design tool-- free trial!

Virtualization Congress Oct. 14-16: Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16 in London.

FEATURED LINKS

Master SharePoint with 3 eLearning Seminars: Learn how to customize field types, create scheduled services, and go further with the Content Query Web Part with MVP Andrew Connell. Register today!

Microsoft BI Conference – Oct. 6-8: Discover best practices and gain product insight from Microsoft’s product experts in the 2nd annual event in Seattle.

Attention User Groups & User Group Leaders...: Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes. And add Windows IT Pro & SQL Server Mag articles alongside your own message!.

Get SQL Server 2008 at SQL Connections: Don’t miss SQL Server Magazine Connections Conference, the premier event for Microsoft developers and DBAs, in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.

SQL Server Magazine Master CD: Take the Experts with You!: Find the solutions you need in thousands of searchable articles, helpful bonus content, and loads of expert advice with the SQL Server Magazine Master CD. Order comes with a 1-year subscription to the new, online articles posted every day!

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technical Resources Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Related Whitepapers

Related eBooks

Related Essential Guides

Related Resources

vLabs Links

SQL Job Openings

ADS BY GOOGLE SPONSORED LINKS

FEATURED LINKS