WGA: better, but still not good enough

WGA: better, but still not good enough

By Scott Dunn When it was first released, Microsoft’s Windows Genuine Advantage (WGA) was widely criticized for spyware-like qualities and numerous false positives. Since then, Microsoft has given its anticopying program a number of changes, but they’re not enough to give this tool a positive reputation.

The way that WGA works today

Microsoft bills Windows Genuine Advantage as a way to let customers avoid the security risks of malware-laden counterfeits. WGA is supposed to detect whether a user’s copy of Windows is counterfeit and, if it is, tell the user how to obtain a genuine copy.

WGA affects users of both Vista and XP. The impact is potentially greater on Vista, where a copy found not to be genuine has certain features disabled, including the Aero interface, Windows ReadyBoost, and portions of Windows Defender. WGA is unavoidable in Vista, since the technology is built into Windows itself.

In Windows XP, failure to be validated by WGA means users cannot download some content (such as optional updates) from Microsoft. In addition, XP users may be treated to alerts complaining that their version of Windows is not genuine, and advising them how to correct the situation. However, unlike Vista users, XP customers may be able to avoid WGA by watching what they install on their systems.

Windows Genuine Advantage has two components, validation (which checks for an authentic licensed version) and notifications (the software that alerts you if you fail validation). In XP, the two are separate downloads.

To learn if your XP system has either of these components, do the following:

Step 1. Start Windows Explorer and choose Tools, Options.

Step 2. Click the View tab and select Show hidden files and folders. Then uncheck Hide protected operating system files (Recommended). Click Yes to confirm, and then click OK.

Step 3. To learn if your system has the WGA Validation Tool, search for the file LegitCheckControl.dll in Windows’ System32 folder. If you find it, the Validation Tool is already on your system.

Step 4. Finally, to learn if your system has the WGA Notifications software, search for WGATray.exe or WgaLogon.dll. These files indicate the presence of the Notifications utility.

If you already have these on your system but haven’t experienced any problems, you probably don’t need to take any further steps. Some Web sites tell you how to remove the Notifications software (the more annoying of the two components) or provide a free tool for deleting it. Others provide hacker techniques for removing the Validation Tool. I haven’t tested these enough to make an endorsement, so use them at your own risk.

If you don’t have the Validation or Notifications tools on your system, you can avoid them by avoiding Windows Update, Microsoft Update, and Microsoft’s download Web site.

You can still get updates without WGA by using the Automatic Updates control panel (more on that later). But as my stories in the Sept. 20 and Sept. 27 issues have shown, allowing Automatic Updates to install files can create its own problems. (A silent update that began in July 2007 had the effect of preventing Windows XP from installing security patches after XP’s “repair” function had been used.)

To have full control over your update process without allowing WGA to be installed, the Software Patch site lets you pick and choose the updates you need. I reviewed this process in the Oct. 4 newsletter.

Even with the Software Patch approach, you may need to exercise caution. High-priority updates do not require WGA to be installed, but any downloads from the “Optional updates” section may include WGA components as part of the installation process. Be sure to read the installer screens carefully in each case.

What’s new with WGA?

Microsoft has attempted to make WGA less odious by changing some of the features that initially brought a great deal of criticism. For example, early versions of WGA sent information from users’ computers to Microsoft every day. This was later changed to weekly. These regular reports were supposed to have stopped by the end of 2006, according to a Microsoft statement.

But that doesn’t mean data is never sent to the home office. WGA sends Microsoft information about your computer hardware every time it does a validation check (for example, when you attempt to download certain updates). Microsoft denies that any personal information is being collected.

But earlier this year, Heise Security reported that WGA sends encrypted telemetry back to Microsoft in some cases — for example, when a user cancels a WGA installation. Microsoft responded on the WGA blog, detailing what information is sent and when. The post was less than reassuring to writers like Robert Moir, who commented that Microsoft is never going to restore trust as long as it continues to behave in a suspicious manner.

Another complaint about earlier versions of WGA was that Microsoft installed it without adequate disclosure. For example, editorial director Brian Livingston reported on June 15, 2006, that WGA was installed silently via Automatic Updates on system set to update automatically, as though WGA were a critical security patch.

A recent Knowledge Base article, number 892130, implies that Automatic Updates won’t install WGA validation, saying, “The Automatic Updates feature is not affected by the WGA validation check. Therefore, you can use the Automatic Updates feature to make sure that you receive critical Windows updates.”

My own tests appear to confirm this. Updating a clean install of Windows XP SP2 using Automatic Updates did not result in any detectable component of WGA being added to my test machine.

Unfortunately, the sites known as Microsoft Update and Windows Update still contain the same misleading language for manual updating that was reported by David Berlind of ZDnet over one year ago. On both sites, an offered download claims that it will update some components of Windows Update. It isn’t mentioned that WGA will be installed unless you click a button labeled Details. Only then is it apparent that the promised “enhancement” is actually the WGA validation tool.

WGA problems persist for Windows users

Unfortunately, despite some positive changes in WGA, problems continue to crop up:

• In August 2007, a problem with Microsoft’s WGA servers mistakenly labeled thousands of computers as “nongenuine,” restricting some Vista capabilities for a time. This was reported by Susan Bradley in the paid version of the Sept. 6 Windows Secrets Newsletter.

• A number of popular software products, including PC Tools Spyware Doctor and Trend Micro Internet Security, have caused WGA to report “nongenuine status” or prevent activation, as reported on a Microsoft online forum. Users have had to download updates for the implicated products in order to correct the problem.

• Trial versions of some Office 2007 products have also been known to flag Windows as not genuine. According to a Microsoft spokesperson, this problem has been corrected for all trial versions of Office as of Jan. 23 of this year.

• Microsoft claims that “false positives” (legitimate Windows systems being seen as counterfeit) are extremely rare. But as Guardian journalist Jack Schofield points out, even if that number is as low as Microsoft’s estimate of 1%, that could still affect around 5 million users.

• Upgrading or making multiple changes to your computer hardware can cause a system to fail WGA validation. The Web site APC pointed out just a month ago that installing the Intel Matrix Storage Manager application and changing a video card was enough to knock out Vista’s activation. Users can correct the situation by phoning Microsoft, but it’s an annoyance nonetheless.

Despite Microsoft’s claims to the contrary, WGA offers few if any benefits to the average user. If you know you’ve bought your copy of Windows from a legitimate source and have no reason to suspect piracy, WGA does little to help you. On the contrary, WGA could conceivably become a headache if you upgrade your computer hardware or if Microsoft experiences more problems with their WGA servers.

The software giant needs to find better solutions to the problem of piracy, rather than make the legitimate customer pay the price for problems facing Microsoft itself.

Have a tip about Windows? Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the magazine’s Here’s How section.

Save energy without sacrificing after-hours tasks

By Scott Dunn

In the Nov. 15 issue, I recommended putting your system on standby when you’re not at the keyboard. But how can your system do all of your automated tasks if it’s asleep?

With a few well-chosen strategies (including the right BIOS or some helpful freeware), you can have your disk-maintenance cake and eat your energy savings, too.

Run automated tasks on a sleeping system

Regarding my recommendation to use Standby and Sleep modes to save power, Lynn Stearns raises an important question:

• “My question is what about all those programs that run after hours, like Windows Update, Diskeeper, antivirus updates and most backup programs. Don’t they need to have a powered up computer?”

It is true that a system on standby will be unable to run certain tasks that would be possible in full-power mode. But you may be able to work around most of these limitations and still save some electricity.

If you use the Automatic setting found in the Automatic Updates (XP) or Windows Update (Vista) control panels, you can use day and time settings to choose a time when your computer is likely to be fully powered.

For other applications, you can use Windows’ task scheduling tool to program when these chores occur. This utility can also wake the system to run tasks, but only if your computer’s BIOS supports Advanced Power Management (APM) version 1.2. You may need to consult your hardware manual or the manufacturer’s Web site to find out what version you have.

To wake your system automatically for an existing scheduled task:

Step 1. In XP, click Start, All Programs, Accessories, System Tools, Scheduled Tasks. In Vista, select Task Scheduler.

Step 2. (Vista only.) Select Task Scheduler Library in the left pane.

Step 3. Double-click a task you’ve previously set to run after hours.

Step 4. In XP, click the Settings tab. In Vista, click the Conditions tab.

Step 5. Check Wake the computer to run this task. Click OK.

If your BIOS doesn’t support APM 1.2, check out the tip below.

Run tasks before your system sleeps

Reader Dieter Schack has found another way to use Suspend mode and also have your routine tasks run:

• “Another exellent program for shutting down or suspending Windows (and more) is ShowStopper by Karen Kenworthy. Personally, I think it is one of the best and easiest ‘shutdown’ programs available for Windows.”

Although this program arguably takes as many clicks to enter Standby mode as using the Start menu, it can create shortcuts you can launch with a quick double-click any time you want to go on standby, reboot, log off, shut down, and more.

More importantly, you can set up custom groups of tasks that ShowStopper will launch before the desired shutdown or standby action.

The only catch is that you must use tasks that automatically exit when finished; otherwise, ShowStopper waits endlessly for them to quit before proceeding. Fortunately, this is not a serious problem with many backup and disk-checking utilities, which can be set to terminate at the end of their chores.

Is CO2 Saver spyware?

The Nov. 15 top story also recommended a freeware product called CO2 Saver. But a couple of readers expressed concern about the product’s license agreement. For example, Art Pete cancelled the installation when he read the following passages in CO2 Saver’s EULA:

• “4. Third Party Information and Services. The Software may be used to access certain third party websites, software, applications, and other materials (collectively, “Third Party Materials”). …

  “6. Data Collection and Privacy. The Software may collect, store, and periodically send information back to Licensor or third party servers. …

  “7. Support and Software Updates. Licensor may elect to update the Software from time to time in its sole discretion. Licensor may also elect to discontinue, disable, remove, or otherwise terminate your use of the Software, including via automatic update. … You may not block, limit, or otherwise refuse any such automatic update, even if such update limits, reduces, or removes some or all of the existing functionality of the Software.”

For what it’s worth, I personally scanned a PC using CO2 Saver, using a recently updated version of Webroot’s Spy Sweeper, which found no indication of spyware.

I also installed ZoneAlarm’s free firewall to see if CO2 Saver was attempting to “phone home.” As long as I didn’t use the search toolbar, the product did not attempt to access the Internet. The search function does, however, access the Web via CO2 Saver’s own site. Consequently, it’s possible that information from your search query is being saved on CO2 Saver’s servers before being redirected to your designated search site.

This suggests that some of the EULA passages quoted above refer to the toolbar’s search feature. But the EULA language seems extreme, and goes beyond that found in the Google privacy policy, for example. If this bothers you, you can either use a firewall to block CO2 Saver’s Web access, don’t use the search feature, or uninstall the program entirely.

Readers Stearns, Schack, and Pete will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

How Disney really feels about Christmas

Ladies and gentlemen, Thanksgiving is over. It’s officially the Christmas season. So put away the turkeys and break out the tinsel, the Christmas tree, the lights, the gift wrapping, the trips to the mall, the crowds, the invitations to in-laws — well, you get the picture. Christmas. It’s enough to make even Disney stress out, as shown by this hilarious 3-minute video from the JibJab guys. Pass the eggnog! Play the video

Own any PC in 60 seconds or less

By Mark Joseph Edwards If someone can gain physical access to your computer, they can easily “own” it by either stealing it or breaking into it to access your data. This week, I show you how easily an intruder can reset any Windows password — and how you can protect your data if someone gets his hands on your system.

How hackers set Windows passwords with ease

There’s a maxim in the computer security world that states: If someone can physically access your computer, for all intents and purposes it’s not your computer any more. This means that it’s nearly impossible to physically secure a system if someone else can get free rein of it.

If someone can touch your computer, they can break into your computer. This reality can certainly be used against you; however, it can also be used to your advantage.

There are many cases when you might genuinely need to break into one of your own PCs. For example, you might have forgotten your administrator password, or the password become unavailable to you when a disgruntled employee left your company.

There’s a relatively simple way that anyone can quickly reset Windows’ administrator password. This technique is a much faster way to get into your data than using a password-cracking tool to try to figure out what the current password is.

Anyone can reset the administrator password

Petter Nordahl-Hagen’s Offline NT Password and Registry Editor is a handy tool to have. It lets you reset Windows passwords and edit the Registry on any system that you can boot from a CD or a floppy disk. Don’t let the “NT” part of the name fool you — the utility works on any version of Windows NT, 2000, XP, Server 2003, and Vista.

Using the tool might at first seem a bit daunting, since it’s based on a tiny version of Linux. However, you don’t need any knowledge about Linux to use the program. It’s menu driven, easy to understand, and — once you’ve become familiar with it — you can reset the password for the administrator account or any other account in less than 60 seconds.

To use the tool, you’ll need to download its boot disk image, as described at Nordahl-Hagen’s site. Use this image to burn a CD or build a bootable floppy disk, as explained on the download page.

You then use the disk to boot the computer whose passwords you want to reset, and step through the menus one by one, as I explain below:

Step 1. Boot the system and, at the boot prompt, press Enter.

Step 2. The second prompt asks for the location of the Windows Registry. Here again, accept the default by pressing Enter.

Step 3. The third prompt asks which part of the Registry to load. The default is the Security Account Manager (SAM) database, where Windows stores its user and password information. Again, simply press Enter.

Step 4. The fourth prompt asks what action to take with the Registry. The default is to edit users and passwords. Yet again, press Enter.

Step 5. The fifth prompt asks you to choose a user account to edit. The default is Administrator, so press Enter.

Step 6. The sixth prompt asks you for a new password for the account you’re editing. Press Enter to set a blank password, which you can later reset after booting back into Windows.

Step 7. Press ! (exclamation point) to exit the user editor.

Step 8. Press q to quit.

Step 9. When asked whether to write your changes to disk, enter y (for Yes) to confirm.

Step 10. The last prompt asks you if you want to perform a “New run,” which starts the entire process over again. Enter n to exit, then reboot the computer into Windows.

That’s all there is to it. After you’ve walked through the process one time, you’ll see that you can repeat the process on another system in less than a minute.

Of course, you could encounter any number of instances along the way where you might need to deviate from the above process. For example, if you want to edit a different user account, you’ll need to select that account. Or, if the Windows Registry is located in some nonstandard location, you’ll need to enter the proper path. Finally, if you want to edit some other aspect of the Registry, you’d load that part of the Registry instead. For resetting passwords, however, I think you’ll find in most cases that you can accept the program’s defaults.

Keep in mind that the above process only works for local machine accounts — it will not work on domain accounts. For example, it won’t work if you’ve lost the administrator password to Active Directory or a domain server. However, there are relatively simple solutions for those situation too, and you’ll need Nordahl-Hagen’s tool to get started.

Domain controller passwords can be reset

If you forget the administrator password for a domain controller system, you need to first reset the “local machine administrator” password (unless you already know what it is) using Nordahl-Hagen’s offline editor. After resetting the “local machine administrator” account, you can reset the domain administrator account. You must use one of two alternative methods, depending on the operating system in use.

If you’re using a Windows 2000 Server platform, visit John Simpson’s Web site. He explains how to trick the server into launching a command shell with system level privileges. In the shell, you can reset the domain administrator password.

If you’re using Windows Server 2003, you can’t use John Simpson’s technique. You can, however, use a technique outlined by Sebastien Francois. His technique involves installing a new service that resets the domain administrator password for you.

Encrypt your data to stop unauthorized access

Given the ease with which someone can reset Windows passwords, you might be wondering how to protect your systems. One method of defense for servers is to put them in secure rooms that can’t be accessed by unauthorized personnel. As an added defense, it’s probably a good idea to also install a camera that records anyone who enters the room.

Both of those tactics will help protect your systems against unwanted physical access. Even so, the truth is that if a bad guy gets hold of your computer (whether server or workstation), the only thing between him and your data is strong data encrytion. Therefore, it’s a good idea to encrypt all of your sensitive data.

Microsoft includes its Encrypting File System (EFS) with Windows 2000, XP, and Windows Server 2003. On Vista platforms, the technlogy is called BitLocker and is only available in the Enterprise and Ultimate editions.

Using EFS or BitLocker is a reasonable way to protect your data. Just remember that If you lose access to your encryption key, you’ll lose access to your files. Be sure to make a backup copy of your key and keep it in a secure place — not in the same physical location as the data itself.

Microsoft has detailed instructions on its site that explain how to implement EFS on Windows 2000 as well as Windows XP and Windows Server 2003. Vista users should read MS’s instructions on how to enable BitLocker on Windows Vista Enterprise and Ultimate.

Disable QuickTime until Apple releases a patch

A problem was recently discovered in Apple QuickTime that could let Web sites silently install malware on your computers.

Malicious banner ads with images that infected visitors’ PCs have previously run on such well-known sites as Monster.com, NHL.com, and MLB.com, according to Windows IT Pro articles published on Aug. 23 and Nov. 15 (free registration required). This means that even a “trusted site” could possibly expose your system to harm.

Because working exploits are already circulating, and the risk is so severe, I’m recommending that you completely uninstall Quicktime until Apple releases a fixed version. Individual users can do this using the Add/Remove Programs control panel.

Corporate admins can use Group Policy to set “kill bits” for QuickTime, rather than physically uninstalling the program on multiple PCs. To do this, first read Windows Vista Security author Jesper Johansson’s explanation of how to write a short script that turns kill bits on and off.

Second, use the following two kill bits in your script, which will disable QuickTime in Internet Explorer:

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
{4063BE15-3B08-470D-A0D5-B37161CFFD69}

For detailed information on these kill bits and how to disable QuickTime in Firefox and other applications, see US-CERT (U.S. Computer Emergency Readiness Team) vulnerability note 659761.

Disabling QuickTime, of course, means that you won’t be able to play multimedia files that are in QuickTime format. Because a hacked site could infect you at any time without your knowledge, however, I believe this inconvenience is worth it until a corrected program is available from Apple.

Mark Joseph Edwards is a senior contributing editor of Windows IT Pro Magazine and regularly writes for its Security Matters blog. He’s a network engineer, freelance writer, and the author of Internet Security with Windows NT.

MS's update icons confuse Windows patchers

By Susan Bradley This month’s security patches were fairly few in number, but bulky updates for Vista and OneCare have caused some “interesting” side effects. For some people, it wasn’t until days after Patch Tuesday that notifications became visible that patches were ready for Vista machines.

910340
Update indicators confuse harried admins

This past week, I traveled to Sydney, Australia, for the Trend-sponsored SMB Security Summit.

When I travel, I usually don’t install any patches on my laptop the week before I leave, unless there’s a real good reason for doing so. In the week after Patch Tuesday on Nov. 13, I found it very interesting that it took quite a while for my Vista laptop to indicate that patches I knew were available were ready to be installed.

Each time I shut down my laptop, there was a clear indicator that a few patches were all ready to be installed upon shutdown. I have my laptop set for “Download but do not install,” so the patches are downloaded in the background, and then an indicator in the system tray says they’re ready to be installed. (See Figure 1.)

Figure 1. The update indicator after patches have been downloaded.

This time, I didn’t see any patch indicator, although I knew patches had been released. But when I went to reboot my system, the icon on the hibernate button indicated that some patches were, indeed, ready to be installed.

The problem that I was seeing is documented in Microsoft Knowledge Base article 910340. Due to extra-large Vista patches and the deployment of Microsoft’s OneCare 2.0 security suite this month, the MS servers employed a process I call “throttling.”

When there are heavy demands on the update servers, you’ll see in your windowsupdate.log file the words, “Update not allowed due to regulation.” When this occurs, the update indicator is also impacted. Patches are only installed if you choose to do so upon shutdown. If you opt to reboot the system without installing patches during the shutdown process, the patches will not be installed.

When you do start to shut down, if patches are ready to be installed you’ll see a shield icon on the button. (See Figure 2.)

Figure 2. The shield indicator shows when patches can be installed upon shutdown.

To choose not to install patches, all you have to do is click on the arrow key to the right of the hibernate button and choose Shut Down. Many people have said that they didn’t approve the installation of patches, when in fact they really did, although unintentionally.

Be prepared for this behavior, if you don’t see the update icon in your system tray by the Wednesday evening after any Patch Tuesday.

OneCare 2.0 resets your screensaver

OneCare 2.0 was released by Microsoft to, among other things, provide better support for home networked PCs. The enhancements are detailed in a OneCare blog entry.

The 2.0 update will be offered to existing customers over the next few weeks. However, there’s one glitch that those who’ve installed OneCare have noticed. In a forum posting, users report that their screensaver settings had been reset without their approval.

Associate editor Scott Dunn’s Oct. 25 lead story reported on the way OneCare resets user settings for Windows Update. OneCare is definitely not a great example of Microsoft programs honoring the settings chosen by users.

OneCare is definitely one antivirus suite that needs to be more respectful of end users’ wishes.

Apple Leopard is still a bit rough

Even after the November update of Apple’s new Leopard OS X 10.5 platform, there are reports of other potentially harmful issues that need to be remedied in the new operating system.

A recent article in Tom’s Hardware laments that both Vista and Leopard seem rushed to market.

Tom’s reports that an OS X feature called Finder can result in file loss when used to move a file to another drive. The program fails to check to see if the file ended up at its intended destination before the file is deleted from the original location. This glitch in communication could lead to data loss.

The solution for now — and, quite honestly, what I do on Windows as well — is to use commands to copy the file, not move it. I manually confirm that the file is where it should have gone, and only then do I delete the original.

MS07-061 (943460)
URI patch may need firewall adjustments

So far, the only side effects I’ve seen from the November Patch Tuesday has been described in Microsoft security bulletin MS07-061 (943460). It appears that Internet Explorer patches can require antivirus software to be re-enabled or adjusted to allow for the updated software in the browser.

We’ve seen this before in KB 942818. I expect this to continue to be typical behavior for some security programs. You need to ensure you are current on your antivirus updates, and you may also need to review your AV settings and your firewall configuration after installing Microsoft patches.

941649 and 941600
Windows Vista patches need some TLC

Along with security patches, Microsoft also released this month two major Vista updates. As first discussed on the Windows Vista blog, some patchers have reported having issues getting these two installed.

What appears to work the best is to read KB 941649 and 941600, download fixes from Microsoft’s Web site, and manually install them rather than relying on Windows Update. Numerous posters in the various Windows Update newsgroups have indicated that manual installing of these patches has the best results.

Firefox fixes issues by releasing 2.0.0.10

Mozilla this week released Firefox version 2.0.0.10 to fix three security issues in Firefox and SeaMonkey. In the organization’s release notes, the fixes (1) ensure that a malicious Web site can’t present itself as some other site; (2) correct memory corruption issues that can be used in attacks; and (3) close a cross-site scripting hole that was shown capable of stealing contact lists from Gmail accounts.

The proof of concept on the last security issue has been widely discussed in various listserves, so it’s wise for you to install this patch to Firefox as soon as possible so you’re no longer vulnerable.

Use caution when installing .NET service packs

Service packs for .NET 2.0 and 3.0 were recently released by Microsoft, as well as a final version of .NET 3.5. Aaron Stebner has extensively blogged about the release of the service packs for the various versions of .NET.

While none of the .NET service packs are available via Microsoft Update or WSUS at this time, I expect that they’ll be offered to your systems in the near future. For some, .NET was installed along with MS SharePoint versions 2 or 3. For others, .NET is part of a third-party application that may be on your system.

At this time, I don’t recommend that you install these service packs until you test them with your deployed applications. Patching .NET has historically been very troublesome, so I’m not in a hurry to comply.

If you need to install .NET 3.5, Aaron blogs that the installer erroneously prompts for an unnecessary reboot. This incorrect reboot actually causes the install to fail, which can have annoying consequences.

I’ve always disliked patching .NET, now it looks like I’ll be hating to install it.

936357
Intel microcode hotfix released for a 5th time

Just before this article was published, Microsoft posted a new version of its hotfix that corrects crashes on some Intel processors. The Knowledge Base article is now up to version 5.0, which means that Microsoft has released five versions of the code since June 11, 2007.

The new KB article makes available revised hotfixes for Windows XP SP2 and Windows Server 2003. The article incorrectly states that these hotfix files have April and May 2007 dates. The actual dates on the downloadable files are Sept. 19 for XP SP2 and Oct. 15 for Server 2003. It’s not yet known whether an improved hotfix will be made available for Windows Vista. For more information, see KB 936357.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.