Ransomware! What is it, and what can I do about it? (Part 2 of 2)

April 10, 2017 at 4:55 pm | Posted in cybersecurity, Knowledge | Leave a comment
Tags: ,

In my first post (Part 1), I went over the basics of how ransomware exploits your computer, and the #1 weird trick that computer experts use to avoid the pain of ransomware: namely, always have a current, offline backup of your files where the thieves can’t encrypt it in the first place.  Backups can save you from the pain, the agony, and the grief of ransomware. You may have to reimage your computer and copy a known set of good files from a backup set, so the more often you back up, the better off you’ll be.

However, if everyone always had a current backup, there’d be a lot less ransomware out there. The criminals who spread ransomware know that most people don’t back up their data. According to the FBI, attacks by ransomware accrued over $18 million by June 2015, and ransomware attacks are expected to boom in 2017. Crime pays, and pays well.


Also, cybercriminals attack new and surprising venues every day (like Android screen lockers that demand payment in Amazon gift cards), so you may be the next victim. And while backups are good, you don’t want ransomware (or malware of any kind) on your computers in the first place.  And finally, if you’re in IT, you’re always going to field the eventual call from your mom, your brother, or your college roommate, saying “Help! There’s a message on my computer screen that says ransomware has infected my router and I have to pay $200!”

In this post, I’ll go over some general suggested practices to harden the various areas of your computer or network where malware might enter in the first place. I’ll also list the better resources to turn to for ransomware news and solutions that may help you extricate someone from a ransomware attack.

(Note: the first part is mostly Windows-based, but the second part applies to all computer users.)

Reveal it all

If you run a Windows machine, you should always show hidden file extensions using Windows Explorer. The average user – your college roommate, Joe Lunchbucket – has been warned a zillion times by the IT department never to open an executable file from email or a URL, and believe it or not, he won’t. But if he unzips an attachment, say an automated email from the local printer, and sees a file named BillJones_Resume.PDF, he’s going to think it’s really a PDF file. If file extensions are hidden (the default behavior) he won’t realize the file is actually BillJones_Resume.PDF.exe.

File extension viewing can be enabled by opening Windows Explorer, choosing the View, choose Options, and choosing Change folders and search options. On the View tab of the Folder Options window, uncheck Hide extensions for known file types. (The exact path may depend on which version of Windows you run.)


Keep executables and known bad links out of email, and keep updates current

Ensure that your email service filters out EXE and script files. This may not protect you from someone hiding an EXE in a ZIP file, though. At work, your corporate infrastructure should have in-mail protection such as antivirus engines that check mail and attachments before the email is sent to the inbox, and checks web links to see if they are dangerous or spoofed.

If you’re operating in a Windows enterprise environment, you or your IT administrator can use Group Policy Objects (GPO) to prevent ransomware like Cryptolocker from executing its payload in the \USERS folder, AppData, Local App Data folders, or Temp directories.

Check if you have any Remote Desktop Protocol (RDP) ports open and disable these ports to prevent access to your desktop remotely. (TrendMicro reported a sharp uptick in the number of brute-force RDP attacks in 2016.)

Patch or update your software and browsers regularly. Windows Update ensures that you have security patches and fixes for your operating system. Remember, if you have Windows 10, your free malware/anti-virus protection app is Windows Defender. To get updated malware and virus signatures, and to update Windows Firewall, you have to run Windows Update.

On a related note, make sure your device firmware (even routers, streaming devices and smart TVs, and refrigerators) are updated regularly.

Axe the non-essentials and known vulnerabilities

Remove Adobe Flash on computer. Do you need Adobe Flash? Lots of malware attacks come from fake pop-ups that tell the user to update their Adobe Flash or from malvertising that uses Flash. If you do keep Adobe Flash, make sure that your antivirus/ antimalware system actively checks for malware files. Other common browser hijacks will pop up a message saying you need to download an emergency update to Firefox or click to install free anti-virus software. Ensure that these kinds of applications update silently in the background so you won’t be fooled.

What to do if you think a ransomware attack is underway

If you suspect you’ve just landed on a site that’s infected with ransomware, disconnect your machine from the outside world. Unplug your Ethernet connection. Turn off your WiFi. If you move fast enough, you may protect network-attached drives from being affected. Get off the network and fire your anti-virus and anti-malware engines up immediately.

First – as I already stated – it’s a mistake to pay. (If you do decide to pay, it should always be a last resort.) Your first step should be to verify that it’s REALLY ransomware or malware, and not a browser hijack or a scareware popup that goes away when you close your browser and restart your computer.

It’s really ransomware: where to go for help (or to help others)

Ransomware can be divided roughly into two groups: sophisticated proware, and amateur hour. Even if it’s not just a scareware popup, some ransomware can be circumvented with built-in system tools. I know someone who was recently hit with Spora, a nasty and sophisticated cryptoware for which there’s no current fix. However, she managed to retrieve some of her files using Windows Previous Versions and volume shadow copies (VSS).

DON’T start with a random Google search. A huge number of search results from “how to fix ransomware XYZ” will be spurious or links infected with malware. (Criminals work the SEO to try to direct you back into their web.) Using another computer if you have to, go directly to the blog or forum maintained by your anti-virus or anti-malware solution provider and search for information there. In fact, major antivirus providers offer free ransomware discovery or decryption tools on their websites, and non-profit sites exist that will help you identify what’s infecting your system, so any of these links are also a good place to start:

Subscribing to security newsfeeds is a good way to keep your background knowledge high. If you want to read up on ransomware before you’re hit with an attack, Digital Guardian released its list of The Top 50 InfoSec Blogs You Should Be Reading (including authorities like Krebs On Security).

If you or someone you know is a victim of ransomware, it will tell you there’s a deadline of 48 to 96 hours to pay the ransom to get a private key. After the time has expired, the private key is gone and your data is forever encrypted. It’s possible to set the BIOS clock back in an attempt to delay the process and explore options. However, once the data is encrypted, you may not be able to access the files. If you can, make a new backup image of your files, even if they’re encrypted – you can always try decryption now, or at a later date once new solutions are released. (This is exactly what I told my friend who was a Spora victim to do with the rest of her hard drive that’s still encrypted.)

While this can’t be a comprehensive guide to fixing ransomware, I hope it was able to point you in the right direction. Before I leave, I want to share this amazing timeline of the varieties of ransomware released between May 2016 and today.

Until next time,

George Monsalvatge


Ransomware! What is it, and what can I do about it? (Part 1 of 2)

April 4, 2017 at 3:08 pm | Posted in cybersecurity, Knowledge, Technical Tips | 1 Comment
Tags: , ,

Ransomware! What can I do about it?

We live in dangerous times. Your cranky grandfather was right: they are out to get you – but who are “they,” and what the heck are we talking about? Ransomware, of course. It’s out there, and its coming for you.

Mobsters extort money from people. You may be a fan of mobster movies or the Sopranos on HBO, but it’s only fun to watch mobsters at work when you’re not the one getting the shakedown. I don’t know Tony Soprano, and besides, I like Joe Pesci’s character in Lethal Weapon III better than his characters in Casino or Goodfellas. Extortion could be coming to a PC, Mac, or even Linux box near you in the form of ransomware.


It’s fun to watch these guys on TV. It’s not so fun to be a victim in your own home.

First I’ll go over the basics of how ransomware works.  I’ll explain the most common mistake you may be making – even if you’re an IT professional – that might leave you a victim of a drive-by drive-locking. And, of course, I’ll tell you the best ways to prepare to fight ransomware.

In my follow-up post I’ll go over some specific strategies to harden your e-mail and firewall against malware attacks and share a recommended reading list for infosec news.

How the shake-down starts

You can be extorted on the Internet without being infected with ransomware. Hijacking someone’s social media account (like Instagram), changing their login, and then demanding payment for the user credentials is extortion, but it isn’t ransomware.

Ransomware is a type of malware that infects your computer and encrypts your files or blocks access to your own data. The ransomware displays a message stating that the attacker will unlock your files for a price, and that payment should be rendered through a nominally untraceable electronic currency, such as BitCoin or MoneyPak. It usually gives you a time limit and threatens to permanently destroy your data if you don’t pay before the deadline.

For home users, that price is usually set between $150-300 USD or Euros. For business victims, the demand might start at $500 – or it could be $10,000 and escalate from there.

How did the ransomware get there?

The malware that carries the encrypting payload is loaded on your computer in a number of ways. The malware could have come from a downloaded file or from a browser hijack. The malware could be hidden in another program. Any web site that hosts third-party ads, like recipe blogs and your favorite vintage car forum, can be a huge vector for malware no matter how innocent the site itself is; just visiting the site or clicking an ad by accident can expose you to a silent malware download.

No operating system is immune (not even mobile phones or home appliances). Ransomware can affect PCs running any operating system and Macs. Yes, I said Macs. A ransomware called KeRanger was found in a BitTorrent software that was designed to install on the Apple OS X operating system. The KeRanger malware will encrypt files on your computer and try to encrypt Time Machine backup files to prevent you from recovering the data from a backup. The KeRanger malware attackers want $400 for the private key.

[Note: If you frequent Bittorrent sites, you know they have pirated files for download from shady servers. Don’t be surprised when you lie down with dogs and get up with fleas.]

What happens when the ransomware activates?

A majority of active ransomware uses a variation of Cryptolocker. Once the malware is loaded on your computer, it first contacts a central server on the Internet. That server creates a unique encryption key pair. A public key that is kept on the local computer and the private key used for decryption that is kept on the attacker’s central server. Once the public key and private key are created, the malware will begin encrypting files locally on your computer and any mapped drives.

The attacker has the private key and will sell it you to use to decrypt your files. If you have ransomware on your computer, you will get a pop-up that instructs you to pay money via BitCoin, MoneyPack, or something similar.


When ransomware is an offer you can’t refuse

Ransomware is common because it’s cheap to implement (for the attackers) and hugely effective. Steve Perry of Journey once sang the wheel in the sky keeps on rolling. Well, when it stops rolling, everybody raises hell. If your business has an outage, the data has to be restored. Money never sleeps; your network has to hum along 24 hours day. The Internet is like Waffle House: it never closes. (I can go on and on in this vein. Don’t try me.) In short, your customer expects that you will never be closed and that your (and their) data will always be there. Ransomware that locks your data up has kneecapped you right in the business income.

Many business victims would rather just pay the ransom and get access restored. The logic goes that it’s better to pay rather than to lose an unknown amount of revenue from the downtime they’ll incur while trying to root out the infection and restore systems.

Unfortunately, this is EXACTLY why ransomware continues to flourish, and exactly the wrong response to an attack.

Whatever you do, if at all possible: DON’T. PAY. THE. RANSOM. There are two very important reasons why this is a bad idea:

  1. You are dealing with criminals. There is no guarantee you’ll even get the private key to unlock your files.
  2. If you pay, you only encourage this crime to continue.

However, it’s easy for me to lecture you on this. I didn’t have my laptop full of all my kids’ photos, my graduate thesis, the last video of my late wife, or some other valuable data extorted from me. I can honestly say that if I was in that situation, I don’t know whether I would pay to get that data back.

The #1 mistake that leaves you vulnerable to ransomware

Pirating movies. Frequenting shady websites. Buying a “smart” refrigerator and letting it connect to your home wireless router without changing the default settings. Failing to keep your anti-virus programs updated. All of these are bad ideas, but they’re not the #1 mistake that makes you most likely to shell out the (bit)coin and retrieve your data.

Sure, our goal should be to never get infected with ransomware. But given the speed at which these attacks evolve, it’s not realistic to assume that our firewalls and anti-virus software will be 100% effective. The best offense is always a good defense; with ransomware, the best defense is a secure recent backup.

Threats only work if you’re afraid of the consequences. With a secure external backup, you can wipe your system and walk away from the demands.

After all, if you have a full image of your system and a secure external copy of your data, you can risk losing a few days’ worth of files while you wipe and reimage your system to remove the malware.  You could use a snapshot to restore your system, or clean your machine and restore your data.

Unfortunately, home users (and many small businesses) rely on cloud-connected file servers like OneDrive and Dropbox to back up the physical copies stored on our hard drive. Or we never keep a local copy of our files, assuming that our cloud providers have better intrusion security than we could provide for ourselves.

Rest assured: backing up to the cloud won’t protect your data. Malware like Cryptolocker can encrypt files on mapped drives and external drives. This definitely means your Dropbox, OneDrive, Google Drive or cloud service that is mapped to your machine can also be infected and your cloud-based files can be encrypted just like your local ones.

You should treat the personal data on your laptop or desktop, company data on your company’s laptop, or data on your company’s devices just like the data on corporate servers and schedule regular backups. Furthermore, you need to back up to external drives.

You should have your drives backed up to an external drive on a regular basis or use a backup service that does not use an assigned drive. Why does it have to be an external drive? Variations of Cryptolocker can check for shadow files on your computer and disable or delete them.

How often you perform backups will determine how much you lose.

In our next post…

In my next post I’ll share a few ways to harden your OS, firewall, email, and end users – even your grandma – against some common ransomware entry points. I’ll also suggest ways to handle the dreaded “friends and family support call.”

Until next time,

George Monsalvatge


NASCAR and Microsoft: A match made in Victory Lane

June 24, 2015 at 4:42 pm | Posted in Microsoft, Vendor news | Leave a comment
Tags: , , ,

I grew up in “stock car” country and loved to see auto racing, so I was pretty pleased when Microsoft announced it has teamed up with Hendrick Motorsports. NASCAR and Hendrick Motorsports will use the Windows 10 platform and Microsoft Azure to deliver technology solutions to make the cars faster and the fan experience better.

Microsoft will sponsor the Dale Earnhard Jr’s Number 88 car.


For those of you not familar with NASCAR, NASCAR is auto racing using cars that resemble standard stock cars, but these go 200 miles per hour around a track. Unlike Formula One or other open wheel racing, stock car racing is full contact. These drivers bump and bang their cars into each other for 500 miles. Dale Earnhard Jr is the most popular driver in the sport, and Hendrick Motorsports  is the most successful team; it includes four-time champion Jeff Gordon  and six-time champion Jimmie Johnson.


Microsoft has made in roads into other sports recently. If you are a fan of American football, then you may have noticed that every NFL team uses Microsoft Surface tablets. NASCAR has a large fan base in the United States. One of the reasons for its large popularity is the interaction of the fans. When they’re at the track, fans can get pit passes to tour the the garages and see the cars and teams up close. Even if a fan is not at the track on race day, the fan can get a 3D virtual picture of the live race, hear live race radio, and stream live audio of the driver talking with his crew during the race. Technology plays a big part in the fan experience in NASCAR as well, with the NASCAR teams trying to shave a hundredth of a second off a lap or pit stop.


In 2014 NASCAR used a Windows touch-enabled mobile line of business application for the race car inspection process across all three NASCAR series (Camping World Truck, Xfinity and Sprint Cup), which reduced inspection times by nearly half.  NASCAR will use Windows 10 as its platform to run all apps for different types of devices and race operations. NASCAR teams will use this information to make quicker and more informed decisions in race situations.  Hendrick Motorsports will use Azure to capture and analyze terabytes of data for race simulations. Making critical decisions at critical times is how great race teams win. How many laps can I keep the car out on the track before I need to get gas in the pits? How many laps can get on these new tires now that the sun has come up and heated the track up by 10 degrees? If we give the car a track bar adjustment late in the race, will this give us a competitive edge?  Knowledge is not only power, it is the difference between winning and losing.


Earnhardt said, “I’m a big technology user and really enjoy Microsoft products.” Dale Jr. may be excited about playing around with Windows 10.

As you’ve probably already heard, everybody that owns Windows 7, Windows 8, or Windows 8.1 can get a free upgrade for Windows 10 on July 29th, 2015. I know I’m supposed to be writing a more computer-oriented post here, but personally, I just can’t wait to see what improvements this will bring to my favorite sport. I hope to see you at the track.


Shake and Bake!

–George Monsalvatge

What went down at Microsoft Ignite 2015

May 13, 2015 at 11:53 am | Posted in Conferences, Microsoft, Vendor news | Leave a comment
Tags: , , , , , , , , , , ,

After spending a week in Chicago at Microsoft Ignite, I have a lot to report.


First, some comments on the big picture. Microsoft CEO Satya Nadella said that Microsoft has changed their strategy from buying companies to partnering with companies to get at new technologies and provide services to Microsoft customers.  Microsoft wants to be mobile first and cloud first. They announced that there will be new changes to Azure to make it the next-generation hybrid cloud. Microsoft hopes to convince customers to use Azure as their secure public cloud deployment.

Windows 10

Yes, there was a big splash for Windows 10.  Microsoft VP Joe Belfiore presented Windows 10 at the keynote.  Windows 10 is billed as “Windows as a service.”  The voice assistant, Cortana, will be built-in. Cortana can perform web queries and pull indexed files on the computer or OneDrive. Internet Explorer’s days are numbered; IE is slated to be replaced by the new Edge browser.


The Edge browser will have a language extension to quickly translate a website from one language to another. You will be able to use Microsoft Passport with Windows 10 which means you can use your face as authentication to log in. Encryption in Windows 10 will improve. In the past, you could use BitLocker to do an “all or nothing” drive encryption. Now you can encrypt by document, not drive. You can further extend the protection capabilities by emailing the encrypted file to another person in the company and allow that person to open the file if they use the same encryption type. Users outside the company will not be able to open the file. You could have the encrypted file copied to a USB thumb drive so that another person in the same company could open it, but not have a person outside the company open it.

Windows Update for Business


When you mention Windows updates to someone, their eyes roll and a low guttural groan comes from their mouth. A system administrator does not like to be overloaded with untested patches that will be applied to unsuspecting computers. With Window Update for Business, the administrator will have more flexibility on what updates are applied to company computers. You can configure distribution rings so that updates will not show up on the first Tuesday of the month.  You can configure maintenance periods to avoid updates and configure peer-to peer distribution.  Windows Update for Business will be free for Windows 10 Pro and Windows 10 Enterprise.



Microsoft mentioned  HoloLens, but did not offer a demonstration. HoloLens is a holographic headset which overlays virtual environments onto real ones.  Is this another Google Glass, or something else?  Too soon to tell.

Reinvent the nature of work

Millennials are changing the way business works. Yes, Millennials were raised by “helicopter parents” and always got a trophy for participating. However, this same generation will be the majority of the workforce in five years (2020). Millennials believe work is what you do , not where you are.  Companies such as Uber and AirBnB have used technology to disrupt industries in a similar way to how Millennials have changed corporate culture.  Millennials care less about how the individual worker is productive, and more about how the team is productive. Microsoft  announced that Office 2016 and Skype for Business will help change the nature of work to better fit the needs of this generation. Skype was mentioned a lot because studies show that 55% of communication is body language, rather than spoken word.



VP Brad Anderson mention that the attendees of the Microsoft Ignite conference were not James Bond, but rather  the dude with all the nifty gadgets, Q.


Security is the number one topic on every company’s agenda. Microsoft took the opportunity to highlight the security features of Windows 10. Device Guard verifies whether each application is signed by Microsoft.  Device Guard will prevent the application from downloading if the code is not approved.   Outlook has been improved to prevent data leakage.  Data leakage protection keeps data from being copied and pasted to non-approved applications, such as Twitter, so employees cannot Tweet security secrets.  You can create a policy to allow copy and paste, but ensure that the action is logged for security purposes.   Microsoft also announced its Advanced Threat Analytics (ATA) software that uses deep packet inspection and file analysis to determine suspicious data. ATA can spot the location of a potential attack.

Coming Soon


Yes there will be a new version of Windows Server and SQL  Server, Windows Server 2016 and SQL Server 2016 respectively. There was not a sneak peak of either one. However, there was mention that SQL Server 2016 will allow you to stretch part of a table into the cloud. A good use of this could be stretching a table that contains historical data.

Microsoft Ignite was different than Microsoft TechEd shows in the past. For starters, it was a heck of a lot bigger. There were over 20,000 reported attendees at the inaugural Microsoft event.  The McCormick Convention Center was a city in itself. If you were there, I hope you got an opportunity to visit the Hands On Lab.


The Hands On Lab offered you the opportunity to run through different labs on SharePoint, Azure, Office 365, SQL Server, and others. Attendees of Microsoft Ignite can access these labs online through https://myignite.microsoft.com/#/ until  June 1st, 2015.  If you did not attend, you can still access Microsoft online labs at https://technet.microsoft.com/en-us/virtuallabs/bb467605.aspx for free.

Microsoft Ignite was a blast. It will be back in Chicago next year. I hope to see you there!


–George Monsalvatge (that’s me in the middle)

Microsoft Ignite 2015: Sweet Home Chicago

April 29, 2015 at 12:51 pm | Posted in Microsoft, Vendor news | Leave a comment
Tags: , ,

Leonard and Phil Chess started a record company named Chess Records  in Chicago that forever changed the face of music. In the first week of May 2015, Microsoft will have their new educational megaconference, now named Ignite, in Chicago. Will something be announced at the Ignite Conference that will change the tech world?  I don’t know, but I can’t wait for the keynote address.



Instead of hosting separate events for SharePoint, Lync, Exchange, Project, and TechEd North America, this year Microsoft rolled several annual conferences into Ignite. Not surprisingly, this conference is already sold out. However, even if you can’t attend in person, you may still be able to look at Windows 10, as well as learn the latest features and changes taking place with Azure, Exchange, SharePoint, Office 365, SQL Server, System Center, Windows Server, Visual Studio, Intune, Lync, and more. Microsoft usually publishes online versions on Channel 9.

Because Ignite replaces the venerable TechEd, Microsoft will provide opportunities for you to get certified at the conference. During the week of the conference, there will be onsite testing available to all attendees for  $75, that’s 50% off the regular price. You can visit http://www.microsoft.com/learning to preregister for the exam. Use the promo code ignitena at checkout to get the 50% discount.

There will be at least 15 exam prep sessions conducted by Microsoft Certified Trainers (MCTs). MCTs will walk you through each objective on the exam to ensure that you know what is covered on the test. Check the Microsoft Ignite schedule for the times and rooms for these sessions.

There will also be a study hall at Microsoft Ignite that will free access to practice tests before you go take an exam. The study hall will located in Certification Central. Along with free exam prep resources, there will be MCTs on hand to answer questions and offer advice on taking the exams.

This inaugural event will include a Hands-On Lab that gives you the opportunity to run through hundreds of labs on Azure, Exchange, SharePoint, Office 365, SQL Server, System Center, Windows Server, Visual Studio, Intune, Lync, and more. These labs are self-paced and are a great way to increase your knowledge about a topic or learn a new technology.


MCTs are running these labs on site to ensure that everything runs smoothly. The Hands-On Lab is open every day, and I encourage you to stop by. I will be working in the lab, so come by and say Hi.


Also do not forget about the Attendee Celebration on Thursday. The food will be great and the beer will be cold. To quote the late famous Chicago Cubs announcer, “Holy Cow”!



New conference, but still the man with the unpronounceable name,

–George Monsalvatge

Microsoft TechEd 2014 — I’ll see you there!

May 9, 2014 at 3:38 pm | Posted in Conferences, Microsoft, Transcender news | 3 Comments
Tags: , , ,

TechEd 2014 is happening next week in Houston (May 12-15). If you haven’t already heard, this event is SOLD OUT, and no, you can’t just buy tickets from a scalper. (It looks like a limited number of Expo Only passes are available as of this writing, but that’s it.)


Why all the hubbub to attend an annual event? What’s in it for you? Well, not only do you get to attend four days of presentations on the latest tech, but if you’re in the market to upgrade your resume, you’re in luck: Microsoft will be offering 50% off of all MCP exams to attendees at TechEd.

Study hall, free Transcender practice tests, and Hands-On Labs

Not only can you take your MCP exam at TechEd, but you’ll have plenty of support to prepare for your exam. There will be targeted exam prep sessions led by different MCT Ambassadors (check the TechEd schedule as times and locations are released/updated).

Or, you can escape the convention center and study using Transcender practice tests in a quiet environment (including our newly released  70-412, Configuring Advanced Windows Server 2012 Services R2). The Study Hall is located in Room 339 on level 3 of the Hilton Hotel this year. The workstations there will also provide you with free e-books and on-demand training from  the Microsoft Virtual Academy (MVA). To get there, just take the sky bridge on the 3rd floor of the Convention Center across to the Hilton Hotel, 3rd level.

I believe one of the greatest features of TechEd is the Hands-On Lab. The Hands-On Lab offers you 214 different labs on different technologies that you can work through at your own pace. For example, if you do not have SQL Server 2014 installed at your office, or have access to a private cloud that you can practice with, the Hands-On Lab is the place to go.


Where’s George? Find me and win a future practice test discount

Myself and the best MCTs on this planet will be working in the Hands-On Lab to help you through any technologies. I’ll also be available in the Study Hall to help set you up with practice tests and study materials.

If you can find me at the Hands-On Lab (or the Study Hall), come on up and say hello. Bonus points if you can pronounce my last name correctly — hint: it’s spelled “Monsalvatge.”


If you see this smiling mug, snap a photo and post it to social media — or, better yet, snap a selfie WITH me in the frame tag us on Facebook, @Transcender , or Tweet us @TranscenderPrep and we’ll send you a post-show discount!  

Too shy to post your mug to social media? Closet social media Luddite? Not to worry.  You can just give me your contact information (business card, SMS) and I’ll make sure to email you the promo code after the show. 

How to score your 50% off (or FREE) certification exam sitting at TechEd

If you want to take an MCP exam at TechEd, I strongly recommend you schedule it in advance. To do so, go to Prometric.com and then follow these instructions:

  • Choose “United States,”  and then select Texas as the state.
  • Pick test center MC62 or MC63 at the George R Brown Convention Center.
  • You can take 74-409 – Server Virtualization with Windows Server Hyper-V and System Center for FREE with promo code TENA409.
  • For all other MCP exams, use TENA50 as the Promo Code to get your 50% discount.

If you’re already a TechEd ticket holder and you plan to take advantage of ExamDiscountpalooza, here’s a word of advice from my past experience: the best day to take exams is Sunday. Yes, the test center will be open from Sunday through Thursday, but knocking it out early on Sunday will ensure testing doesn’t overlap your other TechEd sessions. Furthermore, if you happen not to pass your exam, you can retake it after 24 hours have passed instead of paying full price after TechEd is over. And finally, signing up for an early slot lowers your chance of losing your exam seat to a walk-in registrant.

George’s Picks For Events

As a longtime TechEd attendee, I am always blown away by the amount of programming available. Here are my suggestions for the events I’ve marked as “must attend” at TechEd.

The TechExpo is held Monday night from 6-8:30 at the Convention Center. You get to meet the vendors, see what new products are available in the marketplace, and get some neat “swag.” And, oh yes, there is food and drink.

Straight after the TechExpo is the Certification Nation Celebration party. Just show your MCP ID to get in. If you do not have a MCP ID, this is a great opportunity to get certified. Check with the folks at the Study Hall where the celebration will be. You can mix and mingle and share testing stories with other candidates.

Tuesday is networking night from 6:30 to 8:30  at the Convention Center. Get the opportunity to make friends and find people in similar fields.

If you are female, you may want to check out the Women in Technology luncheon from  11:45 to 1:15 on Wednesday. This is another great opportunity to network.

Thursday is the Attendee party. If you have ever been to TechEd before, you know how fun this is. This will be at the Minute Maid park, the home of the Houston Astros or affectionately known as the “Juice Box”. I will see you there.

–George Monsalvatge

Death cometh for Windows XP?

March 21, 2014 at 7:58 am | Posted in Microsoft, Technical Tips, Vendor news | Leave a comment
Tags: , ,

Microsoft has announced that as of April 8, 2014 there will no longer be any technical assistance for Windows XP. There will be no more automatic updates for Windows XP. You will be able to receive anti-malware signature updates if you have installed Microsoft Security Essentials for a limited time after 4/8/2014.  With no security patches to protect it, is this the death of Windows XP?


I am not sure how to react to the death of Windows XP. Do I put on a coat and tie, invite some other XP users over, and say some nice words about the operating system? Do I sing “Dust in the Wind” like Will Ferrell did in  the movie “Old School”at the funeral for the beloved character “Blue”?


What I do know is that my Windows XP computer will not drop dead on 4/8/2014, but the risk of a Windows XP computer getting hacked increases significantly.

Who cares, you say? No one runs Windows XP anymore, you say? That is not quite true. As of December 2013, Windows XP computers represented  30%  market share according to netmarketshare.com.  According to the NCR corporation, 95% of the ATMs worldwide run Windows XP.  Not to mention the number of medical devices using Windows XP.  My coworker Ann snapped this photo during an unscheduled visit to the emergency room at a major metropolitan hospital on 3/14/14:


The end of support for Windows XP will require many companies to make decisions on the future of their products.  Product manufacturers will need to upgrade to stay ahead of any compliance issues caused by a lack of security updates.

Companies have been lukewarm to Windows 8, so I do not expect them to jump on the Windows 8 bandwagon. However, Windows 7 has been  up and running for several years and has a solid install base of about 47%, according to netmarketshare.com.  Granted, hardware will need to be upgraded or replaced to support the upgrade, but there are many other choices besides Windows 7.  Linux and Android have a chance to take advantage of this change.  Could the death of Windows XP mean Microsoft no longer dominates the operating system market?

In the past, companies continued to offer applications to customers who ran on outdated operating systems especially in the medical industry. I expect that companies will still support applications that run on Windows XP long after the end of the support date. People will still use old operating systems and drive old cars.  For example, I drive a car that is more than 41 years old, and I clock more than 8,500 miles a year on that car:


My 1973 Volkswagon Beetle is not as safe as a car manufactured after 2010.  I drive it because it’s fun to drive, but I take precautions.  I will not drive the car for more than 100 miles at a time. I always make sure that I have an auto club subscription like AAA.  If you drive an old car, you know you’ll need to upgrade the brakes, upgrade the head lights, and upgrade the safety belts. I replaced the ignition in 2014. Similarly, if you decide to keep Windows XP on your home machine or have your company’s applications continue to run on Windows XP, you will need to keep a few things in mind:

  • Older Internet browsers are lightning rods for security hacks. Upgrade those browsers to the latest version that will run on Windows XP.
  • Keep up-to-date anti-virus and anti-malware software.  Microsoft will support anti-malware signatures for some time after the end of support date. Look for third-party companies that may continue to provide anti-virus and anti-malware support for Windows XP.
  • Scale back privileges on the computer.  Restrict administrator privileges anywhere possible to minimize risks.
  • Have a plan to move data to a new operating system.

Microsoft offers a free program to migrate your data from Windows XP to Windows 8.1 called LapLink. The program will transfer your data, but will NOT migrate your applications.  There are several third party applications that will transfer data and applications that you can purchase such as PCmover.

Although we do not like to think about it, death comes for us all.  Like my father, the insurance salesman, would say, “You always need to provide for the inevitability of death”.  If you have Windows XP, death is knocking on the door. Make sure that you insure yourself against the security risks of running Windows XP and have a plan for moving data to a new operating system.


Good Luck!

Ch-ch-ch-changes: Turn and face the change (to Windows Server 2012 R2 exams)

March 12, 2014 at 9:03 am | Posted in Microsoft, Study hints, Vendor news | 6 Comments
Tags: , , , ,

The first song I ever heard by David Bowie was “Rebel, Rebel” and in the video, he had scarlet red hair, an eyepatch, and some stylin’ 70s pantaloons.  If you have followed the (not parallel, but similarly meteoric) careers of Windows Server and British rock star David Bowie, you will see one common thread. Can you guess what it is?


Mr. Bowie, like Windows Server, has gone through several significant changes of appearance since those early days. The first version of Window Server I ever used was Windows NT 3.1. Despite undergoing several version updates since then, some core functionalities have stayed the same.

WinServerVersions Now there is a new version on the market, Windows Server 2012 R2. Late last year Microsoft announced that they would modify the existing Window Server 2012 certification exams to cover  R2 (70-41070-411, and 70-412). The Windows Server 2012 R2 exam changes officially took effect in January 2014, although we saw staggered rollout in the field. So if you spent good money taking a Microsoft Official Curriculum (MOC) course on Server 2012, only to find yourself under pressure taking an exam that tested concepts from Server 2012 R2, you may be asking why Microsoft felt the need to update the exam content so soon. I have met several people at Microsoft. They are not mean people who pull the wings off of butterflies; they are actually really, really nice folk.  It’s simply that the exams needed to reflect the new features of Windows Server 2012 R2. David Bowie is not content to just live off his old tunes; he put out his 24th album in 2013.  In similar fashion, Microsoft is not content for certification candidates to know what might soon be a legacy operating systems. They want to ensure that candidates for their flagship MCSA and MCSE certifications are tested on the newest features deployed to the field.

Without further ado, here are the additions to the official exam objectives list for the  70-410, 70-411, and 70-412 exams. 70-410certChanges 70-411certChanges 70-412certChanges While you can purchase the latest album from David Bowie  and listen to it, you may not yet be able to find much training on the new R2 features.  The best way to prepare for this exam is to set up a couple of servers and work through each of the tasks listed in the exam objectives. You can get a free evaluation copy of Windows Server 2012 R2. There aren’t a lot of books on Windows Server 2012 R2 yet. I would use TechNet and other online resources to study the information on each sub-objective. I find that Microsoft generally pulls test questions from the examples in TechNet. I would ensure that I was 100% confident with each sub-objective listed on the prep guide before attempting the live exam. Reviewing information on a particular sub-objective will ensure that you will not see anything that you are not familiar with on the exam.

If you need extra hands-on experience but do not want to spend hours configuring a server, try using the FREE virtual labs at the following link: http://technet.microsoft.com/en-us/bb467605. These labs allow you to have 90 minutes of practice lab time on a Windows Server for FREE.

We will be cranking out the Windows  Server 2012 R2 updates for the 70-412 Transcender practice exam in the next few weeks. (Drop a comment here to be added to our notification list.) And you better believe I’ll be listening to a little David Bowie while we do it.

You can check out the already updated R2 Transcender practice tests here:

  • 70-410, Installing and Configuring R2
  • 70-411, Administering R2
Until next time,
George Monsalvatge

What the heck happened at TechEd 2013?

July 24, 2013 at 8:59 am | Posted in Microsoft, Transcender news, Vendor news | Leave a comment
Tags: , , , , ,

TechEd 2013 in New Orleans started with James Bond and ended, no lie, with me dancing on stage with Tina Turner. In between those two events, I did some technical stuff and saw some technical things.

As you may have heard by now, Microsoft Vice President Brad Anderson started the keynote speech by driving onto the stage in an Aston Martin, doing his best James Bond imitation.
Color me impressed.

Moving onto more relevant news: Microsoft announced the R2 revision to Windows Server 2012 as well as a new version of SQL, SQL Server 2014. During the keynote speech Brad Anderson gave a demonstration of the speed of Live Migration with Server 2012 R2. Server 2012 R2 performs Live Migration with compression that brings a significant improvement over Window Server 2012. SQL Server 2014 will support migration to Windows Azure virtual machines.

I got to attend a nice session on how SQL Server 2014 can easily back up and restore to the cloud, plus the improved “Always On” functionalities. For those of you unable to attend a TechEd session, you can bring yourself up to speed by reviewing the official SQL Server Blog, this article from Redmond Magazine, and this MSDN video, “Getting the Most out of Windows Azure Storage.”

The title of the keynote speech should have been “Cloud…James Cloud.” Microsoft is soaring toward the cloud at the speed of sound. Companies that currently manage a private clouds,  use a public cloud, or use some type of hybrid cloud configuration were excited to see improvements to Windows Azure, System Center, and Windows Intune.  A few bullet points:

  • With Windows Azure services for Windows Server, hosters can use System Center to manage hosted environments from a single management console in System Center.
  • Azure and Windows Server can offer web hosting and manage virtual machines.
  • Windows Intune is a cloud-based systems management and security service that can help integrate BYOD (Bring Your Own Device).

The BYOD sessions at TechEd were heavily attended. IT professionals need to connect to network resources with their iOS, Android and Windows devices. Microsoft said that they would provide support iPads and other devices in future updates.

One of the more interesting sessions I attended was the “Case of the Unexplained 2013: Windows Troubleshooting with Mark Russinovich“. It was informative and funny.

One of the more popular attractions at TechEd was that perennial favorite, the Hands On Labs. An attendee could go to the Hands On Labs and get their hands dirty with the latest technology. I got to work in the Hands On Labs this year. The Server 2012 R2 (Yes, Server 2012 R2!), Lync, and SharePoint labs were very popular. At certain times during TechEd, there was hardly a seat available for an attendee.


One nice bonus: Microsoft announced that attendees were given the opportunity to purchase Surface RT tablets for $99 and Surface PRO tablets for $399.


There was a mass rush for these tablets. Lines to purchase the tablets stretched for what seemed like miles. I heard of people that waited hours in line to purchase the tablets. It was a complete zoo.


However, Microsoft had plenty of tablets, they did not run out, and both Josh and I came back with shiny new tablets. For those of you who would like to run Transcender test engine software on the tablet: we are both running it with no problems, but not as an installed application. You have to run it in Internet Explorer (in compatibility mode).

Screen of Surface RT

Microsoft Surface RT running Transcender’s online test engine. Plus Daddy’s little helpers.

As always, Microsoft had a blow out party during TechEd; since this was New Orleans, it was held at the Superdome and featured the famous local music and culture.

Future NFL Hall of Famer, Drew Brees, played football with the TechEd attendees.One of my co-workers dropped a pass thrown from Mr. Brees. Tina Turner sang for the crowd. In what was probably the most surreal and memorable of my TechEd attendances to date, I, George Monsalvatge, got to go onstage with Ms. Turner and dance to “Proud Mary”.


The Transcender crew had a great time and I learned a lot.  Such as: I can’t dance. Or at least not with that many people staring at me.


Josh Hester, Aima Rotella, and Yours Truly. BTW, that’s not a booth babe, that’s our boss.

Until next time,

George Monsalvatge

My PMP Journey: Bad News, Good Advice, and the Dire Warnings You Should Heed

January 25, 2013 at 4:14 pm | Posted in PMI, Study hints | 3 Comments
Tags: , , ,

While I do manage projects in my daily work, I’d never thought of myself as an actual project manager. Being a take-action, Active Directory kind of guy, I primarily develop Microsoft practice exams and leave products like Project+ and CAPM to the professionals (aka Robin Abernathy). But last year several of my co-workers began suggesting that I take PMI’s Project Management Professional (PMP) exam. Then my supervisor softly “suggested” that I take the PMP exam. Even my sister, a project manager, got in the game and encouraged me to take the exam. Furthermore, my sister said the exam was easy and did not take a whole lot of work to prepare for.

Well, she was wrong.

Since I am a veteran trainer, exam developer, and test-passer, my initial plan of attack was to fill out the application, take a practice test to identify gaps in my knowledge, do self-study to close those gaps, schedule the exam, take the exam, and pass it. BOOM! PMP-ville.

The Bad News

Not so fast. First, it took forever and a day to detail all of my project work experience for the application. Yes, you have to document 4,500 hours of project management experience (7,500 hours if you don’t have a bachelor’s degree). They also require 35 hours of formal project management training, which I didn’t have. The training materials was not actually a problem, as I was able to take a Skillsoft e-learning course that my company offers, but I did have to stop and find time for 35 hours of training in my schedule.

Once I finished the training and completed the application, back in June 2012, I got the go-ahead from PMI to schedule my exam. Next, I tested my existing knowledge by taking the Transcender PMP practice test. I failed that practice test miserably, and I emphasize: miserably.

I appealed to my friends and Dr. Internet for advice. One friend suggested a book that turned out to be a lifesaver: PMP Project Management Professional Exam Study Guide by Kim Heldman. Meanwhile, Dr. Internet suggested that I read the book chapter by chapter, then go through some practice tests after I’d finished the whole thing.

The More Bad News

Great plan, except for the part where it didn’t work. I would read one chapter, then another chapter, and then life would get in the way. I would put in one week of good study, then put the PMP info down for about 10 days. Unfortunately, a lot of the information that I’d studied seemed to float away. This process continued all the way through fall. By the time September rolled around, I was still not able to pass the practice tests that came with the book. Worse, the actual PMP exam is four hours long, but I had to take lots of breaks to finish each practice test. I just could not sit through all 200 questions. I felt like I was in high school taking the SAT test again. Augh!

I soon figured out what everybody and their mother has already posted on the Internet: you need to know every process, every input for that process, every tool and technique for that process, and every output for that process. By the way, there are a whole lot of processes. I tried to memorize them with repeated reading, but was never successful.

Finally, I tried using the audio CDs that came with Heldman’s book. Since my office recently relocated to East Tumbleweed, I had plenty of driving time to listen to someone else describe each process. Although this sounds like this would be outlawed by the Geneva Convention as torture, it actually helped a lot. I was able to memorize most of the processes and their information in this way. More importantly, I was able to do significantly better on the book’s practice tests, and started to make headway on the Transcender practice test as well.

The very last thing I did to prepare was to actually read the PMBOK guide. Not exactly a page turner, but it had to be done. I wasn’t too far into the PMBOK when I realized that Heldman’s book has done such a great job of explaining the abstract terminology with real-life examples, that I didn’t need to spend a lot of time with the PMBOK itself. I might owe dinner to the buddy that recommended Heldman’s book.

The Dire Warnings

Scheduling, or rather the impossibility of RE-scheduling the PMP exam, was no walk in the park. I strongly suggest that you do not schedule your exam too many months in advance. In fact, you might want to make sure your test date is carved in stone. If you need to reschedule your exam within 30 days of the exam date, you will have to pay a $70 fee.  Worse, if you need to reschedule within 48 hours, you lose the entire testing fee ($405 for PMI members, $555 for non-PMI members). Ouch! Just be mindful, if you schedule the exam months in advance, life might get in the way, and you will risk losing your $70.


All warnings aside, I do recommend you set a goal date. I decided on the date that I wanted to take my exam and scheduled the exam only a few days out from that date.  Set a target date for when you want to take the exam, and then try to schedule the exam two weeks out from the target date.

The test center where I took the exam reminded me of the gulag in the movie “Stripes” where the East Germans held John Candy, Judge Reinhold and the gang, before Bill Murray and Harold Ramis busted them out.


The lighting was so bad that I could barely see what I was writing on the scrap paper they gave me. As promised, the exam had 200 questions and blocked out four hours. My sister said that it would only take me two hours, tops. As I may have mentioned before, my sister was wrong. It took nearly the whole four hours for me to finish. It was comprehensive and really a tough exam. After staring at a screen for four hours, I could barely see to drive home.

Finally, the Good Advice

The exam was not impossible. Looking back, there are some things that I would have done differently. For starters, former Transcender team member Jennifer Wagner gave some really good advice on the application process in her blog post from 2009. Like she mentions, you should start documenting your project hours as soon as you start thinking about the PMP exam to cut down on the time spent sorting out the application requirements.

After I finished the application process and got the approval to take the exam, I would have tried to take the test within 6 weeks. I would have taken several days off from work and buckled down to go through all the material and practice tests on a continual basis, instead of trying to dedicate 90 minutes to studying five days a week.  PMI uses specific terminology to describe things that seem obvious or intuitive when you’re actually managing a project. If you do not know that terminology backwards and forwards, which I didn’t at first, it will be tough to pass the exam, even if you apply those principles every day at your job.

For me, the best way to get the knowledge about the processes was to go through as many practice test questions as I could to cement the information about the processes in my brain. There are about 800 practice test questions and over 1000 flash questions in the Trancender PMP practice test. I also went through the 400 practice test questions in the Kim Heldman’s book. With my work/life schedule, it took about two weeks to go through all those questions. Going through the questions highlighted my deficiencies. This was the key to the whole process, since after I identified the weak areas, I concentrated on the processes that I was weak on. I got better and better at the flash cards and practice questions until I felt ready to schedule my exam.

The more that you space the studying out, the less you’ll retain. Dedicate some time to the process and knock it out of the park while it’s still fresh. Hope this insight into my experience helps set your expectations & project management goals. Good luck!


–George Monsalvatge

Next Page »

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: