RE: sunbelt IRC channel/Server
IRC? I feel like I just stepped out of a time machine and back into the 20th century! ;-) John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us From: justino garcia [mailto:jgarciaitl...@gmail.com] Sent: Monday, May 10, 2010 11:08 PM To: NT System Admin Issues Subject: OT: sunbelt IRC channel/Server OT sunbelt IRC channel/Server ??? -- Justin IT-TECH NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Wireless Routers
Windows firewall was not enabled on my laptop or the client's desktop. John-AldrichTile-Tools From: Ken Hoegeman [mailto:ken.hoege...@gmail.com] Sent: Monday, May 10, 2010 9:25 PM To: NT System Admin Issues Subject: Re: Wireless Routers FYI - I have 4 year old laptop with Windows 7 Nod 4 security suite. At some of my clients I can connect to their secure WAP (not Netgear), but don't get an IP thru DHCP. Connecting with ethernet cable is never a problem. I just disable the firewall get the IP address and then turn the firewall back on. Ken On Mon, May 10, 2010 at 10:17 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: This weekend, I spent about 4 hours working at a client's site (side job) trying to get their desktop to link up to their existing wireless router (Netgear.) I never succeeded and I was also unable to get my Dell laptop to talk to their wireless router. After fussing with it for over 2 hours, I went to Walmart and bought a WRT54GS2 Linksys wireless (same exact model I have at home) and hooked it up. Instant success. Long story short - if I ever have a job where I can't get the wireless to connect, and the user has a Netgear wireless router, I'm not even going to spend time on it, I'll just tell the client I'm going to go buy a different router that *will* work and get another Linksys. Just thought I'd pass this along for anyone who's looking for a new wireless router. J John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Wireless Routers
Well, the desktop and laptop I was referring to are Windows XP machines, so unless the bug or whatever affects XP machines as well... :-) -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Monday, May 10, 2010 11:04 PM To: NT System Admin Issues Subject: Re: Wireless Routers On 10 May 2010 at 21:25, Ken Hoegeman wrote: FYI - I have 4 year old laptop with Windows 7 Nod 4 security suite. At some of my clients I can connect to their secure WAP (not Netgear), but don't get an IP thru DHCP. Connecting with ethernet cable is never a problem. I just disable the firewall get the IP address and then turn the firewall back on. Might be related to this: Windows Vista cannot obtain an IP address from certain routers or from certain non-Microsoft DHCP servers http://support.microsoft.com/kb/928233 -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Small business/SOHO accounting
Quickbooks expensive? Don't they give that away when you buy their tax software? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, May 10, 2010 9:37 PM To: NT System Admin Issues Subject: RE: Small business/SOHO accounting Why on EARTH would you waste your time energy and effort to do something that has been done a thousand times before and in no-way adds unique value to your business in excess of the time you spend on it? Not to mention meeting all the requirements of double-entry book-keeping, accrual and cash-based accounting, and GAAP? No, I wouldn't recommend you do that at all. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: justino garcia [mailto:jgarciaitl...@gmail.com] Sent: Monday, May 10, 2010 10:31 PM To: NT System Admin Issues Subject: Re: Small business/SOHO accounting This may be silly, but how about VBA + excel, and create your own program. Or access + VBA and create your own in house acounting program. On Mon, May 10, 2010 at 9:55 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I don't know anything about the product, nor do I know if it does what you need, but check out PostBooks, which is free from xTuple.org It's open source, and as usual there are paid-for commercial versions. --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 10 May 2010 11:42:52 -0700 Subject: Small business/SOHO accounting Hello, world! Anyone care to give recommendations in the small business/SOHO accounting product space? QuickBooks is very common, but also rather expensive, and in the past I've had horrible experiences with Intuit customer service, and I've learned that most common does not mean best. For this user, traditional software and web services are both acceptable. They've got just one PC, running Vista. I Googled quickbooks alternatives and found a bunch of hits, but this is one of those areas where practical experience is invaluable, so I thought I'd see if anyone here has anything they'd want to share. Recommendations on what to avoid would also be useful. advTHANKSance -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Justin IT-TECH ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Small business/SOHO accounting
On Tue, May 11, 2010 at 8:45 AM, Maglinger, Paul pmaglin...@scvl.com wrote: Quickbooks expensive? Don’t they give that away when you buy their tax software? I don't think so. Their website says that TurboTax for Small Business can import data from QuickBooks, but says you have to already have QuickBooks. http://turbotax.intuit.com/small-business-taxes/business.jsp -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Small business/SOHO accounting
It seems to me around tax time they gave you some kind of rebate or discount for Quickbooks when you buy TurboTax. Maybe they don't do that anymore. -Paul -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 7:48 AM To: NT System Admin Issues Subject: Re: Small business/SOHO accounting On Tue, May 11, 2010 at 8:45 AM, Maglinger, Paul pmaglin...@scvl.com wrote: Quickbooks expensive? Don't they give that away when you buy their tax software? I don't think so. Their website says that TurboTax for Small Business can import data from QuickBooks, but says you have to already have QuickBooks. http://turbotax.intuit.com/small-business-taxes/business.jsp -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Small business/SOHO accounting
They tend to give away (or at deep discount) Quicken, not QuickBooks, at tax time. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 11, 2010 at 8:52 AM, Maglinger, Paul pmaglin...@scvl.comwrote: It seems to me around tax time they gave you some kind of rebate or discount for Quickbooks when you buy TurboTax. Maybe they don't do that anymore. -Paul -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 7:48 AM To: NT System Admin Issues Subject: Re: Small business/SOHO accounting On Tue, May 11, 2010 at 8:45 AM, Maglinger, Paul pmaglin...@scvl.com wrote: Quickbooks expensive? Don't they give that away when you buy their tax software? I don't think so. Their website says that TurboTax for Small Business can import data from QuickBooks, but says you have to already have QuickBooks. http://turbotax.intuit.com/small-business-taxes/business.jsp -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Small business/SOHO accounting
On Mon, May 10, 2010 at 8:30 PM, Jonathan Link jonathan.l...@gmail.com wrote: I know a SOHO who generates $300,000 annually in profit, so again, it's all a matter of perspective. True enough. You hadn't described budgetary requirements, except to say that Quickbooks is expensive. Good point. They don't really have a budget for this, except so say that they have very modest needs and want value. In other words, keep things as cheap as possible without sacrificing useful functionality. I think that's a smart approach. (It's a small manufacturing company which was rescued from financial collapse by the owner of my nominal employer. They have two or three full-time employees, plus a part-time office worker. The GM is also tasked from my employer. Guess where IT comes from. ;-) ) However, accountants fees can quickly make the expense of of QB incidental. Unless the cost of the accountant is somehow proportional to the cost of QuickBooks, I don't really see that as relevant. Paying a lot for QuickBooks just because something else costs more is not good business sense. Now, it may be that using QuickBooks would lower accountant fees, since QuickBooks is the most common package. That's a good point, and something that normally would be worth investigating. However, due to the ownership situation described above, my employer is also loaning our accounting staff. So accountant fees are zero. Unfortunately, we can't use the ERP software my employer runs for this other company, so I'm looking at other software. In any event, I've found that examining alternatives to what everyone else does often pays off. The smaller the business, the more nimble they can be, so this is an opportunity. If your stance is Just use QuickBooks, well, that's valid, but here I'm interested in hearing about alternatives people have tried. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Life just keeps getting better....
On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth-shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Small business/SOHO accounting
I stand corrected. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, May 11, 2010 7:56 AM To: NT System Admin Issues Subject: Re: Small business/SOHO accounting They tend to give away (or at deep discount) Quicken, not QuickBooks, at tax time. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 11, 2010 at 8:52 AM, Maglinger, Paul pmaglin...@scvl.com wrote: It seems to me around tax time they gave you some kind of rebate or discount for Quickbooks when you buy TurboTax. Maybe they don't do that anymore. -Paul -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 7:48 AM To: NT System Admin Issues Subject: Re: Small business/SOHO accounting On Tue, May 11, 2010 at 8:45 AM, Maglinger, Paul pmaglin...@scvl.com wrote: Quickbooks expensive? Don't they give that away when you buy their tax software? I don't think so. Their website says that TurboTax for Small Business can import data from QuickBooks, but says you have to already have QuickBooks. http://turbotax.intuit.com/small-business-taxes/business.jsp -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Wireless Routers
Thanks, I looked at that article, but the DHCP server is Win2003 Ken On Mon, May 10, 2010 at 11:04 PM, Angus Scott-Fleming angu...@geoapps.comwrote: On 10 May 2010 at 21:25, Ken Hoegeman wrote: FYI - I have 4 year old laptop with Windows 7 Nod 4 security suite. At some of my clients I can connect to their secure WAP (not Netgear), but don't get an IP thru DHCP. Connecting with ethernet cable is never a problem. I just disable the firewall get the IP address and then turn the firewall back on. Might be related to this: Windows Vista cannot obtain an IP address from certain routers or from certain non-Microsoft DHCP servers http://support.microsoft.com/kb/928233 -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Small business/SOHO accounting
A whole lot of the decision should be based on accounting needs. Payroll done internally? If so, is it important to have it done in the software, or can/will someone do it all by hand including all the local, state and federal filings. What about inventory for parts and finished goods? Does it need to be highly accurate and tracked in great detail for thousands or even millions of items? What about work in process inventory? These are all add-ons that can significantly increase the cost of a basic accounting package. If none of this is necessary, which sounds probable given the description, the freebie solutions might work just fine. Also the bookkeeping / accounting skill of the folks involved should be considered. For dead simple bookkeeping that doesn't 'feel like' real accounting, Quickbooks is hard to beat. The checkbook metaphor is one most people get. If the relevant staff understand basic concepts such as double entry accounting and can accurately make journal entries when necessary something like Peachtree might be better. On Tue, May 11, 2010 at 9:01 AM, Ben Scott mailvor...@gmail.com wrote: On Mon, May 10, 2010 at 8:30 PM, Jonathan Link jonathan.l...@gmail.com wrote: I know a SOHO who generates $300,000 annually in profit, so again, it's all a matter of perspective. True enough. You hadn't described budgetary requirements, except to say that Quickbooks is expensive. Good point. They don't really have a budget for this, except so say that they have very modest needs and want value. In other words, keep things as cheap as possible without sacrificing useful functionality. I think that's a smart approach. (It's a small manufacturing company which was rescued from financial collapse by the owner of my nominal employer. They have two or three full-time employees, plus a part-time office worker. The GM is also tasked from my employer. Guess where IT comes from. ;-) ) However, accountants fees can quickly make the expense of of QB incidental. Unless the cost of the accountant is somehow proportional to the cost of QuickBooks, I don't really see that as relevant. Paying a lot for QuickBooks just because something else costs more is not good business sense. Now, it may be that using QuickBooks would lower accountant fees, since QuickBooks is the most common package. That's a good point, and something that normally would be worth investigating. However, due to the ownership situation described above, my employer is also loaning our accounting staff. So accountant fees are zero. Unfortunately, we can't use the ERP software my employer runs for this other company, so I'm looking at other software. In any event, I've found that examining alternatives to what everyone else does often pays off. The smaller the business, the more nimble they can be, so this is an opportunity. If your stance is Just use QuickBooks, well, that's valid, but here I'm interested in hearing about alternatives people have tried. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
Right now I'm still not too keen on McAfee's credibility... -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, May 11, 2010 8:16 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Wireless Routers
My Blackberry WiFi is flaky when used with my Netgear and it won't work at all with my old D-Link. One more data point. No, I haven't tried it with a Linksys. RM On Mon, 10 May 2010 10:31 -0400, John Aldrich jaldr...@blueridgecarpet.com wrote: I’m pretty sure the Netgear was an 802.11G router. The Dell laptop has a Dell Wireless Dual-Band WLAN card in it (on-board.) The Desktop machine had an Edimax EX-7128G 802.11 b/g card installed. Once I got the Linksys in, it connected right up and even got an IP address. Not to mention that the client said his Vista laptop had problems getting onto the internet that morning wirelessly. I’ve had problems with Netgear wireless routers before and that’s part of the reason I will refuse to use Netgear wireless routers in the future. Wired, sure. Wireless, no. John-Aldrich Tile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Computers becoming unresponsive accross entire network.
Fwiw, we are implementing such a system (basically, by creating an additional layer between the engine and the detection, so if a detection starts to spin, it will get stopped). We have been testing it and the results look quite promising (it will take some time to get into the engine, though, as it's not trivial). If you're curious, I wrote a little technical bulletin on what happened Friday here: http://forums.sunbeltsoftware.com/messageview.aspx?catid=27threadid=4653enterthread=y Alex -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, May 10, 2010 9:58 PM To: NT System Admin Issues Subject: RE: Computers becoming unresponsive accross entire network. Who knows, but if the machine is pre-empting the AV scanner, then that's how the issue that Kurt highlighted yesterday starts to creep in. Your malicious code gets to do something in between the various bits of code that the AV scanner is running. So, I agree with Ben. For a regular disk-scan, a cap might be good (or lower scheduling priority). For on-access scanning, I think you want to the AV scanner to run at high priority and avoid being pre-empted if possible. Cheers Ken -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Tuesday, 11 May 2010 12:07 AM To: NT System Admin Issues Subject: RE: Computers becoming unresponsive accross entire network. But doesn't that beg the question; should an AV app EVER require 75% of a machines resources for ANYTHING? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, May 10, 2010 9:02 AM To: NT System Admin Issues Subject: Re: Computers becoming unresponsive accross entire network. On Sun, May 9, 2010 at 6:03 PM, Andrew S. Baker asbz...@gmail.com wrote: Or something that ensures that no more than 75% of remaining CPU will ever be consumed by the AV app and its processes... For a general system scan, that sounds like a good idea. But for on-access scans (real time, auto protect, whatever you call it), I think you'd want the system to run it as fast as possible. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
I am sure that goes for a lot of their customers, we are doing double QA because of the last debacle... and we aren't alone in this approach. Mcafee's QA failure has just turned the cover back on the risk that all business are having when they have blind faith in the vendors of the products they are using to secure their networks, which has come back to bite lot of them in the arse... And from the list, it seems that other AV vendors have succumb to this issue also, and their customers have suffered, therefore our C levels are asking us to put in additional procedural controls to prevent/reduce the risk from our vendors bad DAT/Engine updates to AV to ensure business continuity and less DR exercises which caused major business disruption, downtime and financial loss. With these extra controls, we need to let them know the additional risk they are accepting via formal risk analysis/assessments by asking for the changing of the operational controls, because in some business the AV they use is the only security control they have to reduce the risk, sad as that might be, its reality for a lot of companies. Food of thought, Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Tuesday, May 11, 2010 9:19 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Right now I'm still not too keen on McAfee's credibility... -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, May 11, 2010 8:16 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: sunbelt IRC channel/Server
We don't use IRC alas. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, May 11, 2010 6:17 AM To: NT System Admin Issues Subject: RE: sunbelt IRC channel/Server IRC? I feel like I just stepped out of a time machine and back into the 20th century! ;-) John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us From: justino garcia [mailto:jgarciaitl...@gmail.com] Sent: Monday, May 10, 2010 11:08 PM To: NT System Admin Issues Subject: OT: sunbelt IRC channel/Server OT sunbelt IRC channel/Server ??? -- Justin IT-TECH NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Small business/SOHO accounting
Now we're getting somewhere. Since they're manufacturing, they have labor. How is/will payroll handled? Once you get into payroll situations your accounting system is now at the mercy of the vendors. You have to maintain updates for payroll tax tables. Trying to manually keep up with them is a risky proposition. Additionally, most vendors require periodic updates to the underlying accounting package in order to keep the annual tax table updates. For example, quickbooks is every three years. MAS 90 requires annual maintenance fees for the application which includes payroll tax updates. Peachtree is either three or four years, as I recall. Then there's the inventory issue, which depending on the size of inventory can influence your decision on the package purchased. Based on where you're going with this, you're not really asking a technical question, you're asking questions that are ultimately accounting questions. Those questions need to be answered or at least developed before selection of an accounting package. On Tue, May 11, 2010 at 9:01 AM, Ben Scott mailvor...@gmail.com wrote: On Mon, May 10, 2010 at 8:30 PM, Jonathan Link jonathan.l...@gmail.com wrote: I know a SOHO who generates $300,000 annually in profit, so again, it's all a matter of perspective. True enough. You hadn't described budgetary requirements, except to say that Quickbooks is expensive. Good point. They don't really have a budget for this, except so say that they have very modest needs and want value. In other words, keep things as cheap as possible without sacrificing useful functionality. I think that's a smart approach. (It's a small manufacturing company which was rescued from financial collapse by the owner of my nominal employer. They have two or three full-time employees, plus a part-time office worker. The GM is also tasked from my employer. Guess where IT comes from. ;-) ) However, accountants fees can quickly make the expense of of QB incidental. Unless the cost of the accountant is somehow proportional to the cost of QuickBooks, I don't really see that as relevant. Paying a lot for QuickBooks just because something else costs more is not good business sense. Now, it may be that using QuickBooks would lower accountant fees, since QuickBooks is the most common package. That's a good point, and something that normally would be worth investigating. However, due to the ownership situation described above, my employer is also loaning our accounting staff. So accountant fees are zero. Unfortunately, we can't use the ERP software my employer runs for this other company, so I'm looking at other software. In any event, I've found that examining alternatives to what everyone else does often pays off. The smaller the business, the more nimble they can be, so this is an opportunity. If your stance is Just use QuickBooks, well, that's valid, but here I'm interested in hearing about alternatives people have tried. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: RE: Life just keeps getting better....
Just as IPS products are maturing to the point that signatures are only a small part of the arsenal, so AV will have to mature. The players that de-emphasize signatures for blacklisting purposes will flourish. See: http://bit.ly/bv8dpO -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On May 11, 2010 9:15 AM, Ziots, Edward ezi...@lifespan.org wrote: You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 20... Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RE: Life just keeps getting better....
Nice article on your blog Andrew, reading it now, sent you a slide-deck offline for review... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, May 11, 2010 10:10 AM To: NT System Admin Issues Subject: Re: RE: Life just keeps getting better Just as IPS products are maturing to the point that signatures are only a small part of the arsenal, so AV will have to mature. The players that de-emphasize signatures for blacklisting purposes will flourish. See: http://bit.ly/bv8dpO -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On May 11, 2010 9:15 AM, Ziots, Edward ezi...@lifespan.org wrote: You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 20... Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 9:16 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
On Access, most of the rootkits on the systems have hidden themselves from AV, therefore rendering its On Access detection useless. Its not whether AV is good or not, its just a race not worth running anymore trying to fight common threat vectors with signature techniques. Been using CSA here for about 5+ yrs and its cut down the Malware/Spyware drastically, due to controlling code execution period, its hooked into the Kernel so it can't be bypassed, and has saved the bacon more than a few times. Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.0 which leaves folks in a pickle and looking for other solutions and application whitelisting seems to be the best of the choices atm. Its not fool-proof, but again its controlling execution, and you have a method of vetting what software is good and what is bad in your environments, which is a ton better than just putting AV on the system and calling it a day... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 10:44 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 9:16 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
Just to amplify 6.0 is also discontinued. This last release a few weeks ago 6.0.2 is the last. It supports 64 bit and windows 7. Server up to 2008 but not R2. No other future operating systems will be supported. They will not say if any future service packs will be supported but if they break CSA you will be on your own, imho. VERY sore subject with me. :) But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner or later no question about it. Behaviour based HIPS is the only thing that will win this fight. CSA's was the best there ever was at doing this. Virtually bullet proof if implemented correctly, but alas it is gone now. Trends new one is looking pretty good. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
I also have a presentation in PDF form that talks about what Jim is speaking with Trend-Micro. If you want to review it for yourselves to make a informed decision accordingly. Ping me offline, Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, May 11, 2010 10:57 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Just to amplify 6.0 is also discontinued. This last release a few weeks ago 6.0.2 is the last. It supports 64 bit and windows 7. Server up to 2008 but not R2. No other future operating systems will be supported. They will not say if any future service packs will be supported but if they break CSA you will be on your own, imho. VERY sore subject with me. :) But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner or later no question about it. Behaviour based HIPS is the only thing that will win this fight. CSA's was the best there ever was at doing this. Virtually bullet proof if implemented correctly, but alas it is gone now. Trends new one is looking pretty good. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
-Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: RE: Life just keeps getting better On Access, most of the rootkits on the systems have hidden themselves from AV, therefore rendering its On Access detection useless. How does a rootkit manage to hide itself in the first place? You can only hide yourself from FSF if you have hooked the relevant system calls in the first place. On access should detect that before it happens. Its not whether AV is good or not, its just a race not worth running anymore trying to fight common threat vectors with signature techniques. Irrelevant to the point. You were talking about whitelisting vs blacklisting, and yet are unable to explain how whitelisting helps in the scenario you talked about. Suggest you understand the situation before advocating some solution that doesn't solve the problem. Cheers Ken Been using CSA here for about 5+ yrs and its cut down the Malware/Spyware drastically, due to controlling code execution period, its hooked into the Kernel so it can't be bypassed, and has saved the bacon more than a few times. Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.0 which leaves folks in a pickle and looking for other solutions and application whitelisting seems to be the best of the choices atm. Its not fool-proof, but again its controlling execution, and you have a method of vetting what software is good and what is bad in your environments, which is a ton better than just putting AV on the system and calling it a day... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 10:44 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 9:16 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Life just keeps getting better....
On Tue, May 11, 2010 at 10:44 AM, Ken Schaefer k...@adopenstatic.com wrote: [re: vulnerabilities in AV software, especially How is whitelisting or blacklisting going to help? Answer: it's not. Whitelisting is not directly going to address the problem of vulnerabilities in anti-virus software. But I agree with the stance that looking for signatures of known bad software is fast becoming infeasible. Whitelisting and similar strategies bypasses the entire problem. Rather than try to identify software you don't want (which is potentially infinite), you identify software you do want. I like ASB's analogy by firewall policy: Deny by default, allow known good has long been the accepted best practice. It makes sense to do the same for software. LUA (Limited User Access, Microsoft's term for least privilege, i.e., running without admin rights) is already a big step in this direction. We don't let users modify C:\WINDOWS or C:\Program Files, because that's where the software lives. From there, the obvious next step is to deny execution from C:\Documents and Settings. There's the usual heavy sprinkling of compatibility headaches -- it's amazing how much software expects to execute things from %TEMP% or All Users\Application Data -- but much like LUA, while initial implementation can be a hassle, I think it will pay off big in the long run. Done right, this could vastly reduce or even eliminate the traditional anti-virus role. (For well-managed environments. Clueless home users are still screwed. :-( ) I do agree with the premise that AV software should not have security vulnerabilities. I just think that the problems are bigger than that, and the apparent way forward may make the smaller issue of AV software vulnerabilities moot, by making traditional signature-based AV software obsolete. But, if your AV was any good, it would detect the problem on access At this point I don't expect signature scanning to stop anything. Malware evolves too quickly to keep up. We have traditional AV software, we use it, we even depend on it more than I would like, but I don't expect it to keep up with the morphed-threat-of-the-minute whack-a-mole problem. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Life just keeps getting better....
based on recent events, I shudder to even mention this, but McAfee has acquired Solid Core their whitelist solution ( http://www.solidcore.com/ ) and is slated to have the new version be managed via ePO console On Tue, May 11, 2010 at 10:56 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: Just to amplify 6.0 is also discontinued. This last release a few weeks ago 6.0.2 is the last. It supports 64 bit and windows 7. Server up to 2008 but not R2. No other future operating systems will be supported. They will not say if any future service packs will be supported but if they break CSA you will be on your own, imho. VERY sore subject with me. :) But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner or later no question about it. Behaviour based HIPS is the only thing that will win this fight. CSA's was the best there ever was at doing this. Virtually bullet proof if implemented correctly, but alas it is gone now. Trends new one is looking pretty good. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
Ken, Personal experience with dealing with r00ted systems that have bypassed AV controls has shown me a lot about how nefarious these attacks can be, and I am still learning a lot about the infector vectors and how to provide controls to prevent them. If AV doesn't have a signature for the attack that the current malware has employed, then its pretty trivial to do file system infection, Trojan dropping, rootkit installation etc etc, trust me the malware authors/writers are still well ahead of us in the battle and will probably continue to be for quite sometime. Also I am not advocating any approach except that AV by itself is almost worthless as a system control anymore. But when you are dealing with like 10K+ new samples a day of virus/malware then its pretty hard for any AV vendor to keep up with signatures to detect them all. I would rather not turn this into a flame war, if you disagree, that is perfectly fine, and you are well without your rights, please feel free to contact me offline we can ramble it out there accordingly. Always love a good discussion about this subject as painful as it is for business these days. Thanks EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 11:01 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: RE: Life just keeps getting better On Access, most of the rootkits on the systems have hidden themselves from AV, therefore rendering its On Access detection useless. How does a rootkit manage to hide itself in the first place? You can only hide yourself from FSF if you have hooked the relevant system calls in the first place. On access should detect that before it happens. Its not whether AV is good or not, its just a race not worth running anymore trying to fight common threat vectors with signature techniques. Irrelevant to the point. You were talking about whitelisting vs blacklisting, and yet are unable to explain how whitelisting helps in the scenario you talked about. Suggest you understand the situation before advocating some solution that doesn't solve the problem. Cheers Ken Been using CSA here for about 5+ yrs and its cut down the Malware/Spyware drastically, due to controlling code execution period, its hooked into the Kernel so it can't be bypassed, and has saved the bacon more than a few times. Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.0 which leaves folks in a pickle and looking for other solutions and application whitelisting seems to be the best of the choices atm. Its not fool-proof, but again its controlling execution, and you have a method of vetting what software is good and what is bad in your environments, which is a ton better than just putting AV on the system and calling it a day... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 10:44 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 9:16 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a
Re: Life just keeps getting better....
Why take it offline? If you have something to say about a subject and it is relevant to this forum, please say it here; I'm sure it is of interest to all subscribers to the list. -- Peter van Houten On the 11 May, 2010 17:12, Ziots, Edward wrote the following: Ken, Personal experience with dealing with r00ted systems that have bypassed AV controls has shown me a lot about how nefarious these attacks can be, and I am still learning a lot about the infector vectors and how to provide controls to prevent them. If AV doesn't have a signature for the attack that the current malware has employed, then its pretty trivial to do file system infection, Trojan dropping, rootkit installation etc etc, trust me the malware authors/writers are still well ahead of us in the battle and will probably continue to be for quite sometime. Also I am not advocating any approach except that AV by itself is almost worthless as a system control anymore. But when you are dealing with like 10K+ new samples a day of virus/malware then its pretty hard for any AV vendor to keep up with signatures to detect them all. I would rather not turn this into a flame war, if you disagree, that is perfectly fine, and you are well without your rights, please feel free to contact me offline we can ramble it out there accordingly. Always love a good discussion about this subject as painful as it is for business these days. Thanks EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 11:01 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: RE: Life just keeps getting better On Access, most of the rootkits on the systems have hidden themselves from AV, therefore rendering its On Access detection useless. How does a rootkit manage to hide itself in the first place? You can only hide yourself from FSF if you have hooked the relevant system calls in the first place. On access should detect that before it happens. Its not whether AV is good or not, its just a race not worth running anymore trying to fight common threat vectors with signature techniques. Irrelevant to the point. You were talking about whitelisting vs blacklisting, and yet are unable to explain how whitelisting helps in the scenario you talked about. Suggest you understand the situation before advocating some solution that doesn't solve the problem. Cheers Ken Been using CSA here for about 5+ yrs and its cut down the Malware/Spyware drastically, due to controlling code execution period, its hooked into the Kernel so it can't be bypassed, and has saved the bacon more than a few times. Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.0 which leaves folks in a pickle and looking for other solutions and application whitelisting seems to be the best of the choices atm. Its not fool-proof, but again its controlling execution, and you have a method of vetting what software is good and what is bad in your environments, which is a ton better than just putting AV on the system and calling it a day... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 10:44 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 9:16 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buffkurt.b...@gmail.com wrote: How to bypass almost all AV
RE: Computers becoming unresponsive accross entire network.
Good write-up, thanks for providing that. I am curious however, 75000 new pieces of malware daily? Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Tuesday, May 11, 2010 9:30 AM To: NT System Admin Issues Subject: RE: Computers becoming unresponsive accross entire network. Fwiw, we are implementing such a system (basically, by creating an additional layer between the engine and the detection, so if a detection starts to spin, it will get stopped). We have been testing it and the results look quite promising (it will take some time to get into the engine, though, as it's not trivial). If you're curious, I wrote a little technical bulletin on what happened Friday here: http://forums.sunbeltsoftware.com/messageview.aspx?catid=27threadid=4653enterthread=y Alex -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, May 10, 2010 9:58 PM To: NT System Admin Issues Subject: RE: Computers becoming unresponsive accross entire network. Who knows, but if the machine is pre-empting the AV scanner, then that's how the issue that Kurt highlighted yesterday starts to creep in. Your malicious code gets to do something in between the various bits of code that the AV scanner is running. So, I agree with Ben. For a regular disk-scan, a cap might be good (or lower scheduling priority). For on-access scanning, I think you want to the AV scanner to run at high priority and avoid being pre-empted if possible. Cheers Ken -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Tuesday, 11 May 2010 12:07 AM To: NT System Admin Issues Subject: RE: Computers becoming unresponsive accross entire network. But doesn't that beg the question; should an AV app EVER require 75% of a machines resources for ANYTHING? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, May 10, 2010 9:02 AM To: NT System Admin Issues Subject: Re: Computers becoming unresponsive accross entire network. On Sun, May 9, 2010 at 6:03 PM, Andrew S. Baker asbz...@gmail.com wrote: Or something that ensures that no more than 75% of remaining CPU will ever be consumed by the AV app and its processes... For a general system scan, that sounds like a good idea. But for on-access scans (real time, auto protect, whatever you call it), I think you'd want the system to run it as fast as possible. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
Personal experience with dealing with r00ted systems that have bypassed AV controls has shown me a lot about how nefarious these attacks can be Once code is running as system, it's irrelevant what system you try to put in place to prevent it. Whitelisting is not going to help, because the rootkit can simply report that it's notepad.exe (or whatever) to your whitelisting software. The same way that a rootkit reports it's something else to your file system filter (typically what AV uses) You're a CISSP - you should know that once the system is rooted you do not own it. You have some variable % of being able to recover the system using tools, but the only guaranteed way to recover the system is to restore from known good media. And the vulnerability you were talking about requires the AV software's thread to be pre-empted, and between some code being run, and the rest being run, some user-mode variables are changed. Again: how is whitelisting going to help here? My contention is that it can't. Your explanation as to how it can? Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 11:13 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better Ken, Personal experience with dealing with r00ted systems that have bypassed AV controls has shown me a lot about how nefarious these attacks can be, and I am still learning a lot about the infector vectors and how to provide controls to prevent them. If AV doesn't have a signature for the attack that the current malware has employed, then its pretty trivial to do file system infection, Trojan dropping, rootkit installation etc etc, trust me the malware authors/writers are still well ahead of us in the battle and will probably continue to be for quite sometime. Also I am not advocating any approach except that AV by itself is almost worthless as a system control anymore. But when you are dealing with like 10K+ new samples a day of virus/malware then its pretty hard for any AV vendor to keep up with signatures to detect them all. I would rather not turn this into a flame war, if you disagree, that is perfectly fine, and you are well without your rights, please feel free to contact me offline we can ramble it out there accordingly. Always love a good discussion about this subject as painful as it is for business these days. Thanks EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 11:01 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: RE: Life just keeps getting better On Access, most of the rootkits on the systems have hidden themselves from AV, therefore rendering its On Access detection useless. How does a rootkit manage to hide itself in the first place? You can only hide yourself from FSF if you have hooked the relevant system calls in the first place. On access should detect that before it happens. Its not whether AV is good or not, its just a race not worth running anymore trying to fight common threat vectors with signature techniques. Irrelevant to the point. You were talking about whitelisting vs blacklisting, and yet are unable to explain how whitelisting helps in the scenario you talked about. Suggest you understand the situation before advocating some solution that doesn't solve the problem. Cheers Ken Been using CSA here for about 5+ yrs and its cut down the Malware/Spyware drastically, due to controlling code execution period, its hooked into the Kernel so it can't be bypassed, and has saved the bacon more than a few times. Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.0 which leaves folks in a pickle and looking for other solutions and application whitelisting seems to be the best of the choices atm. Its not fool-proof, but again its controlling execution, and you have a method of vetting what software is good and what is bad in your environments, which is a ton better than just putting AV on the system and calling it a day... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 10:44 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward
RE: Life just keeps getting better....
Agreed. This is not a flamewar. How rootkits work are well known (there's even a book you can buy from Amazon that delves into this). Windows kernel is also well documented (Window Internals, Debugging Windows etc.) Given the attack documented at the start of this thread (by Kurt), can someone *please* explain how whitelisting is going to help? Cheers Ken -Original Message- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Tuesday, 11 May 2010 11:19 PM To: NT System Admin Issues Subject: Re: Life just keeps getting better Why take it offline? If you have something to say about a subject and it is relevant to this forum, please say it here; I'm sure it is of interest to all subscribers to the list. -- Peter van Houten On the 11 May, 2010 17:12, Ziots, Edward wrote the following: Ken, Personal experience with dealing with r00ted systems that have bypassed AV controls has shown me a lot about how nefarious these attacks can be, and I am still learning a lot about the infector vectors and how to provide controls to prevent them. If AV doesn't have a signature for the attack that the current malware has employed, then its pretty trivial to do file system infection, Trojan dropping, rootkit installation etc etc, trust me the malware authors/writers are still well ahead of us in the battle and will probably continue to be for quite sometime. Also I am not advocating any approach except that AV by itself is almost worthless as a system control anymore. But when you are dealing with like 10K+ new samples a day of virus/malware then its pretty hard for any AV vendor to keep up with signatures to detect them all. I would rather not turn this into a flame war, if you disagree, that is perfectly fine, and you are well without your rights, please feel free to contact me offline we can ramble it out there accordingly. Always love a good discussion about this subject as painful as it is for business these days. Thanks EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 11:01 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: RE: Life just keeps getting better On Access, most of the rootkits on the systems have hidden themselves from AV, therefore rendering its On Access detection useless. How does a rootkit manage to hide itself in the first place? You can only hide yourself from FSF if you have hooked the relevant system calls in the first place. On access should detect that before it happens. Its not whether AV is good or not, its just a race not worth running anymore trying to fight common threat vectors with signature techniques. Irrelevant to the point. You were talking about whitelisting vs blacklisting, and yet are unable to explain how whitelisting helps in the scenario you talked about. Suggest you understand the situation before advocating some solution that doesn't solve the problem. Cheers Ken Been using CSA here for about 5+ yrs and its cut down the Malware/Spyware drastically, due to controlling code execution period, its hooked into the Kernel so it can't be bypassed, and has saved the bacon more than a few times. Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.0 which leaves folks in a pickle and looking for other solutions and application whitelisting seems to be the best of the choices atm. Its not fool-proof, but again its controlling execution, and you have a method of vetting what software is good and what is bad in your environments, which is a ton better than just putting AV on the system and calling it a day... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 10:44 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 9:16 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on
RE: sunbelt IRC channel/Server
I still use IRC. It's extremely useful for developers who are geographically separated from each other, especially for open source products. It's also useful for when a specific problem arises with said open source program, and I can go ask the people who actually use/develop the software where I'm going wrong. I gotta say, usually the open source community has the faster, more accurate support at 3am for free... compared to some commercial company's slower, read from a script support at 3pm for a fee. --Matt Ross Ephrata School District - Original Message - From: Alex Eckelberry [mailto:al...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Tue, 11 May 2010 06:30:31 -0700 Subject: RE: sunbelt IRC channel/Server We don't use IRC alas. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, May 11, 2010 6:17 AM To: NT System Admin Issues Subject: RE: sunbelt IRC channel/Server IRC? I feel like I just stepped out of a time machine and back into the 20th century! ;-) John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us From: justino garcia [mailto:jgarciaitl...@gmail.com] Sent: Monday, May 10, 2010 11:08 PM To: NT System Admin Issues Subject: OT: sunbelt IRC channel/Server OT sunbelt IRC channel/Server ??? -- Justin IT-TECH NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: sunbelt IRC channel/Server
I gotta say, usually the open source community has the faster, more accurate support at 3am for free... compared to some commercial company's slower, read from a script support at 3pm for a fee. True - but the open source community can also simply shrug and say I don't know, sorry dude at 3:00 a.m. with no financial repercussions or escalation options. Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, May 11, 2010 11:43 AM To: NT System Admin Issues Subject: RE: sunbelt IRC channel/Server I still use IRC. It's extremely useful for developers who are geographically separated from each other, especially for open source products. It's also useful for when a specific problem arises with said open source program, and I can go ask the people who actually use/develop the software where I'm going wrong. I gotta say, usually the open source community has the faster, more accurate support at 3am for free... compared to some commercial company's slower, read from a script support at 3pm for a fee. --Matt Ross Ephrata School District - Original Message - From: Alex Eckelberry [mailto:al...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Tue, 11 May 2010 06:30:31 -0700 Subject: RE: sunbelt IRC channel/Server We don't use IRC alas. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, May 11, 2010 6:17 AM To: NT System Admin Issues Subject: RE: sunbelt IRC channel/Server IRC? I feel like I just stepped out of a time machine and back into the 20th century! ;-) John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us From: justino garcia [mailto:jgarciaitl...@gmail.com] Sent: Monday, May 10, 2010 11:08 PM To: NT System Admin Issues Subject: OT: sunbelt IRC channel/Server OT sunbelt IRC channel/Server ??? -- Justin IT-TECH NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
In the context of simple whitelisting systems I agree, but in the case of something like CSA unless your fake Notepad has specific permissions to modify scvhost (for example) it will get denied. By specific I mean VERY specific. That process started by a specific user from a specific path has the ability to do a specific modification to scvhost and again only to a specific path and a specific modification. So that code can run and do things, but taking over a box or modifying a box isn't going to happen. -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, May 11, 2010 11:29 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Once code is running as system, it's irrelevant what system you try to put in place to prevent it. Whitelisting is not going to help, because the rootkit can simply report that it's notepad. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
VPN issue
Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
I thought you had to move to AnyConnect for Windows Vista and 7 to work? _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 12:14 PM To: NT System Admin Issues Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Win7 32 or 64bit ? -sc From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 12:14 PM To: NT System Admin Issues Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: sunbelt IRC channel/Server
That's funny, I've gotten the same answer from a commercial support vendor that I paid for! Sm:)e. (That's not to say that I can't hold their feet to the fire, cancel support, Call the Better Business Bureau, etc... It's just well worth a giggle.) --Matt Ross Ephrata School District - Original Message - From: Jim Holmgren [mailto:jholmg...@xlhealth.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Tue, 11 May 2010 08:51:03 -0700 Subject: RE: sunbelt IRC channel/Server I gotta say, usually the open source community has the faster, more accurate support at 3am for free... compared to some commercial company's slower, read from a script support at 3pm for a fee. True - but the open source community can also simply shrug and say I don't know, sorry dude at 3:00 a.m. with no financial repercussions or escalation options. Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, May 11, 2010 11:43 AM To: NT System Admin Issues Subject: RE: sunbelt IRC channel/Server I still use IRC. It's extremely useful for developers who are geographically separated from each other, especially for open source products. It's also useful for when a specific problem arises with said open source program, and I can go ask the people who actually use/develop the software where I'm going wrong. I gotta say, usually the open source community has the faster, more accurate support at 3am for free... compared to some commercial company's slower, read from a script support at 3pm for a fee. --Matt Ross Ephrata School District - Original Message - From: Alex Eckelberry [mailto:al...@sunbelt-software.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Tue, 11 May 2010 06:30:31 -0700 Subject: RE: sunbelt IRC channel/Server We don't use IRC alas. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, May 11, 2010 6:17 AM To: NT System Admin Issues Subject: RE: sunbelt IRC channel/Server IRC? I feel like I just stepped out of a time machine and back into the 20th century! ;-) John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us From: justino garcia [mailto:jgarciaitl...@gmail.com] Sent: Monday, May 10, 2010 11:08 PM To: NT System Admin Issues Subject: OT: sunbelt IRC channel/Server OT sunbelt IRC channel/Server ??? -- Justin IT-TECH NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
Win 7 32bit. On Tue, May 11, 2010 at 12:17 PM, Steven M. Caesare scaes...@caesare.comwrote: Win7 32 or 64bit ? -sc *From:* Cameron [mailto:cameron.orl...@gmail.com] *Sent:* Tuesday, May 11, 2010 12:14 PM *To:* NT System Admin Issues *Subject:* VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry From: Cameron cameron.orl...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 12:14:28 2010 Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Cisco just released (as in a few weeks ago) a 64-bit version of the older IPSec client. It is in BETA and not supported... it's just there so users are forced to move if they don't want to/can't. Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 arohy...@dpsciences.commailto:arohy...@dpsciences.com http://www.dpsciences.com/ I want an Anti-Virus system that sends Arnold back in time to kill the hacker as a small child before he invents the virus... There are 10 kinds of people in this world... those who can read binary, and those who can't From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 11, 2010 12:17 PM To: NT System Admin Issues Subject: RE: VPN issue I thought you had to move to AnyConnect for Windows Vista and 7 to work? From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 12:14 PM To: NT System Admin Issues Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Life just keeps getting better....
+1 75000 new pieces of malware *DAILY* - and that will probably only increase, never decrease, because the automation for morphing malware will only get better. LUA + base installs + whitelisting is the only reasonable stance I can see. Layer in other protections as necessary, including HIPS, etc., but the first line of defense seems to be limiting the ability of users to run new software. Kurt On Tue, May 11, 2010 at 08:07, Ben Scott mailvor...@gmail.com wrote: On Tue, May 11, 2010 at 10:44 AM, Ken Schaefer k...@adopenstatic.com wrote: [re: vulnerabilities in AV software, especially How is whitelisting or blacklisting going to help? Answer: it's not. Whitelisting is not directly going to address the problem of vulnerabilities in anti-virus software. But I agree with the stance that looking for signatures of known bad software is fast becoming infeasible. Whitelisting and similar strategies bypasses the entire problem. Rather than try to identify software you don't want (which is potentially infinite), you identify software you do want. I like ASB's analogy by firewall policy: Deny by default, allow known good has long been the accepted best practice. It makes sense to do the same for software. LUA (Limited User Access, Microsoft's term for least privilege, i.e., running without admin rights) is already a big step in this direction. We don't let users modify C:\WINDOWS or C:\Program Files, because that's where the software lives. From there, the obvious next step is to deny execution from C:\Documents and Settings. There's the usual heavy sprinkling of compatibility headaches -- it's amazing how much software expects to execute things from %TEMP% or All Users\Application Data -- but much like LUA, while initial implementation can be a hassle, I think it will pay off big in the long run. Done right, this could vastly reduce or even eliminate the traditional anti-virus role. (For well-managed environments. Clueless home users are still screwed. :-( ) I do agree with the premise that AV software should not have security vulnerabilities. I just think that the problems are bigger than that, and the apparent way forward may make the smaller issue of AV software vulnerabilities moot, by making traditional signature-based AV software obsolete. But, if your AV was any good, it would detect the problem on access At this point I don't expect signature scanning to stop anything. Malware evolves too quickly to keep up. We have traditional AV software, we use it, we even depend on it more than I would like, but I don't expect it to keep up with the morphed-threat-of-the-minute whack-a-mole problem. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Life just keeps getting better....
I wonder if they're using this: http://isc.sans.org/diary.html?storyid=8236 Kurt On Tue, May 11, 2010 at 08:10, Erik Goldoff egold...@gmail.com wrote: based on recent events, I shudder to even mention this, but McAfee has acquired Solid Core their whitelist solution ( http://www.solidcore.com/ ) and is slated to have the new version be managed via ePO console On Tue, May 11, 2010 at 10:56 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: Just to amplify 6.0 is also discontinued. This last release a few weeks ago 6.0.2 is the last. It supports 64 bit and windows 7. Server up to 2008 but not R2. No other future operating systems will be supported. They will not say if any future service packs will be supported but if they break CSA you will be on your own, imho. VERY sore subject with me. :) But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner or later no question about it. Behaviour based HIPS is the only thing that will win this fight. CSA's was the best there ever was at doing this. Virtually bullet proof if implemented correctly, but alas it is gone now. Trends new one is looking pretty good. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: 24 hour time format
On 6 May 2010 at 13:26, joseph palmieri wrote: Can anyone provide assistance in setting up Windows XP workstations so that all users who login receive the time in 24 hour format? We do not use AD For all current users, you can change their time format by applying this .REG file: = Included Stuff Follows = Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Control Panel\International] sTimeFormat=HH:mm:ss tt = Included Stuff Ends = The time format will be set to 24-hour the next time the user logs in. You can do this silently with the /s command-line option to RegEdit (e.g. regedit /s regfile.reg) or write a little batch file using the REG command. If you know how to change the Default User settings, once you make this change to the DU any new logins on this workstation will get 24-hr format. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
R: VPN issue
Go to the registry Services -TCPIP- linkage -Bind and move up the WAN connection before the other GuidoElia HELPPC _ Da: Cameron [mailto:cameron.orl...@gmail.com] Inviato: martedì 11 maggio 2010 18.14 A: NT System Admin Issues Oggetto: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
And of course we don't have any Cisco support.. On Tue, May 11, 2010 at 12:24 PM, Damien Solodow damien.solo...@harrison.edu wrote: Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry -- *From*: Cameron cameron.orl...@gmail.com *To*: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Sent*: Tue May 11 12:14:28 2010 *Subject*: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner or later no question about it. Behaviour based HIPS is the only thing that will win this fight. CSA's was the best there ever was at doing this. Virtually bullet proof if implemented correctly, but alas it is gone now. Trends new one is looking pretty good. I respectfully disagree. What antivirus companies still rely on signatures? I see detection rates daily, and while an AV engine is not nearly the thing it was in the past, it is still a very, very important part of the security strategy. Just wait until your next Conficker infection... Alex -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, May 11, 2010 10:57 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Just to amplify 6.0 is also discontinued. This last release a few weeks ago 6.0.2 is the last. It supports 64 bit and windows 7. Server up to 2008 but not R2. No other future operating systems will be supported. They will not say if any future service packs will be supported but if they break CSA you will be on your own, imho. VERY sore subject with me. :) But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner or later no question about it. Behaviour based HIPS is the only thing that will win this fight. CSA's was the best there ever was at doing this. Virtually bullet proof if implemented correctly, but alas it is gone now. Trends new one is looking pretty good. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Life just keeps getting better....
Mr Ziots is right as well. - Original Message - From: Alex Eckelberry al...@sunbelt-software.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 13:19:28 2010 Subject: RE: Life just keeps getting better But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner or later no question about it. Behaviour based HIPS is the only thing that will win this fight. CSA's was the best there ever was at doing this. Virtually bullet proof if implemented correctly, but alas it is gone now. Trends new one is looking pretty good. I respectfully disagree. What antivirus companies still rely on signatures? I see detection rates daily, and while an AV engine is not nearly the thing it was in the past, it is still a very, very important part of the security strategy. Just wait until your next Conficker infection... Alex -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, May 11, 2010 10:57 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Just to amplify 6.0 is also discontinued. This last release a few weeks ago 6.0.2 is the last. It supports 64 bit and windows 7. Server up to 2008 but not R2. No other future operating systems will be supported. They will not say if any future service packs will be supported but if they break CSA you will be on your own, imho. VERY sore subject with me. :) But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner or later no question about it. Behaviour based HIPS is the only thing that will win this fight. CSA's was the best there ever was at doing this. Virtually bullet proof if implemented correctly, but alas it is gone now. Trends new one is looking pretty good. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is discontinuing V5.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: RE: Life just keeps getting better....
Alex, the emphasis is currently on identifying known bad. Yes? No matter what the specifics of that approach, it is more fraught with peril than tracking known good for any given environment. Zero-day (new code) is meaningless in such a context. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On May 11, 2010 1:19 PM, Alex Eckelberry al...@sunbelt-software.com wrote: But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner ... I respectfully disagree. What antivirus companies still rely on signatures? I see detection rates daily, and while an AV engine is not nearly the thing it was in the past, it is still a very, very important part of the security strategy. Just wait until your next Conficker infection... Alex -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, May 11, 2010 10:57 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Just to amplify 6.0 is also discontinued. This las... Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is di... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 1:16 PM To: NT System Admin Issues Subject: Re: VPN issue And of course we don't have any Cisco support.. On Tue, May 11, 2010 at 12:24 PM, Damien Solodow damien.solo...@harrison.edu wrote: Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry _ From: Cameron cameron.orl...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 12:14:28 2010 Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
Let's not ignore the first Conficker infection while we wait for the next. CSA was the only thing that stopped it dead from day zero. Not a single CSA customer was infected in the entire world win conflicker. Most of the tradtional AV companies were many hours behind on that one if not days, and were many hours behind every variant that came out. -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Tuesday, May 11, 2010 1:19 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better Just wait until your next Conficker infection... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Shrewsoft is what I use. It has some minor weirdnesses (it doesn't like bridged network connections or having multiple active routes to the Internet [e.g., one wired, one wireless]). Otherwise, it seems to work pretty well. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 11, 2010 1:29 PM To: NT System Admin Issues Subject: RE: VPN issue Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 1:16 PM To: NT System Admin Issues Subject: Re: VPN issue And of course we don't have any Cisco support.. On Tue, May 11, 2010 at 12:24 PM, Damien Solodow damien.solo...@harrison.edumailto:damien.solo...@harrison.edu wrote: Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry From: Cameron cameron.orl...@gmail.commailto:cameron.orl...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 12:14:28 2010 Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
$RECYCLE.BIN Folder
Sorry if this is a duplicate, but I'm not seeing messages I've posted today. Server 2008 x64 Does this folder keep a copy of all items deleted? I have multiple Recycle Bins under this folder, all with different sizes if I right-click and go to Properties, some of these having Gigs of size. Is this real size, that I could clear up if I choose to empty the recycle bin, or are they phantom files? TIA, Joe Heaton ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Touch Screens
I have a software called QDS. It is a questionaire software and we have made a questionaire that you answer by clicking on buttons. We would like the folks taking the questionaire to be able to just touch the buttons on the screen. Can anyone tell me how I would go about this? I see some touch screen LCDs for just under $500. Is that all I need? Something tells me there is more to it then that. OS is XP Pro, though I suppose it could be Win7 if thats a requirement or preferable.. Thanks, James ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Shrew VPN client Free, and works with 64-bit too. -sc From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 11, 2010 1:29 PM To: NT System Admin Issues Subject: RE: VPN issue Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 1:16 PM To: NT System Admin Issues Subject: Re: VPN issue And of course we don't have any Cisco support.. On Tue, May 11, 2010 at 12:24 PM, Damien Solodow damien.solo...@harrison.edu wrote: Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco vpn client first. -- Sent using BlackBerry From: Cameron cameron.orl...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 11 12:14:28 2010 Subject: VPN issue Good day all! Win 7 (patched) Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator Connection - Wireless Internet Stick The VPN client connects and authenticates, but does not allow pinging within the corporate network. Obviously this means that no applications that need to connect to corp servers are working. (Lower version client has no issues with XP - same authentication settings). The concentrator does show me connected so I'm pretty sure it's at the O/S level that something is being blocked. I've tried all sorts of changes, but apparently I'm missing something somewhere. Any ideas? other than percussive maintenance! Cheers, Cameron ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Touch Screens
hopefully your touch screen has a mouse-simulator driver so you'd need do nothing more. On Tue, May 11, 2010 at 1:41 PM, James Kerr cluster...@gmail.com wrote: I have a software called QDS. It is a questionaire software and we have made a questionaire that you answer by clicking on buttons. We would like the folks taking the questionaire to be able to just touch the buttons on the screen. Can anyone tell me how I would go about this? I see some touch screen LCDs for just under $500. Is that all I need? Something tells me there is more to it then that. OS is XP Pro, though I suppose it could be Win7 if thats a requirement or preferable.. Thanks, James ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Open and close multiple files on NFS share
Hello, We are testing some new antivirus software and need to open and close multiple files. The software is configured to scan on read/write access, but we've only seen 20 reads/writes in the last day. Does anyone know of a program I can use to connect to the share, open a file and then close it so we can ensure we're getting the correct scanning? We'd like to do more than a couple people randomly opening them. I'd like to be able to limit it to text and image files as we have some pearl and bash scripts as well. Thanks Travis ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Vista login screen
Is there any way to go back to the “classic” login screen on Vista like we had on XP, or are we stuck with the Vista login? First Vista computer in the company and I’m a bit unsure of how much I can change. I looked in the “usual” spot (control panel →users) but didn’t see anything about changing the login screen, other than requiring users to hit ctl+alt+del. John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: $RECYCLE.BIN Folder
On Tue, May 11, 2010 at 1:38 PM, Joe Heaton jhea...@dfg.ca.gov wrote: Does this folder keep a copy of all items deleted? Yes, for some values of deleted. More accurately, it contains the files dragged to the Recycle Bin in Windows Explorer, or otherwise moved there through equivalent menu commands, keyboard shortcuts, API calls, etc. Not all delete commands use the recycle bin, though. I have multiple Recycle Bins under this folder Every user gets their own Recycle Bin folder, for security reasons. Otherwise, everybody would be able to go through everybody else's trash, so to speak. Is this real size ... The files in the Recycle Bin do use disk space. ... that I could clear up if I choose to empty the recycle bin ... Emptying a Recycle Bin which contains files will free up disk space. I'm not sure how to empty the Recycle Bin for all users, so to speak. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Vista login screen
Nope, it is what it is. What is so objectionable? Carl From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Tuesday, May 11, 2010 1:49 PM To: NT System Admin Issues Subject: Vista login screen Is there any way to go back to the “classic” login screen on Vista like we had on XP, or are we stuck with the Vista login? First Vista computer in the company and I’m a bit unsure of how much I can change. I looked in the “usual” spot (control panel →users) but didn’t see anything about changing the login screen, other than requiring users to hit ctl+alt+del. John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Vista login screen
2010/5/11 John Aldrich jaldr...@blueridgecarpet.com Is there any way to go back to the “classic” login screen on Vista like we had on XP, or are we stuck with the Vista login? I looked into this a fair bit, and as far as I was able to tell, we're stuck. You can't even change the desktop background or color scheme. It really stinks for computers which are supposed to be color coded and labeled for security reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Vista login screen
I know in 7 you can change the background...let me see what I did. On Tue, May 11, 2010 at 12:59 PM, Ben Scott mailvor...@gmail.com wrote: 2010/5/11 John Aldrich jaldr...@blueridgecarpet.com Is there any way to go back to the “classic” login screen on Vista like we had on XP, or are we stuck with the Vista login? I looked into this a fair bit, and as far as I was able to tell, we're stuck. You can't even change the desktop background or color scheme. It really stinks for computers which are supposed to be color coded and labeled for security reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Vista login screen
You can do this sort of voodoo in Win7... http://www.withinwindows.com/2009/03/15/windows-7-to-officially-support-logon-ui-background-customization/ On 11 May 2010 19:01, Steve Ens stevey...@gmail.com wrote: I know in 7 you can change the background...let me see what I did. On Tue, May 11, 2010 at 12:59 PM, Ben Scott mailvor...@gmail.com wrote: 2010/5/11 John Aldrich jaldr...@blueridgecarpet.com Is there any way to go back to the “classic” login screen on Vista like we had on XP, or are we stuck with the Vista login? I looked into this a fair bit, and as far as I was able to tell, we're stuck. You can't even change the desktop background or color scheme. It really stinks for computers which are supposed to be color coded and labeled for security reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Open and close multiple files on NFS share
On Tue, May 11, 2010 at 1:43 PM, Travis Robinson travis.robin...@octanner.com wrote: Does anyone know of a program I can use to connect to the share, open a file and then close it so we can ensure we’re getting the correct scanning? I'm not sure I really understand your question. You don't give any information about your environment -- such as, server OS, client OS, versions/service packs, AV software, configuration, etc. Assuming you mean a Windows NFS server and a Unix-like client, and you just want to make sure when the client reads a file the AV on the server does something: mount -t nfs server:/share /mnt/tmp cat /mnt/tmp/* /dev/null umount /mnt/tmp That will read the contents of all files in the root of the share from the server (and then discard what it read). Modify to taste. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Vista login screen
On Tue, May 11, 2010 at 2:01 PM, Steve Ens stevey...@gmail.com wrote: I know in 7 you can change the background...let me see what I did. I read that was a new feature in Win 7. curmudgeonSo they release an upgrade which removes a feature, then put it back in the next release and call that an upgrade too. And charge for both. Nice work, if you can get it./curmudgeon -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Vista login screen
I dunno about the login screen color, but I know you can change the desktop background. J John-AldrichTile-Tools From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, May 11, 2010 2:03 PM To: NT System Admin Issues Subject: Re: Vista login screen You can do this sort of voodoo in Win7... http://www.withinwindows.com/2009/03/15/windows-7-to-officially-support-logo n-ui-background-customization/ On 11 May 2010 19:01, Steve Ens stevey...@gmail.com wrote: I know in 7 you can change the background...let me see what I did. On Tue, May 11, 2010 at 12:59 PM, Ben Scott mailvor...@gmail.com wrote: 2010/5/11 John Aldrich jaldr...@blueridgecarpet.com Is there any way to go back to the classic login screen on Vista like we had on XP, or are we stuck with the Vista login? I looked into this a fair bit, and as far as I was able to tell, we're stuck. You can't even change the desktop background or color scheme. It really stinks for computers which are supposed to be color coded and labeled for security reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: sunbelt IRC channel/Server
On Tue, May 11, 2010 at 11:51 AM, Jim Holmgren jholmg...@xlhealth.com wrote: True - but the open source community can also simply shrug and say I don't know, sorry dude at 3:00 a.m. with no financial repercussions or escalation options. Yah and that never happens with commercial companies. :-p This behavior is by design. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: $RECYCLE.BIN Folder
I just had a user empty his recycle bin on our major file server. He had over 600GB in it... and they wonder why the free space is running low. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: $RECYCLE.BIN Folder
When users delete stuff from network locations isn't it deleted immediately? Or has he logged on to the file server locally to delete stuff? Or is he using a roaming profile stored on the file server? On 11 May 2010 19:15, Joe Heaton jhea...@dfg.ca.gov wrote: I just had a user empty his recycle bin on our major file server. He had over 600GB in it... and they wonder why the free space is running low. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Small business/SOHO accounting
+1 Quickbooks only benefit is its devotion to the lowest common denominator as far as accounting skills. And that seems to be what most companies like. Peachtree is the best alternative to QB and offers some accounting features that you can't get with vanilla version of quickbooks. Richard Stovall wrote: A whole lot of the decision should be based on accounting needs. Payroll done internally? If so, is it important to have it done in the software, or can/will someone do it all by hand including all the local, state and federal filings. What about inventory for parts and finished goods? Does it need to be highly accurate and tracked in great detail for thousands or even millions of items? What about work in process inventory? These are all add-ons that can significantly increase the cost of a basic accounting package. If none of this is necessary, which sounds probable given the description, the freebie solutions might work just fine. Also the bookkeeping / accounting skill of the folks involved should be considered. For dead simple bookkeeping that doesn't 'feel like' real accounting, Quickbooks is hard to beat. The checkbook metaphor is one most people get. If the relevant staff understand basic concepts such as double entry accounting and can accurately make journal entries when necessary something like Peachtree might be better. On Tue, May 11, 2010 at 9:01 AM, Ben Scott mailvor...@gmail.com mailto:mailvor...@gmail.com wrote: On Mon, May 10, 2010 at 8:30 PM, Jonathan Link jonathan.l...@gmail.com mailto:jonathan.l...@gmail.com wrote: I know a SOHO who generates $300,000 annually in profit, so again, it's all a matter of perspective. True enough. You hadn't described budgetary requirements, except to say that Quickbooks is expensive. Good point. They don't really have a budget for this, except so say that they have very modest needs and want value. In other words, keep things as cheap as possible without sacrificing useful functionality. I think that's a smart approach. (It's a small manufacturing company which was rescued from financial collapse by the owner of my nominal employer. They have two or three full-time employees, plus a part-time office worker. The GM is also tasked from my employer. Guess where IT comes from. ;-) ) However, accountants fees can quickly make the expense of of QB incidental. Unless the cost of the accountant is somehow proportional to the cost of QuickBooks, I don't really see that as relevant. Paying a lot for QuickBooks just because something else costs more is not good business sense. Now, it may be that using QuickBooks would lower accountant fees, since QuickBooks is the most common package. That's a good point, and something that normally would be worth investigating. However, due to the ownership situation described above, my employer is also loaning our accounting staff. So accountant fees are zero. Unfortunately, we can't use the ERP software my employer runs for this other company, so I'm looking at other software. In any event, I've found that examining alternatives to what everyone else does often pays off. The smaller the business, the more nimble they can be, so this is an opportunity. If your stance is Just use QuickBooks, well, that's valid, but here I'm interested in hearing about alternatives people have tried. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: $RECYCLE.BIN Folder
RDP into the box, to do file operations. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: $RECYCLE.BIN Folder
I'm not sure how to empty the Recycle Bin for all users, so to speak. I believe you can just delete everything in the folder and when the users drag or put something else in their recycle bin, it will recreate their recycler folder... Don K - Original Message From: Ben Scott mailvor...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue, May 11, 2010 12:56:17 PM Subject: Re: $RECYCLE.BIN Folder On Tue, May 11, 2010 at 1:38 PM, Joe Heaton jhea...@dfg.ca.gov wrote: Does this folder keep a copy of all items deleted? Yes, for some values of deleted. More accurately, it contains the files dragged to the Recycle Bin in Windows Explorer, or otherwise moved there through equivalent menu commands, keyboard shortcuts, API calls, etc. Not all delete commands use the recycle bin, though. I have multiple Recycle Bins under this folder Every user gets their own Recycle Bin folder, for security reasons. Otherwise, everybody would be able to go through everybody else's trash, so to speak. Is this real size ... The files in the Recycle Bin do use disk space. ... that I could clear up if I choose to empty the recycle bin ... Emptying a Recycle Bin which contains files will free up disk space. I'm not sure how to empty the Recycle Bin for all users, so to speak. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.comwrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: $RECYCLE.BIN Folder
Not regular users then, I was wondering. On 11 May 2010 19:24, Joe Heaton jhea...@dfg.ca.gov wrote: RDP into the box, to do file operations. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Do you still have ipv6 running? _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 2:27 PM To: NT System Admin Issues Subject: Re: VPN issue Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.com wrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
Yes. On Tue, May 11, 2010 at 2:30 PM, David W. McSpadden dav...@imcu.com wrote: Do you still have ipv6 running? -- *From:* Cameron [mailto:cameron.orl...@gmail.com] *Sent:* Tuesday, May 11, 2010 2:27 PM *To:* NT System Admin Issues *Subject:* Re: VPN issue Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.com wrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: $RECYCLE.BIN Folder
Nope. Regular users don't have access at all. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Maybe stop it and just use the ipv4 and see if it works? _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 2:33 PM To: NT System Admin Issues Subject: Re: VPN issue Yes. On Tue, May 11, 2010 at 2:30 PM, David W. McSpadden dav...@imcu.com wrote: Do you still have ipv6 running? _ From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 2:27 PM To: NT System Admin Issues Subject: Re: VPN issue Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.com wrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
Ken, If you have a rootkit, GAME OVER PERIOD, we both accept that. NO control discussed is going to save you from that. Malware/Malcode, basically same thing, you say tomato, I say tomato. We both agree on if the box is rooted then it doesn't matter what you have in controls, they are all bypassed and thus box is suspect, can't be trusted, DBAN the system and start over. I think we also both agree prevention is the best strategy, but which approach/approaches are best? Depends on the environment, and the business. I am arguing from experience, and running a large network for 10+ yrs, that the failures of signature based AV have been full apparent in my eyes, the only thing that has saved us more pain in the last 6+ yrs has been a HIPS (CSA). With the number of virus/malware samples that are produced daily its making DAT updates get larger and larger, deployed more frequently, to the point you can't keep up and one bad DAT takes down an entire network, I lived this pain less than 2 weeks ago. Whitelisting: If you control the execution of the code you are running on the machine and you are working from a validated image ( full patched, signifigantly hardened) and the appropriate detective controls are applied and monitored (Auditing,Eventlog management,Patching, VA Scanning, Configuration management) you can add whitelisting in as another preventative control to ensure only code that you know to be good runs on your systems. I do see some faults in it tho, that I am not entirely comfortable with: Web Application Attack scenario's: If you trust IE/Firefox etc etc then the configuration or lack thereof of the security controls is the only thing preventing you from suffering from these attacks, it's a little better with firefox due to security extensions but to centrally manage them is not really plausible. Malcode inside DOC's, PDF's, EXCEL: This is where I really worry about, so if we trust say Adobe 9.3.2 as the latest deployment of adobe suite, and there is a new 0 Day, and someone comes up with a way to embed another malware exploit inside the PDF with Javascript, or other method, does the APP whitelist stop the code execution inside the PDF, in which you just allowed the PDF view to run accordingly. ( I like the HIPS method, via CSA more in this light because it would stop the code execution inside the document and show it in the logs, again with CSA going bye bye as discussed before need to look at other solutions that will meet the needs) But my belief that AV alone is simply not enough, and its getting almost next to useless as a preventative control, when dealing with signatures, and its heuristics engines aren't that great either. I also don't think Blacklisting is viable and is basically administratively prohibitive in some organizations, due to the time and effort just to keep up with it. Also with whitelisting just like HIPS there is a lot of heavy lifting up front to understand how to properly configure and deploy it accordingly. Plus there needs to be security metrics measuring the effectiveness of the control before the control is implemented and after its implemented, and how its affect over time as increased the security posture of the business/organization without being unduly administratively burdensome. I do like the fact that even if you are an admin the whitelisting basically blocks the execution and records what you have attempted, for further review, sometimes a little administrative action is a nice duo with a technical set of controls when trying to get secure computing through to the users. ( Again referencing BIT9 which I have demo'ed and we are seeking as a replacement to our CSA) Is whitelisting the silver bullet nope, but is AV enough, NOPE, and its getting worse, not better. HIPS is defintely an alternative, but it also has its issues, sometimes reading the CSA logs, I'd basically have to take a course in assembly language just to understand the jargon spit out in the logs about what some piece of code just tried to do or not, now you can't tell me that a all purpose Sys-admin couldn't or wouldn't make a mistake by misinterpreting the HIPS logs and allow something that should have never been allowed to execute in the first place. But this all comes down to a risk-management exercise, what works for one, won't for another, nor am I even going to condone that you forego other approaches and just go with App Whitelisting, follow the gartner bandwagon and CALGON take me away free yourself of the security concerns that plague us all. Maybe this closes the loop, or maybe it muddies up the waters a little further. If you have the solution that is a one-size fits all or a framework that can benefit the masses in this reguard please let us all know. I am sure in your experience both in business and in consulting, that you defintely might have some better insight than I do looking at it from healthcare standpoint over a 10+ yr timeline. Thanks, Will be
RE: Life just keeps getting better....
Correct, CSA did stop Conficker DOA, again one of those times it saved the company bacon Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, May 11, 2010 1:31 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better Let's not ignore the first Conficker infection while we wait for the next. CSA was the only thing that stopped it dead from day zero. Not a single CSA customer was infected in the entire world win conflicker. Most of the tradtional AV companies were many hours behind on that one if not days, and were many hours behind every variant that came out. -Original Message- From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Tuesday, May 11, 2010 1:19 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better Just wait until your next Conficker infection... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: VPN issue
On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.com wrote: ... OpenVPN But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? D'oh. Whoops. No. No cookie for me. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: $RECYCLE.BIN Folder
When I run into this (not uncommon) I just hard delete the folders and they recreate... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Tuesday, May 11, 2010 11:26 AM To: NT System Admin Issues Subject: Re: $RECYCLE.BIN Folder I'm not sure how to empty the Recycle Bin for all users, so to speak. I believe you can just delete everything in the folder and when the users drag or put something else in their recycle bin, it will recreate their recycler folder... Don K ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
We have to keep in mind that whitelisting/blacklisting is just another layer; another tool in our arsenal. I don't think anyone is suggesting that AV go away all together, simply suggesting not relying on it completely. Joe L. Heaton Windows Server Support Group Information Technology Branch Department of Fish and Game 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 323-1284 Ken Schaefer k...@adopenstatic.com 5/11/2010 7:44 AM How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 9:16 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Life just keeps getting better....
Gartner actually put a blog post out about this today... http://blogs.gartner.com/neil_macdonald/2010/05/11/application-control-white listing-interest-is-growing-rapidly/ -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, May 11, 2010 11:00 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better We have to keep in mind that whitelisting/blacklisting is just another layer; another tool in our arsenal. I don't think anyone is suggesting that AV go away all together, simply suggesting not relying on it completely. Joe L. Heaton Windows Server Support Group Information Technology Branch Department of Fish and Game 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 323-1284 Ken Schaefer k...@adopenstatic.com 5/11/2010 7:44 AM How is whitelisting or blacklisting going to help? Answer: it's not. The problem is thread pre-emption and storing values in user-mode memory space where it can be altered (assuming you can get the timing right). But, if your AV was any good, it would detect the problem on access Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 9:16 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better You can also read the blurb on San's ISC page also, some vendors say its important, and of course Mcafee discredits it, not that suprises me. But it is an attack vector to consider. Controling the execution of code on your system is the difference between keeping your systems clean and getting 0wned. Whether you look at HIPS/Whitelisting/Blacklisting, otherwise, you are going to have to have more on your systems than just AV to combat todays threat landscape. Sincerely, EZ Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 9:11 AM To: NT System Admin Issues Subject: Re: Life just keeps getting better On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-d esktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth- shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
best windows fax app?
Hello. Sort of a low-tech question here... We have a need to deliver pdf documents to some of our customers' fax machines. We are testing Windows Fax on a Dell Optiplex with an OEM fax board: Broadcom BCMv.92 56k modem the drivers have been updated recently. The problem is that when we fax a pdf of an invoice, only the company logo (a graphic) gets faxed through, and not the text content. So we get a big white page with only the graphic showing. I am thinking that there might be a better fax app out there..? Any suggestions? Thank you ! Greg Farber ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: best windows fax app?
How about a real fax machine with Desktop Integration. I think Dell sells a MFP for like $300 that can do this. Or eFax. Sam From: Greg Farber [mailto:gregfar...@gmail.com] Sent: Tuesday, May 11, 2010 2:14 PM To: NT System Admin Issues Subject: best windows fax app? Hello. Sort of a low-tech question here... We have a need to deliver pdf documents to some of our customers' fax machines. We are testing Windows Fax on a Dell Optiplex with an OEM fax board: Broadcom BCMv.92 56k modem the drivers have been updated recently. The problem is that when we fax a pdf of an invoice, only the company logo (a graphic) gets faxed through, and not the text content. So we get a big white page with only the graphic showing. I am thinking that there might be a better fax app out there..? Any suggestions? Thank you ! Greg Farber ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: best windows fax app?
Best.is probably just to utilize Fax.com. From: Greg Farber [mailto:gregfar...@gmail.com] Sent: Tuesday, May 11, 2010 3:14 PM To: NT System Admin Issues Subject: best windows fax app? Hello. Sort of a low-tech question here... We have a need to deliver pdf documents to some of our customers' fax machines. We are testing Windows Fax on a Dell Optiplex with an OEM fax board: Broadcom BCMv.92 56k modem the drivers have been updated recently. The problem is that when we fax a pdf of an invoice, only the company logo (a graphic) gets faxed through, and not the text content. So we get a big white page with only the graphic showing. I am thinking that there might be a better fax app out there..? Any suggestions? Thank you ! Greg Farber ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: best windows fax app?
Agreed. We're using a Kyocera MFP here with a fax board installed. Works great! J John-AldrichTile-Tools From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Tuesday, May 11, 2010 3:16 PM To: NT System Admin Issues Subject: RE: best windows fax app? How about a real fax machine with Desktop Integration. I think Dell sells a MFP for like $300 that can do this. Or eFax. Sam From: Greg Farber [mailto:gregfar...@gmail.com] Sent: Tuesday, May 11, 2010 2:14 PM To: NT System Admin Issues Subject: best windows fax app? Hello. Sort of a low-tech question here... We have a need to deliver pdf documents to some of our customers' fax machines. We are testing Windows Fax on a Dell Optiplex with an OEM fax board: Broadcom BCMv.92 56k modem the drivers have been updated recently. The problem is that when we fax a pdf of an invoice, only the company logo (a graphic) gets faxed through, and not the text content. So we get a big white page with only the graphic showing. I am thinking that there might be a better fax app out there..? Any suggestions? Thank you ! Greg Farber ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: RE: Life just keeps getting better....
+1 Here's one of my favorite rants from one of my favorite computer security writers (in 1995!): The Six Dumbest Ideas in Computer Security http://www.ranum.com/security/computer_security/editorials/dumb/ See #2 Kurt On Tue, May 11, 2010 at 10:27, Andrew S. Baker asbz...@gmail.com wrote: Alex, the emphasis is currently on identifying known bad. Yes? No matter what the specifics of that approach, it is more fraught with peril than tracking known good for any given environment. Zero-day (new code) is meaningless in such a context. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On May 11, 2010 1:19 PM, Alex Eckelberry al...@sunbelt-software.com wrote: But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner ... I respectfully disagree. What antivirus companies still rely on signatures? I see detection rates daily, and while an AV engine is not nearly the thing it was in the past, it is still a very, very important part of the security strategy. Just wait until your next Conficker infection... Alex -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, May 11, 2010 10:57 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Just to amplify 6.0 is also discontinued. This las... Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is di... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: $RECYCLE.BIN Folder
We set our server Recycle Bins to 0. If you delete it's gone. On Tue, May 11, 2010 at 11:56 AM, Charlie Kaiser charl...@golden-eagle.org wrote: When I run into this (not uncommon) I just hard delete the folders and they recreate... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Tuesday, May 11, 2010 11:26 AM To: NT System Admin Issues Subject: Re: $RECYCLE.BIN Folder I'm not sure how to empty the Recycle Bin for all users, so to speak. I believe you can just delete everything in the folder and when the users drag or put something else in their recycle bin, it will recreate their recycler folder... Don K ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: best windows fax app?
A couple ideas: A) Use a real fax board instead of some random piece of s$* modem. Common cards are: Mainpine IQ Express (http://www.mainpine.com/products_IQE.html) Dialogic (formerly Eicon) DIVA analog boards: http://preview.tinyurl.com/2wq9g3o Brooktrout TRUFAX, made by the current Dialogic: http://preview.tinyurl.com/36g7cme None of them are cheap, though - typically $400+ for a single-port fax board. B) Most MFP devices have faxing abilities and some can integrate with Windows Fax for sending receiving. I know Brother MFP printers can, it's likely others can too. On 5/11/2010 2:14 PM, Greg Farber wrote: Hello. Sort of a low-tech question here... We have a need to deliver pdf documents to some of our customers' fax machines. We are testing Windows Fax on a Dell Optiplex with an OEM fax board: Broadcom BCMv.92 56k modem the drivers have been updated recently. The problem is that when we fax a pdf of an invoice, only the company logo (a graphic) gets faxed through, and not the text content. So we get a big white page with only the graphic showing. I am thinking that there might be a better fax app out there..? Any suggestions? -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: best windows fax app?
Right - brooktrout boards with Rightfax software in a server box... - Original Message From: Phil Brutsche p...@optimumdata.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue, May 11, 2010 2:34:29 PM Subject: Re: best windows fax app? A couple ideas: A) Use a real fax board instead of some random piece of s$* modem. Common cards are: Mainpine IQ Express (http://www.mainpine.com/products_IQE.html) Dialogic (formerly Eicon) DIVA analog boards: http://preview.tinyurl.com/2wq9g3o Brooktrout TRUFAX, made by the current Dialogic: http://preview.tinyurl.com/36g7cme None of them are cheap, though - typically $400+ for a single-port fax board. B) Most MFP devices have faxing abilities and some can integrate with Windows Fax for sending receiving. I know Brother MFP printers can, it's likely others can too. On 5/11/2010 2:14 PM, Greg Farber wrote: Hello. Sort of a low-tech question here... We have a need to deliver pdf documents to some of our customers' fax machines. We are testing Windows Fax on a Dell Optiplex with an OEM fax board: Broadcom BCMv.92 56k modem the drivers have been updated recently. The problem is that when we fax a pdf of an invoice, only the company logo (a graphic) gets faxed through, and not the text content. So we get a big white page with only the graphic showing. I am thinking that there might be a better fax app out there..? Any suggestions? -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Life just keeps getting better....
*Once code is running as system, it's irrelevant what system you try to put in place to prevent it.* True. *Whitelisting is not going to help, because the rootkit can simply report that it's notepad.exe (or whatever) to your whitelisting software.* I think we have a very different understanding of what enterprise level whitelisting technology works in terms of running code. *The same way that a rootkit reports it's something else to your file system filter (typically what AV uses)* Actually, most rootkits that I am aware of operate in a different fashion. They interject themselves into the kernel so that they can manipulate the results of any process list requests or file system requests. As Ed mentioned, no one is suggesting that there are many good options for protection *after* your machine has been infected with a rootkit. At that point, it's too late. When it comes to prevention, however, whitelisting technologies rely not on simple name comparisons, but also combinations involving executable hash, identification of parent process, file system location, etc. Where a typical AV utility is unable to identify the new rootkit app that was just built 2 hours ago and is looking to gain a foothold on your system (because of the lack of an appropriate signature or anything that triggers the heuristics), a whitelisting solution will simply prevent the rootkit executables from executing because they do not match the identification of an app that is approved for operation in the folder in question. Both of the aforementioned technologies have some caveats, but the problems with relying on being able to identify bad code continue to increase to be point of becoming counterproductive. It is certainly not sustainable. Security solutions that focus on identifying bad are subject to more change, and perform with less accuracy than those which identify the good. And they can be sustained. (TopLayer, providers of some of the fastest and most accurate IPS devices I have ever had the pleasure of testing, have deprecated the use of signatures significantly. They represent less than 10% of the effectiveness of the device) Given the current scale of the threats, we need to approach the protection differently. Signatures do not need to go away entirely (or immediately), but other approaches need to be more widespread if we hope to gain any ground on the malware writers, and stop wasting so much corporate time guarding our windows and doors. We also need time to put more effort into regulating execution and automation what used to be considered data, such as PDF files. Just like the prevelance of office macro viruses has diminished due to better controls of the application, so too must the same functionality be built for PDF readers and the apps for other popular active data types. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 11, 2010 at 11:28 AM, Ken Schaefer k...@adopenstatic.com wrote: Personal experience with dealing with r00ted systems that have bypassed AV controls has shown me a lot about how nefarious these attacks can be Once code is running as system, it's irrelevant what system you try to put in place to prevent it. Whitelisting is not going to help, because the rootkit can simply report that it's notepad.exe (or whatever) to your whitelisting software. The same way that a rootkit reports it's something else to your file system filter (typically what AV uses) You're a CISSP - you should know that once the system is rooted you do not own it. You have some variable % of being able to recover the system using tools, but the only guaranteed way to recover the system is to restore from known good media. And the vulnerability you were talking about requires the AV software's thread to be pre-empted, and between some code being run, and the rest being run, some user-mode variables are changed. Again: how is whitelisting going to help here? My contention is that it can't. Your explanation as to how it can? Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, 11 May 2010 11:13 PM To: NT System Admin Issues Subject: RE: Life just keeps getting better Ken, Personal experience with dealing with r00ted systems that have bypassed AV controls has shown me a lot about how nefarious these attacks can be, and I am still learning a lot about the infector vectors and how to provide controls to prevent them. If AV doesn't have a signature for the attack that the current malware has employed, then its pretty trivial to do file system infection, Trojan dropping, rootkit installation etc etc, trust me the malware authors/writers are still well ahead of us in the battle and will probably continue to be for quite sometime. Also I am not advocating any approach except that AV by itself is almost worthless as a system control anymore. But when you are dealing with like 10K+ new samples a day of virus/malware then
Re: Life just keeps getting better....
Ben, I agree with the position that Sophos has taken. Although your point about them being a not-quite-disinterested party is well noted, the fact that they believe that they personally aren't impacted, doesn't mean that they had to give their competitors a pass. It's not like they took they high road -- they basically said that it's not really a factor. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 11, 2010 at 9:11 AM, Ben Scott mailvor...@gmail.com wrote: On Mon, May 10, 2010 at 12:40 AM, Kurt Buff kurt.b...@gmail.com wrote: How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php Sophos's response: http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth-shaker/ They're an AV vendor and thus not a disinterested party, so take it as you like. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: RE: Life just keeps getting better....
Bookmarked. Thanks!! I had seen this before, but not in quite a while. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 11, 2010 at 3:23 PM, Kurt Buff kurt.b...@gmail.com wrote: +1 Here's one of my favorite rants from one of my favorite computer security writers (in 1995!): The Six Dumbest Ideas in Computer Security http://www.ranum.com/security/computer_security/editorials/dumb/ See #2 Kurt On Tue, May 11, 2010 at 10:27, Andrew S. Baker asbz...@gmail.com wrote: Alex, the emphasis is currently on identifying known bad. Yes? No matter what the specifics of that approach, it is more fraught with peril than tracking known good for any given environment. Zero-day (new code) is meaningless in such a context. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On May 11, 2010 1:19 PM, Alex Eckelberry al...@sunbelt-software.com wrote: But Mr. Zoits is right, AV is pointless. It is a signature race and you wll lose that race sooner ... I respectfully disagree. What antivirus companies still rely on signatures? I see detection rates daily, and while an AV engine is not nearly the thing it was in the past, it is still a very, very important part of the security strategy. Just wait until your next Conficker infection... Alex -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, May 11, 2010 10:57 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Just to amplify 6.0 is also discontinued. This las... Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better Too bad Cisco royally screwed up CSA 6.0 and is di... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VPN issue
Can you resolve names on the LAN ? What does a tracert to devices on the LAN look like ? CFee From: Cameron [mailto:cameron.orl...@gmail.com] Sent: Tuesday, May 11, 2010 2:27 PM To: NT System Admin Issues Subject: Re: VPN issue Update. I installed the latest version of the Cisco VPN client (removed the orig first) and it does connect to the concentrator (I can see the session). I'm thinking this is a Windows 7 thing as it shows connected to a public network (which it is, and I can surf). I cannot ping to any device on the LAN though. On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: But that doesn't meet the OP's need of being able to connect to a Cisco device, does it? (I spent 3 minutes on the website, so I could be wrong - please correct me if so.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ -Original Message- From: Ben Scott [mailto:mailvor...@gmail.commailto:mailvor...@gmail.com] Sent: Tuesday, May 11, 2010 2:08 PM To: NT System Admin Issues Subject: Re: VPN issue On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden dav...@imcu.commailto:dav...@imcu.com wrote: Some of the admins here had freeware vpn clients that would work. They talked about them within the last two months. We use OpenVPN. I can talk more about it if anyone cares. (You all know I love the sound of my own voice... er, keystrokes.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~