MY PROFILE | PRIVACY 
Vol. 16, #36 - September 12, 2011 - Issue #845

Great Advice From Former Anonymous Hacker

  1. Editor's Corner    
    • Great Advice From Former Anonymous Hacker
    • Spiceworks Comes Out +1
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  3. Webinars & Seminars
    • Free Desktop Virtualization Seminar
  4. Tech Briefing
    • Bossie Awards 2011: The Best Open Source Software Of The Year
    • Arrival Of New Type Of Financial Malware In The Wild 
    • If You Use Mobile Devices, Malware Will Come 
    • Is Office 2010 In For A Significant Price Decline?
  5. Windows Server News
    • When To Launch Desktops In The Cloud
    • Not As Crazy As It Sounds: How To Run Server 2008 On A Notebook 
    • Legacy OSes And Virtual Server Migration Challenges
  6. Third Party News
    • VIPRE Business 5.0 ? Beta Availability
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • joBot - Less Time Managing. More Time Planning.

joBot - Less Time Managing. More Time Planning.

Just released! v2.0 adds new Group Management jobs and reporting to joBot?s Password and Account Check modules. New time-saving features ease the onboarding process by automatically adding new hires to appropriate groups and distribution lists using a defined attribute value, such as department.  Other features ensure that membership in sensitive or security groups is not inadvertently changed, and allow you to quickly identify, and optionally delete, groups without members or obsolete groups. New reports help IT be proactive in managing Active Directory groups.

  Evaluate today!

Editor's Corner

Great Advice From Former Anonymous Hacker

An interview with @SparkyBlaze, a self-identified former member of the rogue hacktivist group Anonymous, has been published by Jason Lackey - the person behind popular account @CiscoSecurity Twitter feed. They asked what the hacker's advice would be for companies that want to stay as secure as possible. The funny thing is that this is what any security expert worth their salt would say. Check out these 14 points and see how your own organization stacks up:
http://www.wservernews.com/go/1315831477881

Spiceworks Comes Out +1

Thanks for all your feedback, this turns out to be a hot topic! A lot of admins sent me the positive experience with Spiceworks, the vast majority of them in Small and Medium Enterprises. Many of them started with one particular module they needed, e.g. helpdesk or inventory, and then expanded to the other ones. Spiceworks seems to have made huge improvements since the early days in both the installable product and their online community.

Especially the online community is extremely helpful when looking for answers to network problems. I'm guessing that alone is worth it being part of Spiceworks. The software itself, when setup properly can be pretty powerful to manage and monitor a network. For a free program it's a great deal and very functional.

Here are some quotes from Spiceworks users:

"There is software that can do more than Spiceworks, but it costs much more than we can afford." - C.R.

"I have been using Spiceworks for a long time. Probably about 4 years. It has served my purpose and I find it rewarding to go to a site that has other users willing to share their experiences and questions." - R.C

"Several of my peers in our industry also use Spiceworks and all have opinions that range from favorable to wildly enthusiastic. No horror stories from any of us that I am aware of. And, I am not aware of anyone that has tried it and gone on to something else. - C.B.

"I discovered Spiceworks when I took over the IT duties at my previous employer. Having had to operate with a precisely $0.00 budget, Spiceworks fit the bill just perfectly. With all of the functionality built in, the user created widgets, and the continual expansion in capabilities, I have to say it?s just about the perfect fit for SMB IT needs." - C.F.

"We have around 110 users now and will be increasing that to around 300 in the next year or 18 months and have very little concern that Spiceworks will handle the work load. My opinion of Spiceworks is an A. Their software does what it says, and it seems to do it pretty well. Especially their helpdesk... tough to top that one." - K.K.

"I absolutely LOVE Spiceworks. I think their business model and their product is simply awesome. We are a small company of 250 people and 3 IT guys. We don't have a massive budget and the mantra of doing more with less is tattooed onto our souls." - E.N.

Some small 'gotchas' that people mentioned:

  • Network mapping is a bit rudimentary. With PCs scattered across
    different sites, it would be nice to be able to use background maps
    to help locate devices.
  • Software inventory does not work with "click-once" .net apps,
    because the .net software is stored in a user's registry key and not
    a system key, Spiceworks does not see it.
  • The fast growth and adding new features destabilizes the code a now
    and then until they fix it.
  • Performance can be an issue in some cases, slow response times noted.
  • Works best when a network is 100% Active Directory based.

Overall recommendation: A strong GO if your budget is under pressure, you need things like network monitoring, helpdesk, PC inventory tools, UPS power management, an online community, and you are not managing many thousands of workstations. Check them out here:
http://www.wservernews.com/go/1315832008959

Email me at [email protected]
 
Warm regards
Stu Sjouwerman

Quotes of the Week

"Take risks. Ask big questions. Don't be afraid to make mistakes; if you don't make mistakes, you're not reaching far enough." -- David Packard

"Take calculated risks. That is quite different from being rash." -- Gen. George S. Patton

"Magic is believing in yourself; if you can do that, you can make anything happen." -- Wolfgang Von Goethe

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/go/1307096257843

Stu Sjouwerman
email me: [email protected]

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

mPowerTools - an AD Admin essential!  200+ reports, bulk import/export, scheduling, GPO/File Share Reports. Eliminate scripting! ONLY $1,299 for limited time!
http://www.wservernews.com/go/1315830423772

Free Service: Email Exposure Check. Find out which addresses of your organization are exposed on the Internet and are a phish-attack target:  
http://www.wservernews.com/go/1315832525459

Frustrated with gullible end-users causing malware infections? Find out who the culprits are in 10 minutes. Do the Free Phishing Security Test on your users!:
http://www.wservernews.com/go/1315832583819

Webinars & Seminars

VIPRE® Antivirus Business Product Demonstration

Looking for a security solution that's not a performance hog?

VIPRE Antivirus Business combines antivirus and anti-spyware technologies into one powerful security solution for total protection with low resource usage. New VIPRE features include scalable multisite tiering and role-based access control.

Join us at 2:00 pm ET as we demonstrate the many features of VIPRE Antivirus Business -- Register Today!

Date: Tue, Sep 13, 2011

Register Here:
http://www.wservernews.com/go/1315832659944

Palo Alto Networks - Krebs and Zuk Debate Modern Malware

Brian Krebs will call "B.S." if he hears it, while Palo Alto Networks founder/CTO Nir Zuk is also one who never pulls punches. Join this duo for what promises to be a lively debate. Krebs and Zuk will dive into the world of modern malware to see what is real, what is hype and what things we need to be doing as an industry to protect our users and networks. Join this live webcast on one of the most challenging problems in security today - the ongoing evolution of modern malware - and bring your own "tough questions" for Krebs and Zuk.

Date: September 13, 2011  Time: 11:00AM Pacific / 2:00PM Eastern 
http://www.wservernews.com/go/1315833019381

Free Desktop Virtualization Seminar

Coming to 11 cities throughout the remainder of the year, independent expert and desktop virtualization guru Brian Madden will update you on where the desktop virtualization market is in 2011, focusing on what?s real and what?s not. Spend just a few hours out of the office to take advantage of a live Q&A, peer networking opportunities and tons of valuable information.

Register today!
http://www.wservernews.com/go/1315833089100

Tech Briefing

Bossie Awards 2011: The Best Open Source Software Of The Year

InfoWorld does a good job reporting for IT professionals. Their Bossie Awards are always interesting to check out. They started off with:

"One of the best ways to see the success of the open source philosophy is to pick up a cellphone. If you happen to grab an Android phone -- the most popular in the smartphone class -- you'll have a device running a package built by Google and sitting on top of Linux. Almost all of the source code in the stack is released under a generous open source license."

This article is worth reading, and especially these sections:

Bossie 2011 winners:

  • Bossie Awards 2011: The best open source software of the year
  • Bossie Awards 2011: The best open source applications
  • Bossie Awards 2011: The best open source desktop and mobile software
  • Bossie Awards 2011: The best open source application development software
  • Bossie Awards 2011: The best open source data center and cloud software

http://www.wservernews.com/go/1315833489506

Arrival Of New Type Of Financial Malware In The Wild

InfoSecurity wrote: "Trusteer has reported the evolution of a new type of financial malware, apparently created from generic malware. This is the second time this has happened, the security firm claims.

According to the in-browser web security software vendor, the malware has been observed abusing a large installed base of infected machines to attack global financial institutions.

Trusteer adds that it is still investigating the new financial malware, which it has temporarily named Shylock. Unlike the non financial malware Ramnit - which the firm reported late last month had turned into a fraud platform - Shylock does not incorporate tactics from the infamous Zeus Trojan. It appears, says the firm, that criminals have developed custom financial fraud capabilities for the Shylock malware": 
http://www.wservernews.com/go/1315833835773

If You Use Mobile Devices, Malware Will Come

I have been predicting this for a while now, but InfoWorld has made the point loud and clear this week: "IT people who try to secure mobile devices in a big company face three big conceptual problems. First, many, if not most, of the smartphones and tablets are from Apple. Both veteran and rookie users tend to believe Apple devices aren't vulnerable to malware and hacks, so users don't need to take any precautions."

Well, think again. There is quite a bit of Apple malware out there, and a boatload of Android-focused malicious code. If you run the latter, I recommend the VIPRE MOBILE Beta over here: 
http://www.wservernews.com/go/1315834062692

Next, here are 6 tips for securing Android phones:
http://www.wservernews.com/go/1315834110143

And you can read more about this issue over at InfoWorld:
http://www.wservernews.com/go/1315834167997

Is Office 2010 In For A Significant Price Decline?

"Stock market prognosticating company Trefis specializes in predicting stock prices by analyzing a company's major components and calculating how much of the company's stock price is attributable to each piece. Their recent take on Microsoft Office -- the tail that waves the Microsoft stock price dog -- has caught the attention of Forbes Magazine, among others."

Read More at InfoWorld:
http://www.wservernews.com/go/1315834396002

Windows Server News

When To Launch Desktops In The Cloud

Even though Desktop as a Service sounds like a good idea, placing VDI in a private cloud doesn't always make sense. Find out when you should and should not launch your desktops in the cloud with this expert tip:
http://www.wservernews.com/go/1315834609451

Not As Crazy As It Sounds: How To Run Server 2008 On A Notebook

Whether it's just for fun or a necessity of your job, this popular article details how to get Windows Server running on a notebook 
http://www.wservernews.com/go/1315834729364

Legacy OSes And Virtual Server Migration Challenges

Legacy servers and their ancient applications are ideal candidates for virtualization, but a virtual server migration to new hardware brings several challenges. Learn more in this featured tip:
http://www.wservernews.com/go/1315834867202

Third Party News

VIPRE Business 5.0 ? Beta Availability

GFI Software is very pleased to announce the beta release of VIPRE Business version 5.0. VIPRE Business is the successor to VIPRE Enterprise family of products. Our planned public release date is in early October, and we invite you to preview and test our betas. The following products are available for beta testing:

  • VIPRE Business 5.0
  • VIPRE Business Premium 5.0

As there are a number of under-the hood-improvements, the key improvements for 5.0 are focused on ease-of-usability, performance and stability. The headline features for VIPRE Business 5.0 include the following:

- Management Console Improvements

Enhancements to the version 5.0 console are centered on ease-of-usability, and feature an updated look and feel. High-visibility toolbar buttons have been added to allow quick access to frequently-accessed areas.

- Agent Software Performance Improvements

Improvements to the version 5.0 agent focus on stability and performance, and resolving past issues that could have caused critical errors in isolated incidents.

- Agent Deployment Made Easy

The VIPRE Site Service and agent software will now automatically provision the Windows Firewall configuration with the necessary exclusions, in addition to displaying new agent installation dialogs. This allows for easier deployment by ensuring that the agent is able to successfully communicate and obtain updates, without requiring manual intervention to adjust the Windows Firewall settings.

- Incompatible Software Removal

Version 5.0 features new technology that automatically handles the removal of most third-party antivirus products prior to installing the VIPRE agent, allowing for easy migration from other antivirus products. This mitigates common risks associated when multiple antivirus products coexist on a single computer. (This is a policy level setting, and can be found within the policy properties under Installation Management.)

- Remote Access Layer

Version 5.0 simplifies the ability to remotely manage sites via a dedicated communication layer. This allows for easy connectivity to other sites without requiring direct database connectivity. This is handled via port 18088, as opposed to SQL port 1433 (as version 4.0 required.)

- Built-in Database

New installations of version 5.0 will now use a built-in database, removing the Microsoft SQL Express 2005 prerequisite that existed in version 4.0.

- Audit Trail

Audit trail capabilities have been added at the site level, allowing quick and easy access to view configuration changes made within the product.

For complete details on how to obtain this beta, please visit our beta forums:
http://www.wservernews.com/go/1315829959684

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

WServerNews - Product of the Week

joBot - Less Time Managing. More Time Planning.

Just released! v2.0 adds new Group Management jobs and reporting to joBot?s Password and Account Check modules. New time-saving features ease the onboarding process by automatically adding new hires to appropriate groups and distribution lists using a defined attribute value, such as department.  Other features ensure that membership in sensitive or security groups is not inadvertently changed, and allow you to quickly identify, and optionally delete, groups without members or obsolete groups. New reports help IT be proactive in managing Active Directory groups.

  Evaluate today!