Slashdot Mirror
Curing a Corporate Virus Infection
museumpeace writes "Over at Internet Storm Center Deb Hale's 'In search of the bot net' entry for September 25 recounts a grueling hunt for all the .exe's, reg entries and sources for a bot infection of a 60 server corporate network. What a nightmare! The story ends with an indictment of careless users and a suspicion that Ares, one of the sloppier Pirate2Pirate filesharing tools was the original souce of the extensive corruption that eventually even crippled the AV tools. How typical is this sort of grief? [More more frequent than reported, I would expect: the corporate victim demanded anonymity for the story to be told]."
also happens to be the one most prone to viruses, eh?
Hmmmmmm.....
Only slightly biased. I understand the annoyance of the admins over this screwup, but take deep breaths and count to 10 before you badmouth all P2P networks.
And security always includes usage policies.
$ su -
# uname
Linux
# iptables -P INPUT -j DENY
# iptables -A INPUT -m state --state=ESTABLISHED,RELATED -j ACCEPT
# exit
$
I want to delete my account but Slashdot doesn't allow it.
If you can use the 'protected port' option on e.g. cisco switches, TURN IT ON.
Essentially, it prevents the indicated ports on the switch from communicating with other ports that also have that protection set. Unless you have sloppy shared directories or some reason for the actual PC's to talk directly to eachother, it won't harm anything and will prevent the viruses from spreading pc-to-pc once (not when) they get in.
[disclaimer: i work for a major fortune 500 company with a large, 50+ distributed node WAN]
Everytime there's a big ass Windows vulnerabilty, there are security emails and IT manager emails basically saying "heads up, check your shit." But let's say somebody doesnt check his shit, and a site ends up infected. The WAN group watches the network, especially during times like this, and nodes are just dropped off routing from the rest of the network until they get their act back together.
I realize the article is talking more about the pains of these nasty new infections that mutilate machines, but the old saying works -- a good offense is a great defense. Assign local managers responsibility for the server boxen at their node, he/she should be keeping the machines patched, but when that fails, close the node off the network before it can damage anywhere else.
Of course the major server boxen have their own layer of network between them and the rest of the WAN, so they can be isolated if the worm is already rampant on the network. Doesn't hurt to access list transmission ports, either, icmp, tftp, foo...
Blame your own policies, not your users. Users are not IT experts and will not be even with extensive training.
Restrict privileges. Don't allow anything that is not necessary...
...a grueling hunt for all the .exe's, reg entries and sources for a bot infection...
Wrong answer. If you have a compromised system, trying to clean it is (a) likely to be really difficult, and (b) not secure.
Wipe the system, reinstall, and recover from backups. (You do keep good backups, right?) It sounds pessimistic, but in most cases an attempt to "clean" a system is going to end up with you pulling out the OS reinstall disks anyway.
Tarsnap: Online backups for the truly paranoid
There are really times when I wish you could mod a submission as "Flamebait."
"Only slightly biased. I understand the annoyance of the admins over this screwup, but take deep breaths and count to 10 before you badmouth all P2P networks."
YEAH! Let's badmouth only the ones used to transport "pirated" material.
It took more than a week to fix. Basically IT took everything down and cleansed each individual computer before it was allowed to be back on the network ... except of course for the linux boxen and even they were affected by the lack of servers.
Since I have great respect for our IT guys (they are really scrupulous about permissions and patches), it was a sobering experience.
#1. Convince management that this is a BAD idea.
-or-
#2. Convince managment to give you some funding/equipment to implement network security upstream of those insecure PC's.
The next question is WHAT you'd implement and HOW you'd do so and HOW you'd monitor it.
Anyone can throw a bunch of PC's on a hub and claim to have setup a "network". It's the added security and monitoring that differentiates the best from the worst.
You needn't treat them like a threat to their face, that is just rude. Most people are "too busy" or don't care enough to learn about computer security. So nod and just listen to *their* problems and lock down their system against the big threat.
... so we set out to prevent user folly. In so doing we created the IT tech's dream.
We had to deal with this more often than not
First off you start at the network layer, and make sure via firewalls that people can't get anywhere or use any application that will cause you grief.(p2p/streaming etc.) Then you transparently proxy all your traffic so that the guy who checks out classic-cars.com all day for backgrounds can do his thing and not screw everyone else.
Then you take every user system and you lock them down. You start out by moving all their dynamic data (that you wanna keep) to a file server. Mapping the winblows appdata/my documents gives you a wannabe roaming profile without all the garbage.
After you make all that effort you either impliment a mandatory PXE re-imaging overnight (too much of a headache for us) or you use something like Deep Freeze and lock down the system entirely. Due to Deep Freeze even the most zealous surfer can only horribly damage their system once a day.
Now you have an ideal environment. All changes on a system that need a reboot *must* involve a contact to the IT department, and those you think are savvy enough not to need a frozen system can do 90% of their own support.
Ok sure so your level of responsibility goes up. The pristine environment means you have plenty of opportunity to script away your work. Not to mention silly things like virus outbreaks are really limited because a frozen system need only reboot to remove the virus.
Think *pro-active.*
- Running Windows
- Not using total security throughout the network.
- Allowing Users to download any tool that they want
- I will bet that they allow CD/floppy downloads.
- Probably allow Outlook (and in an insecure fashion).
And the Blame goes to:p2p software??????
Our society really suffers from a lack of taking blame.
Anybody who runs MS should know that it takes a lot of effort and money to truely lock it down. As such they should do so. It is simply part of the total cost of running a Windows system.
I prefer the "u" in honour as it seems to be missing these days.
PugsleyButt:~/devstuff/c++ jmzorko$ strings file_to_examine
It just seems to me that this would be an obvious, but fairly effective way to quickly find all the registry points (as well as DLLs and other files) that a piece off could would touch ... maybe use it in conjunction with nm as well ...
Regards,
John
Falling You - beautiful
You have no idea what sort of trojan / backdoor / über nasty malware was loaded on each individual machine.
Your time is much better spent developing a network reimaging system so that your machines can be reverted to a known state relatively quickly.
-Peter
. Penguins Surely Ca
Yes it is IT's fault. They let users have privilages sufficient to install programs, leading to viruses. If it were a buffer overflow in a JPEG I wouldn't blame IT.
Rules are clearly stated - enforce them or if you want to let users have more freedoms then keep and monitor detailed logs on what they do with these 'rights'.
You seem to demonstrate an immature attitude and lack of respect for users - if you are an admin you are employed because you are a specialist and it is better for you to be the single point of expertise for that task - just like you couldn't calculate the accounts for a company I doubt the finance staff would be so patronising as saying "waaa, the accountant says I can't have 3 21" LCDs, waaa, the CEO says I can't take 5 months paid leave a year".
--
Slashdot: Racism against Indians OK. China bad, USA good. Blue pill in water supply.
"Over at Internet Storm Center Deb Hale's 'In search of the bot net' entry for September 25 recounts a grueling hunt for all the .exe's, reg entries and sources for a bot infection of a 60 server corporate network. What a nightmare!" ...Apple Macs and Assorted Linucen, curing .exe, registry and bot infections for 5 years and counting!
...or does this guy come across as a total ass? "Pirate2Pirate"? Blaming the users? I mean, isn't *he* paid to enable *them* to do their jobs, not the other way around? (Of course, the actual article is /.ed, so maybe it's just the summary that gives me that impression.)
Learn from history. Government legislation against spam has done squat.
That's the most succinctly put point I think I've ever read on slashdot.
No reference at microsoft site about using a machine in limited mode to stop viruses/trojans.
I think linux users don't run exim or apache with uid 0...for a reason.
Who convinced you that they were legislating *against* spam?
CAN-SPAM: It's not just a horrible backronym.
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
Limit access to the application/web server level at the router. Isolate workstations so that they can each see the file servers but not all other systems. If someone needs direct access to servers, they should have a real good reason (or it should be obvious; admins, developers.).
Keep in mind that I'm not suggesting that the limits be so strict that people are annoyed and attempt to break or ignore security. They should be well organized, though, and monitored. Reasonable exceptions should be made immediately, and unreasonable exceptions should be granted quickly with an eye to isolating the damage of that exception as much as possible.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Let's not be sexist about this ... there are B2B (Bitch to Bitch) networks as well.
The higher the technology, the sharper that two-edged sword.
Here is an idea that seems to slip past many...
C-O-R-P-O-R-A-T-E F-I-R-E-W-A-L-L
We used to have botnet probs in our corporate network... once we installed a Zonelabs Integrity server and were able to control what programs had access to the internet and which ones did not, it was pretty easy to fix.
upon which all Windows operating systems are based.
Just out of curiosity, have you had similar problems under Win2K, or are you just seeing this with XP?
The higher the technology, the sharper that two-edged sword.
Funny how it's IT fault for not getting people to follow the rules (whatever happened to self-discipline?).
Self-Discipline can be overwhelmed by rules. If you tack on all the Computer Rules to all the other rules (on Harassment, on Job-Requirements, etc) you rely on someone to remember a long list of do's and don'ts.
But a healthy admin policy will restrict the user without requiring her to remember what's acceptable and what's not acceptable, and why, and all that.
Who gives diddly what you think about your screensaver. That doesn't help you do your work.
mefus
In Open Society, GPL Software frees YOU!
Let me guess: you work for a toilet-manufacturing company?
Excellent. But don't forget to keep administrative control from the users and limited to the a few users.
Run security audits to make sure only the chosen few have administrator rights. This is for local PCs. Domain rights should even be more tightly controlled.
Keep AV defs updated daily. Report the numbers daily to check compliance.
Remove the ability to disable AV.
Check AV logs daily. Any report should be dispatched to a tech to "fix" the PC or determine what happened to the AV and take action accordingly.
Use group policies to ban known software, P2P & Hack/hacked tools. ( Not perfect but keeps the stupid honest)
Scan all email in & Out with AV & Spam Killer.
Be perpared to shut mail off if required to protect systems. This means you will nee to provide some user with a safe external email.
Keep your PCs patched on a regular basis. After testing on several test groups for issues.
Document your system & processes.
Inform & educate your users.
Happy to report the last big virus we had hit was Melissa. It made us retool the whole AV/Patch process and take these measures and more.
On the other hand ... sometimes the party line is the correct one to take. Knowing when to jump off the bandwagon is the key.
The higher the technology, the sharper that two-edged sword.
So I was a part-time (big projects, twice a month maybe) sysadmin at a local office of a large actuary firm. About 70 computers all tied in over a leased line to the central offices. Anywho, back when the Melissa (I think) virus was making its rounds I gave the full-time guy a heads up on wha to expect, patches, etc. Of course, his head was firmly stuck up his 'exit-only' hole and neglected to do anything. So our systems slowly but surely (not so slowly now that I think about it) groud to a halt.
Long and short of it was that we had to manually clean every system, and in doing so found dozens of other infections, trojans, etc. I never did any of the client admin work, just helped with the long-distance networking. But the head of the office took me aside and asked me for a "no shit" assessment. I told em the full-time had dropped the ball. He offered me the job, I chuckled and politely declined as that office was NO fun and the pay sucked (hence the lowly full timer they wound up with).
Anyway...
At work we have 20K users in the US alone. We actualy don't have that bad of a time dealing with viruses and worms and the like.
Why? Because 98% of the users get pushed their virus updates and their OS updates. This includes the clueless people.
We also run network scans and know WHEN computers were updated. If the computer is connnected to the network, we know what updates it has or doesn't have. The only hard part is FINDING the unpatched computers.
We also have a firewall that prevets P2P connections, FTP and anything else non web browser related (gets anoying at times).
In reading this story.. I can only assign 1% of the blame on the users and 99% of the blame on the admins for not doing a proper job.
yeah, yeah, i'm sorry, you're sorry, everybody's sorry... quit blaming your users. that aside, i think this article is a little more proof that anti-virus programs like norton, are ineffective these days. the way they function needs to be re-thought badly. i hope to see the cost of devices like this one come down to more consumer friendly levels in the future. anyone have any ideas on how anti-virus can be improved?
scott king
It's even more important. Do you want to chase problems every 5 minutes and waste your weekend? I don't!
Exactly my point!
Take one thing at a time, starting with your most troublesome group or servers. Don't grab the 300 client system nightmare first; look one server and see what it depends on. Are there 10 applications running on it? Is there a way to move one or a set of them of them off and isolated that?
If you're getting pecked to death by ducks, start by killing one duck at a time! (Or find a smaller group of ducks to kill at a new job.)
Don't let upper management know that you suceeding, though. They may want to get rid of the monkey.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
"In a world where a private corporation could create a private bridge and set strict rules of usage for that bridge, would that private corporation be responsible for its own damages if its manager of Bridge Upkeep failed to set the readily available measures to prevent paid employees to swerve around for fun, crash through side guards and park said car next to a fresh-water lobster?"
Sounds more like this guy was just looking for an excuse to submit a story and use the term "pirate2pirate."
Note that the story was talking about removing infections from servers, not user desktops. Presumably they did just reimage the desktops, but the servers had to be handled with a little more subtlety (probably to minimise downtime).
"Making up a new plural case of a word to try to sound cool", on "haxor.dk". That's a 15 yd. penalty and loss of down.
"Ask not what your country can do for you." --John F. Kennedy
Seriously, if you knew the first thing about how network protocols work, you wouldn't be such a huge ass.
Like Warez HTTP and FTP sites don't exist. Or people don't email each other software. Or you can't find it on USENET.
Oh wait, should we ban all Internet traffic?
Oh wait, NO WE DON'T YOU FUCKING TWAT!!!
WE GO AFTER THE PEOPLE USING THE TECHNOLOGY INAPPROPRIATELY!
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
There's a lot of corporations that refuse to report a breech in security. Simply for the reasoning that people will bail out like rats, leaving the company with little to no customer base. I suspect there's an amount of identity theft involved with the whole sordid affair, and that quite a few people make the mistake of signing up with those companies.
One day, some kid working on his thesis paper will compile a list of the IDT (IDentity Theft) victims, and there will be a nasty little coincidence...
Appropriately setting security permissions, or assigning users to the Users group. Also, try renaming ntuser.dat to ntuser.man (and of course remove write permission to the top of the user's profile).
.reg scripts that run at login time to reset the settings. ;-)
That'll mean they can change their settings, but they'll be automatically reset at logout. You don't even need a domain server to do it.
Of course, the users might get a little annoyed. The savvy ones will write
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
How can the edge firewall detect what software is driving the ports on the user's desktop? I guess you had to install the Integrity Client on each user's machine as well.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Geez, any self respecting switch has some of those features - people should learn to use them to partition the network. On a Windoze office network, very few users need to talk to each other - most only need to talk to a server.
Oh well, what the hell...
I installed eDonkey once, but I didn't like it. It installed spyware on my computer, and nothing really worked right. I downloaded it straight from download.com, so I didn't just get a bum copy. The program itself is crap. It wouldn't even connect to the Overnet server.
Virus writers are inevitably going to try to take advantage of the routes used by the highest number of people. The problem lies in the fact that government involvement in P2P is more likely to eliminate the higher number of networks, servers, and front-ends we have available to us. When there are less networks, less servers, and less front-ends, it actually makes it easier for virus writers to target one network, one server, or one front-end because a higher concentration of people are using it.
Plus, when the government gets involved, some people tend to believe that the problem has been solved and that, through regulation, it's now safe to use. Do we want people to be using P2P networks willy-nilly, not even thinking twice before they download something, execute it, infect their entire machine, and then share all their other infected files with other machines on the network?
I think it's a better idea to eliminate government regulation on this sort of thing. It means that a network that is secure with smart users is more likely to be successful, and it means that those of us who practice safe computing don't have to worry about the government locking us into an insecure system.
Final result is that government isn't going to solve the problem.
"But don't forget to keep administrative control from the users and limited to the a few users."
.pdf or other such file from a client and realizing that the IT department never even considered the possibility that you might need to download additional software occasionally to open such things. Of course, it makes you feel important when people have to telephone you many times per day to do trivial things like installing software (as if you know the difference between good and bad software just by looking at the name)
Specifically, make sure you transfer power to yourself and your friends. It's fun having complete control over people, isn't it? Good thing power doesn't corrupt.
"Run security audits to make sure only the chosen few have administrator rights."
After the third time missing a meeting due to the PC having an incorrect clock, no administrator access to fix it, and a big wait-time for the IT department to do anything, I decided I never want to work for an organisation with someone like you in it. Other people feel the same way about their wallpapers, their favourite browser (you do lock down people's PCs so they only run Internet Explorer, don't you?) and other similar things.
The classic one is getting a tar.gz or a
"Remove the ability to disable AV."
Watch as your developers' machines take 25 minutes to recompile an application that used to take 3 minutes, as the virus-scanner scans every single file they open, including all standard headers and libraries...
Indeed, watch as the emails relating to the bespoke software you're buying get mysteriously deleted (quarrantined, delayed, or just disappear) as the software company has attached the new build of your software as an EXE file. You have no idea how much time we waste trying to communicate with customers that use such AV solutions.
Yes it is IT's fault. They let users have privilages[sic] sufficient to install programs, leading to viruses.
...
Ok, then whose fault is this:
IT: We need to implement $securityrule.
CEO: No.
IT: But it will prevent $securityproblem.
CEO: No.
IT:
Or this:
IT: $User violated a security rule. They should be reprimanded.
CEO: No, we don't want to piss them off.
IT: But it was in the employee handbook, and they signed a statement saying they'd follow the rule.
CEO: Get back to work, shouldn't you have a microchip to renoberate or something?
If it were a buffer overflow in a JPEG I wouldn't blame IT.
You're in a very small minority of people who actually have a working knowledge of network security. Everyone else blames IT for everything from global warming to their coffee getting cold. The mantra is "Don't understand it? It's not important. Blame IT."
Never underestimate the power of stupid people in large groups.
You should give me all your work for free!
( while that was a joke, i think you will find taht if you make a quality product that is worth buying, you really dont lose anything via 'piracy'. A person that was not going to buy your product anyway isnt a lost sale to you.. so you didnt lose anything. )
---- Booth was a patriot ----
Can someone enlighten me what the authore means when he talks about using "attrib" to find files which are potentially bad? How can I do it?
Here's some dandy quotes that might fit in with this discussion, all from gandhi:
Increase of material comforts, it may be generally laid down, does not in any way whatsoever conduce to moral growth. What does that mean? Trying to get rich off of anything means nothing for your moral growth? Would that include artists?
I believe in equality for everyone, except reporters and photographers. Whoops! Creators of so called "intellectual" property! He doesn't believe in equality for them!
It is the quality of our work which will please God and not the quantity. Does that mean accumulating ridiculous warchests of dubious IP patents is not a smooth move? How about those middlemen who accumulate thousands of copyrights, then use their financial clout to have the laws extended to benefit them, to the detriment of everyone else? Could Gandhi be talking about regular plain vanilla old fashioned sins like greed, gluttony, avarice? Sounds like it to me. How much is enough? How rich, how much money do you have to accumulate, how much does some vague non person "person" like a corporation have to accumulate before they can say "enough"? Why is it they can profit from technological advances which make their jobs much easier-merely making "copies", while they don't want anyone else to be able to use modern technology? Doesn't that seem a scosh greedy and wrong?
The mice which helplessly find themselves between the cats' teeth acquire no merit from their enforced sacrifice. Perhaps he means being a *professional victim* isn't a wise thing. Perhaps he means we should resist predators? Seems like you could extend this to being a victim of out of control colluding corporate entities who seek to enrich themselves and pass laws through bribery to increase their "IP" profits at your expense, making a mockery of any sort of "free" market, let alone "advancing the arts and sciences" for the good of ALL. Perhaps.
Satisfaction lies in the effort, not in the attainment, full effort is full victory. Satisfaction in producing "IP" lies for the creator in the attempt, not in what comes after the attempt.
As to working to change the law, a lot of what he and the millions of Indians did was technically "illegal" according to British Imperial rule "laws". You can start with failure to obey orders, and go up and down and sideways from there.
As for me, personally,I do all manual labor for my coin, all of it. The *exact second* that there exists a technological way for someone to "copy" what I do, to replicate it cheaply and easily, please, go right ahead! Enjoy! Modify it! Share it with your friends! As it is now, doing mostly landscaping maintenance type stuff, the best I can offer is you can drive by on the road and go "nice work, looks good, better than that raggedy mess it was last week!". I've created visual "art". It costs me effort, my employer expense, there's fuel, maintenance equipment, etc, plus my salary. MOST of what I do is purely visual, it serves no other purpose other than to change the way a certain section of reality looks. It's "art" in a way. I mow huge areas, plant gardens, make flowers bloom where before was crab grass and poison ivy and brambles. It looks "better", and it's certainly changed, and I try to be "soft" with what I do, to be careful to not do harm, only to enhance for effect. My "patron" pays, but anyone driving by looking may "enjoy" it at no charge. Some folks even have a term for that now, it's called "viewscape", it has a certain "value" to it, as does any other sort of "art". But, it's not "copyright-able". Should it be? should I charge a fee for looking at it? Hey, what a concept, what I create all these people are ripping me off for, they are looking at something FOR FREE, something THEY didn't create or pay a fee for! What should the license say, how long may I hold that license, where can I set up a toll booth for anyone to drop their money into as they drive by and look? Work's work, right? Although many others als
It also wreaks havoc trying to manage pcs remotely in an enterprise..
And if you open those ports, it sort of negates 90% of the value of the 'local' firewall in the first place..
It also seems that locking things down via GPO isn't keeping a lot of them out either.. The viruses that
manage to get past a good antiviral program still find something to attach too. ( this includes spy/mal ware,
which sould be re-classified as a virue/trojan.
Its a no-win scenario, eventually we will have to have 90% of our PCs OFF the net, and no extrernal email..
---- Booth was a patriot ----
Portscan your entire network, it can also probe what things you are vulnerable and gives direct download links to the patches for each machine.
This is the traditional post stating that the Mac is OS is superior because it is unaffected by Windows viri.
Also included in the traditional post is a gratuitous slam against Windows users: "Windows users are poopieheads for using Windows!"
Finishing up with a "In Soviet Russia..." joke
In Soviet Russia, you infect virus!
It has been my pleasure to provide the Slashdot Community with the traditional posting making fun of the Windows OS and WIndows Users, contrasting the Windows OS with the Mac OS, in a snarky, oh, so superior and ultimately uninformative manner, in a comment thread about yet another flaw/fault/sploit in the Windows OS.
Thank you for your kind attention!
P.S. if you use Linux or any of the UNIX variants, please substitute the name of your OS for Mac OS in the above posting, the better to observe the Slashdot traditions we so revere.
Guaranteed! This comment 100% Anthrax free!
Once upon a time there was a fellow who bought a Yugo. It had a really shiny paint job and plenty of marketing oomph behind it too. Unfortunately, the pretty, painted Yugo was still just a Yugo on the inside and very soon after purchase the new Yugo owner was most unhappy, as were all his fellow Yugo-owning neighbors.
One particularly troubling day the Yugo owner asked his fellow Yugo owners why this sorry state of affairs was extant and if there wasn't some way to mitigate the myriad problems inherent with Yugo ownership. After much argument and debate and considerable gnashing of teeth, the Yugo owners all decided to go and get fresh, clean paint jobs on their Yugos: No other solution seemed palatible to their collective Yugo mindset.
Obviously this solution did not solve any problems other than a few scratches in paint, but it did make the Yugo owners feel better for a while. Unfortunately, Yugo owners are horrible with simple math and have almost no concept of the value of quality when measured over time and so continue to make this same error in all aspects of their lives. Such is life for the Yugo owner who can't bring himself to admit that the Yugo is just a sorry piece of poo on the inside, regardless of how much he has spent on the paintjob.
The moral of the story: Windows users, YOU GO!
(Psst! Hey fella, here's a free clue for ya: The Porches are free! *snicker-snort-ROFL* Doh, what am I going to do for cheap entertainement when everyone is running *NIX?)
Everything in the Universe sucks: It's the law!
How typical is this sort of grief?
This sort of grief is very typical. But only for incompetent drones, known better publicly as "Windows users". It is extremely unlikely for enlightened open source hermetics.
There you are, staring at me again.
Dude, as much as I loathe M$, I find myself having to keep a partition for XP on my puter...there are apps that DON'T run on Linux, or have equivalents yet. The killer for me is MYOB, a book keeping program - I'd be deleting the yukness of Windows in a heartbeat if there was an equivalent or a reliable port. And no, its NOT reliable under Wine, or listed under Crossover.....I sodding hate having to reboot into XP yukness, and am hanging out for a MYOB equiv for Linux. Give corporations, and SMEs these sort of needed tools, as Open Office is doing, and you would see a swifter transition to Linux - hell a stampede! Oh, and if anyone knows a really equivalent type tool for MSAccess or MSPublisher, trying to transition a Community Centre to Linux would be simpler:)
Nothing - well thats something.
WIth an organization with over +1000 users you are bound to have trouble makers.
People get fired all the time and rules on job requirements and sexual harassment will never be 100% followed.
If an employee sexually harrasses another he/she is fired and its a done deal. If a user however unleashes a worm that cripples the internal network than your job is on the line.
Does that sound fair?
Policies are needed and yes most organizations have computer usage policies so someone launching a worm can and should be fired but the administrator will always be blamed while the bosses of those who dont fill their job requirements rarely have their jobs on the line.
Its unfair and this is why such a policy is needed.
http://saveie6.com/
Which one???
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
How much of the work is truly original? Most artists draw heavily upon a shared cultural heritage and public domain to create new works. It's a bit hypocritical to make use of that heritage and then scream "It's mine! All mine! Nobody else can ever look at it or listen to it without paying me for the privilege."
Mea navis aericumbens anguillis abundat
Then *you* should be administrating your machine, and complying with all policies the administrator has to comply with, and everything else.
There: Something at a specific location.
Their: Owned by someone.
Please make sure your english compiles.
Find a new job before your network explodes and management blames it on you rather than face the fact that they should have had 3 more admins to handle the load to prevent the explosion in the first place.
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
Policies are needed and yes most organizations have computer usage policies so someone launching a worm can and should be fired but the administrator will always be blamed while the bosses of those who dont fill their job requirements rarely have their jobs on the line.
I'm not arguing that policies are needed or that people break them. No argument from me.
If a user unleashes a worm that cripples the internal network, though, is a different can of... well you know.
Worms come from (on MS-based machines) unpatched systems, and (more generally) Trojans come from deficient network policies regarding email.
Yep.
Blaming the user for not anticipating weaknesses in the operating system and mail reader is not fair.
Can't say I'd blame the network people either, though, since network/architecture configurations are subject to bean-counters and management decisions. It's complex.
mefus
In Open Society, GPL Software frees YOU!
We are still cleaning up and testing to ensure that the infection does not return. We did discover that we had several machines throughout the organization that had various spyware and other downloaded games and programs. One that stands out and may well have been the entry point for the worm is the ARES P2P program.
Sounds like p2p is only one of many potential culprits in this case. From prior experience, I'd be more inclined to blame spyware programs which are deliberately designed to socially-engineer users into compromising their own systems.
Once you've got spyware running, the security of your system becomes dependent on the integrity of spyware creators who have already passed the ethical brightline of coercing users to install their product through either dishonesty or direct exploits.
The content that can be reached via P2P software poses some degree of security risk in untrained hands, but that risk is miniscule compared to the mind-boggling insanity of discounting the danger of spyware which has gained access to your network without necessarily even being intentionally placed there by a user. If spyware is running, the system is compromised. End of story.
...and that's why I run PeerGuardian Lite with the malware/evil only blocklist and Spybot S&D in active-protect mode on my system and anywhere else I have access to. You should too.
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
You just reminded me why I am not in IT anymore.
I tell people there is nothing I can do thanks to the budget and I get fired.
I deserved it of course for speaking up but if the routers reboot daily or dumb shit like worms happen because teh CIO wont pay for newer routers or anything above novell 3.12 than what can I do?
Most businesses these days just have settings in outlook that disable attachments and automatic virus scanners on their computers.
But with these newer worms that can be launched just by IE opening a picture without user knowledge makes your task impossible.
I think pallidium drm will have corporate America digging it by storm. Its a scary thought but its the only way to really lock down a pc and get rid of these headaches.
Than its paying $2,000 for Windows/Office per seat all over again thanks to the monopoly it will create. Sigh.
http://saveie6.com/
When I need to delete a system, readonly or hidden file at the commandline I first use attrib to clear the appropriate file attributes first.
You just reminded me why I am not in IT anymore.
Ditto!
mefus
In Open Society, GPL Software frees YOU!
I kid you not, some companies really do shuffle stuff around the office using "all your content are belong to us" Messenger, not even internal email. Yes, it is dumb. Yes, the traffic bills are indeed horrendous (or were, they upgraded their DSL link to "unlimited", solely because of this, but their traffic excesses over a year would have more than paid for an internal email server and a file server, including hardware, either of which could have profitably run an internal P2P network for essentially zero effort). Yes, they do send sensitive info that way, including "client privilege" stuff. Yes, they have had it explained. No, they didn't believe me, I think because as far as they know it has never yet bitten them on the ass.
Got time? Spend some of it coding or testing
OK Anonymous coward - YOU tell me which app that is? Because your arrogant presumption I havemt looked is ill informed. I have looked, and while there ARE book keeping apps out there, there is NOTHING that compares to MYOB - and its what my organisation, and a business I help with, need. ITs not sticking with the devil I know - anyone who knows me knows how much I loathe windows. But also, ask anyone in business who would like to use Linux about their accounting requirements - nothing currently available meets that. yes, I've tried GnuCash - its a good start, but it just hasnt got what MYOB has. And thats what I need, unfortunately. And bitching that the user hasnt trawled sufficiently to find an app doesnt alter the fact that a comparable one for Linux isnt there - yet. Id be overjoyed if someone knows of one - as I stated.
Nothing - well thats something.
Do you honestly believe the average admin locks down systems, disables installs, etc. because they seek power and want to inconvenience you? Or maybe you think it's because they don't have enough to do already just protecting against viruses, hackers and users who trash thier systems by installing free screen savers and IE toolbars which include spyware and other malware?
Did the admins at your previous employer even KNOW you were the unique employee who actually knows enough to keep their own system running without being a threat to everyone else? I'm promising you, if you are able then you are in the minority in the workforce. (Probably the majority on /. but very few organzations are made up entirely of /. readers.)
It's likely that before the lockdown they spent 90% of their time just fixing things users broke themselves. Do you have a solution for this other than a lockdown which would work but wouldn't baloon costs in some way? Have the user's PC taken away or maybe she should be fired on the 3rd offense and training? Try getting the CEO to fire his favorite secretary because she's a "bad computer user."
How does an admin choose who is qualified to not need a locked-down PC? Do they base the choice on the word of the person in question? In our organization at least, there are a few people who consider themselves computer-savy or even experts. Only a couple are. I'm saying that based on how often they mess up their PC and need help, not my personal opinion about their abilities.
Or how about if you only lock down systems after the user has already disabled their PC or infected the network with a virus? Sure, that's an option in an office of 10-20. But what if you are responsible for 30,000 PCs?
Throwing more IS staff at it doesn't go over well with most organizations these days. Unless you are an IT business, your IS department probably doesn't earn the company a cent directly. Instead, to the accountants, it is un undesirable (though neccessary) expense of doing business.
...because it verges on flamebait for responses that will not be entirely on topic [I thought the /. gods did a good thing recatorizing the story as IT] but the sparks have been kind of flying and I do enjoy
fireworks. The sad truth is that there are valid
points being made by both Calamormine and Quaters.
Consider how some small time software developers try
to make a living with share ware or the "free" trial
version that, if you like it but want all the bells
and whistles, you have to pony up 59.95 to get a
licencse key [and of course, those poor guys are at the mercy of people who pass around key-gen
programs]. Point being that products that benefit
from word-of-keyboard marketing CAN take advantage of pervasive sharing. You could learn a lot from
reading Dan Bricklin's article on how the right
license can make or break a small company's
fortunes.
BTW, My oldest son is a fairly creative musician but though he still spends hours per day composing or improvising, has chosen to study molecular biology, abandoning an
idea he had in high school to put his compositions up on his web site. Why? When he comes home from college, I unplug the rest of our computers from the cable modem, he plugs his laptop in so he can keep picking "stuff" up with Ares. I let him have a nice wallow in the information sewer highway and point out the keylog files on his hard drive at the end of his visit. Within a few days the weird protocol/port combinations bouncing off my firewall drop down to normal levels. Why? You have to ask someone his age I guess.
I can't tell you how fervently I wish I could make a living in a cabin off the grid with a few hot PCs and a solar powered satellite dish serving up fairly priced tricks and treats you all would not mind paying to have on your computers but I can't think of any way to protect it. I have resigned myself to working in a soulless megacorp, writing software I can't tell anyone about because megacorps have the means to get customers by the short hairs and hang on.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
You know something? I *used* to do a little software development. I don't anymore. You know one big reason why? I realized that writing software (while not doing so as part of one's job description, working for someone else) is not and shouldn't be something that guarantees me "food on my table, clothes in my closet, and money to enjoy my life with".
If I develop an excellent piece of software on my own, then sure, there's a good likelihood I'll make some money from it. But screaming at all of the people "pirating" my software, trying to accuse them of "cheating me out of my money" is ridiculous. Quite simply, those folks are part of the same demographic as the rest of the population who DIDN'T think my product was worth paying for. (Would you think it right to FORCE some people to buy your software package, even if they weren't at all interested in it? Surely not, so what's the real difference? Technically, yeah - the people "pirating" the software are getting some benefits out of using it. But that doesn't change the bottom line. They (for any number of reasons) didn't wish to compensate you financially for that particular piece of code.)
IMHO, that's all part of the RISK of working for yourself - and it happens in all areas of life. If I open my own company to do people's taxes, maybe I won't have enough customers to remain profitable? I could sit around and complain that programs like TurboTax are stealing my business from me and should be outlawed, right? But that probably wouldn't be a real useful and constructive way to solve my problems.
If you can't make enough money to live comfortably doing software development, maybe it's time to change careers or find employment where you're guaranteed a regular paycheck for writing the code for that employer?
MYOB is available for Mac OS X - I use it myself, and wouldn't be without it/them.
*sound of windows user hitting head against wall*
Mac User: My head hurts much less since I stopped hitting my head aginst the wall
Windows user: Damned Mac assholes, always making snide comments about how superior they are.
Mac server and see if I can find these 'exe's.
I drank what? -- Socrates
I agree with what you got to say, but a good admin absolutely MUST lock down PCs simply to stay ahead of the game. AS a slashdot reader you should respect that decision and give your admin heads up when you need special programs. Most admins keep such programs on their own machines and could easily help you out... note it's not just security, but licensing, sexual harrassment, company security, etc that admins have to worry about.
We lock down wallpapers not because we're worried about viruses, but because the guys on the line put up dirty pics and the bosses teen daughter helping out in the office saw them!!! We lock down outside email because somebody bypassed our mail filters and passed around dirty jokes said bosses daughter reported to daddy...not to mention the disgruntled sales guy that exported his contacts/ pricing sheet to his "new" employer!
As far as AV...do YOU bring any media to work at all from home? You surely scan it at home and at work before you access ANY files ...right... The purpose of scanning every file in memory is because people get sloppy and even 1 time forgetting screws EVERYONE!
At my shop we try to be accomadating, but it's OUR jobs on the line if YOU screw up... After all, it's not going to be YOU at work for 70 hours [salary no less] cleaning up the mess...is it?
Seriously, computers are toolboxes just like anything else. IT's job is to give you the tools management says you need...not everything you want. That you need more tools to do your job is MANAGEMENT's fault for not properly documenting the tools of your work... get your manager to document your tools and IT will cheerfully comply in most cases!!!
Is that "Don't let (upper) management know you're succeeding" as in "Go around replacing the operating systems on your company's servers without permission?"
I don't know of many faster ways to get fired. I don't know how it is in the shop where you work (if you work in IT or ever have) but in the shops where I worked, I did not own the servers or any of the other equipment. Neither did my boss. Those things were the property of the company, and even in shops where we had incredible leeway over what we did and how we did it, going around and replacing OSes with other ones required at least approval from the CTO. That was in the liberal places. In the conservative places, approval for such things may be higher than that. When customers depend on your systems operating, stability is job one and they aren't going to allow you to take a potentially de-stabilizing action without approval. Even if you succeed in every way, you may still be fired for acting without authorization.
Now, about this time, some of you might be saying "Well, if it's stability they want, they should get *nix in and Windows out as fast as possible."
While I couldn't agree (in principle) with that sentiment more, and am glad that in my present position in email security (I miss being an admin, but I sure don't miss carrying a pager!) I am grateful that I have sufficient leeway over my tools that my workstation is one of the handful on our network that is not running Windows (Ubuntu, a Debian-based distro. Quite nice; but I digress). However, the fact remains that in any properly run shop (yes, properly run, as hard as that may be for anyone with little or no experience - especially in big operations - to accept, have controls in place is the proper way to do things), permission is required to go around re-architecting major systems and replacing OSes.
In smaller networks, the decision may go no higher than the CTO, and if further approval is formally required, whatever the CTO asks for is rubber-stamped.
In larger shops, such things will typically require a general management decision, requiring the COO, the CEO, and often the CFO (and maybe others) to sign off on it. Why the CFO? These things cost money directly, and if there are failures, those cost money too. Especially if you have SLAs with your customers.
So yes, we may know a better way (and we do run our hundreds of servers on Linux, thank you), it's not enough to know a better way. If you want to change to it, you have to make the business case, present it professionally, and get approval and support for it. If you go ahead without following these steps, in most shops you're onto a good way to find yourself unemployed.
Actually this is the first job I've had where I do not have admin rights or "TOTAL Control" of any thing. I don't miss them. I thought I would but you know I didn't really miss them and when people show up to try to circumvent the usual helpdesk, I have to say "I sorry, I can't do that, Dave." We do have a process to get them if I require admin rights to install or change my PC and they can follow it too. As for your time issue. We have no issues like yours here, but we seem to be better run then your site. Maybe we could out source your IT?
> You have to wonder if they were ever told that utopias don't exist?
I make no statement here regarding the subject, nor the content of your post except for the exact phrase that is quoted above.
Just because they don't exist, should we then never strive to achieve it? Even if we know it is an impossibility, should we give up?
> I am sick of brainwashed idiots who dont even know they are slaves too.
They aren't aware that they are on a leash because they never tug at it. They are told that pulling on it is evil, so they don't attempt to use their rights. Then, since they don't use them, they don't complain when they are taken away.
I had a rude awakening by my mother a few weeks ago. I don't know the exact topic, but I think it might have been regarding "fair use" and backup copies, and how those rights have been limited by unconstitutional laws. I explained to her how this directly affected me & others like me. Even after all of that, she basically said "I don't need to back up anything, so what do I care if those rights are taken away. I had no idea what to say. I have come to the conclusion that I must do whatever I feel I must do, without regard to anyone else -- however, if my actions end up helping more people than it hurt, it was probably the right thing to do.
This says nothing of (il)legality of anything, only how I make some of my decisions. You see, I decide to live my life how I choose, regardless of whether or not someone else agrees with it. Law is an invention of man and not even close to perfect. Assuming one believes in God (I happen not to) man is more perfect individually than the laws they create, and therefore should act like they truly believe they should, not how they are told.
Don't need no stinkin' spellchecker, it's a simple typo I didn't catch when editing. :) I suppose that makes a good argument for the value of spellcheckers, eh?
Architect, no. Admirer of quality, yes.
Everything in the Universe sucks: It's the law!