Novell Zenworks has had this capability for sometime in production environments. It also integrates with their management tools so it is easy to use on an entire network. To say this technology is newly discovered is a far cry from the truth. They also use Linux on the back end of the client to move the data to the server.
It is nice though to have something like this in the open source world though. Competition is good.
Aside from individually going to each machine and cleaning them, we try killing the spyware installers and executables. First we installed on a box as much spyware and peer-2-peer apps as we possibly could, and also browsed executable lists on antispyware/malware sites. Then we made a monster list of these executables.
If we were running an XP only shop (this won't work in Win2000 or 98) we would use Microsoft's software restriction policies in active directory. We don't, so this is out of the question.
Novell Zenworks (versions >=4) rogue process management sounds like it may work, but when we tested it doesn't kill apps that start up before the user logs in. So any spyware services aren't killed, even after the user logs in.
Next up was Progkill, an application on Sourceforge.net. Seems to work well on Win95/98/2000 boxes if it starts up. Has a few bugs when starting up. I wish I had a Delphi development box else I would debug it. Bonus points to it for its gui interface.
Finally was roguept (rogue process terminator) on Sourceforge.net. Does the same thing as Progkill, but not as easy to setup. Extremely small though and fast. It is written in C++ and runs as a service so it kills Spyware from the getgo. This speeds up system bootup time.
Depends on where you are for Soda/Pop. Where I'm at (Nebraska, USA) the soda, pop and coke are used equally. Some places use sodi, but outside my geographic region. This might make an interesting but useless research paper idea for someone.
Roesch works within Sourcefire (which puts a lot of development into Snort) as their lead engineer. I've talked with him over a teleconference call and I got the feeling that he loves working with the technology and tries to avoid the sales side of business. Also discussed during the conference call was exactly what this article pertains to.
If Sourcefire's engineering puts out something like this and not their sales reps, then this is really close to being reality. Take a look at Sourcefire's website, you'll see something called RNA. RNA can do passive monitoring of a network and find what machines do what, and what they are running. I've worked with RNA on a production network - it does as advertised very well and even determines patch levels of some machines just by sniffing network traffic. It doesn't take a rocket scientist to put 2-and-2 together that Snort and RNA are on a collision course to work together considering they are from the same company. I would expect something before the end of the year.
RNA though isn't open source, so I'm curious to this announcement if the underlying engine to that product will eventually be opened up.
-Just- installed Suse Professional 9.1
on
Suse 9.1 Reviews?
·
· Score: 3, Interesting
Went down to Best Buy and just bought it after work. Typing in this reply on the freshly installed system.
My system specs are: AMD Athlon 64 +3200 Nvidia Geforce4 MX 420 1 gig ram MSI K8T Neo with Via K8T800 Chipset motherboard
Anyhow after backing up my data I put the DVD in. It was labeled 64 bit on one side, 32 bit on the other. I had put it the wrong way accidentally, but it was smart and told me "Cool system! But you are about to install 32 bit software on a 64 bit computer." Flipping it around I rebooted and went into Yast without a problem.
It didn't look too much different from Suse 9.0 for the installer at first. I went with the regular install of packages plus the compilers. Network, video, and sound appeared at first to be found correctly - minus that there weren't any Nvidia 3d drivers (just 2d) included in the box. The 3d drivers had to be installed via the online update tool. Haven't tested it yet in Unreal Tourny 2004 or Neverwinter Nights.
After the first reboot the audio didn't come up right. One more reboot (with me making no config changes) the audio came up right.
I use Lotus Notes 6.5 at work, and I use the web interface at home. Trying that out turns out that Java wasn't installed in Mozilla or Firebird. It did come up with the download plugin, but you'll have to make sure you are root in the browser to have it install right. I'll see later if Yast has a package for Java.
As for enterprise features that may come in handy with our Novell environment the installer had the option to authenticate to LDAP for users.
Getting deeper into the details of the box I pulled up what version of the kernel is from/proc/version: Linux version 2.6.4-54.5-default (geeko@buildhost) (gcc version 3.3.3 (SuSE Linux)) #1 Fri May 7 16:47:49 UTC 2004
Good, 2.6 as advertised. Going into other apps everything appeared to be very KDE based like in pervious versions of Suse. Doesn't appear to have much influence from the integration of Novell+Ximian. In the programs menu everything was not based on program names, but on purpose. For example Gimp 2.0 was labeled as "Image Editing".
One of the few apps linked to on the desktop was Office, which opened up into Open Office 1.1.1. It still appeared to have a limited set of fonts that I've seen in other OO installs. That is more a limitation of OO than Suse.
About X, SaX2 (Suse's X11 config editor) reports the version is: XFree86 Version 4.3.99.902 (4.4.0 RC 2)
I was interested in seeing in SaX2 some config options for Tablets and Touchscreens. Might be a nice item for work's graphics department to try out.
Other items included in the package were Rekall (a database frontend), Samba 3.0, KDE 3.2.
Going through the manuals (remember those?) there were two volumes, each about 440 pages. One was the user guide that went into basic installation and the individual programs. Examples of programs with screen shots in the manual were Open Office, Gimp, KGPG, Xmms, gtKam, Mozilla, Audacity, and a full chapter on the command line toward the back. The admin volume went into the details such as troubleshooting the install or using logical volume manager (LVM). Other chapters were also on networking, ipv6, NIS, Apache, Samba, Squid, SSH, Kerberos, filesystems with acl's, and development in a 64 bit environment. Needless to say I was impressed with their manuals!
Good for the desktop in the enterprise, perhaps also the end user at home if the install went well on their particular hardware. That is probably the sticking point to turn anyone off is how well the install goes. That's where buying the package with support comes in. In the "Support at SUSE" pamphlet in the box it says on one of the supported items: Installation on a typical private workstation [non-networked] or laptop equipped with a single processor, at least 128 MB RAM, and 2 BG of free hard disk space. Other support items are reising Windows partitions, conf
I use ethereal for the sniffing portion, then ettercap for sniffing on switched networks. Ettercap uses arp poisoning to get around not being on a spanning port or hub. Careful though, may break your network depending on the switch.
I work at a public broadcasting station in Nebraska. We are required to have all of our transmitters upgraded to digital signals by a certain date. Till that time, we work in stages. In stage one, we have to have our digital transmitters on 25% of the time. Next stage, 50%, then 75%, and then 100% simulcast. There we are broadcasting in both analog and digital.
As for disconnecting the analog signal, there is a rule saying when we can. Only when 75% or more of the viewers in our tranmission area are capable of recieving the digital signal can we shut down the analog transmitters.
Right now from meetings I have been at, the analog costs would be the same as digital (except for the initial equipment purchases). While we are doing simulcast, costs would be double for maintenance and electricity since both transmissions have to be online. Also, we will be eating up more satellite bandwidth. When the digital conversion is done, costs for broadcasters will go back down.
It is that middle ground that will cost, and the equipment purchases. On a side, public broadcasters get an extra year or so to convert, while private (like CBS, etc) have to convert before then.
I've deticated one whole evening just to biking around the city and locating the anime stores. Here are my finds, and in my opinion very good selections.
Software.etc - Gateway Mall - popular series like Evangelion, Ranma 1/2, Trigun
-someothermusicstore- Gateway Mall - I forgot the name to the place, but easy to find if you go in the west entrance. Carry a whopping 12 shelves of anime - VHS/DVD. A shelf is about 4 foot long and packed front to back, not with titles face forward. Good variety and even some hentai if you are into that.
BestBuy - 48th and R Streets - Good selection. They started experimenting last year with one shelf (about same size as above), and now expanded to shelves. Mostly popular stuff (Gundam, DBZ), but others for variety added like Saint Tail, Blue Gender, Robotech.
Comics and Manga Central - right across from street from BestBuy, just to the south of Super Saver. Poor selection of anime, but its there. Manga/comics on the other hand...good stuff.
I haven't seen anything in south Lincoln yet, sorry.
This could be useful not only for the perverted. For the paranoid, you can take quick snap shots of those you think are following, news folk that might not want to carry a full sized camera when not on the job but want to catch the news just in case, or even security guards in malls/schools/banks.
Slashdot Mirror
Novell Zenworks has had this capability for sometime in production environments. It also integrates with their management tools so it is easy to use on an entire network. To say this technology is newly discovered is a far cry from the truth. They also use Linux on the back end of the client to move the data to the server.
It is nice though to have something like this in the open source world though. Competition is good.
Aside from individually going to each machine and cleaning them, we try killing the spyware installers and executables. First we installed on a box as much spyware and peer-2-peer apps as we possibly could, and also browsed executable lists on antispyware/malware sites. Then we made a monster list of these executables.
If we were running an XP only shop (this won't work in Win2000 or 98) we would use Microsoft's software restriction policies in active directory. We don't, so this is out of the question.
Novell Zenworks (versions >=4) rogue process management sounds like it may work, but when we tested it doesn't kill apps that start up before the user logs in. So any spyware services aren't killed, even after the user logs in.
Next up was Progkill, an application on Sourceforge.net. Seems to work well on Win95/98/2000 boxes if it starts up. Has a few bugs when starting up. I wish I had a Delphi development box else I would debug it. Bonus points to it for its gui interface.
Finally was roguept (rogue process terminator) on Sourceforge.net. Does the same thing as Progkill, but not as easy to setup. Extremely small though and fast. It is written in C++ and runs as a service so it kills Spyware from the getgo. This speeds up system bootup time.
Depends on where you are for Soda/Pop. Where I'm at (Nebraska, USA) the soda, pop and coke are used equally. Some places use sodi, but outside my geographic region. This might make an interesting but useless research paper idea for someone.
Roesch works within Sourcefire (which puts a lot of development into Snort) as their lead engineer. I've talked with him over a teleconference call and I got the feeling that he loves working with the technology and tries to avoid the sales side of business. Also discussed during the conference call was exactly what this article pertains to.
If Sourcefire's engineering puts out something like this and not their sales reps, then this is really close to being reality. Take a look at Sourcefire's website, you'll see something called RNA. RNA can do passive monitoring of a network and find what machines do what, and what they are running. I've worked with RNA on a production network - it does as advertised very well and even determines patch levels of some machines just by sniffing network traffic. It doesn't take a rocket scientist to put 2-and-2 together that Snort and RNA are on a collision course to work together considering they are from the same company. I would expect something before the end of the year.
RNA though isn't open source, so I'm curious to this announcement if the underlying engine to that product will eventually be opened up.
Went down to Best Buy and just bought it after work. Typing in this reply on the freshly installed system.
/proc/version:
My system specs are:
AMD Athlon 64 +3200
Nvidia Geforce4 MX 420
1 gig ram
MSI K8T Neo with Via K8T800 Chipset motherboard
Anyhow after backing up my data I put the DVD in. It was labeled 64 bit on one side, 32 bit on the other. I had put it the wrong way accidentally, but it was smart and told me "Cool system! But you are about to install 32 bit software on a 64 bit computer." Flipping it around I rebooted and went into Yast without a problem.
It didn't look too much different from Suse 9.0 for the installer at first. I went with the regular install of packages plus the compilers. Network, video, and sound appeared at first to be found correctly - minus that there weren't any Nvidia 3d drivers (just 2d) included in the box. The 3d drivers had to be installed via the online update tool. Haven't tested it yet in Unreal Tourny 2004 or Neverwinter Nights.
After the first reboot the audio didn't come up right. One more reboot (with me making no config changes) the audio came up right.
I use Lotus Notes 6.5 at work, and I use the web interface at home. Trying that out turns out that Java wasn't installed in Mozilla or Firebird. It did come up with the download plugin, but you'll have to make sure you are root in the browser to have it install right. I'll see later if Yast has a package for Java.
As for enterprise features that may come in handy with our Novell environment the installer had the option to authenticate to LDAP for users.
Getting deeper into the details of the box I pulled up what version of the kernel is from
Linux version 2.6.4-54.5-default (geeko@buildhost) (gcc version 3.3.3 (SuSE Linux)) #1 Fri May 7 16:47:49 UTC 2004
Good, 2.6 as advertised. Going into other apps everything appeared to be very KDE based like in pervious versions of Suse. Doesn't appear to have much influence from the integration of Novell+Ximian. In the programs menu everything was not based on program names, but on purpose. For example Gimp 2.0 was labeled as "Image Editing".
One of the few apps linked to on the desktop was Office, which opened up into Open Office 1.1.1. It still appeared to have a limited set of fonts that I've seen in other OO installs. That is more a limitation of OO than Suse.
About X, SaX2 (Suse's X11 config editor) reports the version is:
XFree86 Version 4.3.99.902 (4.4.0 RC 2)
I was interested in seeing in SaX2 some config options for Tablets and Touchscreens. Might be a nice item for work's graphics department to try out.
Other items included in the package were Rekall (a database frontend), Samba 3.0, KDE 3.2.
Going through the manuals (remember those?) there were two volumes, each about 440 pages. One was the user guide that went into basic installation and the individual programs. Examples of programs with screen shots in the manual were Open Office, Gimp, KGPG, Xmms, gtKam, Mozilla, Audacity, and a full chapter on the command line toward the back. The admin volume went into the details such as troubleshooting the install or using logical volume manager (LVM). Other chapters were also on networking, ipv6, NIS, Apache, Samba, Squid, SSH, Kerberos, filesystems with acl's, and development in a 64 bit environment. Needless to say I was impressed with their manuals!
Good for the desktop in the enterprise, perhaps also the end user at home if the install went well on their particular hardware. That is probably the sticking point to turn anyone off is how well the install goes. That's where buying the package with support comes in. In the "Support at SUSE" pamphlet in the box it says on one of the supported items: Installation on a typical private workstation [non-networked] or laptop equipped with a single processor, at least 128 MB RAM, and 2 BG of free hard disk space. Other support items are reising Windows partitions, conf
I use ethereal for the sniffing portion, then ettercap for sniffing on switched networks. Ettercap uses arp poisoning to get around not being on a spanning port or hub. Careful though, may break your network depending on the switch.
I work at a public broadcasting station in Nebraska. We are required to have all of our transmitters upgraded to digital signals by a certain date. Till that time, we work in stages. In stage one, we have to have our digital transmitters on 25% of the time. Next stage, 50%, then 75%, and then 100% simulcast. There we are broadcasting in both analog and digital.
As for disconnecting the analog signal, there is a rule saying when we can. Only when 75% or more of the viewers in our tranmission area are capable of recieving the digital signal can we shut down the analog transmitters.
Right now from meetings I have been at, the analog costs would be the same as digital (except for the initial equipment purchases). While we are doing simulcast, costs would be double for maintenance and electricity since both transmissions have to be online. Also, we will be eating up more satellite bandwidth. When the digital conversion is done, costs for broadcasters will go back down.
It is that middle ground that will cost, and the equipment purchases. On a side, public broadcasters get an extra year or so to convert, while private (like CBS, etc) have to convert before then.
I've deticated one whole evening just to biking around the city and locating the anime stores. Here are my finds, and in my opinion very good selections.
Software.etc - Gateway Mall - popular series like Evangelion, Ranma 1/2, Trigun
-someothermusicstore- Gateway Mall - I forgot the name to the place, but easy to find if you go in the west entrance. Carry a whopping 12 shelves of anime - VHS/DVD. A shelf is about 4 foot long and packed front to back, not with titles face forward. Good variety and even some hentai if you are into that.
BestBuy - 48th and R Streets - Good selection. They started experimenting last year with one shelf (about same size as above), and now expanded to shelves. Mostly popular stuff (Gundam, DBZ), but others for variety added like Saint Tail, Blue Gender, Robotech.
Comics and Manga Central - right across from street from BestBuy, just to the south of Super Saver. Poor selection of anime, but its there. Manga/comics on the other hand...good stuff.
I haven't seen anything in south Lincoln yet, sorry.
This could be useful not only for the perverted. For the paranoid, you can take quick snap shots of those you think are following, news folk that might not want to carry a full sized camera when not on the job but want to catch the news just in case, or even security guards in malls/schools/banks.