I'm assuming from your post that you aren't running AV? That's how I read it anyway, as you don't include an AV solution (which is what this post is all about)
Security Lesson #1: Usability, Secure, Cheap - pick any two.
Anyone can put up a solution that provides two of these, however I think the solution you have put together provides only one.... Cheap!
Working from a VM? Not usable - at least not for typical office workers.
No AV protection? Insecure
Allow me to elaborate on insecure...
Fair enough, you 'reset' your virtual machines when shit happens, but what about when a virus sends out spam from one of your IPs and gets your blacklisted? What about when a virus/trojan/whatever leaks confidential business information? and how do you know if things get nasty if you aren't running AV?
The viruses you need to worry about, are the ones you probably wouldn't detect without AV protection, as these are the ones most likely to do your business harm.
I recently swapped out my PC for a C2D 2.4GHz iMac with 1Gb of memory, and I've been running parallels on it for a Windows XP development project that I'm working on at the moment (384Mb reservered for Windows XP). It does runs fine if you use parallels exclusively, however, as soon as you start to fire up a few native apps, (e.g. iTunes, Firefox and Apple Mail) you do tend to notice the system starting to page.
I only got my mac a few weeks ago, and would have bought it with 2Gb of memory, but when I saw the price of upgrading from 1Gb to 2Gb in the apple store, I bought it with the standard 1Gb, and have recently ordered 4Gb of (premium) memory to slot in the mac for less than Apple would have given me 2Gb (and I can still flog the 1Gb I take out on ebay)
What? Firefox has always had tabs, The very first release (back in the days when it was known as Phoenix) had this feature built in (i.e. not a plugin).
Of those 116 games listed on Xbox.com, 33 of them are xbox live arcade games. If only 66 are released, that would leave 17 unreleased games, which is a more realistic figure.
There are 116 games showing on Xbox.com, I guess some of those could be unreleased, but I wouldn't have thought 50 of them where pending release. I wonder if gamerankings.com only list the ones they have reviewed?
If you have a Windows domain and use mostly XP and 2003 machines... try using the built-in 'Software Restriction Policy' to prevent the path %systemroot%/system32/shimgvw.dll this will apply to all of the machines in the domain.
I've implemented this today on the network, but don't be fooled into thinking that this will protect you 100% because it doesn't. The flaw isn't in shimgvw.dll, that dll is just one of the common attack vectors. The flaw is a 'feature' of GDI as many of the/. comments have already pointed out. The only real fix for this will be the official patch next week.
Until the patch is released it wont hurt to take a few simple steps to reduce the attack vectors (emphasis deliberate)
* Educating users about the dangers * Updating AV definitions across the network * Blocking.wmf at the mail and web gateways * Disabling the shimgvw.dll using the above method or the regsvr32 method.
Some people might want to consider the unofficial patch - personally, I wouldn't let it anywhere near the network of 3000+ machines. If something goes wrong, that a lot of cleaning up to do, and Microsoft will not be interested in helping.
I'd read this before you take your chances, because it appears as though the exploit will work when the.wmf is disguised as a.jpg (or other extensions)
If Apple integrated bluetooth into the iPod, you wouldn't need an integrated dock or any cables to connect it, okay you would still need a cable to charge it, but with bluetooth, the iPod could be the remote control on a PVR.
IMHO, the worst thing about the iPod has got to be the headphone cable. A set of bluetooth headphones would go down nicely.
Nope, you aren't the only one. Aside from the tabs themselves, browsing wouldn't be the same without this middle click feature.
I recently saw IE7 on a beta of Windows Vista and was happy to see this behaviour is now also the default in IE7. (Of course, that isn't enough to make me switch back to IE, but at least IE will be usable on machines that I can't install/run firefox on).
The password policy at that firm sucks, but writing passwords on post-it notes isn't such a bad idea. Consider these two different policies:
A. User allowed to use simple passwords that they can easily remember such as 'password', or 'abc123'. This user doesn't have to write their password down to be able to remember it.
B. User with a complex password, but writes it on a post it note because they don't stand a chance in hell of remembering it.
If user B is also requested to take the simple step of placing the post-it note in their purse/wallet, the password instantly becomes many more times secure than the password of user A.
It's not just glass that fogs up though. Despite the/. story suggesting that this coating is only for glass, TFA says that this coating can be applied to "virtually any surface", which is great news for motorcyclists with plastic visors that always fog up on cold/wet days. Normally when it is raining, I have three choices,
1. Closed visor, it fogs up within minutes - Can't see a thing. 2. Visor fully open (nothing to fog), subjected to a face full of fast moving water droplets - can't see a thing. 3. Visor open slightly, air can circulate, visor doesn't fog, but water droplets form on the inside of the visor, which severely reduce visibility.
God damn! Why do I never had mod points when I find a comment that desparately needs modding up?
I badly want to give my desktop a consistant look and feel across *all* applications. Windows doesn't cut it because of a number of application developers who think it's cool to skin their apps. Linux suffers in a similar way because many of the apps I use, use GTK1, GTK2 and QT toolkits. Just looks plain ugly if you try to mix them. My next hardware purchase will run OS-X, and I'm hoping that will offer exactly what I'm looking for.
An MSI version of Firefox is easy to find (also easy to make if you happen to have a copy of Installshield - or similar).
I would like to see Firefox take notice of Group policies, this would make large scale deployments a little easier.
Personally, I'd prefer to see Firefox use IE style bookmarks (one file per bookmark), but that's only because it makes syncing bookmarks easier between pooters.
I thought it was to improve reliability: when you had 6 documents open in Word, and because Word is so flaky, one rogue document could crash them all. Same with IE: One browser crash and everything closes.
Open a few Word windows, and take a look how many winword.exe processes are running - just the one. Kill that process and all instances close. I've not tested, but I'm sure a crash would kill all instances.
step 1) try to kill off all the procs you can. Most malware will say "Access Denied", but some can be killed.
If you get access denied error messages, the chances are that the executable is running as a service. In which case
1. Open regedit 2. Browse to HKLM\System\CurrentControlSet\Services 3. Search for registry for 'data' that matches the executable name. 4. Start > Run > Services.msc 5. Find the service located in step3 6. Stop and disable the service.
I was under the impression that symantec updates their defs like once a week.
You have been mis-impressed.
I think you need to read this so that you understand how symantec updates work.
For people allergic to hyperlinks, Intelligent Update definitions are released daily, often multiple updates each day. Live update definitions are released weekly (every wednesday), unless a major threat is uncovered, in which case a new update is put out immediately.
The default (unmanaged) install of SAV will use live update for the weekly updates (and IIRC checks daily for a new download), but if you are running corp. edition, a clued up sys admin will probably have thrown together a wget script to pull down updates on a daily basis. Once this update is installed on the corporate AV server, the clients get the update almost instantly. I've seen a few AV systems, and this one is hard to beat.
Slashdot Mirror
I'm assuming from your post that you aren't running AV? That's how I read it anyway, as you don't include an AV solution (which is what this post is all about)
Security Lesson #1: Usability, Secure, Cheap - pick any two.
Anyone can put up a solution that provides two of these, however I think the solution you have put together provides only one.... Cheap!
Working from a VM? Not usable - at least not for typical office workers. No AV protection? Insecure
Allow me to elaborate on insecure...
Fair enough, you 'reset' your virtual machines when shit happens, but what about when a virus sends out spam from one of your IPs and gets your blacklisted? What about when a virus/trojan/whatever leaks confidential business information? and how do you know if things get nasty if you aren't running AV?
The viruses you need to worry about, are the ones you probably wouldn't detect without AV protection, as these are the ones most likely to do your business harm.
Frankly, who gives a flip which was the first!
What I'm interested in, is which device does it best, and I think it's pretty damn obvious which the winner is.
I recently swapped out my PC for a C2D 2.4GHz iMac with 1Gb of memory, and I've been running parallels on it for a Windows XP development project that I'm working on at the moment (384Mb reservered for Windows XP). It does runs fine if you use parallels exclusively, however, as soon as you start to fire up a few native apps, (e.g. iTunes, Firefox and Apple Mail) you do tend to notice the system starting to page.
I only got my mac a few weeks ago, and would have bought it with 2Gb of memory, but when I saw the price of upgrading from 1Gb to 2Gb in the apple store, I bought it with the standard 1Gb, and have recently ordered 4Gb of (premium) memory to slot in the mac for less than Apple would have given me 2Gb (and I can still flog the 1Gb I take out on ebay)
What? Firefox has always had tabs, The very first release (back in the days when it was known as Phoenix) had this feature built in (i.e. not a plugin).
s -a-look-back-at-firefox-phoenix-01/
http://tech.cybernetnews.com/2006/07/26/cybernote
I take that back.
Of those 116 games listed on Xbox.com, 33 of them are xbox live arcade games. If only 66 are released, that would leave 17 unreleased games, which is a more realistic figure.
There are 116 games showing on Xbox.com, I guess some of those could be unreleased, but I wouldn't have thought 50 of them where pending release. I wonder if gamerankings.com only list the ones they have reviewed?
Their FAQ must be wrong, because it says flac can only handle 65,5350 Hz rate, and I have 96 kHz files already
Check the positioning of your thousand separator
655350 Hz > 96 kHz
If you have a Windows domain and use mostly XP and 2003 machines... try using the built-in 'Software Restriction Policy' to prevent the path %systemroot%/system32/shimgvw.dll this will apply to all of the machines in the domain.
/. comments have already pointed out. The only real fix for this will be the official patch next week.
.wmf at the mail and web gateways
I've implemented this today on the network, but don't be fooled into thinking that this will protect you 100% because it doesn't. The flaw isn't in shimgvw.dll, that dll is just one of the common attack vectors. The flaw is a 'feature' of GDI as many of the
Until the patch is released it wont hurt to take a few simple steps to reduce the attack vectors (emphasis deliberate)
* Educating users about the dangers
* Updating AV definitions across the network
* Blocking
* Disabling the shimgvw.dll using the above method or the regsvr32 method.
Some people might want to consider the unofficial patch - personally, I wouldn't let it anywhere near the network of 3000+ machines. If something goes wrong, that a lot of cleaning up to do, and Microsoft will not be interested in helping.
I'd read this before you take your chances, because it appears as though the exploit will work when the .wmf is disguised as a .jpg (or other extensions)
Perhaps you want one of these :)
If Apple integrated bluetooth into the iPod, you wouldn't need an integrated dock or any cables to connect it, okay you would still need a cable to charge it, but with bluetooth, the iPod could be the remote control on a PVR.
IMHO, the worst thing about the iPod has got to be the headphone cable. A set of bluetooth headphones would go down nicely.
Nope, you aren't the only one. Aside from the tabs themselves, browsing wouldn't be the same without this middle click feature.
I recently saw IE7 on a beta of Windows Vista and was happy to see this behaviour is now also the default in IE7. (Of course, that isn't enough to make me switch back to IE, but at least IE will be usable on machines that I can't install/run firefox on).
The password policy at that firm sucks, but writing passwords on post-it notes isn't such a bad idea. Consider these two different policies:
A. User allowed to use simple passwords that they can easily remember such as 'password', or 'abc123'. This user doesn't have to write their password down to be able to remember it.
B. User with a complex password, but writes it on a post it note because they don't stand a chance in hell of remembering it.
If user B is also requested to take the simple step of placing the post-it note in their purse/wallet, the password instantly becomes many more times secure than the password of user A.
It's not just glass that fogs up though. Despite the /. story suggesting that this coating is only for glass, TFA says that this coating can be applied to "virtually any surface", which is great news for motorcyclists with plastic visors that always fog up on cold/wet days. Normally when it is raining, I have three choices,
1. Closed visor, it fogs up within minutes - Can't see a thing.
2. Visor fully open (nothing to fog), subjected to a face full of fast moving water droplets - can't see a thing.
3. Visor open slightly, air can circulate, visor doesn't fog, but water droplets form on the inside of the visor, which severely reduce visibility.
My source suggests legacy domain controllers, Microsoft Exchange servers, Microsoft SQL Servers, etc.
I've not verified this, but I don't have any reason to doubt it.
Actually it is possible for XP (and Server 2003) systems to get hit by this if the following value has been set in the registry,
t AnonymousSam = 0
HKLM\System\CurrentControlSet\Control\LSA\Restric
There are some applications that will set this value at install time, so don't be confident you wont get hit because you are running Windows XP.
It's not bullshit, it's real. In fact, it has prooved to be such a huge problem that we have had to slipstream hotfixes into the installation source.
God damn! Why do I never had mod points when I find a comment that desparately needs modding up?
I badly want to give my desktop a consistant look and feel across *all* applications. Windows doesn't cut it because of a number of application developers who think it's cool to skin their apps. Linux suffers in a similar way because many of the apps I use, use GTK1, GTK2 and QT toolkits. Just looks plain ugly if you try to mix them. My next hardware purchase will run OS-X, and I'm hoping that will offer exactly what I'm looking for.
An MSI version of Firefox is easy to find (also easy to make if you happen to have a copy of Installshield - or similar).
I would like to see Firefox take notice of Group policies, this would make large scale deployments a little easier.
Personally, I'd prefer to see Firefox use IE style bookmarks (one file per bookmark), but that's only because it makes syncing bookmarks easier between pooters.
IE6 is also ancient, it was released in August 2001, almost 4 years ago.
At this time Mozilla was at version 0.9.3, verison 0.9.4 followed about a month later.
Pheonix 0.1 wasn't released until September 2002.
I thought it was to improve reliability: when you had 6 documents open in Word, and because Word is so flaky, one rogue document could crash them all. Same with IE: One browser crash and everything closes.
Open a few Word windows, and take a look how many winword.exe processes are running - just the one. Kill that process and all instances close. I've not tested, but I'm sure a crash would kill all instances.
step 1) try to kill off all the procs you can. Most malware will say "Access Denied", but some can be killed.
If you get access denied error messages, the chances are that the executable is running as a service. In which case
1. Open regedit
2. Browse to HKLM\System\CurrentControlSet\Services
3. Search for registry for 'data' that matches the executable name.
4. Start > Run > Services.msc
5. Find the service located in step3
6. Stop and disable the service.
I was under the impression that symantec updates their defs like once a week.
You have been mis-impressed.
I think you need to read this so that you understand how symantec updates work.
For people allergic to hyperlinks, Intelligent Update definitions are released daily, often multiple updates each day. Live update definitions are released weekly (every wednesday), unless a major threat is uncovered, in which case a new update is put out immediately.
The default (unmanaged) install of SAV will use live update for the weekly updates (and IIRC checks daily for a new download), but if you are running corp. edition, a clued up sys admin will probably have thrown together a wget script to pull down updates on a daily basis. Once this update is installed on the corporate AV server, the clients get the update almost instantly. I've seen a few AV systems, and this one is hard to beat.