The only way to clean a compromised system is a clean backup or a complete reinstall.
System restore points are filesystem snapshots. They can't help you with an infected computer.
I also see no reason in backing up desktop computers in an enterprise. Just reload the image and let SCCM reinstalled the applications needed on that machine. User settings will be on the server anyway.
SCCM is pretty powerful, though. It can do a lot to deploy applications seamlessly. It's still nowhere near what Linux distributions can do out of the box for this, but it's better than AD and system startup scripts.
For the default PC partitioning scheme (one giant partition with everything on it), this makes perfect sense. For people that use a system partition that's to small (20-30GB), they'll wind up without enough space.
Here's another story for you: I'm a Swiss citizen, and i've grown up here with Swiss parents. So i'm not an immigrant.
Since 16, i had to carry my ID card with me - an ID looks like an US drivers license, except it's just an ID. It can function as a passport within other European countries, so you don't have to have your password with you to e.G. drive to Germany. I only need my passport when i visit countries which are further away.
On my last trip to the US, i needed a new biometric passport so i could go to the US without a visa. That cost 300 bucks.
I don't get any of the reactions here. When you leave your house, carry your ID with you. It's not inconvenient, i have it in my wallet just like my drivers license.
So this guy finds a phone that looks strange, and might be an Apple prototype. So he calls up Apple, they don't want it back (mostly, of course, because Apple has a really shitty information policy, no one answering the phone knew about the missing prototype, nor how it looked).
Apple knew that the phone was missing (and possibly where it was), because they activated the remote wipe functionality.
This is a situation that Apple itself made a lot worse.
Sure, what the guy did was also hilariously wrong, since he could've just left the phone at the bar, the engineer that lost it would surely consult the bar the next day. That's the behaviour that would make the most sense, but maybe he was too much focused getting fame and money to care. So the investigation makes sense, but i think Apple has only itself to blame for all the publicity the phone has received. Had they talked to the guy when he called them, they could've probably come to an agreement.
No, this is because it's very easy to get to Western Europe from their home countries (it's all land - no Visa or Greencard needed, getting into the US from outside the continent is pretty hard).
Add the facts that the social systems in Germany and similar countries will basically cover you in free money once you get there, even if you're an illegal immigrant, which is a very stark contrast to the US policy of shooting illegals that try to cross the border.
The comment about second-generation muslims is of course true, but the one thing that's worse then them are people that converted to Islam.
Don't block Youtube, but monitor it's usage. If you have a developer thats not very productive but spends most of his workday on Youtube, fire him. Much more efficient. People will always find ways not to work, but if you allow the default ones, you can track how much they don't work.
Erm, you should use your companies IM network for your work related stuff. We use Microsoft's OCS, which is very nice, but there are plenty of open source alternatives.
And people ask why our developers don't get any access to our production systems, because what you did there just fucked up any security concept your company might have had.
Then again, i'm never one that wants to keep people from working. We're using Microsoft's RD Gateway to provide simple and easy access to your PC from home, and several of our developers have gotten work laptops and a docking station, so they can take their whole work home, if they want to (or keep the laptop running and RDP into it from the home PC).
The US mostly mostly has middle and upper-class muslim immigrants. They're not bad people, because most of them don't value their religion about everything else.
During my apprenticeship, i started running my own web server, mail, dns, everything. I've learned a lot with that.
Then that machine (running a mostly broken Debian woody, with several self-made packages, several unstable packages from various points in time, and i setup i hardly understood anymore) finally broke. I've replaced it with a new one, made everything much simpler, using only standard packages, turned up cron-apt for everything, including automatic reboots.
All the critical stuff (Mail, DNS) is outsourced now. Google Apps & PowerDNS Express. I know i should've used BPOS instead of Google Apps, but it's more expensive and Gmail is a lot better for handling my private Mail than OWA is.
Slashdot Mirror
Erm, what happened in Germany was legal on their laws at that time. Laws can be changed.
No longer. The EU forbade it. You need to explicitly click on the yellow icon and allow newer IE versions to be installed.
5% of the system partition. If you don't have enough space, you won't enough space for restore points.
You can set it higher manually, though. But you'll need to know about it.
The default is 5% of the system partition. Small system partition, no place for restore points.
That's why i recommend at least 200GB for C:\
Obviously, Kirk is the better Captain.
The only way to clean a compromised system is a clean backup or a complete reinstall.
System restore points are filesystem snapshots. They can't help you with an infected computer.
I also see no reason in backing up desktop computers in an enterprise. Just reload the image and let SCCM reinstalled the applications needed on that machine. User settings will be on the server anyway.
SCCM is pretty powerful, though. It can do a lot to deploy applications seamlessly. It's still nowhere near what Linux distributions can do out of the box for this, but it's better than AD and system startup scripts.
The default is 5% of the system drive.
For the default PC partitioning scheme (one giant partition with everything on it), this makes perfect sense. For people that use a system partition that's to small (20-30GB), they'll wind up without enough space.
Here's another story for you: I'm a Swiss citizen, and i've grown up here with Swiss parents. So i'm not an immigrant.
Since 16, i had to carry my ID card with me - an ID looks like an US drivers license, except it's just an ID. It can function as a passport within other European countries, so you don't have to have your password with you to e.G. drive to Germany. I only need my passport when i visit countries which are further away.
On my last trip to the US, i needed a new biometric passport so i could go to the US without a visa. That cost 300 bucks.
I don't get any of the reactions here. When you leave your house, carry your ID with you. It's not inconvenient, i have it in my wallet just like my drivers license.
There are plenty of people making money of exactly this scheme.
And again, how is this theft?
So this guy finds a phone that looks strange, and might be an Apple prototype. So he calls up Apple, they don't want it back (mostly, of course, because Apple has a really shitty information policy, no one answering the phone knew about the missing prototype, nor how it looked).
Apple knew that the phone was missing (and possibly where it was), because they activated the remote wipe functionality.
This is a situation that Apple itself made a lot worse.
Sure, what the guy did was also hilariously wrong, since he could've just left the phone at the bar, the engineer that lost it would surely consult the bar the next day. That's the behaviour that would make the most sense, but maybe he was too much focused getting fame and money to care. So the investigation makes sense, but i think Apple has only itself to blame for all the publicity the phone has received. Had they talked to the guy when he called them, they could've probably come to an agreement.
SMBs have troubles getting backups right, what makes you think that encrypting their backup will help matters?
They were flying in a moonless night, if i remember the MayDay episode correctly.
Happens often in small companies that grow and run only a single subnet with a /24.
While this is always easy to fix, some companies don't want to risk restructuring their LAN.
No, this is because it's very easy to get to Western Europe from their home countries (it's all land - no Visa or Greencard needed, getting into the US from outside the continent is pretty hard).
Add the facts that the social systems in Germany and similar countries will basically cover you in free money once you get there, even if you're an illegal immigrant, which is a very stark contrast to the US policy of shooting illegals that try to cross the border.
The comment about second-generation muslims is of course true, but the one thing that's worse then them are people that converted to Islam.
Which makes sense. Some of our Developers have laptops and work from home most of the time. Why allocate them a desk?
Don't block Youtube, but monitor it's usage. If you have a developer thats not very productive but spends most of his workday on Youtube, fire him. Much more efficient. People will always find ways not to work, but if you allow the default ones, you can track how much they don't work.
Erm, you should use your companies IM network for your work related stuff. We use Microsoft's OCS, which is very nice, but there are plenty of open source alternatives.
And people ask why our developers don't get any access to our production systems, because what you did there just fucked up any security concept your company might have had.
Then again, i'm never one that wants to keep people from working. We're using Microsoft's RD Gateway to provide simple and easy access to your PC from home, and several of our developers have gotten work laptops and a docking station, so they can take their whole work home, if they want to (or keep the laptop running and RDP into it from the home PC).
IE can actually scale flash with it's Zoom. Of course, that eats a shitload of CPU.
Clamwin doesn't have an On-Access Scanner.
The US mostly mostly has middle and upper-class muslim immigrants. They're not bad people, because most of them don't value their religion about everything else.
Europe, on the other hand, mostly has the lower-class, redneck-equivalent muslim immigrants. They're bad people. They value their religion above everything else. They trade people:
http://www.bild.de/BILD/news/2010/04/21/tochter-fuer-15500-euro-als-braut-verkauft/mitten-in-deutschland.html
Most of them are dangerous, because they value the drug riddled prophecies of a child molester above both logic and infidel law.
(As always, there are exceptions)
I think that's normal and is called "growing up".
During my apprenticeship, i started running my own web server, mail, dns, everything. I've learned a lot with that.
Then that machine (running a mostly broken Debian woody, with several self-made packages, several unstable packages from various points in time, and i setup i hardly understood anymore) finally broke. I've replaced it with a new one, made everything much simpler, using only standard packages, turned up cron-apt for everything, including automatic reboots.
All the critical stuff (Mail, DNS) is outsourced now. Google Apps & PowerDNS Express. I know i should've used BPOS instead of Google Apps, but it's more expensive and Gmail is a lot better for handling my private Mail than OWA is.
You must change your password.
Please enter old password:
Please enter your new password:
cracklib knows the old password, because the user just entered it.
Meh, Germany bans about everything they can get their hands on. From video games to political views. It's a total mess over there.
This is one of the smaller problems Germany has.