All well and good, assuming the traffic goes through the ISP's mail server... Unfortunately, most of the bots have their own SMTP relay agent and bouce mail off infected servers in the network, and don't use YOUR e-mail account. Also, most of that mail is NOT on port 25.
Without being a supported of ISP based packet filtering and traffic shaping, there's no way for the ISP to do this, and I'm certainly not given tham any power to head down that road.
Though I agree with your logic, it's unfortunately flawed.
I mean, heck, if it was that easy, why wouldn't your own virus app say, "hey, although I can't find an infection, I did notice youre e-mail client wasn't open, but you sent 4500 messages today, and your machine was running a screen saver when it did it..."...and if it could detect that, it would know the CPU thread and thus the application responsible for it, and could report that centrally to the AV venor using a feedback program. unfortunately, even local software doesn't have access to that kind of packet sniffing power (and most PCs couldn't handle the load if it did, not without big packet latencies anyway).
regardless of how well you filter your own mail server, you can't stop every employee from using g-mail or some other web based e-mail service. Sure, general employees may be restricted to a while list, but likely your executive team refuses that request, and I would not doubt their machines are some of the most infected in the company (seen it too many time myself...)
And what do you do to detect SMTP traffic outbound on port 80 to someone elses infected bot in the cloud? You can't simply block port 80 (that's HTTP), and unless you have an inline packet inspection firewall (BIG BUCKS!!!) then you won't know it's happening.
outbound SMTP from viruses rarely uses the exchange server. most have their own SMTP agent installed and use standard ports like port 80 or 442 to dedicated re-mail servers that accept incoming SMTP opn those ports (or to other bots in the network that what open SMTP access and are not firewalled). They also typically communicate with each other over IRC chanels, which also typically use a standard, otherwise unblocked port, to communicate.
Stopping this kind of traffic is almost impossible, unless you spend BIG BUCKS on not only port filtering, but actual packet inspection firewalls. The cost of packet inspection for a fortune 500 company would be rediculous since all it would do is help identify an infection that the corporate AV and AS product should already be stopping. Give it a few days and all the major AV players will have a tool to find and clean this guy out... at least, for those having a current software version and definition update subscription. (that's the problem, of the 500,000 infections, likely less than 10% do...)
A firewall won't prevent a user from opening an infected e-mail that's already inside the network's mail servers... Firewalls don't scan e-mail. Obviously whatever mail filter they were using didn't catch the virus so either it was well crafted, or more likely, didn't get in through corporate mail servers, but through g-mail or some other system. It's also entirely possible to get infected from a thumb drive, bluetooth cell phone, CD, floppy, or other system that short of an AV scan on insert (if they configured that option at all) there was no line of defense.
Why penetrate the corporate firewall when you have insecure users at home that can bring the virus in for you?
The WORST people for this are: IT admins and senior executives. Specifically executives since they 1) don't know any better and 2) refuse to be bound by the same restrictions as users.
Well, it's not quite so cut and dry, but I sort of agree.
With Windows not having complete memory isolation between programs, buffer overruns are possible, which they are not in other OS.
Even running as non-admin aplications can still be installed unless you also adjust local security policy (good luck, it's more touchy than editing the registry and really easy to fuck up the whole OS doing it). Also, Windows does not use protected memory for all applications, not does it even have a built in tool foir listing active threads. It's VERY difficult to tell when Windows has something running you don't want, and ports can open and close almost at will unless your software firewall is configured properly. In BSD and Unix based systems, this type of vulnerability does not exist.
Configuration changes to OS resources or port remapping, even the hosts file are all protected by the Mac OS, and none of these are prevented by Windows (some can be with extra steps but it's poorly documented, not easy to do, and not the default).
Vista makes things a bit better, unless you turn off UAC, which many people do if they've been using a computer a while. In corporate domains, it's easier to be secure, but this virus even got into a good percentage of fortune 500 companies, all of which use heavy duty perimeter defence and filtering systems, and up-to-date security software( though the more systems you have, the harder it is to keep them all clean. If just 1 PC in their whole network was infected, it very well could have been a guest with a notebook on their wifi network...
Windows CAN be made secure (mostly) but it's nowhere near as easy, requires you BUY additional software, is not the default setting, and there are still exploits that will be exposed. Part of this is because Windows comes with so much crap installed that is unneeded, yet runs anyway, and other OS do not, and make it very simple to further disable core services that won't be used.
Apple will likely be easier to hack than custom installed Linux installations, but the more these things get "bundled" like Ubuntu where dozens of apps come pre-installed, and the comand shell is hidden in favor of easier to use controls, the less secure it will get.
It;s also possible in windows to have infections that can't be located. There's no indication unless system performance is noticably impacted. Unfortunately, most people expect windows to get slower over time, and typically don't notice. In Linux, you can easily check to see what will and won't run at startup, and easily see what has an active thread. Anything that does has to be clearly integrated into multiple systems or it won't get run by the kernel... A user can still fuck this up, but it's hard to lower our security without going to the comand line, something joe-bob doesn't know how to do.
The best thing Microsoft can do at this point would be to lock down all their security settings, build a true protected memory structure, and then remove ALL the control panel items that allow security to be lowered. Make people use comand lines to limit security and it won't get limited... Also, don't run ANY service or application unless it's used. (and forbid "helper" applications or pre-loaders). If they work more like linux, they'll be more secure.
Well, since all applications in OSX (and BSD, and most true Unix variants) need to list themselves in various tables, be individually identifyable to the OS, and have strict limits on what APIs they can access from what kind of memory space (and what kind of memory space they can occupy), the issue is not that they don't target macs because it's used less, but because they TRY, and noone can find a way to get a virus into a mac that doesn't say "Hi, I'm a virus, and I'd like permission from the kernel to run. Please enter your keychain password so I can add myself to your active applications list and take up a spot in your launch tray. Don't mind me!"
They'll target Apple all they want, but if there's a virus in a Mac, it will be incredibly easy to spot and remove. Getting it in there can't be by accident either, it has to come from a very complicated set of tricks, and must involve users actually permitting the infection. Macs are the target of Phishing all day long, but that's not an issue of securing the OS, it's about educating the user. Airbags don't prevent you from hitting a tree if you're asleep at the wheel...
First of all, by continuing to NOT report them, you're legally defined as an accomplice, and could have suffered imprisonment or fines personally in addition to the school if someone else DID report them.
Next, sure, they might have paid a big fine. As a percentage of their annual budget, it would have been tiny, and since budgets have to be approved a year in advance, it would have had to come from money already appropriated (by cutting other programs). We had an entire school district here in SC pay a big, multi-million dollar payout for a child abuse case, more than what a software licensing fine would have been. Taxes increased by about 1 mil to cover it, and for only 1 year. That boiled down to about $3 for every $100,000 in property you owned. It would not have increased at all, except they put off some new construction and new busses they budgeted for to the next year to accomodate a fine so high.
Also, the fines themselves would likely have been a small 1 time inconvenience for your school compared to the cost of actually legally licensing the software. That cost is one you should have been paying from day 1 on that property, so complaining about raising your taxes to be on the level that the REST of us already pay? Fuck you sir. This is in addition to the thousands you would have been paid (10%) for reporting the school in the first place.
But in reality, wether the school had policies or not in place, the district office sure would have. By the teachers violating those policies, likely it would have down to disciplining the teachers, firing a few administrators to "show they mean't business", then comply with Microsoft and other companies policies on priacy for goverment institutions by simply becoming compliant within 180 days and then face no actual penalties. Microsoft does not sue governments as long as they admit fault and become legally licensed for the software they had been using. Considering a large portion of this software is already free to schools, or comes with amazing discounts via state contracts and e-rate, or came pre-installed on PCs they bought, you really should not have been looking at more than teacher to teacher piracy (for which the fines would have been individual, not targeted at the schools). The administrators would have been punishes for allowing it to happen, but not the school itself.
We pay FAR more tax in simple wasted money than we do from fines like this. It's simply AMAZING how much money schools and other government agancies piss away that we could stop but don't. A school here just figured out they could save about 85K per year by simply not letting school busses idle when being loaded or unloaded in front of the school building. They saved enough to add anti-idle controlls to their buses so the engine cut off anytime the bus wasn't moving and they expect to save about 300K in addition. That would licence nearly 1500 copies of Office at school pricing. (they figured they could buy 4 new busses a year with it and replace their entire fleet every 8 years, and that was just 1 school)
I think you'd have to prove Google knowingly and willingly chose to act in the face of knowledge that what they did was incorrect. Actually, in SC, even KNOWINGLY crossing a no tresspassing sign is not a crime. Continuing to tresspass AFTER being asked to leave is what triggers the crime. Same goes for "No Soliciting" They can still come up and ring your doorbell even if you have signs up, they just can never come back after being asked to leave. Also, the signage required to legally be in compliance with no-tresspassing legislation in SC is extensive, and virtually impossible to mistake. In SC, post all the no-tresspassing signs you want, but if you miss just one that's required by law, or use the wrong sign or wrong size sign, then even if it would otherwise appear obvious based on your other signs, you STILL can't sue them unless they cause property damage, refuse to leave, or threaten you in any way physically. (they can scream explicitaves at you all they want while they're leaving, that's not illegal in this state, even when actually tresspassing).
Well, Google is providing a public service, and you in most cases don't even have the right to opt out of that. Google is being nice enough to offer that option. If this was YouTube going around snapping pictures of things for simply their display value the you might have a case, but in this case, the images provide a very specific public service. Even if you argued against YouTube doing this, you'd still have a big fight, as these images could be argued as being property of a publisher or news agency (regardless of the percieved value of the news or media itself, and regardless of wether they profit from it or not). The constitution protects them, and they could even fight you if they wanted and refuse takedown. The rare exception might be if the image included trademarks that you own that they have to pay to display puiblically (which would not be granted on your home).
Also, a picture of your house, and a TON of data about it, including your NAME, how much you PAID for it, the lender's name, what you pay in taxes, it's floorplan, your property lines, details about it's construction, and more are all freely available to the public in other ways. Google is not doing ANYTHING this isn't already being done by your local government, they're just making it easier to get information that already exists.
More importantly, until this actually became a court case and public news, nobody but people who lived in the area, knwe people in the area, or were looking to buy in the area would have ever seen their house on Goolge.
Also, (and this is a GREAT kick in the gut) now that this is a public court case, every news media agent has legally protected rights to get as close as they like to take pictures of the residence, including coming ONTO the property so long as they do not have to bypass a locked gate or pass no-trasspassing signs to do it. Suing made the image of their house seen THOUSANDS of times more than it would have, and has now caused their private road to become a public concern. Their home is now covered by "celebrity" clauses in prvacy legislation, and is no longer considered private at all! HAHAHA!
Not only are their no laws preventing this, there are actually legal rulings stating exactly the opposite. Any part of your home, INCLUDING the interior, that can be viewed from a public location, or OTHER private property and persons admitted to that other private property, is your own responsibility to hide if you wish privacy from view. In some states, the use of magnification or zoom technology to take pictures "specifically" of internal spaces of your home (ie voyerism) may be illegal, but if I get some of the interior of your home while taking a picture of the house as a whole, or of a person in the yard, that's not illegal anywhere, though you have the right to ask me not to do so at that time. The only thing I can't do is use that photo to make money without your persmission (unless it;s a public building or in the case of rental property the owner can give permission even if you don't).
If you have an open window, walk in front of it naked, and someone sees your johnson and files a suit against you for public display of nudity, you WILL pay the fine. This has been tried over and over again.
If you don't want people seeing inside your home, you can use shades, shutters, or even polarised films.
The image of your home is not only public information, it's freely available public information at your local surveyor's office. Also, from public tax records and other documents open to the public, even insurance records, i can see when you bought it, how much you paid for it, what it's current market value is, it's floorplan, where your property lines are, how much you pay in taxes, whether it's part of an HOA or not, and much, much more detail.
If you don't want people seeing you, close your blinds. If you want privacy in your yard, put up a fence. If you want the image removed from Google, simply ask, and their own policiy requires them to comply, but if I want to see a picture of your house, I have MANY other ways to see one that you can NOT ask to be taken down....and that private road? I can LEGALLY walk down it at any time as long as I don't stray more than 6' from the road itself. You can ask me to leave, but unless there's a local loitering law you can only ask me not to hang out there, and you can't prevent me from walking down it over and over again. (unless the road is posted no-trasspassing, ad serves ONLY your house, ie, it's a driveway.) As soon as the city puts a sign there, or gives it an official name, whether it's their road or yours, I can still walk on it unmolested, and sue YOU if you threaten me otherwise.
Right. A Private Road is not the same thing as Private Property. If it's a road, then it has a sign and house numbers. If not, it's a driveway. Most states, including the one I live in, have VERY specific rules about placing no-tresspassing signs. Even if there was a "private road" sign (which I could not see in the images, and therefore if it exists would likely be ruled improperly placed) there was NOT a ro-tresspassing sign properly displayed on this road using state accepted colors, designs, sizing, or proper placement.
In my community (which is a private gated community, but uses public roads maintained by the city) I not only have to place a no trespassing sign at my driveway, but at EVERY access point to my property, at every door not blocked by a gate, and at no less than 2 points clearly defined in my front yard. Placing enough signs to satisfy SC laws for tresspassing on my private property would be an eyesore, and my HOA forbids it. Even if I could, the law actually allows someone to walk up to my front door and ring the bell, no-solicitation signs and all, including quoted sections of the SC law book, and all I can do is ask them to leave. Only if they return can I actualy get them arrested for tresspassing. With this law, even if I had all the appropriately placed signage, google could have pulled into my driveway on a single occasion, snapped as many high res photos as they liked, and then my only course of action would have been to ASK them niceley not to publish those photos (or take them down if they already had) Suing them would have gotten me a counter suit that I would have lost.
Also, even if it's a driveway, even on private property, passerbys are permitted to enter the first few feet of your driveway as a means of turning around to go the other way or to stop to get out of the street where there are no shoulders. I this case, it was clearly marked as a road, thus they could drive down it and then turn around in a driveway, which it appears this is exactly what they did.
You're right, except that Google did not go on the road, they simply got a picture of it from a nearby public road. This was not a residential development, but a private lot with a private road off of a local public road that itself was not marked as private nor did it prevent thru traffic. Their private road is basically defined as nothing more than a glorified driveway.
Also, explain to me how snapping a picture from the road is any different than snapping one from orbit or from a plane. They object to one but not the other?
note that what people see you doing inside your own house for your personal failure to close your own window shades is your problem. In fact, many people who have accidently seen someone "doing it" through their window have been awarded money for suffering in various ways. People have also been brough up on indecency charges for walking through their house naked with open windows.
Whether or not you are inside your home or within the bounds of your personal property, simply being in "public view" means what you do while in view is public.
I live in a private community, with a gated, private access road. We pay HOA fees for upkeep of the gutters, street lights, etc, but the road itself is still actually owned by the city, and there's a line item in my county taxes for road maintenance. (this in is contract to my father who lives in a neighborhood that OWNS the road, and he does not pay this tax, living in the same town).
The police have a gate override code, and patrol our streets. We have signes up that say "private community" "no thru traffic" "no soliciting", etc, but the fact is, the road is actually a public road, and should anyone ask, they have every right to drive on it. As an example, an icecream company filed a grevience with our HOA and had to be given a code to our gate and the right to drive on our streets and sell their wares, and as long as they don't step out of their trucks and onto the sidewalks the HOA owns, they can play their music and solicit our kids from the streetside. Not that we actually argued against this, but if we did, they could have forced our hand anyway.
The only way to have a truly private road is it you got the permits and laid the road yourself on your own property, and you complately maintain it yourself. Of course, if you do, even the police need permission to come on it unless there's a stated emergency (they would not be able to patrol your road). My Father's community has to pay for private security to do this, and his HOA fees are about $1500 per year vs my $300 because of that plus actual road maintenance fees I don't have to pay.
I also know a family out in rural country that technically hasd a "private road" Since their driveway is longer than 1/4 mile, and there's actually 3 houses at the end of it, they were required to get a street sign and house numbers for 911 identification, but the road is theirs.
Google would not be able to drive on a road that is a true private road, but they actually know which ones those are. If you go to google maps, private roads are not drawn, there will just be a blob where a comminty is. If you can stand in a public location (street or public sidewalk) you can take a picture of whatever you want. They only grey area is in using that picture for advertising or other printed materials without permission. Since this is a database, and there's no advertising on the street view mage, not does Google charge for the service, they're in the clear on this one. (even more so since you can ask the image be taken down without cost and without legal battle)
Don't make payments from public PCs... simple ansewer to this issue.
One-time pins work well enough to authenticate the transaction, and when using a card processor at a cash register, you can reasonably be sure the transaction goes through unmolested (if that device was hacked, someone would find out quick as the store would not be getting any money, and the device has a compete history of all transactions not only on it, but in the database of the central processing agency/bank, and it's easy for them to put all the money back where it should be.)
On a PC, we need one more step. Not only a one-time pin that is good only for that transaction, but a "return pin" that is displayed on the screen after the transaction processes. This should be a pin you can set personally, in advance when you create your online access account, that's a 4-8 digit code that you recognise for any transactions on their site. If you're spoofed, you'll know instantly, and can contact your bank. They'll of course need to validate your selected return pin with that company, but at least you can stop payment on the transaction and list the account the payment was redirected to as a phishing account and if possible have it either closed or blacklisted. Better yet, since almost all of us have cellphones, why not have the return pin and transaction details sent to you via txt (or mobile e-mail if text cost you money). that way, if you're the kind of person that uses the same pin everywhere, if your home PC was compromised they still couldn't fool you.
On the question of "should people be held responsible for the security of their own PCs" I say YES! Though it's not really possible to securely ID whether a PC on the net has proper security software installed or not (any program that would check for such would be a quick target of hackers and regardless of how secure the application was, it's output can allways be spoofed). What an ISP CAN do however is identify key activity like DDoS activity, heavy SPAM traffic, etc. Most bots are easy to spot, and even if they can't ID which one of your PCs is infected, they know your external ID, and from their databases they'll know your router MAC address, and can remotely shut it down and call you to let you know why.
If your machine infects another because it did not have up-to-date antivirus, or didn't have any at all, then you should be liable. If you loose money because you're insecure, your bank should offer services to assist getting your money back, (because no matter how secure you are, there are allways zero day exploits to worry about and phishing redirection) but they really can't prevent it from getting stolen.... (they can secure their own systems from direct attack, but a transaction is a transaction, and if it came from your PC with your password and pin, then as far as they can tell, it's real).
Public access PCs also need to be secure. If you do a banking transaction at a public PC that's been hacked, the owner of that PC should be responsible, unless it was a zero day attack and he was up to code on his security. There shuold of course be signs posted to let people know using a credit card on a public PC is just stupid, and the proprietor won't be responsible for monetary or other losses, but at the same time, if they're not at least attempting to secure their PCs, then maybe DHEC should have powers to audit and fine them. Securing public access to internet may really be no different then regulating food service quality. (of course DHEC doesn't have the staff, but DHEC could subcontract the ISP or some local IT firm to do the work until they staff up internally, or some specific branch is created for this job).
Don't argue with me that it's your personal right to use or not use security software on your personal PC. If you connect that personal PC to a public network, you need to abide by the rules of that public network. If you want to be naked in your house all day that's fine, but in public? no shirt, no shoes, no service! What you
1. User just deleted a "critical" data directory/file. - Use group policy to prevent file deletion. - Force all files to be stored on servers, and backed up centrally. - Prevent local file storage by using strict quotas or preventing writes to local disk
2. User just deleted an OS directory and their computer will not run. - The OS won't let you do this. - User level accounts should not have permission to view files in OS directories, let alone modify/delete permission
3. User kept everything on his/her local drive and it just caught fire. - enforce nightly automatic system re-image policies. They'll only do this a few times before they get the point... - prevent write access to local drives/folders - change policy to punish employees who use local storage for company documents (up to and including termination) - redirect My Documents to a server
4. User wants an email from 3 years ago that user had deleted from his/her last computer 2 years ago. - See Hippa or sarbaynes oxly. You may be required BY LAW to store all email for 1, 3, 5, 7 eyars, or indefinetly, depending on what business you are in. An auditor can ask for any e-mail from any year inside the window you are required to maintain, and if you not only can't comply, but don't have a documented process for HOW to comply as well as written records of periodic testing of your backups and archive processes, then you will fail your audit, and be fined MANY TIMES what it would have cost you to simply comply! - buy a good backup system that supports brick level backups for e-mail and automated archival I recomend Unitrends for SMBs (under 4TB of data per storage server), EMC systems for enterprise customers - Tell the user no!...unless upper management approves the IT costs associated with the item's recovery, or unless legal action is requiring it's retreval. - block all webmail, pop mail, and all other non-centralized (controlled, backed up, filtered, etc) e-mail access.
5. The legal department wants all email to/from Mr.X, Mr.Y and Mr.Z. - see backup requirements... This should be easy if you have the equipment. If it's current e-mail RTFM.
6. User keeps getting infected with viruses. - use a whitelist for web access - deny web access to employees that don't require it as a business necesity - use appropriate e-mail filtering technology - Run up-to-date client side AV and Spyware filtering - track which users continually get infected, and if it's from the use of outside media (USB or other media being brough from home, etc) block those ports and drives until the user shows certification that their home computers have been certified virus free. Ensure all imported media is scanned before becoming accessible to the user (most corporate AV products support this option)
If you have a corporate network and at least 1 server (if you only have one, get a second one NOW!), then you should be running corporate or SMB versions of all your software and security systems. All access to resources should be centralized, users restricted with domain or group policy, and all content filtered and controlled. This is a cost of doing business. Your backup systems and security licences should be approxamately 25% of your total annual IT expenditure (including internal staff slaries, outsourcing, and all). If you have not spent this much yet, do so now. If you can't afford to spend this much, change your business practices to accomodate doing so, or get rid of your service in favor of a managed service contract.
Backups should be moved off-site daily. If you can't move them off-site to a controlled, secure environment (like a bank) then you need electronic off-site data backup or replication. There are hundreds of firms that can provide you these services.
If you don't know how to do any of these things (or some but not all) hire a consultant. NEVER attempt to perform an IT task alone that you have not been trained to do or practieced in a lab
You mush have been in a shady place, or this was a long time ago. My firm serves nearly half of the school districts in my state, and I can attest, there's little or no piracy, and any found is dealt with swiftly.
Most PCs around here are provided by grant money or government programs, not local school budgets. Even the teachers are not allowed to use grant provided PCs in their classrooms for their own use, they have to have a completely seperate, school provided system just for themselves. My wife teaches at a school here. When her classroom PC crashes, she can't just sit in front of another machine and log into groupwise, or hook it up to a projector, even though it has all the software she needs to do that. She has to get her classroom machine fixed or replaced by maintenance. Since the network is closed, her personal laptop is useless, and the smartboard software it tightly controlled by the IT department so she can't get it installed on her notebook as a backup...
All of the schools here have TIGHT audit controlls on software rollout. PCs are inspected several times per year by IT staff (usually through remote monitoring software), and at least once anually by 3rd party auditors hired by either state or federal agencies to ensure grant compliance.
User accounts are also tightly controlled. They don't even have permission to change their desktop backgrounds... They can't install software at all (except for self executing binaries, which the use of violates district policies). They have very strict file management rules, and teachers can be disciplined or suspended without pay for violating IT use of systems.
They're so touchy because if they fail an audit, they can be immediately disqualified from future grants, loose their e-rate purchase status, or pay heavy fines.
I don't know where your school was. Was it private? If not, likely they've been punished severely by now, and if you go back there, I'm sure you'll find IT to be a completely different world.
btw: why didn't you turn them in? Don't you know that not only Microsoft, but most other major firms have a policy of paying you a percentage of the fines and licneces collected for violations you report? A school as bad as you claim could have gotten you tens of thousdands in hard cash if tyou turned them in!
Inside our own company, even being an IT services firm, our employees are not permitted to install software or modify their systems beyond simple user preference levels. We don't lock systems down since we're all engineers here, but even still, everything we need or want goes through helpdesk. We're not allowed to service our own systems even if we have the knowledge, because the company has to keep a very tight check on software install counts, etc.
As for our managed customers, we use combinations of group policy and user rights to prevent users from using local drives for storage by installing extremely small quotas (like 10MB!) with the exception of their personal music and pic folders. To prevent abuse, only jpg, bmp, mp3, aac, and wma files are permitted in those folders (batch scripts auto delete everything else periodically) We block the creation of additional drive letters (which prevents thumb drive use, and thus remote software applications), and use network monitoring software to see who has what applications installed. We also block known network sharing ports directly at the desktop level to prevent iTunes and other media sharing from swamping the network, and limit each user via QoS to a relatively small piece of bandwidth. everyone goes through websense and has a white list of addresses based on their user classification. Access to additional sites requires IT approval.
We don't outright prevent the installation of programs. Users can install their own stuff from their own licences if they wish, however, we track all installed programs on all PCs, and we have a list of forbidden applications and will remotely remove them and discipline employees for violating this policy. If they want to install a simple game to play on their breaks, that's fine, but things like Google Desktop, helper apps, P2P etc are forbidden. If employees need a program to do their jobs, we should already know about it. there's a list of programs in the distribution server. If they need one, getting it installed is a helpdesk request and appropriations signature away so volume licensing can be tracked. All company software is rolled out from the network.
UPS trademarked brown for use in relation to delivery services only. Besides, when a brown truck pulls up, you know who's it is. When someone says we're shipping brown, you know how it's coming. Brown is clearly associated with UPS's legacy.
Mailing an envolope to yourself by itself could be sent opened, however, mailing a certified letter requires the envelope not only to be sealed, but the certification is placed across the back of the envelope covering the seal. when recieved, the return receipt is also dated and signed by you, then kept on file with the post office for many years (7 at least). There's a comments field on the certificate for to indicate the envelope's contents. Note the type of invetion contained therein and it should be fair proof of your prior art.
Of course, to go through all this, why not simply have the documents notorised... It's probably cheaper to do so.
You'd also need to prove not only that you came up with the idea, but also that you worked on attempting to bring it to market. this would likely mean a mock up or prototype. For a program or function of a program, at least flow charts if not actual sample or speudocode would be expected. You need to get a lot farther than a simple description in a blog. You need images, plans, design ideas, workflow, analysis, etc. I know a guy who files patents every few months in magneto radioscopy (MRI and megnetic probe research). The amount of work is insane, and the language and method for composing images is very specific. Even after several dozen granted patents he still has some sent back for editing that get declined.
Finally, you have to satisfy the ruling that the idea can't be hidden or obscured. It would need to be published somewhere... Somewhere at least resonably obvious like a trade magazine related to the field for the product.
For all the effort, and with lawyers able to refute most of what you could at some level prove, it's more likely they'll win, not you. It;s about $1,200 to file a patent, plus legal fees and drawings. More if you actually want to do a search to see if it's already been patented before you file. If you have a really good idea, do a search. If noone else patented it, you should. If you can't afford to, a lot of companies will do it for very small fees, in exchange for a sizable cut of the profits if someone licenses your ides (or if they're a patent troll and sue in your name).
OK, I actually read the article because I had to see how stupid this really was...
first, it sounds like by adding a 2nd sound card that 1 of them can play WMA while the other can play iTunes. You get 6 chanels, but you can only play 2 different songs at a time, and only if you have both a WMA library and iTunes. If you have only iTunes like I do, then all this is is a multicast system with up to 6 chanels.
With a laptop, airtunes, appleTV, or any numer of other devices, you can use shared libraries to do this over wifi, and play different songs in each room at the same time... plus, you don't need a 2nd sound card, don't need dedicated speaker wiring to each room, don't need custom, proprietary controller panels in each room, shit you don't even need all your music on one machine. if you have a lot of WMA and iTunes tracks, run WMC and iTunes.
So big deal, you have some iTunes DRM'd music and some WMA at the same time. unless we're talking about having hundreds of both, then you could simply convert the songs to non-DRM songs. You can do this in iTunes by 1) ripping to CD and back to MP3, 2) paying $0.29 each to upgrade to 256 bit non-DRM, or 3) crack the files. For WMA, if the application you like doesn't support DRM to CD encoding, then just crack the files.... Even if you had to do this true and legal, and you wanted to buy all new tracks in iTunes and eliminate WMA from your home, doing so for even 500 tracks or more will cost you less that this solution will, a LOT less.
This product is complete lunacy, targeted at morons who don't know any better.
iTunes already supports multiple streams and complete control at each endpoint.
If you want an integrated system, I can hook you up with companies that install in-home room to room paging panels that support MP3 and FM playback from a central server. a 5 room, 5 panel installation, including speakers, will run you $3000-4000 and all you need is an XP box or NAS device to put all the music files on. (and you could STILL use iTunes on wifi outside on the deck, by the pool, etc).
this "itty bitty" company the author loves so much is going to be bankrupt soon...
The US government regrets to inform you that due to suspected illegal activites detected from your systems that your systems have been actively neutralized. A virus is now infecting your machine that has already spun your CPU cylces into increasinly higher activity cylcles. This will cause your system to overheat and fail in 5, 4, 3, 2, 1...
PS: the melting of materials in your CPU can emit toxic fumes that are known to be a health hazard. Do not breath fumes that may eminate from your computer or firewall. Also, we suggest you get a fire extingusher...
PSS: if you feel you have been inapropriately targeted, please simply purchase a new PC, connect to the internet from a known secure and untargeted location, and file form "GFYS-2008-A" with your local FBI office so we can file it for 7 years and if your lucky respond by admitting no fault and denying your claim since by then any evidence will have been destroyed by presidential executive order, including the backup tapes plus we've just destoryed any evidence YOU had. haha.
- there are AV tuners and TV recording capabilities for Apple systems (Happauge makes a few as well as others) Windows has no integrated native apps for it, just hardware and 3rd parts software support same as Apple.
Windows Media Center? --Media center is a sharing server, and you can use it to control the tuner, but if you buy a 3rd party tuner it comes with this type of software anyway. FrontRow does most of this anyway, but since Apple doesn't sell a TV tuner, they don't develop custom software to schedule recordings... It's kind of irrelevent anyway because even with a tuner, you can only record OTA broadcasts or old analog cable (which is getting turned off in my area in a few months).
- Network projector support on Windows is via 3rd party apps only. Same as Apple for which software IS available.
It's built in, right on the start menu... --OK, missed that one. Either way, I looked up several network projectors, and every single one had a Mac driver for both wireless and physical network connections. Non-issue.
- There are a lot of network storage appliances for Apple, including OS X server. Listing Windows Home Server doesn't count as a plus in Microsoft's corner since it's not "out-of-the box" and requires additional software installed by the server to do these things. Vista does NAS no differently than Apple without a real server behind it... They both access network USB the same, though 3rd party drivers or network shares. Apple also supports more than just SMB shares, so I even lean on their side on this a bit, but still call it tied.
Windows Home Server doesn't require the client for use as a file server, only for notifications and automatic whole-system backups. --Backup is handled by Time Machine much better than WHS anyway, but if all your doing is file sharing, why buy a server to manage and not just a simple NAS???
- Automator is a sync tool when set up. Better yet, configure rsync (included) and sync only delta changed packets instead of whole files... Sure, it requires some know how, and Windows Sync Center is easier to use, but it can't be used on business editions anyway...
rsync dosn't work with files over 2-4GB in size last I heard. --rsync is dependent on file system support of the file size, latest rsync binaries do support over 2GB, but both the target and destination volume must support this, and both versions of rsync. Windows Sync has issues of it's own, including max path length of 240 characters which really sux since Vista istelf allows longer paths...
- Presentation mode? Are they referring to PowerPoint? That's not included in Windows, plus both PowerPoint for Mac 2008 and Keynote do this (and more).
Presentation mode is a mode for the whole PC to be in, not an application. --Well, it;s not a simple button to click on, but it can easily be simulated in automator. If you use keynote, this isn't an issue anyway since the display is seperate from your desktop.
- Automation Features - apple has lots, Windows has a simple task scheduler to lauch batch files...
Scripting support, etc. etc. --Scripting support??? You mean VB? Sure, if you'r a programming geek... Automator can do a TON without a single line of code (or typos, or need to know switches or ream MAN pages). Beyond that, you can use Applescript, and incredible powerful object language. And if you ARE a programmer, you can use Korn Shell, which is FAR more powerful than Microsofts comand line tools and scripting. They simply don't compare.
- Security - Apple wins since Admin access is disable by default and their firewall is superior, plus not a single ITW virus for mac and little or no spyware (might change in the future, but not a concern now)
a Mac is the only system I've actually encountered a Virus on, but that was in the 68k days --if you've not encountered a virus on a PC, you don't use them much... Of course, what's defined as a "virus" years ago and "spyware" today are about the same thin
Slashdot Mirror
All well and good, assuming the traffic goes through the ISP's mail server... Unfortunately, most of the bots have their own SMTP relay agent and bouce mail off infected servers in the network, and don't use YOUR e-mail account. Also, most of that mail is NOT on port 25.
...and if it could detect that, it would know the CPU thread and thus the application responsible for it, and could report that centrally to the AV venor using a feedback program. unfortunately, even local software doesn't have access to that kind of packet sniffing power (and most PCs couldn't handle the load if it did, not without big packet latencies anyway).
Without being a supported of ISP based packet filtering and traffic shaping, there's no way for the ISP to do this, and I'm certainly not given tham any power to head down that road.
Though I agree with your logic, it's unfortunately flawed.
I mean, heck, if it was that easy, why wouldn't your own virus app say, "hey, although I can't find an infection, I did notice youre e-mail client wasn't open, but you sent 4500 messages today, and your machine was running a screen saver when it did it..."
regardless of how well you filter your own mail server, you can't stop every employee from using g-mail or some other web based e-mail service. Sure, general employees may be restricted to a while list, but likely your executive team refuses that request, and I would not doubt their machines are some of the most infected in the company (seen it too many time myself...)
And what do you do to detect SMTP traffic outbound on port 80 to someone elses infected bot in the cloud? You can't simply block port 80 (that's HTTP), and unless you have an inline packet inspection firewall (BIG BUCKS!!!) then you won't know it's happening.
outbound SMTP from viruses rarely uses the exchange server. most have their own SMTP agent installed and use standard ports like port 80 or 442 to dedicated re-mail servers that accept incoming SMTP opn those ports (or to other bots in the network that what open SMTP access and are not firewalled). They also typically communicate with each other over IRC chanels, which also typically use a standard, otherwise unblocked port, to communicate.
Stopping this kind of traffic is almost impossible, unless you spend BIG BUCKS on not only port filtering, but actual packet inspection firewalls. The cost of packet inspection for a fortune 500 company would be rediculous since all it would do is help identify an infection that the corporate AV and AS product should already be stopping. Give it a few days and all the major AV players will have a tool to find and clean this guy out... at least, for those having a current software version and definition update subscription. (that's the problem, of the 500,000 infections, likely less than 10% do...)
A firewall won't prevent a user from opening an infected e-mail that's already inside the network's mail servers... Firewalls don't scan e-mail. Obviously whatever mail filter they were using didn't catch the virus so either it was well crafted, or more likely, didn't get in through corporate mail servers, but through g-mail or some other system. It's also entirely possible to get infected from a thumb drive, bluetooth cell phone, CD, floppy, or other system that short of an AV scan on insert (if they configured that option at all) there was no line of defense.
Why penetrate the corporate firewall when you have insecure users at home that can bring the virus in for you?
The WORST people for this are: IT admins and senior executives. Specifically executives since they 1) don't know any better and 2) refuse to be bound by the same restrictions as users.
Well, it's not quite so cut and dry, but I sort of agree.
With Windows not having complete memory isolation between programs, buffer overruns are possible, which they are not in other OS.
Even running as non-admin aplications can still be installed unless you also adjust local security policy (good luck, it's more touchy than editing the registry and really easy to fuck up the whole OS doing it). Also, Windows does not use protected memory for all applications, not does it even have a built in tool foir listing active threads. It's VERY difficult to tell when Windows has something running you don't want, and ports can open and close almost at will unless your software firewall is configured properly. In BSD and Unix based systems, this type of vulnerability does not exist.
Configuration changes to OS resources or port remapping, even the hosts file are all protected by the Mac OS, and none of these are prevented by Windows (some can be with extra steps but it's poorly documented, not easy to do, and not the default).
Vista makes things a bit better, unless you turn off UAC, which many people do if they've been using a computer a while. In corporate domains, it's easier to be secure, but this virus even got into a good percentage of fortune 500 companies, all of which use heavy duty perimeter defence and filtering systems, and up-to-date security software( though the more systems you have, the harder it is to keep them all clean. If just 1 PC in their whole network was infected, it very well could have been a guest with a notebook on their wifi network...
Windows CAN be made secure (mostly) but it's nowhere near as easy, requires you BUY additional software, is not the default setting, and there are still exploits that will be exposed. Part of this is because Windows comes with so much crap installed that is unneeded, yet runs anyway, and other OS do not, and make it very simple to further disable core services that won't be used.
Apple will likely be easier to hack than custom installed Linux installations, but the more these things get "bundled" like Ubuntu where dozens of apps come pre-installed, and the comand shell is hidden in favor of easier to use controls, the less secure it will get.
It;s also possible in windows to have infections that can't be located. There's no indication unless system performance is noticably impacted. Unfortunately, most people expect windows to get slower over time, and typically don't notice. In Linux, you can easily check to see what will and won't run at startup, and easily see what has an active thread. Anything that does has to be clearly integrated into multiple systems or it won't get run by the kernel... A user can still fuck this up, but it's hard to lower our security without going to the comand line, something joe-bob doesn't know how to do.
The best thing Microsoft can do at this point would be to lock down all their security settings, build a true protected memory structure, and then remove ALL the control panel items that allow security to be lowered. Make people use comand lines to limit security and it won't get limited... Also, don't run ANY service or application unless it's used. (and forbid "helper" applications or pre-loaders). If they work more like linux, they'll be more secure.
Well, since all applications in OSX (and BSD, and most true Unix variants) need to list themselves in various tables, be individually identifyable to the OS, and have strict limits on what APIs they can access from what kind of memory space (and what kind of memory space they can occupy), the issue is not that they don't target macs because it's used less, but because they TRY, and noone can find a way to get a virus into a mac that doesn't say "Hi, I'm a virus, and I'd like permission from the kernel to run. Please enter your keychain password so I can add myself to your active applications list and take up a spot in your launch tray. Don't mind me!"
They'll target Apple all they want, but if there's a virus in a Mac, it will be incredibly easy to spot and remove. Getting it in there can't be by accident either, it has to come from a very complicated set of tricks, and must involve users actually permitting the infection. Macs are the target of Phishing all day long, but that's not an issue of securing the OS, it's about educating the user. Airbags don't prevent you from hitting a tree if you're asleep at the wheel...
First of all, by continuing to NOT report them, you're legally defined as an accomplice, and could have suffered imprisonment or fines personally in addition to the school if someone else DID report them.
Next, sure, they might have paid a big fine. As a percentage of their annual budget, it would have been tiny, and since budgets have to be approved a year in advance, it would have had to come from money already appropriated (by cutting other programs). We had an entire school district here in SC pay a big, multi-million dollar payout for a child abuse case, more than what a software licensing fine would have been. Taxes increased by about 1 mil to cover it, and for only 1 year. That boiled down to about $3 for every $100,000 in property you owned. It would not have increased at all, except they put off some new construction and new busses they budgeted for to the next year to accomodate a fine so high.
Also, the fines themselves would likely have been a small 1 time inconvenience for your school compared to the cost of actually legally licensing the software. That cost is one you should have been paying from day 1 on that property, so complaining about raising your taxes to be on the level that the REST of us already pay? Fuck you sir. This is in addition to the thousands you would have been paid (10%) for reporting the school in the first place.
But in reality, wether the school had policies or not in place, the district office sure would have. By the teachers violating those policies, likely it would have down to disciplining the teachers, firing a few administrators to "show they mean't business", then comply with Microsoft and other companies policies on priacy for goverment institutions by simply becoming compliant within 180 days and then face no actual penalties. Microsoft does not sue governments as long as they admit fault and become legally licensed for the software they had been using. Considering a large portion of this software is already free to schools, or comes with amazing discounts via state contracts and e-rate, or came pre-installed on PCs they bought, you really should not have been looking at more than teacher to teacher piracy (for which the fines would have been individual, not targeted at the schools). The administrators would have been punishes for allowing it to happen, but not the school itself.
We pay FAR more tax in simple wasted money than we do from fines like this. It's simply AMAZING how much money schools and other government agancies piss away that we could stop but don't. A school here just figured out they could save about 85K per year by simply not letting school busses idle when being loaded or unloaded in front of the school building. They saved enough to add anti-idle controlls to their buses so the engine cut off anytime the bus wasn't moving and they expect to save about 300K in addition. That would licence nearly 1500 copies of Office at school pricing. (they figured they could buy 4 new busses a year with it and replace their entire fleet every 8 years, and that was just 1 school)
Well, Google is providing a public service, and you in most cases don't even have the right to opt out of that. Google is being nice enough to offer that option. If this was YouTube going around snapping pictures of things for simply their display value the you might have a case, but in this case, the images provide a very specific public service. Even if you argued against YouTube doing this, you'd still have a big fight, as these images could be argued as being property of a publisher or news agency (regardless of the percieved value of the news or media itself, and regardless of wether they profit from it or not). The constitution protects them, and they could even fight you if they wanted and refuse takedown. The rare exception might be if the image included trademarks that you own that they have to pay to display puiblically (which would not be granted on your home).
Also, a picture of your house, and a TON of data about it, including your NAME, how much you PAID for it, the lender's name, what you pay in taxes, it's floorplan, your property lines, details about it's construction, and more are all freely available to the public in other ways. Google is not doing ANYTHING this isn't already being done by your local government, they're just making it easier to get information that already exists.
More importantly, until this actually became a court case and public news, nobody but people who lived in the area, knwe people in the area, or were looking to buy in the area would have ever seen their house on Goolge.
Also, (and this is a GREAT kick in the gut) now that this is a public court case, every news media agent has legally protected rights to get as close as they like to take pictures of the residence, including coming ONTO the property so long as they do not have to bypass a locked gate or pass no-trasspassing signs to do it. Suing made the image of their house seen THOUSANDS of times more than it would have, and has now caused their private road to become a public concern. Their home is now covered by "celebrity" clauses in prvacy legislation, and is no longer considered private at all! HAHAHA!
Not only are their no laws preventing this, there are actually legal rulings stating exactly the opposite. Any part of your home, INCLUDING the interior, that can be viewed from a public location, or OTHER private property and persons admitted to that other private property, is your own responsibility to hide if you wish privacy from view. In some states, the use of magnification or zoom technology to take pictures "specifically" of internal spaces of your home (ie voyerism) may be illegal, but if I get some of the interior of your home while taking a picture of the house as a whole, or of a person in the yard, that's not illegal anywhere, though you have the right to ask me not to do so at that time. The only thing I can't do is use that photo to make money without your persmission (unless it;s a public building or in the case of rental property the owner can give permission even if you don't).
...and that private road? I can LEGALLY walk down it at any time as long as I don't stray more than 6' from the road itself. You can ask me to leave, but unless there's a local loitering law you can only ask me not to hang out there, and you can't prevent me from walking down it over and over again. (unless the road is posted no-trasspassing, ad serves ONLY your house, ie, it's a driveway.) As soon as the city puts a sign there, or gives it an official name, whether it's their road or yours, I can still walk on it unmolested, and sue YOU if you threaten me otherwise.
If you have an open window, walk in front of it naked, and someone sees your johnson and files a suit against you for public display of nudity, you WILL pay the fine. This has been tried over and over again.
If you don't want people seeing inside your home, you can use shades, shutters, or even polarised films.
The image of your home is not only public information, it's freely available public information at your local surveyor's office. Also, from public tax records and other documents open to the public, even insurance records, i can see when you bought it, how much you paid for it, what it's current market value is, it's floorplan, where your property lines are, how much you pay in taxes, whether it's part of an HOA or not, and much, much more detail.
If you don't want people seeing you, close your blinds. If you want privacy in your yard, put up a fence. If you want the image removed from Google, simply ask, and their own policiy requires them to comply, but if I want to see a picture of your house, I have MANY other ways to see one that you can NOT ask to be taken down.
Right. A Private Road is not the same thing as Private Property. If it's a road, then it has a sign and house numbers. If not, it's a driveway. Most states, including the one I live in, have VERY specific rules about placing no-tresspassing signs. Even if there was a "private road" sign (which I could not see in the images, and therefore if it exists would likely be ruled improperly placed) there was NOT a ro-tresspassing sign properly displayed on this road using state accepted colors, designs, sizing, or proper placement.
In my community (which is a private gated community, but uses public roads maintained by the city) I not only have to place a no trespassing sign at my driveway, but at EVERY access point to my property, at every door not blocked by a gate, and at no less than 2 points clearly defined in my front yard. Placing enough signs to satisfy SC laws for tresspassing on my private property would be an eyesore, and my HOA forbids it. Even if I could, the law actually allows someone to walk up to my front door and ring the bell, no-solicitation signs and all, including quoted sections of the SC law book, and all I can do is ask them to leave. Only if they return can I actualy get them arrested for tresspassing. With this law, even if I had all the appropriately placed signage, google could have pulled into my driveway on a single occasion, snapped as many high res photos as they liked, and then my only course of action would have been to ASK them niceley not to publish those photos (or take them down if they already had) Suing them would have gotten me a counter suit that I would have lost.
Also, even if it's a driveway, even on private property, passerbys are permitted to enter the first few feet of your driveway as a means of turning around to go the other way or to stop to get out of the street where there are no shoulders. I this case, it was clearly marked as a road, thus they could drive down it and then turn around in a driveway, which it appears this is exactly what they did.
You're right, except that Google did not go on the road, they simply got a picture of it from a nearby public road. This was not a residential development, but a private lot with a private road off of a local public road that itself was not marked as private nor did it prevent thru traffic. Their private road is basically defined as nothing more than a glorified driveway.
Also, explain to me how snapping a picture from the road is any different than snapping one from orbit or from a plane. They object to one but not the other?
note that what people see you doing inside your own house for your personal failure to close your own window shades is your problem. In fact, many people who have accidently seen someone "doing it" through their window have been awarded money for suffering in various ways. People have also been brough up on indecency charges for walking through their house naked with open windows.
Whether or not you are inside your home or within the bounds of your personal property, simply being in "public view" means what you do while in view is public.
I live in a private community, with a gated, private access road. We pay HOA fees for upkeep of the gutters, street lights, etc, but the road itself is still actually owned by the city, and there's a line item in my county taxes for road maintenance. (this in is contract to my father who lives in a neighborhood that OWNS the road, and he does not pay this tax, living in the same town).
The police have a gate override code, and patrol our streets. We have signes up that say "private community" "no thru traffic" "no soliciting", etc, but the fact is, the road is actually a public road, and should anyone ask, they have every right to drive on it. As an example, an icecream company filed a grevience with our HOA and had to be given a code to our gate and the right to drive on our streets and sell their wares, and as long as they don't step out of their trucks and onto the sidewalks the HOA owns, they can play their music and solicit our kids from the streetside. Not that we actually argued against this, but if we did, they could have forced our hand anyway.
The only way to have a truly private road is it you got the permits and laid the road yourself on your own property, and you complately maintain it yourself. Of course, if you do, even the police need permission to come on it unless there's a stated emergency (they would not be able to patrol your road). My Father's community has to pay for private security to do this, and his HOA fees are about $1500 per year vs my $300 because of that plus actual road maintenance fees I don't have to pay.
I also know a family out in rural country that technically hasd a "private road" Since their driveway is longer than 1/4 mile, and there's actually 3 houses at the end of it, they were required to get a street sign and house numbers for 911 identification, but the road is theirs.
Google would not be able to drive on a road that is a true private road, but they actually know which ones those are. If you go to google maps, private roads are not drawn, there will just be a blob where a comminty is. If you can stand in a public location (street or public sidewalk) you can take a picture of whatever you want. They only grey area is in using that picture for advertising or other printed materials without permission. Since this is a database, and there's no advertising on the street view mage, not does Google charge for the service, they're in the clear on this one. (even more so since you can ask the image be taken down without cost and without legal battle)
Don't make payments from public PCs... simple ansewer to this issue.
One-time pins work well enough to authenticate the transaction, and when using a card processor at a cash register, you can reasonably be sure the transaction goes through unmolested (if that device was hacked, someone would find out quick as the store would not be getting any money, and the device has a compete history of all transactions not only on it, but in the database of the central processing agency/bank, and it's easy for them to put all the money back where it should be.)
On a PC, we need one more step. Not only a one-time pin that is good only for that transaction, but a "return pin" that is displayed on the screen after the transaction processes. This should be a pin you can set personally, in advance when you create your online access account, that's a 4-8 digit code that you recognise for any transactions on their site. If you're spoofed, you'll know instantly, and can contact your bank. They'll of course need to validate your selected return pin with that company, but at least you can stop payment on the transaction and list the account the payment was redirected to as a phishing account and if possible have it either closed or blacklisted. Better yet, since almost all of us have cellphones, why not have the return pin and transaction details sent to you via txt (or mobile e-mail if text cost you money). that way, if you're the kind of person that uses the same pin everywhere, if your home PC was compromised they still couldn't fool you.
On the question of "should people be held responsible for the security of their own PCs" I say YES! Though it's not really possible to securely ID whether a PC on the net has proper security software installed or not (any program that would check for such would be a quick target of hackers and regardless of how secure the application was, it's output can allways be spoofed). What an ISP CAN do however is identify key activity like DDoS activity, heavy SPAM traffic, etc. Most bots are easy to spot, and even if they can't ID which one of your PCs is infected, they know your external ID, and from their databases they'll know your router MAC address, and can remotely shut it down and call you to let you know why.
If your machine infects another because it did not have up-to-date antivirus, or didn't have any at all, then you should be liable. If you loose money because you're insecure, your bank should offer services to assist getting your money back, (because no matter how secure you are, there are allways zero day exploits to worry about and phishing redirection) but they really can't prevent it from getting stolen.... (they can secure their own systems from direct attack, but a transaction is a transaction, and if it came from your PC with your password and pin, then as far as they can tell, it's real).
Public access PCs also need to be secure. If you do a banking transaction at a public PC that's been hacked, the owner of that PC should be responsible, unless it was a zero day attack and he was up to code on his security. There shuold of course be signs posted to let people know using a credit card on a public PC is just stupid, and the proprietor won't be responsible for monetary or other losses, but at the same time, if they're not at least attempting to secure their PCs, then maybe DHEC should have powers to audit and fine them. Securing public access to internet may really be no different then regulating food service quality. (of course DHEC doesn't have the staff, but DHEC could subcontract the ISP or some local IT firm to do the work until they staff up internally, or some specific branch is created for this job).
Don't argue with me that it's your personal right to use or not use security software on your personal PC. If you connect that personal PC to a public network, you need to abide by the rules of that public network. If you want to be naked in your house all day that's fine, but in public? no shirt, no shoes, no service! What you
1. User just deleted a "critical" data directory/file.
...unless upper management approves the IT costs associated with the item's recovery, or unless legal action is requiring it's retreval.
- Use group policy to prevent file deletion.
- Force all files to be stored on servers, and backed up centrally.
- Prevent local file storage by using strict quotas or preventing writes to local disk
2. User just deleted an OS directory and their computer will not run.
- The OS won't let you do this.
- User level accounts should not have permission to view files in OS directories, let alone modify/delete permission
3. User kept everything on his/her local drive and it just caught fire.
- enforce nightly automatic system re-image policies. They'll only do this a few times before they get the point...
- prevent write access to local drives/folders
- change policy to punish employees who use local storage for company documents (up to and including termination)
- redirect My Documents to a server
4. User wants an email from 3 years ago that user had deleted from his/her last computer 2 years ago.
- See Hippa or sarbaynes oxly. You may be required BY LAW to store all email for 1, 3, 5, 7 eyars, or indefinetly, depending on what business you are in. An auditor can ask for any e-mail from any year inside the window you are required to maintain, and if you not only can't comply, but don't have a documented process for HOW to comply as well as written records of periodic testing of your backups and archive processes, then you will fail your audit, and be fined MANY TIMES what it would have cost you to simply comply!
- buy a good backup system that supports brick level backups for e-mail and automated archival I recomend Unitrends for SMBs (under 4TB of data per storage server), EMC systems for enterprise customers
- Tell the user no!
- block all webmail, pop mail, and all other non-centralized (controlled, backed up, filtered, etc) e-mail access.
5. The legal department wants all email to/from Mr.X, Mr.Y and Mr.Z.
- see backup requirements... This should be easy if you have the equipment. If it's current e-mail RTFM.
6. User keeps getting infected with viruses.
- use a whitelist for web access
- deny web access to employees that don't require it as a business necesity
- use appropriate e-mail filtering technology
- Run up-to-date client side AV and Spyware filtering
- track which users continually get infected, and if it's from the use of outside media (USB or other media being brough from home, etc) block those ports and drives until the user shows certification that their home computers have been certified virus free. Ensure all imported media is scanned before becoming accessible to the user (most corporate AV products support this option)
If you have a corporate network and at least 1 server (if you only have one, get a second one NOW!), then you should be running corporate or SMB versions of all your software and security systems. All access to resources should be centralized, users restricted with domain or group policy, and all content filtered and controlled. This is a cost of doing business. Your backup systems and security licences should be approxamately 25% of your total annual IT expenditure (including internal staff slaries, outsourcing, and all). If you have not spent this much yet, do so now. If you can't afford to spend this much, change your business practices to accomodate doing so, or get rid of your service in favor of a managed service contract.
Backups should be moved off-site daily. If you can't move them off-site to a controlled, secure environment (like a bank) then you need electronic off-site data backup or replication. There are hundreds of firms that can provide you these services.
If you don't know how to do any of these things (or some but not all) hire a consultant. NEVER attempt to perform an IT task alone that you have not been trained to do or practieced in a lab
You mush have been in a shady place, or this was a long time ago. My firm serves nearly half of the school districts in my state, and I can attest, there's little or no piracy, and any found is dealt with swiftly.
Most PCs around here are provided by grant money or government programs, not local school budgets. Even the teachers are not allowed to use grant provided PCs in their classrooms for their own use, they have to have a completely seperate, school provided system just for themselves. My wife teaches at a school here. When her classroom PC crashes, she can't just sit in front of another machine and log into groupwise, or hook it up to a projector, even though it has all the software she needs to do that. She has to get her classroom machine fixed or replaced by maintenance. Since the network is closed, her personal laptop is useless, and the smartboard software it tightly controlled by the IT department so she can't get it installed on her notebook as a backup...
All of the schools here have TIGHT audit controlls on software rollout. PCs are inspected several times per year by IT staff (usually through remote monitoring software), and at least once anually by 3rd party auditors hired by either state or federal agencies to ensure grant compliance.
User accounts are also tightly controlled. They don't even have permission to change their desktop backgrounds... They can't install software at all (except for self executing binaries, which the use of violates district policies). They have very strict file management rules, and teachers can be disciplined or suspended without pay for violating IT use of systems.
They're so touchy because if they fail an audit, they can be immediately disqualified from future grants, loose their e-rate purchase status, or pay heavy fines.
I don't know where your school was. Was it private? If not, likely they've been punished severely by now, and if you go back there, I'm sure you'll find IT to be a completely different world.
btw: why didn't you turn them in? Don't you know that not only Microsoft, but most other major firms have a policy of paying you a percentage of the fines and licneces collected for violations you report? A school as bad as you claim could have gotten you tens of thousdands in hard cash if tyou turned them in!
Inside our own company, even being an IT services firm, our employees are not permitted to install software or modify their systems beyond simple user preference levels. We don't lock systems down since we're all engineers here, but even still, everything we need or want goes through helpdesk. We're not allowed to service our own systems even if we have the knowledge, because the company has to keep a very tight check on software install counts, etc.
As for our managed customers, we use combinations of group policy and user rights to prevent users from using local drives for storage by installing extremely small quotas (like 10MB!) with the exception of their personal music and pic folders. To prevent abuse, only jpg, bmp, mp3, aac, and wma files are permitted in those folders (batch scripts auto delete everything else periodically) We block the creation of additional drive letters (which prevents thumb drive use, and thus remote software applications), and use network monitoring software to see who has what applications installed. We also block known network sharing ports directly at the desktop level to prevent iTunes and other media sharing from swamping the network, and limit each user via QoS to a relatively small piece of bandwidth. everyone goes through websense and has a white list of addresses based on their user classification. Access to additional sites requires IT approval.
We don't outright prevent the installation of programs. Users can install their own stuff from their own licences if they wish, however, we track all installed programs on all PCs, and we have a list of forbidden applications and will remotely remove them and discipline employees for violating this policy. If they want to install a simple game to play on their breaks, that's fine, but things like Google Desktop, helper apps, P2P etc are forbidden. If employees need a program to do their jobs, we should already know about it. there's a list of programs in the distribution server. If they need one, getting it installed is a helpdesk request and appropriations signature away so volume licensing can be tracked. All company software is rolled out from the network.
UPS trademarked brown for use in relation to delivery services only. Besides, when a brown truck pulls up, you know who's it is. When someone says we're shipping brown, you know how it's coming. Brown is clearly associated with UPS's legacy.
besides... April fools.
Um, yea. T-mobile color is a blue shade.
/.ers were better than that :)
Did ya happen to notice it was filed YESTERDAY... April 1?
Damn, and i though
Mailing an envolope to yourself by itself could be sent opened, however, mailing a certified letter requires the envelope not only to be sealed, but the certification is placed across the back of the envelope covering the seal. when recieved, the return receipt is also dated and signed by you, then kept on file with the post office for many years (7 at least). There's a comments field on the certificate for to indicate the envelope's contents. Note the type of invetion contained therein and it should be fair proof of your prior art.
Of course, to go through all this, why not simply have the documents notorised... It's probably cheaper to do so.
You'd also need to prove not only that you came up with the idea, but also that you worked on attempting to bring it to market. this would likely mean a mock up or prototype. For a program or function of a program, at least flow charts if not actual sample or speudocode would be expected. You need to get a lot farther than a simple description in a blog. You need images, plans, design ideas, workflow, analysis, etc. I know a guy who files patents every few months in magneto radioscopy (MRI and megnetic probe research). The amount of work is insane, and the language and method for composing images is very specific. Even after several dozen granted patents he still has some sent back for editing that get declined.
Finally, you have to satisfy the ruling that the idea can't be hidden or obscured. It would need to be published somewhere... Somewhere at least resonably obvious like a trade magazine related to the field for the product.
For all the effort, and with lawyers able to refute most of what you could at some level prove, it's more likely they'll win, not you. It;s about $1,200 to file a patent, plus legal fees and drawings. More if you actually want to do a search to see if it's already been patented before you file. If you have a really good idea, do a search. If noone else patented it, you should. If you can't afford to, a lot of companies will do it for very small fees, in exchange for a sizable cut of the profits if someone licenses your ides (or if they're a patent troll and sue in your name).
OK, I actually read the article because I had to see how stupid this really was...
first, it sounds like by adding a 2nd sound card that 1 of them can play WMA while the other can play iTunes. You get 6 chanels, but you can only play 2 different songs at a time, and only if you have both a WMA library and iTunes. If you have only iTunes like I do, then all this is is a multicast system with up to 6 chanels.
With a laptop, airtunes, appleTV, or any numer of other devices, you can use shared libraries to do this over wifi, and play different songs in each room at the same time... plus, you don't need a 2nd sound card, don't need dedicated speaker wiring to each room, don't need custom, proprietary controller panels in each room, shit you don't even need all your music on one machine. if you have a lot of WMA and iTunes tracks, run WMC and iTunes.
So big deal, you have some iTunes DRM'd music and some WMA at the same time. unless we're talking about having hundreds of both, then you could simply convert the songs to non-DRM songs. You can do this in iTunes by 1) ripping to CD and back to MP3, 2) paying $0.29 each to upgrade to 256 bit non-DRM, or 3) crack the files. For WMA, if the application you like doesn't support DRM to CD encoding, then just crack the files.... Even if you had to do this true and legal, and you wanted to buy all new tracks in iTunes and eliminate WMA from your home, doing so for even 500 tracks or more will cost you less that this solution will, a LOT less.
This product is complete lunacy, targeted at morons who don't know any better.
iTunes already supports multiple streams and complete control at each endpoint.
If you want an integrated system, I can hook you up with companies that install in-home room to room paging panels that support MP3 and FM playback from a central server. a 5 room, 5 panel installation, including speakers, will run you $3000-4000 and all you need is an XP box or NAS device to put all the music files on. (and you could STILL use iTunes on wifi outside on the deck, by the pool, etc).
this "itty bitty" company the author loves so much is going to be bankrupt soon...
The US government regrets to inform you that due to suspected illegal activites detected from your systems that your systems have been actively neutralized. A virus is now infecting your machine that has already spun your CPU cylces into increasinly higher activity cylcles. This will cause your system to overheat and fail in 5, 4, 3, 2, 1...
PS: the melting of materials in your CPU can emit toxic fumes that are known to be a health hazard. Do not breath fumes that may eminate from your computer or firewall. Also, we suggest you get a fire extingusher...
PSS: if you feel you have been inapropriately targeted, please simply purchase a new PC, connect to the internet from a known secure and untargeted location, and file form "GFYS-2008-A" with your local FBI office so we can file it for 7 years and if your lucky respond by admitting no fault and denying your claim since by then any evidence will have been destroyed by presidential executive order, including the backup tapes plus we've just destoryed any evidence YOU had. haha.
- there are AV tuners and TV recording capabilities for Apple systems (Happauge makes a few as well as others) Windows has no integrated native apps for it, just hardware and 3rd parts software support same as Apple.
Windows Media Center?
--Media center is a sharing server, and you can use it to control the tuner, but if you buy a 3rd party tuner it comes with this type of software anyway. FrontRow does most of this anyway, but since Apple doesn't sell a TV tuner, they don't develop custom software to schedule recordings... It's kind of irrelevent anyway because even with a tuner, you can only record OTA broadcasts or old analog cable (which is getting turned off in my area in a few months).
- Network projector support on Windows is via 3rd party apps only. Same as Apple for which software IS available.
It's built in, right on the start menu...
--OK, missed that one. Either way, I looked up several network projectors, and every single one had a Mac driver for both wireless and physical network connections. Non-issue.
- There are a lot of network storage appliances for Apple, including OS X server. Listing Windows Home Server doesn't count as a plus in Microsoft's corner since it's not "out-of-the box" and requires additional software installed by the server to do these things. Vista does NAS no differently than Apple without a real server behind it... They both access network USB the same, though 3rd party drivers or network shares. Apple also supports more than just SMB shares, so I even lean on their side on this a bit, but still call it tied.
Windows Home Server doesn't require the client for use as a file server, only for notifications and automatic whole-system backups.
--Backup is handled by Time Machine much better than WHS anyway, but if all your doing is file sharing, why buy a server to manage and not just a simple NAS???
- Automator is a sync tool when set up. Better yet, configure rsync (included) and sync only delta changed packets instead of whole files... Sure, it requires some know how, and Windows Sync Center is easier to use, but it can't be used on business editions anyway...
rsync dosn't work with files over 2-4GB in size last I heard.
--rsync is dependent on file system support of the file size, latest rsync binaries do support over 2GB, but both the target and destination volume must support this, and both versions of rsync. Windows Sync has issues of it's own, including max path length of 240 characters which really sux since Vista istelf allows longer paths...
- Presentation mode? Are they referring to PowerPoint? That's not included in Windows, plus both PowerPoint for Mac 2008 and Keynote do this (and more).
Presentation mode is a mode for the whole PC to be in, not an application.
--Well, it;s not a simple button to click on, but it can easily be simulated in automator. If you use keynote, this isn't an issue anyway since the display is seperate from your desktop.
- Automation Features - apple has lots, Windows has a simple task scheduler to lauch batch files...
Scripting support, etc. etc.
--Scripting support??? You mean VB? Sure, if you'r a programming geek... Automator can do a TON without a single line of code (or typos, or need to know switches or ream MAN pages). Beyond that, you can use Applescript, and incredible powerful object language. And if you ARE a programmer, you can use Korn Shell, which is FAR more powerful than Microsofts comand line tools and scripting. They simply don't compare.
- Security - Apple wins since Admin access is disable by default and their firewall is superior, plus not a single ITW virus for mac and little or no spyware (might change in the future, but not a concern now)
a Mac is the only system I've actually encountered a Virus on, but that was in the 68k days
--if you've not encountered a virus on a PC, you don't use them much... Of course, what's defined as a "virus" years ago and "spyware" today are about the same thin