windowsnerd.com » security

Mac users – I told you so, John Dvorak did too

Nerd — Tue, 17 Apr 2012 03:14:39 +0000

Nice to see some predictions come true. From my own blog here in 2009-

With today’s news of Snow Leopard including some sort of anti-spyware/malware (i doubt antivirus.) I decided I should compile a list of my favorite mac holes for the macholes that seem to say there aren’t any. The culture will shift once AV/ASW is installed on all Macs, so the fun of prodding them will go away. So to all the macholes who say there is no such thing as a security threat to Mac, grow up. Your time is coming. When you play with the big kids, you get more 3rd party hardware, software vendors, and lots of problems. Muhahahah. spoiled brats.

6/2009 http://www.theregister.co.uk/2009/06/11/mac_malware/

7/2009 http://www.theregister.co.uk/2009/07/21/andrews_video_malware_ruse/

—————————————

Well to add to the list for famous mac munching software -

apple defender/Antivirus scam

Flashback

Sabpub

I have plenty of saved up forum posts about how Macs are invincible. It is sad to see macs getting attacked, but in a way it is nice to be able to say “I told you so. ” and be 100% correct on all fronts. Macs aren’t invincible. No platform is. The market share argument is valid. Virus is like Kleenex unless you really say things like “please hand me a Scott Tissue to wipe my Apple Macbook Pro keyboard.”

I think the moral of the story is that people are sheep. If a strong shepherd like Mac tells the sheep they are safe, they will believe them. It isn’t really their fault, they are stupid. We need to go after the assholes that tell the sheep they are safe.

OSX Flashback shows apple innovating something in security. wait what? Apple and security in the same sentence?

Nerd — Sun, 15 Apr 2012 17:12:33 +0000

Apple did something brilliant. They might not be good at security, in fact they pretty much always suck at it. This forced them to create something new and just brilliant. If a user doesn’t use Java for X time, it SHUTS OFF! How incredibly obvious but new is that? How cool would it be if telnet got disabled after not being used for a few months on a windows box?

http://www.theregister.co.uk/2012/04/13/apple_releases_flashback_removal_tool/

This new process of disabling after a service is not in use needs to become the standard for all platforms.

Change remote desktop port for Windows 2008r2 and below

Nerd — Tue, 07 Feb 2012 23:51:35 +0000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

modify the value, switch to decimal unless you want to be fancy and figure it out in hex.

restart the computer or if you are lazy like me, restart the remote desktop service then reconnnect.

Automatically patch your mom’s computer with Secunia PSI

Nerd — Sat, 21 Jan 2012 01:16:55 +0000

I use Dell Kbox for patch management, which I can’t afford for home at ~$3k a year. For home Secunia PSI is great. It scans the machine once a week and installs all the patches it can. Adobe products, java, 7zip etc seem to work really well.

When you first install it there will be programs like adobe air that don’t seem to be able to update. Follow the links in secunia and it will run you through the latest versions again. I’ve been using it on all the family machines for a long time now and rarely have an issue to fix manually. I highly recommend it.

Anyone know of a better free tool? Leave a comment!

Remove spiceworks ads

Nerd — Sat, 19 Nov 2011 02:22:55 +0000

A few people over the last few years have asked me why spiceworks doesnt show ads when I show them my interface. The hosts file from MVPS.org will block spiceworks ads.

I don’t recommend doing this in order to block their ads. It is how they make money to build the product. If you use it for work, this is like cutting off your toe so you don’t have to look at it.

I would recommend putting the hosts file from MVPS.org on every machine in your organization for a jillion security reasons. You need to dog food it and run it on your computer. Just sayin, a side effect is that Spiceworks ads will be blocked if you keep it updated.

If you use Spiceworks for your business and choose not to pay the ads, think about it for a minute. I pay between $3-4k per year on a Dell kbox I used to replace Spiceworks. Are you going to pay the same when you bankrupt their model? Maybe just send them a check for saving you some time. I’m telling you the people there are really cool. Helping Austin stay weird. I might have disagreements with how they run their software, which is fine and why I moved on to a different product. But I think the nerd world needs the Spiceworks staff and community more than they realize.

Spiceworld 2011 streaming live today

Nerd — Thu, 20 Oct 2011 14:01:48 +0000

http://www.spiceworks.com/spiceworld/2011/

check it out, they have a lot of great stuff added.

Extreme Couponing – Dangerous and mostly illegal

Nerd — Sat, 21 May 2011 14:22:00 +0000

Watching the TLC show Extreme Couponing immediately leaves a computer nerd with a skeptical feeling. Coupons today are driven by an incredible data mining corporate machine, it is hard to understand the $/hour cost of couponing and selling your soul vs getting a job. A little googling shows the illegal status of bar code fraud that many of the TLC couponers use. Navigating the minefield of bargains available on the web is tedious and leads to spyware, tracking and a complete lack of online privacy.

For today the windowsnerd prediction is that the TLC show will end after enough people get in fights with supermarket managers or go to jail and sue TLC. If there was a phenomenon where you could get $1000 worth of groceries for $30 consistently, companies will go out of business, people lose jobs. The show decided to highlight an anomaly that can’t be sustained on a large scale. Too bad for them.

Later on it might be interesting to study the amount of spyware, cookies, etc that come along with a standard visit to some standard coupon locations. Slickdeals.net, coupons.com etc. More interesting would be a list of statutes violated by the bar code scam. Is is possible to be charged with a felony for enough coupon scamming?

Why Apple has difficulty in the corporate world

Nerd — Sat, 02 Apr 2011 17:10:25 +0000

I’m tired of absolute statements like being accused of hating iEverything. I like an ipad for surfing the web on the couch, ipad for listening to music and supporting clueless users on a mac. They can’t figure out how the hell to fire up vi, how are they going to break it? That is great for home. Super great. At home, mac is cool just like sony or microsoft is if you keep all the same gear working together.

I disagree with the use of Apple tech to solve corporate problems. I work with protected information and use standard tools every corporation should be using. The problem with Macland is that Apple does not support secure computing. Try writing email to their HIPAA support address. So far they have not responded to a single one of our emails in the last 3 years. They don’t exist. Apple has no FIPS-140 support. They do not have a single certified device on the NIST FIPS 140-2 list.

Apple is like a gold hammer if home computing is a kind of nail. Works pretty well together and looks nice. But the hammer is expensive and has to be replaced pretty quick. When you smack the business screw with the gold hammer, all kinds of crap goes wrong. Eventually when your business puts a heavy load on the screw, everything will fall apart. I’m looking for the right tools to go in my toolbox. Not the one the popular comedian on TV uses. I’m a professional IT person, not a comedian.

I’d like to start a table to show a comparison of just Dell laptops with Windows, Red Hat vs Apple full OSX and iphoneOs. I’d like to stick to features useful to a medium to large business, not a group of 10 developers. Over time I’ll add links to each item to show a source for data directly on a government site. For the most part this is a cheat sheet for myself but if anyone else finds it useful let me know.

To the apple fanbois who will find this site, if you have helpful comments to keep this accurate, fire away. Just keep in mind that I’m in the big kids playground where Ford vs Chevy doesn’t matter. Individual products that meet government requirements matter. FIPS 140-2, HIPAA, HITECH, FDCC, USGCB are the types of regulatory issues I have. If you don’t have emails coming to your inbox every day with compliance reports… well just keep your flamebait to yourself please. You can’t learn about this stuff overnight. It takes years and a decent size staff. Until you have lived in that world, you don’t shed bias to examine this rationally.

I believe this is accurate as of March 2011.

	Dell Windows	Dell Linux	Apple Laptop	Apple ipad

Theft recovery
GPS location available from hardware	absolute.com	absolute.com	none	yes
GPS activated by cell	yes	yes	no	no
Tracking not dependant on OS	yes	yes	no	no
BIOS doesn’t allow turning off GPS tracking	yes	yes	no	no
Geofence autoalarm	yes	yes	no	?
Central web console to track all corporate users	yes	yes	no	no
Police will pick up your stolen machine	yes	yes	no	no


HIPAA
FIPS140-2 approved components in the OS	many	many	none	none
FIPS140-2 integrated smart card option	yes	yes	no	no
FIPS140-2 integrated fingerprint reader	yes	yes	no	no
FIPS140-2 disk encryption built into OS	yes	sortof	no	no


FDCC compliance available	yes	no	no	no
USGCB compliance available	yes	no	no	no

Physical attributes
Laptop dock available	yes	yes	no	no
multiple monitor support without extra hardware	most models	most models	no	no
More than 8GB ram available	yes	yes	no	no
More than 1 internal hard disk available	yes	yes	no	no
3 SSDs/48GB ram in a laptop	yes	yes	no	no
more than 2 usb ports	yes	yes	no	no
third party batteries and power cords	yes	yes	no	no

Warranty
Work can be done onsite	yes	yes	no	no
Warranty can be extended to 5 years	yes	yes	no	no
minimum 1 year phone support	yes	yes	no	no

Servers
Company sells servers	yes	yes	no	no
Full support with dell kbox	yes	some	some	some
SCAP scanning with kbox	yes	no	no	no
driver and firmware updates automated with kbox	yes	no	no	no

iphone vs droid – missing the point, you want the best ladder to your cloud

Nerd — Fri, 25 Jun 2010 04:17:24 +0000

Thats about it. if you are an iwork ilife ifanbois, the only phone for you is an iphone. If you love google apps like me, get a droid. You want the best ladder up to your cloud. Both have more apps than you can shake a stick at. Can you really filter through 80,000 apps available on the google phone? Do you really care if 60% of droid apps are free? No, you want your ladder to your cloud.

Unless you have HIPAA, PHIPA, SOX, CISSP, work for DoD, or just a company who values privacy. Then you get a Blackberry and download the right apps. There should be no such thing as an iphone or droid at a company who has security requirements. Please tell me I’m wrong with citations of how an iphone or droid is fully compliant with FIPS140-2 and is listed on the appropriate NIST site so I can show my attorney. Then I will snuggle up in my happy google cloud or let my coworkers get all happy in their iphone cloud.

I do envy you people who are arguing about megapixels and screen size. Not becuase your petty arguments have merit, just because I want the happy ladder instead of the Escher staircase.

One side note- I still challenge anyone to show me an iphone app with a real business use for me that can’t be replicated by blackberry or droid. So far it doesn’t exist. I think these are all fairly equal platforms and just flavors, not fat vs carbs.

CRN libel against ipad

Nerd — Tue, 27 Apr 2010 17:35:18 +0000

I’m not always the biggest fan of some of the things Apple does, but I think the Ipad is pretty darn cool. When CRN posted this story, I was a little offended at their assertion that the ipad is the target of the back door. It is not. Windows is the target. I am no lawyer, but I am guessing this is straight up libel against Apple/ipad. http://www.crn.com.au/News/173074,backdoor-malware-targets-apple-ipad.aspx