Automation – The Impact Point For IT Operations

With ever tightening budgets, and the constant requirement to continue to improve operational efficiency – the impact that automation can have on IT operations is quite dramatic! Considering all the operational elements that have to be considered to provide the proper levels of service to the user community…the injection of automated tools into the process is no longer an option.

For many IT organizations, the solution to the problem has centered around the deployment of a series of point solutions to address the core set of requirements from the discovery and management of asset and inventory data (virtual or non-virtual), the assessment of any potential for risk (vulnerability scanning, patch management, AV…), as well as performance management and monitoring…just to name a few.

This approach, while acceptable…does not promote what I would categorize as “aggregated efficiency”. Trying to evaluate the condition or state of your environment by collecting (independently) the results derived for various point solutions is OK, but not the most efficient way to address the day to day challenges of managing an IT environment. In order to truly drive greater efficiencies, save money while at the same time improving service levels…what’s necessary is a single solution (one with as complete a set of functionality as possible) to aid IT operations relative to managing the time-consuming daily tasks that are currently disconnected.

There is a better way! There are solutions on the market today that will help assist IT operations with this quest. Selfishly, here at Shavlik…we’re moving quickly into the IT Management area with a SaaS based platform, that over time could become the Swiss army knife for IT operations. This technology of ours is being designed to address the core set of requirements necessary to effectively manage an IT operation – but in a far more aggregated manner. If you get a chance…check out what we’ve developed so far, you might find it of interest! The URL to access the application is https://it.shavlik.com/. The application will go into a Public Beta phase in mid-February.

Dave Eike

Shavlik Technologies

Is attack against Google (and others) a world-changing event?

George Kurtz, McAfee’s worldwide chief technology officer, has blogged about how the Internet Explorer vulnerability – called “Operation Aurora” – was exploited, and going so far as calling it a “watershed moment” for cybersecurity.

“What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property,” said Kurtz.

Click here for the complete content of Kurtz’ blog.

For me, this feels a lot like the 1993 movie, Groundhog Day, with Bill Murray. It hasn’t even been a year since security and operations chastised our industry for over-hyping Conficker. McAfee seems intent on stirring the FUD pot over the latest zero-day exploit in Internet Explorer.  Is this déjà vu all over again?

But now word comes that Google — the literal and figurative face of this exploit — is investigating the possibility that some of its employees in the China office may have facilitated the attack. Google won’t comment on the ongoing investigation, but Reuters is reporting that some Google China employees were denied access to internal networks after January 13, while some staff were put on leave and others transferred to different offices in Google’s Asia-Pacific operations.

Watershed event for cybersecurity? I don’t know. Competitors have tried to steal one another’s intellectual property through illegal means since some caveman figured out a better way to make fire. What we know today is that to neutralize this exploit, you need to apply MS10-002. Do it today.
Director, Product Marketing

New Microsoft Security Advisory Announced KB979682

On the heels of the out-of-band patch announcement by Microsoft yesterday, a new security advisory (KB979682) has been posted by Microsoft.  Microsoft is currently researching reports of a vulnerability in the Window kernel.  It is important to wait for Microsoft’s research findings before jumping any conclusions on this report.  We have seen in the past few months of claimed zero-day vulnerabilities that were not software vulnerabilities.

Although, keep an eye on the security advisory to see if Microsoft acknowledges the claims and provides details and possible workarounds.

– Jason Miller

Out-of-band January Patch Day Number 2

Microsoft has gone out-of-band from their normal release cycle for a critical security bulletin release.  The bulletin addresses the zero-day vulnerability described in Security Advisory KB979352.

The last time Microsoft went out-of-band for a security bulletin was last July.  That bulletin addressed vulnerability in the ATL library.  Unlike the July out-of-band release, this bulletin fixes a zero-day exploit that is currently being attacked.

This bulletin, MS10-002, applies to all supported versions of Internet Explorer on all supported operating systems.

Only 1 of the vulnerabilities has been publically disclosed and is currently being used in targeted attacks.  The other 7 vulnerabilities addressed by this bulletin are not publically known and are not being used in attacks.

It is important to note that this is a cumulative update for Internet Explorer.  Multiple vulnerabilities are addressed by this bulletin.  With each patch, administrators should test the patch to ensure functionality is not broken in Internet Explorer by the fixes.  In the case of this patch, Administrators should deploy this patch immediately to all servers and workstations as the exploit code has been published for the one known vulnerability.

Microsoft typically releases a cumulative Internet Explorer update every other month.  February’s patch day would mark the usual schedule for a cumulative release.  Microsoft rolled the fix for the publically known exploit with the cumulative update.

-Jason Miller

MS Out-Of-Band Bulletin Release Date Announced

Microsoft has just updated their advanced notification page for January 2010.  They will be releasing an out-of-band patch for the Internet Explorer zero day exploit tomorrow, January 21.

More information can be found here.

They have also updated the Security Advisory with more details and clarification around the vulnerability.

– Jason Miller

Out-of-band Bulletin Coming From Microsoft

Microsoft’s MSRC just announced that Microsoft will be going out-of-band with a security bulletin release.  This release will fix the highly publicized Security Advisory KB979352.  Tomorrow, Microsoft will announce the timing of the out-of-band release.

This is the second out-of-band in a row that Microsoft will be giving administrators advanced notification on an out-of-band release.  This is extremely helpful as everyone can prepare for patching versus having to scramble with unplanned patching.

Stay tuned tomorrow for more information from Microsoft.

– Jason Miller

When are you upgrading to Windows 7?

In a recent blog posting by Kristen Caretta for SearchCIO-Midmarket.com, she points out that many mid-market companies are holding off on migrating to Windows 7, mostly due to the clean-install process and costs to upgrade.

After seeing this article, one of my associates asked me how many Shavlik users have migrated or are planning to migrate to Windows 7?  If the majority of you are holding off on the migration, this would not surprise me for many reasons.

1. Isn’t Windows 7 built on the same technology as Vista? For those who tried Vista and really struggled, thinking about going to Windows 7 probably had you a bit gun-shy.  Who could blame you?  My personal experience on Windows Vista x64 (to take advantage of the RAM, I run a lot of VMs locally)… My domain profile blew up 4 times causing authentication issues with Exchange, SQL, etc resulting in time spent with IT to remove me from the domain and re-add me.  I downgraded to Windows XP x64 which I cannot say was much better, but I was able to use the additional RAM and did not have to spend quality time with IT once a month.

2. Time and money. IT is already strapped for time and do not have budget to bring on temps, add head count, or pay out overtime to do the upgrade.  It also takes time and money to provide user training on this new operating system.

3. Complexity. I have been through a number of OS migrations.  On my personal machines I started back in the Windows 3.1.1 days.  95, 98, 98 SE, 2000 workstaion, Mellenium (I skipped this one, but my roomate in college had a great time installing then reverting back to 98SE), XP, Vista, and now Windows 7.  I have also been part of Windows Server and Novell migrations at a former company.  No OS migration is smooth.  Upgrade installs almost always result in short term gain, long term loss.  Fresh installs take longer, but are cleaner in general.  For XP to Windows 7 it is a Fresh install, but the install of Windows 7 lets you keep the old OS on the hard drive so you can access files.  This takes up drive space, but you know you have all the data just in case.  Upgrade or Fresh install you will encounter product or hardware incompatibilities.  There could be a long road of support issues to get everything back to normal even with adequate testing in advance.

So for those of you in the Shavlik Community, what are you doing today regarding Windows 7?

[polldaddy poll=2550631]

-Chris Goettl

New Microsoft Security Advisory Published (979352)

Microsoft has just published a new security advisory.  This advisory affects Internet Explorer and can lead to remote code execution on machines.  There have been reports of limited targeted attacks which makes this a zero-day exploit as there is no patch available yet for this vulnerability.

Microsoft has posted a couple of workarounds to help mitigate this risk:

  • Set your Internet Security Zone settings to “High” for ActiveX Controls and Active Scripting
  • Set Internet Explorer to prompt or disable Active Scripting
  • Enable DEP for Internet Explorer

With a vulnerability like this, it is very important to be aware of phishing attempts through email, instant messaging or Internet sites.

Because this affects Internet Explorer and is a zero-day exploit, we can probably expect an out-of-band patch release in the coming days/weeks before February’s patch Tuesday.

This could be related to the Google breach reported a few days ago as the advisory page cites Acknowledgements to Google, Adobe and McAfee.

– Jason Miller

SQL Database Maintenance

If you are at a company that is running Shavlik products on a full SQL environment and have a DBA on staff with SQL maintenance and backup policies already running against our DBs, great!  If you are running SQL Express or full SQL but don’t have a maintenance and backup plan in place, please keep reading.

A DB that has no maintenance procedures being run against it is likely the single biggest cause of an upgrade issue that is encountered and the root cause of many GUI performance issues that can be mitigated and, in many cases, resolved by proactive maintenance on the DB.  Below are our recommendations for good regular maintenance on your DB so you keep it running slim and clean for good performance and to reduce issues.

Keep in mind this is a starting point.  If you have regulatory needs that require more data kept live you should adjust to keep more data live.  If that is the case you may want to analyze how frequently you are scanning.  1000 agents scanning 8 times a day will grow your DB at a much more rapid rate than once per day or once per week.  And in most cases, you don’t really need all of that data.

Recommendation for regular DB maintenance:

Data Retention: Determine the amount of data that needs be kept on hand for operational purposes.  Typically 60-90 days is acceptable for operational purposes.  Configure PurgeOldProtectData utility to cleanup anything older than that number of days and schedule task to run monthly to clean up the DB.

http://supportteamblog.shavlik.com/2009/12/31/new-use-netchk-protect-7-2-to-purge-old-data-using-a-powershell-script/

Reporting: Determine what report data is required for auditregulatory requirements.  Run monthly reports fulfilling these needs and keep on file as far back as policy requires.  Typically 13 months is acceptable.

DB Backups: It is recommended to run weekly incremental and monthly full backups.  The backup should be run just before your scheduled purge.  Keep backups as far back as the reporting data.

DB Maintenance Schedule:

Backups: full monthly, just after patch maintenance for that month.  Incremental weekly, end of each week (after weekend patch windows preferably).

Purge Data: After Full Monthly backup is run

Reindex: After Purge Data is run

Integrity: After Reindex is run

Full SQL Maintenance Guidance:

If you are using full SQL it is easiest to setup maintenance plans using the maintenance wizard.  Microsoft has some documentation around common SQL maintenance at the following link including how to use the SQL Wizard to setup and maintenance plan:

http://www.networkworld.com/subnets/microsoft/110107-ch8-sql-server.html?page=2

If you are using SQL Express the maintenance wizard is not available.  In that case you can use the SQLCMD command line interface to run stored maintenance procedures or you may look into some tools created by DBAs to wrap these commands into an easier interface.  One tool that works very well is ExpressMaint.  Using either of these options you can write a script to handle the maintenance and schedule using the Microsoft Scheduler on the frequency you desire.

http://www.sqldbatips.com/showarticle.asp?ID=29

Example script for SQL Express to do a full backup, reindex, and integrity check using the ExpressMaint utility:

Expressmaint -S (local)SQLExpress -D ShavlikScans -T DB -R C:Expressmaint -RU WEEKS -RV 1 -B C:Expressmaint -BU WEEKS -BV 1 -V -C

ExpressMaint -S (local)SQLExpress -D ShavlikScans -T REINDEX -R C:Expressmaint -RU Weeks -RV 1

ExpressMaint -S (local)SQLExpress -D ShavlikScans -T CheckDB -R C:Expressmaint -RU Weeks -RV 1

– Chris Goettl

Edit: For NetChk Protect 7.8 Customers you should use the DB Maintenance Feature in the product.

Adobe Bulletin Details: APSB10-02

Adobe released the patch for Adobe Reader and Acrobat earlier this afternoon.  They have just released the details around the bulletin.

  • This patch addresses 8 vulnerabilities:  CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324
  • Rated as Critical
  • Affects Adobe Reader / Acrobat 9.2 and earlier, Adobe Reader / Acrobat 8.1.7 and earlier

One of these vulnerabilities has been actively exploited lately.  You should patch your Acrobat and Reader install base as soon as possible.

– Jason Miller