Shavlik NetChk Protect 7.8 Beta Coming Soon!

NetChk Protect 7.8 is nearing Beta.  We have a good list of participants started already, but there is room for more. Requests will be on a first come first serverd basis.  If you would like to participate please contact us at Beta@Shavlik.com.  This release boasts many new features, but there are a couple in particular that I know people are interested in.

Agent SP Deployment:  Now you can approve SPs and allow the agent to deploy them in a more automated fashion.

VM features:  Template support, snapshotting, state aware scan and deployment to on and offline VMs.

Archive File Support:  This will open up to more supported products, but I will just say one thing and I know many of you will understand what I am talking about.  Bye bye Apple Application Support.  Yes, this is the release where we say goodbye to the pain of patching Apple products.

DB Maintenance: Purge old data script is now built into the product under this new feature set.

There are many more new features to play with.  Join the beta and get an inside look at the exciting new feature set coming your way around mid March.

Regards,

Chris Goettl
Agile Product Owner
Shavlik Technologies

Can someone just shut down the internet?

Wow.  The last few days have seen some amazing events that I never thought I’d see in my lifetime.  First off, my prayers go out to everyone in Egypt for safety.  It’s truly scary the events that have happened over there, but first and foremost I hope for peace in the country and safety to all individuals that are in the middle of the political and social events that are occuring.

On Friday, I had a reporter call in to speak with me about the events and some of the things that had transpired.  For those of you that might not have followed the media reports too closely, a truly landmark event happened in Egypt.  In a moment, the country shut down it’s internet. — I mean all of it.  No one in the country had inbound or outbound access, likewise communication vectors too were shut-down thereby cutting off reports to the outside world.  It truly was amazing.

For a technologist like me, the thought of losing the internet is scary.  To be honest, as I write this, Charter Communications is headed to my home to fix my internet connection which has been out since this morning.  At the same time, with so many avenues to access the internet, my life is not stopped… I have my Android mobile hotspot via my Droid Pro device, I have my aircard for my redundant backup, but today, I’m leveraging my next door neighbor’s wireless connectivity which extends over my house quite nicely!  (On an aside, we have an agreement for internet sharing for times like these as we are on two different providers and he and I both depend upon access to the internet.)

During my call with the reporter, he asked me how it was possible that a country could disable a communication channel like the internet.  To be honest, until it happened, I didn’t think it was possible.  At the same time, since much of the internet access in Egypt is controlled by state-run or state-sanctioned organizations, they can definitely tamper more with the communications channels.  Last week, that’s exactly what they did.  Almost simultaneously, they ordered the shut-down of internet based traffic in and out of the country, and it worked.

The reporter then redirected the question to me and asked if it was possible for the event to happen in the United States?  — What’s fascinating is this reporter has spoken to me numerous times on Cloud-applications and thought that such an event would be crippling to a business.  I briefly joked that if our country was going to make such a step that business is probably the last thing on most of our minds.  Although garning a bit of a chuckle, the question was serious and one that deserves consideration.  While we know our government would never take such a step due to provisions in our constitution forbiding it, it’s conceivable that terrorism or cyber-terrorism could seek to disable our internet connectivity and therefore we should consider the possibility.

Regardless of the possibility, such an event happening on our soil would be incredibly unlikely.  The manner in which our internet services are architected and the sheer volume of communication vectors in and out of this country means no such attack could disable our internet connectivity.  In the past, we’ve seen hackers try to strike at the heart of the internet by attacking systems that countrol name resolution or routing, but all these attempts have ended in some minor delays in traffic or what I would classify as a mild “annoyance”.

When I wrapped up my media call on Friday, I have to tell you a small moment of thanks washed over me.  It occured to me the freedom of speech that we have has grown up as our technologies have matured and our freedom of speech now encompasses the freedom of internet.  While I’m appauled that such a maneuver was used in a political fashion, I’m happy to know no such threat exists here.

Rob Juncker

Microsoft Security Advisory 2501696 Released

Microsoft has released a new Security Advisory (2501696) today affecting all supported Windows operating systems.  A vulnerability exists in the way the MHTML protocol handles MIME-formatted requests from websites.  The exploit code for this vulnerability has been publicly released, but there have been no reports of attacks at this time.

Although the vulnerability exists in the operating system, the attack vector for this vulnerability is through Internet Explorer.  An attacker must entice a user to click on a malicious link to successfully exploit the vulnerability.  If an attacker is successful, the attacker could “spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.”

Currently, there are workarounds that you can apply to your systems to reduce the risk through registry settings.  These workarounds can be found on the Microsoft Security Advisory page under the “Suggested Actions” section.  Microsoft also released a FixIt package to help reduce the risk of this zero-day vulnerability on the SRD blog posting.
With the workaround, there should be no ill effects of it on your normal day to day functions.  The workaround will only prevent scripts running from MHTML links and viewing MHTML files.

– Jason Miller

New 3rd Party Product Support and Vendor Patches Available

The Shavlik Data Team is at it again in regards to supporting even more third party products.  Late last week we started supporting patching of the RealVNC product line.  Tomorrow, we will be officially supporting OpenOffice for patching as well.  You can expect even more product coverage this year as I am currently looking at the sheer number of products we are researching today.

On the patch side, Opera has released a new version of their browser with the release of Opera 11.01.  This release is a security release fixing multiple vulnerabilities.  The release notes can be found here.

Tomorrow, RealNetworks is planning to release a security update for their RealPlayer for program.  The release will fix a vulnerability rated “High” by RealNetworks.  The vulnerability was privately disclosed to RealNetworks.  More information will be released tomorrow, but you can read their Advanced Notification here.
– Jason Miller

Conficker Working Group Lessons Learned Document Available

As everyone’s focus has been on the Stuxnet virus and WikiLeaks, the news and information surrounding one of the biggest worms to hit the world has lost some traction.

Welcome back Conficker.  The Conficker Working Group released their “Lessons Learned” document yesterday.  The group took on the responsibility first hand with researching and limiting the infections from this very powerful virus.

The document, commissioned by the Department of Homeland Security, is very insightful on the timelines with the Conficker virus and the inner workings of the Conficker Working Group.  You can find the document on the Conficker Working Group website.

– Jason Miller

How Cloud Computing Can Save You Time & Money

One of the single greatest challenges facing any information technology professional these days is the need to do more with less. Even though it appears our economy is beginning to rebound, organizations are still taking a very conservative approach to spending, and the information technology sector is no exception. However, with the advent of cloud computing solutions – from cloud-based application ware, to full blown infrastructure platforms – the ability to do more with less is becoming much more realistic.

According to the Aberdeen Group, cloud computing is changing the role of IT from predominantly one of maintenance to one of innovation enabler through the new service delivery model of cloud services.

So…let’s just take the subject of patch management for a moment, and look at the impact that a cloud computing oriented solution can have on the issue. Today, many small-to-medium size companies constantly struggle with the challenges of keeping up with and addressing all the vulnerabilities that continue to grow at an astounding rate.  Generally, most IT organizations leverage technology provided by Microsoft to assist with this challenge, but there are risks with vulnerabilities that Microsoft doesn’t address…like those that attack Adobe, Firefox, Java, and many, many more. With limited budgets and the absence of additional automation to address the growing 3rd party application patch risk, the costs and challenges associated with patch management continue to be of great concern.

That is traditional patch management, now…let’s apply a solution to the patch management problem that’s cloud based, one that:

·         Requires no infrastructure investment (that’s big!)

·         One that’s agentless…and non-invasive (very important…)

·         A solution that covers 3rd party patches (wow!)

·         And a solution that is extremely cost effective (!!!)

By implementing a cloud based solution with no infrastructure requirements, there’s no out of pocket expense for computers to manage the application. If it’s agentless, it creates a very non-invasive method of accessing for and addressing any potential patch related risks. And last but certainly not least…most cloud based solutions are very affordable.  Pretty compelling!!

One of the major selling points of cloud computing is lowered technology-based costs, and by leveraging a solution like I’ve described, the impact of cloud computing is very real and measurable, and lets companies focus their resources on other needs to grow their business.

If you are looking for ways to do more with less, a cloud based solution will help free up your IT resources and lessen your capital expenditure on your IT infrastructure.

This is just one example of the tremendous impact cloud computing technologies are having!

Dave Eike

Learning from Leaders

Forward:

I was an entrepreneur at a very early age.  During my college career, I led a dual life of a student and an employee at a local start-up company that manufactured wearable computers and the software that enabled them.  At this particular company, I worked for two great leaders, Dave and Jim Carroll.  The two brothers were similar in many ways, but different in others.  From Dave, I learned how to create a dream and turn it into a reality, a trait which I hold near and dear to my heart.  From Jim, who tragically left me well before I could learn all of his life’s lessons, he taught me the value of learning.

To honor Jim’s memory, and pass along his life’s lesson, I want to share with you a particular event.  It was a long time ago but Jim, who was President of the company, and I were having a bit of a “tiff” about a project and how we should get the work done.  At the end of the conversation, Jim made the point that I always need to be open to learning new things and made the comment, “Rob, I’ve always been a student of life, and I’m committed to being one for the rest of my life.”  That statement at the time seemed like a jab, but after working alongside Jim, I realized what it meant… we all have to be open to recognizing opportunities to learn and most importantly, we can never stop learning.

I’d like to take a pause on the core topic of this blog and honor the memory of Jim Carroll.  Without him, I wouldn’t be the person that I am today.  To all of my loyal readers, I do want to encourage you to live in his memory and have a passion for learning especially for those around you that have much sage advice.  Unfortunately, they won’t be with us forever.

Learning from Leaders

The tribute aside, if I apply Jim’s lesson to technology, there are a lot of great things we can learn from the leaders in cloud-enabled technology.  Today’s application of this lesson I applied to strictly public cloud technologies like Google Apps, Salesforce.com, Netsuite, Amazon (EC2), and Microsoft.  In each of the providers cases, they have demonstrated profound cloud discipline offering their users exceptional upgrades over time, focusing on security, focusing on availability, and reducing the cost and management overhead for the end-customers.

In each category, the systems have generated market-leading mechanisms to over-deliver their service and communicate their status to their customers.  In no particular order, I want to honor the life-lessons these leaders have taught us.  First off, I want to honor Salesforce for their open and honest security policy where they deliver for us today a clear glimpse into their security protocols by posting them online using their trust.salesforce.com site available at http://trust.salesforce.com/trust/security/.  Their trust site openly discusses their practices for security and tells the story of their recommendations for how to secure their customers interfaces to the cloud.  Salesforce.com has taught us to “Trust” them, by having an open policy and putting their security up as a selling point as to why people choose Salesforce.com versus the rationale for why people avoid using cloud technologies.

Secondly, I want to honor Google and their Google Apps product.  We at Shavlik power our users via Google Apps and their collaboration tools are fantastic.  With collaboration comes availability, and with availability comes awareness.  In response to this need, Google has taken big steps to expose their application availability to consumers of their applications by creating their application dashboard.  This site (http://www.google.com/appsstatus#hl=en) exposes their application status and any hiccups along the way.  For those of you that use Google Apps, they have made it easy for us to manage our networks by connecting to their RSS feeds of this dashboard and as events happen, IT administrators around the world are notified of the issues ensuring we can communicate problems to our users almost as fast as Google can diagnose the issues that they are seeing.  This awareness is key to mission critical clouds and key to users who depend on access.  In the presence of a lack of connectivity, the actionable data Google provides is paramount to mission critical business operations.

Finally, to getting up and running, I have to give the kudos to Amazon’s EC2 infrastructure as a service (IaaS) platform.  Their pricing model is easy for an IT administrator to understand and for those of you that haven’t used their service, their Dashboards are in a world of their own as it informs you of transfer rates and advises you how your service is consuming services in a clear and effective manner.  They truly make it easy for you to get up and running in a fast and efficient way with little to no overhead.

So, we learn from leaders, we apply their results, and we receive advancement through doing this process.  Well, as you might have guessed, stay tuned in February for some pretty big changes we have queued up for our SaaS services at Shavlik where we’re be debuting new pricing models, easier ways to get started and rolling out our security and availability policies taking those of you that are existing customers to a whole new level, and turning those of you that might be looking for an IT management end-to-end solution in the cloud into believers!

New Product Support That We Snuck Into NetChk Protect

This may have slipped by you on last week’s patch Tuesday during our regular announcement for new patches available in the NetChk product line.  During the release, we included two new products.

Adobe AIR and HP System Management Homepage are products that can now be patched with the Shavlik NetChk product lines.

This brings our 3rd party (non-Microsoft) product list to a good number of widely used programs.  (This list does not include versions of the program.  For example:  Adobe Acrobat 9 Professional vs. Adobe Acrobat 9 Standard vs. Adobe Acrobat 10 Professional, etc)

The Latest NetChk 3rd Party Product Support Include:

  • Adobe Acrobat
  • Adobe AIR
  • Adobe Flash
  • Adobe Reader
  • Adobe Shockwave
  • Apple iTunes
  • Apple QuickTime
  • Apple Safari
  • Citrix Password Manager
  • Citrix Presentation Server (XenApp)
  • Citrix Single Sign-On
  • Foxit Reader
  • Google Chrome
  • Google Talk
  • HP System Management Homepage
  • Mozilla Firefox
  • Mozilla SeaMonkey
  • Mozilla Thunderbird
  • Opera
  • RealPlayer
  • Skype
  • Sun (Oracle) Java
  • Winamp
  • WinZip

As we progress through 2011, the Shavlik Data Team is looking to add even more to our list of 3rd party products.  Do you have a product that you would like patched?  Please let us know.

– Jason Miller

Fun with PowerShell

Hello Shavlik Community!

Last night I had the chance to take a condensed PowerShell class.  I have been playing around with PowerShell for a while now as we have used it for a few supporting tools for NetChk Protect. I also have a bit of programming experience from High School and College, and from what I had played with PowerShell it seemed pretty easy and straightforward.  A three hour introduction class showed me that I had only scratched the surface of PowerShell’s potential.  If you’re looking for ways to simplify your IT management, here are a couple of the new things I learned and a few tools and scripts I have found really useful.

The PowerShell command line is great for quickly getting in and executing a few commands or building off of several commands to do more complex actions.  Clear the screen or close the window and you may lose some information that could have been worth retaining.  One of the first things the trainer showed us was the Transcript cmdlets.  Start-Transcript and Stop-Transcript.  Start-Transcript begins transcribing everything you do so you can review at a later time.  You can also hit F7 like a regular command prompt.  This shows you the last commands you executed so you can browse them and execute them again if desired.

Another very cool thing I learned last night was all the drive options you have.  Like the traditional cmd prompt you can use cd, dir, ping, telnet, tracert, net commands etc.  Try get-psdrive once.  Notice you get much more than c:, d:, e:.  You will also have Alias, Cert, HKCU, HKLM, WSMAN, Env, Function, and Variable. From PowerShell you can browse the registry or your certificate store or any of the others like the file system.

Get-Help can be done from the command line, but it gets very difficult very quickly to read through examples, details, etc. from a command line.  You can run the PowerShell_ISE which gives you the ability to edit powershell scripts and has the command line built into the same interface.  It has the full Windows Help built in as well so you can search it or browse it instead of fumbling through the help through the command line.  Better yet there are other editors out there.  PowerGUI is one that I have been using.  A very powerful too, it color codes the nouns, verbs, operators, variables, comments, etc as you type them which gives a bit of visual order to your script writing.  It can do all the same tab complete features that the PowerShell command line or ISE can do, but it also pops up details about the cmdlets you enter in so you can see details, input options, examples and so forth all as a pop-up note in case you need some details about it.  For those of us who aren’t living in PowerShell it makes it much easier to write more complex scripts.  If you are one who really wants to reverse engineer a script to dig deep and learn everything about it this may be distracting to use.  Best part about PowerGUI is it is Free.

As far as practical use as it pertains to Shavlik products, here is an example of a script I have been playing with.  I wanted to check several ports on a machine to see if I could scan a machine agentlessly with NetChk Protect.  I found a really cool function on a blog post that worked great.  It is called Test-Port.  Once you create the .ps1 you can open it in PowerGUI and run it once and it loads it in PowerShell so at any time you can search for near anything and you will likely find it.

Chris Goettl
Agile Product Owner
Shavlik Technologies

January 2011 Patch Tuesday Overview

In the first Patch Tuesday of 2011, Microsoft has released 2 new security bulletins addressing 3 vulnerabilities.

The first bulletin administrators should address is MS11-002.  This bulletin affects MDAC on all supported operating systems and addresses two vulnerabilities.  The first vulnerability cannot be exploited through Microsoft software.  The vulnerability may be exploited through third party software if a user browses to a malicious website.  At the time of the bulletin release, Microsoft was not aware of any programs that are affected by this vulnerability.  Microsoft is patching the vulnerability.  This will prevent any third party programs from becoming an attack vector.  The second vulnerability addressed by this bulletin can be exploited through Internet Explorer.  An attacker can gain remote code execution if they are able to convince a user to visit a malicious website containing specially crafted ADO structures using the Internet Explorer browser.

The second bulletin, MS11-001, brings us back to the DLL preloading issue that was identified in Microsoft Security Advisory 2269637.  This advisory was originally released on August 23, 2010 and we have seen multiple patches released for this issue.  During the December 2010 patch Tuesday, Microsoft released 5 bulletins addressing this issue with various components of the Windows operating system.  MS11-001 fixes a DLL preloading issue in the Windows Backup Manager component in Windows Vista.  With this vulnerability, opening a legitimate Windows Backup Catalog file in the same directory as a malicious DLL file can lead to remote code execution.

There have been quite a few Security Advisories published by Microsoft in the past month.  Many people will be surprised to see the low number of bulletins released this month.  This is due to a couple of factors.  First, Microsoft is seeing a ‘limited number of attacks’ on these vulnerabilities.  If Microsoft receives reports of attacks on these vulnerabilities increasing substantially, they will accelerate the patch creation and testing process.  Second, each bulletin/patch is a change in the code.  If the code change is not given time to be properly tested, the patch could have adverse effects.  In this scenario, the vulnerability is fixed, but normal functionality could be adversely affected.

Late last week, Microsoft released an update on all outstanding Security Advisories on their Security Research & Defense blog.  This update contains information on each vulnerability currently open and actions that can be taken to mitigate the risk of the open vulnerabilities.

– Jason Miller