Have you ever opened a tech support case by calling in, then later reviewed the case via a support web portal? Its kind of funny to see what is lost in the translation.
A couple examples come to mind.
Bluecoat.
I open a ticket asking for help allowing access to gotoassist.com. This is a citrix owned website that is in the gotomeeting, gotomypc family. According to the ticket, I was having a problem going to assist.com.
Symantec
I opened a case asking for help using SecurID to log into Symantec Endpoint Protection Manager (SEPM). They thought I was having a problem authenticating with SecurIZ. That’s right your product uses SecurIZ for authentication not SecurID. No wonder I couldn’t get it working.
These cases were successfully resolved.
Archive for July 2008
What they think I said – what I really said
SEP11 and Wireless Management
Symantec has added device control in Symantec Endpoint Protection 11 (SEP11) MR2. This can be used to disable wireless cards when connected to a wired connection.
Symantec has a KB article that explains “How to block all Wireless traffic when an Ethernet interface is active using Symantec Endpoint Protection 11.x”
Unfortunately it is not possible to disable all wireless cards automatically. Each wireless card has a device ID. You need to determine the device IDs to block. For me, I went into SMS to determine how many different wireless adapters are in use in the enterprise. Next, I used SMS to find online computers with each make/model of card. I followed the instructions in the Symantec KB to gather the device ID from the registry and add them to the block list. You’ll have to ask the helpdesk to let you know when new wireless cards start showing up. (occasionally check SMS to double-check).
My biggest problem was that their KB described two locations – wired and wireless. That is the most vanilla configuration possible and it assumes you don’t have any other firewall profiles. Most people I suspect are going to already have location profiles set up for their firewall rules. I already had CorporateLAN, VPN and External configured. To integrate this KB into my existing rules, I setup locations CorpLan-Ethernet, CorpLan-Wifi, VPN, External-Ethernet, External-wifi and default.
So far its working great in testing, and I plan to role this out to a larger group of testers after I make a couple changes. It is really exciting to be on the cusp of solving a security issue that has been lingering for years, that is the problem of wireless cards looking to make a connection even as the wired card is active on our corporate lan.
Domain Renewals
Today I went to check something on the condo association website and found the page was filled with ads. No, they weren’t the latest SQL injection victim. They let their domain expire. If you have domains, you better make sure that you know when they expire so that doesn’t happen to you.
If you do webdesign and you aren’t offering full service for the non-technical, make sure you dont just set up the page and run. Your customers need to have the passwords to make changes, and they know when renewals need to occur.
Fortunately for the condo association, they didn’t have that domain on all their stationary. Because they did a poor job of promoting the site in general, it will be easy to start over with a new domain name. Imagine if that occurred to your business domain name.
Adobe Acrobat and Reader 9 Released
Adobe Acrobat and Reader 9 were released this week. I received an update notification from a Sr. Product Manager at Adobe, it advises that “once a major new version such as this comes out, you have 6 months to update from the older Reader 8.”
I had kind of been wondering about Adobe’s product support lifecycle. Adobe Reader/Acrobat 7 just got an update not too long ago. Is Adobe really is going to pull the plug on 8 in 6 months? That seems like a very short about of time. When you look at past versions they’ve had Office conflicts that weren’t resolved for a while. I haven’t looked, but I assume the Adobe customization wizard (tuner) that is used to package Adobe Acrobat and Reader for enterprise deployment is also yet to be released.
I’m thinking January 2009 to push out Adobe Reader, unless of course they once again coerce an update by patching something in the newer version and leaving the older version alone for months.
Firefox 2.0.15
Firefox 2.0.15 is out today. Open Firefox, select Help and Check for Updates.
This update fixes 12 security vulnerabilities, 3 of which are described as critical.
To update, open Firefox, select Help and Check for Updates or install Firefox 3.
Getting Updates
We’re still in a world where you have to be interested and involved in order to keep your computer updated.
Rod Trent of MyitForum complained last week that he didn’t get notified of a needed Adobe Reader update until he actually opened Adobe Reader.
It is a problem. If you don’t use the application, you don’t get notified of an update. In many cases you’re still vulnerable just by having the software installed. Those in security might say “if you’re not using it uninstall it.” That doesn’t seem practical to non-security people. Some might say, “the application leave a service running to notify me of updates”. Is that what we really want? I dont want my applications to leave an updater running all the time. I kill most autolaunches when I’m packaging software.
Firefox prompts for updates when it is used. They brag that it is the most updated browser. That’s because the people doing the checking were looking at Google search logs which only collected information from people using the browser. If they used the browser they were thus prompted to update.
One solution I push is the Secunia Personal Software Inspector. Its one application that checks all (most of) your software for vulnerable or obsolete versions. While its not perfect for the non-computer literate, it would be a great option for someone like Rod who knows computers well, but might not remember that Adobe Reader is installed and needs to be updated.
I will say that Secunia’s online scanner was completely botching the Adobe Reader detection when I looked at it earlier this week, but the installed software version was working correctly or at least not broken in the same way.
Symantec IM Manager and AOL SSL
The latest Symantec IM Manager includes support for AIM 6.8. This is kind of a big change because previously there was no way to support AIM clients that required SSL logins.
AIM has provided a method whereby we register our domain names with AOL, so when the AIM 6.8 client attempts to log in, AOL directs the client to our internal IM Manager server. As part of setting this up I purchased a SSL cert for my IM Manager server. The client connects using our certificate, therefor the IM Manager server is still able to apply security and perform logging as appropriate.
This support is not retroactive to AIM Pro clients. In fact, I’m told that although this was originally designed for AIM 6.5 as well, AOL made some changes that aced out that client.
I’m not sure I trust AOL not to make major changes again and leave AIM 6.8 installs in the cold. But it is better than being stuck with incredibly old versions of AIM.
Is there an ethical and legal issue here as well? While users are advised that this is our network and our computers, might they argue that they have a reasonable expectation of privacy since AIM is using SSL?
