TechVirtuoso

The Nexus One vs The iPhone (and life after iOS)

0 Comments July 2, 2010 : By Michael Stanclift · Category : Featured, Mobile

As I explained in a previous entry on Tuesday, I’ve made the decision to leave the world of Apple mobile devices for the land of Google Android. To briefly bring you up to speed:

Ever since the iPhone supported Exchange, I’ve been a huge supporter. I’ve spent two good years on the iOS with my iPhone 3G. … When the iPhone 4 was announced, I followed the WWDC keynote with great anticipation. I ooh’d and aah’d at all the advances in design and software. … (after getting it) Taking it home that night, I started to notice something was a little off with my phone. … (antenna issues) I dropped a few calls that weekend, including one to my father who seem’d to have lost my mother, but I could make due. … The view from most of the people within the Apple world was that it was firmware related, and would be quickly fixed. Then Steve Jobs opened his mouth. … I found myself deeply disappointed in the device and the operating system. Enough so that I’ve made the switch to Android.

There, now that we’re all up-to-date, I’m happy to say that my Nexus One is activated and I’ve had the last couple days to play with it. Having had experience with many different mobile device styles and platforms, including Windows Mobile, Palm OS (the original, not the WebOS) and iPhone, I can honestly say that the Nexus One and Android OS is the best mobile experience I’ve ever had. (more…)

Not everything made by Cisco is made of gold

0 Comments March 8, 2010 : By Jake Sonelly · Category : Featured, IT Technology, Review

The scenario:  You’ve found yourself working at a company that is experiencing phenomenal growth.  The employees have actually decupled in the past year and show no signs of slowing in the near future (on this note, when was the last time you saw the “decupled” in print?). You have inherited a network that is truly a Frankensteinian creation that not even the original architects understand any more.  You have noticed that you neither have a working firewall nor a decent VPN system, though Cisco VPN is used by a handful of key employees to connect to a Cisco 1800 series router.  The IP scheme for the organization, which spans three sites, is using the 192.x.x.x address space. You wish to straighten everything out with a minimum of downtime and as seamless as possible for the end-users.  What do you do?

Well, instead of telling you what to do, allow me to tell you what not to do.  Not just that, let me drill into your collective skulls what not to do.  Are you ready?  Here it comes:

Do not, and this is key, so write it down… do not buy a Cisco SA 500 series device.

(more…)

Why lazy sysadmins and IE 6 make the net unsafe

0 Comments January 16, 2010 : By Michael Stanclift · Category : Editorial, Featured

The number of businesses still using Internet Explorer 6 is painful to see. Coupled with the fact that all of them are on Windows XP or Windows 2000, it turns from pain into terror, especially when it comes to security.

For a lot of system administrators, the reasons to stay outweigh the reasons to upgrade. Websites that break, plugins that won’t load, old software that isn’t updated anymore. Trust me, I’ve been there. However, a lot of it boils down to lazy and poor practices of system administration.

Yes, you’re lazy and you’re bad at your job. Internet Explorer 6 was released in 2001. Yes, 2001, most of us don’t even drive cars that old, let alone unleash people on the “information superhighway” with a browser that old. It was designed at a time when security was not the issue it is today. It was designed to work on operating systems like Windows 98 and Windows ME. Would you let people use Windows ME on your network? No! So why are you letting them use a browser that was built for it?! (more…)

Access Denied: Giving users local administrator permissions on their machine?

0 Comments December 8, 2009 : By Michael Stanclift · Category : Featured, IT Technology

A recent email discussion over a education security listserv got me thinking about the topic of giving users administrator rights to their local machines. This is a common discussion that comes up about once every month or so, when ever someone new joins the group. The discussion usually starts by asking for methods of removing administrator access in environments where rights have already been given, and then nosedives into a long discussion about the ethical and practical reasoning behind it.

There seems to be two schools of throught about all of this.

  1. Lock the user out of everything that would prevent malware from being installed or the user installing software they’re not suppose to, at the expense of user frustration and IT time spent approving and installing software requested by users.
    Basically, the users are stupid and cannot be trusted. IT will have to monitor them.
  2. Give the user access to everything and let them install whatever they want, at the expense of user frustration and IT time spent removing software they’re not suppose to have and malware that have been installed as a result.
    Basically, trust the users and clean up after their messes when they don’t understand what they’re doing.

In an educational setting, specifically in higher education, you have a lot of competing interests. You’re a business, selling a product (education) and have to compete with other businesses (schools) to gain more customers (students) — therefore, security like what you’d have at any enterprise is necessary. However, you have a group of highly educated and often times very ego-centric individuals called faculty that feel they have a right to gain access to anything and everything in order for them to independently do their job without interruption from IT, or having to ask them for assistance. I would imagine it’s something like working with engineers, but in this case 95% of the people have no idea how to use a computer. Last but not least, the university is an ISP, providing Internet access to students and employees on their personal machines. But that’s a topic for a future entry.

The idea that users need administrative access to their computer or that they somehow have a right to it is wrong in my opinion. When I go into my office, I have services provided to me by other departments on campus that I do not have full control over. If I need a light bulb replaced in my office, do I have a key to go do it myself or do I just call Physical Plant and have them come over? Sure it’d be faster and probably easier for plant to just go take care of it myself. Just because you can give someone full access to a machine, and they’re used to it at home, doesn’t mean they should have that access at work.

I have full access to the thermostat at home (well, I take that back… my wife does… I’m just a user there too) but I can’t just go adjusting the HVAC system at work how I want.

We make as much software as possible that we’ve pre approved user-installable through Group Policy Software Deployment and soon though System Center once we have that up and running. Our staff maintains a repository of approved software installs that require us to do it, so when the user cannot do it themselves it only takes us a few minutes. If a user walks up to our support center, we can usually get the software installed on their laptop right away. We’ve given our Help Desk very easy to use remote access software and can usually get stuff installed for them within 24 hours, if not as soon as they call in or email.

Does malware still get installed on systems where users lack administrative access? Yes. Which brings me to another point.

You also need to look at the amount of damage that can be done in the time period where a user with administrative access disables anti-virus to install something, or even where the AV client doesn’t detect it and the user isn’t aware enough to see what has happened. A few years ago, the malware was about annoying the user or deleting files, but as it has changed to becoming a security breach where data can be stolen often without the user even seeing they’ve been infected.

My wife works for a multinational accounting services firm, where she and her co-workers have access to information that would probably make any hacker wet their pants with excitement. Yet, they have administrative access to their company issued laptops, since they spend most of their time outside of the corporate office. In one case, she told me where one of her co-workers went weeks with a system she knew was infected with porn-popups, yet was “too busy” to do anything about it, like take it into the office and let IT look at the system. Did she know better? Despite required company IT education and training, probably not. Did my wife? You betcha.

That infection may have been harmless, or just designed to generate traffic to your friendly neighborhood porn site, but would the next one be so lucky? Sure, you may put good AV on systems and monitor them daily, but they can’t catch everything. It seems like we should be fighting to do everything in our power to prevent this from happening, even if it means it’s more difficult for the user and IT. The risk of not doing so outweighs the easy of use.

Do your users have administrative rights? Why or why not?

What the heck are we doing here?

0 Comments November 19, 2009 : By Michael Stanclift · Category : Featured, News

So first off, on behalf of all of us, I want to apologize for not being around much in the last couple of months. Things of have been busy for all of us. We’ve also been trying to sort out what we’re going to do with this project.

Most of you know, when the five principles of this site left Neowin back in July, we did so with the intent of starting a new site. But without getting into all the details… life got in the way. We really want to make the project successful, but we now see that we’ve been going about it in the wrong way.

The core idea behind founding TechVirtuoso was a sound one. Business IT people talking about business IT. Or as we say on the website “Enterprise technology for and by those who live it” … the elements we’ve laid out in the original charter for this site were good, but placed us in an area that is a bit too strict for what we could be doing.

Let’s face it, none of us are reporters. We’re IT people. Us trying to “report” on events in such a neutral and unbiased way as we’ve planned out, is not only difficult for us, but isn’t that interesting to you, the reader.

So this is what TechVirtuoso will be from this point forward. A place to talk about the projects we’re working on, ideas we have, concepts we’ve developed. When we find something we find interesting, we’ll talk about it, not feeling like we have to go out and “report” about news. When we started out on this project originally I was wrong in thinking that we needed to be structured in a way that produced unopinionated content… hearing the opinion of other IT people is exactly what we’re going to be about from this point forward.

Obviously, we need to talk about news, but why not do so in a way that allows us to show others about ourselves, and the things that interest us… instead of just being drones? When I think about what I’d want to see in a business IT site, it’s not just press releases and the latest buzzwords. I want to see how it’s going to help me do my job better. How it’s going to make my users happy — or really anger them. It would be much more interesting to others, to see how real IT people in other areas are actually using that technology.

From this point forward, we seek to turn this site into an “business IT lifestyle blog” … which also means talking about other non-enterprise things that we’re interested in.  None of us can go home from work and turn the IT world around us off. So we’re going to talk about all the IT around us, from the perspective of an IT professional. We live in a world where business IT features quickly make their way down to the consumer world, and vice versa.

So in addition to content, we’re going to be making a few other changes around here. The layout is going to get a facelift. We’ve also turned off our forums, because we’re not in the business of building those right now.

We hope that you enjoy the new TechVirtuoso. I know we’re going to enjoy creating it.

Thanks,
Michael Stanclift
Shane Pitman
Frank Owen
Don Smith
Eric Iles

© 2010 TechVirtuoso, LLC. All trademarks are property of their respective owners.