Emmanuel Computer Consulting, L.L.C.

I’ve been using Astaro since they were at version 4.  I’ve noticed a disturbing trend.  V4 was, in my opinion, the best version they have ever released.  Version 5 was badly bug ridden upon released necessitating at least 2 updates before it was running decently.  I totally bypassed v6 as the beta wasn’t beta quality at all and i did not wish to risk it.  I actually went to ipcop and modded the heck out of it.  That setup worked so well I also deployed it to clients.  Astaro then released v7 which was a major step forward and was the first usable Astaro version in over a year.  I ran v7 until recently when I installed v8.  after a couple of months v8 crashed and I had to go back to v7(Astaro support had no idea why it died).  During my first v7 run Astaro had a major issue with their updates.  They put out a pattern update(anti-malware, anti-spam, and ips) that caused the ips to eat ALL traffic.  The result was basically a dead box.  The thing was you also could not get into the webadmin either.  Quite a few systems were taken offline by this flub up.  Astaro did post something on their website (not much help since you couldn’t surf) but did nothing else to notify.  I wasn’t using the ips at the time so I was in the clear….but that’s one of the most highly touted features so it’s in wide use.  Astaro quickly got an update out and boxes came back to life.

ON to v8.  The first time i tried it v8 ran fine for about 2 days.  Suddenly the internet became unstable and the firewall would not pass traffic.  No webadmin access, no console, no nothing.  Only power cycling the box got it running again.  On the forums the amount of bug reports with the supposedly general release were cropping up.  Things from Grub problems meaning the system would not install or boot on certain HP machines, to various daemon instabilities.  After my v8 crashed I reverted back to 7.5x until things settled down.  About a week ago I reinstalled the newest 8.001.

Astaro has now put out another bad update.  This one caused machines to start having hardware failures due to apparent driver corruption.  I’m curious how they are messing this up since these up2dates are only supposed to be detection updates.  When they had the last major pattern bomb no hardware was directly affected.  However this most recent one did affect hardware.  So now the pattern mistakes are starting to affect more and more of the system.  Is this going to be a continuing trend?  Astaro I’m getting nervous about partnering with you.  You do protect your partners from lost sales by unscrupulous vendors but can your partners survive too many more of these embarrassments?  It’s time to get your GQ systems caught up.  Either you are growing too fast or you are getting lazy.  Either one of these will spell big trouble for you and your partners if you don’t get on the ball.

Yet another reason to not use Facebook.  In their latest non-security decision others can now tag you as being somewhere even if you don’t want them to…or if you aren’t even there.  Like this is a good idea.  Here’s how to turn it off(other than not using faceobok at all):

1. Go to privacy settings
2. Go to “customize”
3. Scroll to “things others share”
4. Disable “friends can check me into places.”

It’s getting to the point that the amount of time you spend trying to NOT let Facebook tell everyone everything about you and where you are all the time outstrips the amount of time you find valuable use out of the site.

Disable Facebook Places From Letting Others Tag Your Location Without Your Consent – The Consumerist.

You can read about the donation here.  I have three IBM x335′s on the way with dual p-4 xeon 2.8 ghz cpu’s, dual 36 gig 10k rpm SCSI drives with hardware raid 1, 4 gigs of ram, all the cables needed including ILO, and rails.  All for the cost of shipping.  Why am I posting about it here?  I run the network at my church.  This will be the first time I can start something like this from the ground up and document what I do, how I do it, and what hardware and software I do it with.  I will also be able to show just how much free software can do and still integrate with an established Active Directory layout as well.  It’s something for other potential NPO clients to be able to see what some creative thinking can accomplish for little or no cost…:)  Stay tuned I’ve created a whole new category for this..:)

Virus Bulletin : News – A third of anti-malware products fail to secure Vista Business Edition, Virus Bulletin reveals.

If you look at the linked graphic you’ll see AVG proudly near the top with Symantec and Macafee much lower.  Microsoft Security Essentials isn’t high on the chart either..wow.  So if you really want an anti-something i would go with AVG for both home and business use at this point.  If you head here you can see that Macafee actually failed this test.  Symantec passed however i can tell you from personal experience I wouldn’t run it as i have had to clean up many machines with Symantec installed..:)

Microsoft has released the fix for the LNK issue. this coming Tuesday is going to be a monster patch day with a total of 37 issues fixed in 14 patches.

It’s either that or incompetence.  At this point I’m not sure which it is.

How To Prevent iOS From Automatically Loading PDFs [Vulnerability].

Normally I advocate caution in major patches.  This hole however is so important that i am going to immediately patch and then workaround any issues this is going to cause.  Again on mOnday htis patch gets released.  PATCH IMMEDIATLY!!!  Read the previous advisories I posted about this here.

I had my server setup as best as i could.  I had a RAID 1 mirror on both of my drives.  Not only that I had shadow copies being made on the array.  Finally I had everything being backed up to an external hard drive.  Last night my server started acting funny.  Putting a ear next to it revealed what I thought at second glance:  I had a hard disk failing.  Luckily the system had backed itself up the night before and i had not added any new files since then.  “No problem”, I thought “I’ll just boot off the mirror drive and move right along”.  Well of course the drive had totally gone offline, broken the mirror and all attempts to resynch the two had failed.  This means my mirror copy was corrupted beyond usefulness.  It also turns out that the Microsoft server backup in server 2008 foundation is about as useful as it is inside of SBS2k8..aka it isn’t a viable DR recovery option.  Twice now it’s proven this to me.  So now I rebuild from scratch and manually restore..:)  At least I can recover using the backup this time..just folder by folder..:)

After some internal testing and research i can honestly say that virtualization may not be the best solution except for larger deployments.  For the same money(or less) than either upgrading one server to be able to host multiple vm’s or the purchase of a new server that’s capable of doing that I can build two machines around Intel Atom d510′s that together would draw less at MAX load than the new or upgraded machine will draw at half load.  When i do my own server refresh(and for client’s as well) i’ll be looking at the Atom solutions instead of virtualization.  If the client in question has a more cpu intensive workload than the Atom can handle then virtualization might be an option.  However, from what I am seeing in various forums the Atom based servers can handle quite a bit more than most folks give them credit for.

This is the primary reason Unix folks remove the computer,  make an image for forensics, and then rebuild from a known good source.  Windows folks have yet to figure this one out.  I take the same philosophy towards malware that Unix admins do..nuke the box…because you can’t trust it’s clean once it’s been compromised.

In one incident, a sports bar in Miami was targeted by attackers who used a custom-designed rootkit that installed itself in the machines kernel, making detection particularly difficult. The rootkit had a simple, streamlined design and was found on a server that handled credit card transactions at the bar. It searched for credit card track data, gathered whatever it found and dumped the data to a hidden folder on the machine. The attacker behind the rootkit took the extra step of changing a character in the track data that DLP software looks for in order to identify credit card data as its leaving a network, making the exfiltration invisible to the security system.

via Persistent, Covert Malware Causing Major Damage | threatpost.