The Remediator Security Digest

January 2008

Issue 43

[ Tell a Colleague ]

Feature Story

Successfully Protecting against Malware Attacks in 10 Easy Steps

The next best thing to a silver bullet

by Andy Rotering, Software Engineer, Shavlik Technologies

A friend of mine recently called me to ask my advice about his computer. It seems that his not yet two-year-old computer had become slower and slower since he purchased it and was wondering what he could do to speed it up. Confident in my ability to help, I agreed to give his machine a once-over and investigate what was causing the problem. I found a fairly well-used computer whose user had seemingly taken the proper precautions to protect himself from malicious software (i.e., viruses, worms) and malware in general. He was running Windows XP Home, with the firewall enabled, and even had an up-to-date active account with Norton Anti-Virus 2007 that was always running in the background. Although he had high-speed Internet access, he was careful not to leave his computer continuously connected to the Web.

Editorial Corner

Cleaning out the scumware

Malware, adware, spyware. No matter what you call them, all of these computer scum follow you. They track you. They mess up your settings. They hijack your browsers. Put the cork back on the computer genie bottle with 10 steps for shooing off the scum.

Most of us speak GSL ... geek as a second language. However, many employees don't know the language. So readers offer advice on how to better communicate to customers about what's happening with their computers.

IT employees often put in overtime, especially for tasks such as patching the network if their corporate policy is to push out patches outside regular work hours. A reader wants to know if employees should receive overtime pay or perks for this. What's your experience?

We want to ensure you get what you'd like to see in future issues. Let us know what you want by completing the speedy reader survey. We read every reply, and as a thank you, your name goes into a virtual box for a drawing where you could win a TomTom GO 910 Portable Navigation System. Remember, you can always check the newsletter archives.

Best,
Meryl K. Evans
Editor, The Remediator Security Digest

Subscription

Reader Survey

“The Academy” is a Web site supporting the security community with video-based instruction on how to install, configure and troubleshoot some of today's most popular security technologies. Visit the site at: www.theacademy.ca

Spotlight

President and CEO Mark Shavlik's Computer
Security Blog

Partners

Shavlik drives patch management solutions for these companies:

Resources

Computer Security Institute

Archives

Spring 2009
March 2009
Vol. 1 Issue 62

Issue 46
October 2008
Vol. 1 Issue 46

Issue 45
July 2008
Vol. 1 Issue 45

Issue 44
May 2008
Vol. 1 Issue 44

Issue 42
October 2007
Vol. 4 Issue 2

Issue 41
July 2007
Vol. 4 Issue 1

Issue 40
April 2007
Vol. 4 Issue 0

Issue 39
January 2007
Vol. 3 Issue 9

Issue 38
October 2006
Vol. 1 Issue 38

Issue 37
September 2006
Vol. 1 Issue 37

Issue 36
August 2006
Vol. 1 Issue 36

Issue 35
July 2006
Vol. 1 Issue 35

Issue 34
June 2006
Vol. 1 Issue 34

Issue 33
May 2006
Vol. 1 Issue 33

Issue 32
April 2006
Vol. 1 Issue 32

Issue 31
March 2006
Vol. 1 Issue 31

Issue 30
February 2006
Vol. 1 Issue 30

Issue 29
January 2006
Vol. 1 Issue 29

[MORE]

Security Resources White Paper

Will You Meet the Deadline for the FDCC Mandate?
Author: Shavlik Technologies

The deadline for compliance with the Office of Management and Budget mandate regarding standardization of Windows XP and VISTA configurations is looming. The Federal Desktop Core Configuration (FDCC) is designed to establish a standardized baseline of security policies and configuration settings for desktops and laptops running Microsoft Windows XP SP2 and Vista operating systems. By implementing a standard baseline rather than hundreds of costly, locally-created configurations, government agencies will improve security, reduce costs and decrease application compatibility issues.

Announcement

Coming Soon! Shavlik NetChk Protect 6.0

Shavlik NetChk Protect is a key component in Shavlik’s risk and compliance management suite that leverages the industry’s premier vulnerability management platform for more than 10,000 organizations worldwide, including Barclays Bank, BMW, Bosch, Boeing, Citigroup, GE, Merrill Lynch and thousands more. NetChk Protect simplifies the often complex task of assessing vulnerability and risk levels, by providing the industry’s most comprehensive discovery capability and allowing our customers to confidently answer the question “How Secure Am I?” NetChk Protect provides a single solution for automating not just assessment, but the entire vulnerability management lifecycle, including remediation, monitoring, and reporting.

for more information.

What's Your Best Advice?

Last Issue's Security Dilemma:

When geek speak sounds like gibberish

How do you manage the geek-speak vs. user-speak (or customer-speak) divide? It's my biggest challenge on a daily basis. I struggle to come up with winning translations to shorten the time I spend explaining technical details and processes to our non-technical users. The calls would take less time if I could bridge the language barrier between customer and me. How do readers deal with the ungeek? Or is it a lost cause?

— Geek Translator

Read the best advice.

This Issue's Security Dilemma:

Do you pay IT staff for off-hour patching or give perks?

Patching time can't wait until the next workday or else a security breach could occur. So IT staff often work during off-hours to do patches.

What offsets, benefits or perks does your IT staff receive for working on maintenance/patch weekends? Or is overtime just expected and part of their role? — Owner

Can You Help? Share your experience. You could win a TomTom GO 910 Portable Navigation System. Congratulations to this quarter's winner: Dave Milner, technology professional at Jefferson Wells.

The Pointy-Haired Boss

Know how to get what you need: